Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help with FRST results, malware detection and what to do now


  • Please log in to reply

#1
joe1990

joe1990

    New Member

  • Member
  • Pip
  • 8 posts

Hi,

 

I have a dell xps l321x 4GB RAM, which i purchased second hand a few months ago, at the time just recently upgraded from windows7 to 10.

 

My computer runs with a lot of background tasks and processes and at times with either high CPU or high memory or both. I am not so good with the detection of issues when it comes to this but at times when the computer is busy the mouse can freeze or the screen can flicker with bars across it. This can also happen when the computer is not running a high CPU/memory. Sometimes the bars will go away if i dont move the mouse or anything but other times i have to put the computer to sleep to get the screen back.

 

I have reset the laptop and the problem persisted. I have tried various graphic drivers to no avail. Everything is up to date as far as i know. I have removed adware and malware files previously and I am wondering if it has left an imprint on other files or if there are files that have not been picked up as malicious. 

 

I regularly get the following events logged in event viewer-

 

-The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 

{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-L2QIGK4\joe SID (S-1-5-21-1134921887-2961836692-3154474486-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
-The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
-Session "ReadyBoot" stopped due to the following error: 0xC0000188
 
-The Sync Host_22122de service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
-Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35, time stamp: 0x566505bc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0
Exception code: 0xc000027b
Fault offset: 0x00000000006943bb
Faulting process ID: 0x22f0
Faulting application start time: 0x01d163d58b2412d1
Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report ID: 8b8b35cb-b964-48b1-8802-45b487175efd
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: App
 
-Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
 
-Activation of application Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: The remote procedure call failed. See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
-The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
-The driver \Driver\WudfRd failed to load for the device ACPI\ACPI0008\5&10950daf&0.
 
I have just done a FRST scan and the results are as follows - 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-01-2016
Ran by Administrator (administrator) on DESKTOP- (14-02-2016 12:11:40)
Running from C:\Users\Administrator\Downloads
Loaded Profiles: joe & Administrator (Available Profiles: joe & Administrator)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\VsHub.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VsHub\1.0.0.0\Microsoft.VsHub.Server.HttpHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
() C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Neuber Software) C:\Program Files (x86)\Security Task Manager\TaskMan.exe
(Neuber Software) C:\Program Files (x86)\Security Task Manager\TaskMan.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\SystemSettingsAdminFlows.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-10-06] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-10-06] (Realtek Semiconductor)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4391072 2012-12-10] (Dell Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1134921887-2961836692-3154474486-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-16] (Piriform Ltd)
HKU\S-1-5-21-1134921887-2961836692-3154474486-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-16] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{bf24ee4e-d275-410b-af26-78ce1f622eab}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1134921887-2961836692-3154474486-500 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1134921887-2961836692-3154474486-500 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
 
FireFox:
========
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-01]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-01]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-01]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-01]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-01]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-01]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-01]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-01]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 CyTpService; C:\Program Files\Cypress\TrackPad\CyTpService.exe [36864 2015-11-14] (Cypress Semiconductor Corporation)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-06] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-06] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-10-06] (Realtek Semiconductor)
S4 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2015-11-19] (Microsoft Corporation) [File not signed]
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2015-11-17] (Motorola Solutions, Inc.)
R3 cyhid; C:\Windows\System32\drivers\cyhid.sys [145408 2014-02-21] (Cypress Semiconductor, Inc.)
R3 cykbfltrService; C:\Windows\System32\drivers\cykbfltr.sys [19968 2014-02-21] (Cypress Semiconductor, Inc.)
R3 cymfltrService; C:\Windows\System32\drivers\cymfltr.sys [111104 2015-11-14] (Cypress Semiconductor, Inc.)
R3 CySmb; C:\Windows\System32\drivers\cysmb.sys [10752 2013-12-04] (Cypress Semiconductor, Inc.)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-12] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-12] (Dell Computer Corporation)
S3 FLxHCIh; C:\Windows\System32\drivers\FLxHCIh.sys [77480 2013-08-30] (Fresco Logic)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2015-11-17] ()
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-10] (Malwarebytes)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-06] (Intel Corporation)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [84792 2016-01-30] (Sysinternals - www.sysinternals.com)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys DF1C3D7E6C7929AD83BE22852B5B08CB
C:\Windows\System32\drivers\3ware.sys 2C5B3035B86770ADD2FE9BFBAF5B35A4
C:\Windows\System32\drivers\ACPI.sys 6B6C39AB2CD7BEB6CFF624522E5449DE
C:\Windows\system32\DRIVERS\acpials.sys 0B570E1A6A35D36BE772E4FBA590A4BD
C:\Windows\System32\Drivers\acpiex.sys 7EADED8087C392876521F7EBCE846EF4
C:\Windows\System32\drivers\acpipagr.sys C498887123327CDFD73A05E7A2780920
C:\Windows\System32\drivers\acpipmi.sys C8DBE6EFFCF014CAA010B9BDDAC833EC
C:\Windows\System32\drivers\acpitime.sys 17039DBEB3B7B9ADCDB4B4533AA9771F
C:\Windows\System32\drivers\ADP80XX.SYS F7D0CD345D2DA42E7042ABCD73662403
C:\Windows\system32\drivers\afd.sys 70148EFA9A562E7185B75BBE7D376BF7
C:\Windows\System32\drivers\agp440.sys 870F1A2C936F92B5D053DF7EC75B352F
C:\Windows\System32\DRIVERS\ahcache.sys 3DF7751D5DC6525E7DC6617FBB45054F
C:\Windows\System32\drivers\amdk8.sys B70F0F2F54B4A4DB6E9C830454752F5A
C:\Windows\System32\drivers\amdppm.sys 35E890482C9728DD5C552B85DA8A5AB2
C:\Windows\System32\drivers\amdsata.sys 5B30BCFE6E02E45D3EE268FF001BC5E0
C:\Windows\System32\drivers\amdsbs.sys F20B30F35A5C7888441B4DCA001ECF8E
C:\Windows\System32\drivers\amdxata.sys AFE838D7576C581D6483529621AB10CC
C:\Windows\System32\drivers\appid.sys 2BBD3A492B93C7E669D01EE88977D7DE
C:\Windows\System32\drivers\arcsas.sys E3FE8F610B1CC12BC3B2E6BC43DC97E2
C:\Windows\System32\drivers\asyncmac.sys 5E00748A1AD246CAECBBB7553BED36CC
C:\Windows\System32\drivers\atapi.sys 492B99D2E3D5D7BFD5F0AE1BE7BD37DD
C:\Windows\System32\drivers\bxvbda.sys 6447BA6FA709514B6C803D159B4C7D1E
C:\Windows\System32\drivers\BasicDisplay.sys B4AC08B1D04D0CE085435E5CD0E663C5
C:\Windows\System32\drivers\BasicRender.sys 25B5BB369DEE2BAE4BF459C978FF9035
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 5A88834AEE15D97695FAE0837B73B3E4
C:\Windows\System32\DRIVERS\bowser.sys DA2C6F7ACE392193C424FEA975C5BFFB
C:\Windows\System32\drivers\BthAvrcpTg.sys CAEC7BC11AF69A181AF7932E636E09E4
C:\Windows\System32\drivers\BthEnum.sys 7F2165B51C19A5F59BCA94E0A1B1E0D3
C:\Windows\System32\drivers\bthhfenum.sys 5F2B4B32E986C058525D3BA2A475A16C
C:\Windows\System32\drivers\BthHFHid.sys 5406289E8AE2CB52FC408154E0A64BA7
C:\Windows\System32\drivers\bthmodem.sys A76F20CCCA31895A1DA78A875E50F946
C:\Windows\System32\drivers\bthpan.sys 09C3DB1B137B269A822F941D867A6BB6
C:\Windows\System32\drivers\BTHport.sys 40811857B266F02D75DE654AE92D98C9
C:\Windows\System32\drivers\BTHUSB.sys F001B81D47CEBF96E60CE971FFCC45C4
C:\Windows\system32\DRIVERS\btmhsf.sys 7B31A8A9DC95B3634D896FD0F2814F19
C:\Windows\System32\drivers\buttonconverter.sys BF89BDBA5D3A0B4256D3F6FC8D31880D
C:\Windows\System32\drivers\capimg.sys C24C27FDF93B85A4EFCF25F830253AA2
C:\Windows\System32\DRIVERS\cdfs.sys 7F9C7226D743B232907ED2537B8A574F
C:\Windows\System32\drivers\cdrom.sys 82D97776BF982AA143BDC7DFB5054EA8
C:\Windows\System32\drivers\circlass.sys 0505C1D991D0F9D47F3353BB98597C7E
C:\Windows\System32\drivers\CLFS.sys 8B4B39C507ABA09AAFE8E3932D1B392C
C:\Windows\System32\drivers\CmBatt.sys 95832B049E2833B9F5189823CDF946C7
C:\Windows\System32\Drivers\cng.sys A1105260EEEE3DBD8D38FD054B22BD00
C:\Windows\System32\DRIVERS\cnghwassist.sys 58D640BC2294C71BDE0953F12D4B432F
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys 14F9883588398A1BDE49C75098C75DE6
C:\Windows\System32\drivers\condrv.sys 02B8E49148DE5E0A2F6FDF28CE94A6AC
C:\Windows\System32\drivers\csc.sys 5D578EAAFB6FD4F59523E5878B541296
C:\Windows\System32\drivers\cyhid.sys CEA8263ACB12DB0D970134187A7F7D5A
C:\Windows\System32\drivers\cykbfltr.sys BE76EE271DC02C3BF3D9A860DE055C14
C:\Windows\System32\drivers\cymfltr.sys 22229701A12EFE2F083E543BF716C584
C:\Windows\System32\drivers\cysmb.sys 1DAE5130C33F70E606115FE682AF8175
C:\Windows\System32\drivers\dam.sys 2619DC483579DB9FE804044C1ADFFD1A
C:\Windows\system32\drivers\DDDriver64Dcsa.sys 3802CBF4BDDE6F99974B27EE1782E5F9
C:\Windows\system32\drivers\DellProf.sys DC3BD578642252FD9569B9CD75CEF81E
C:\Windows\System32\Drivers\dfsc.sys C9478D7DB7BE5D7ACE65CB1167F07320
C:\Windows\System32\drivers\disk.sys 4904B152E4942BF700F2D73228B4D477
C:\Windows\System32\drivers\dmvsc.sys 0197AE4B9790A4E73751CACFAA480126
C:\Windows\System32\drivers\drmkaud.sys 25FA06D3B49D6ADF8E874FFCDCD76B50
C:\Windows\System32\drivers\dxgkrnl.sys CC0A2F91C231E0D25EE3DBBF11B660D9
C:\Windows\System32\drivers\evbda.sys 491275B864B704B54EC08168344E0F38
C:\Windows\System32\drivers\EhStorClass.sys CEF108FCE06892CFA5F1B49527D4BF49
C:\Windows\System32\drivers\EhStorTcgDrv.sys 5B1EAAE3001A7A320C106FC3859F4111
C:\Windows\System32\drivers\errdev.sys 7A2705148A4BB3CA255F81624338B461
C:\Windows\System32\Drivers\exfat.sys DFE8A33FBCF6F38182631A4D6097B92D
C:\Windows\System32\Drivers\fastfat.sys 03DE0EC072C5EBD5B018CAD83F1E522A
C:\Windows\System32\drivers\fcvsc.sys 2C003DA244EDF9BC3FD058DCB3422798
C:\Windows\System32\drivers\fdc.sys 9D299AE86D671488926126A84DF77BFD
C:\Windows\System32\drivers\filecrypt.sys 8F12AB59336143B680F71B217B495AD2
C:\Windows\System32\drivers\fileinfo.sys 92ECCFA58C8195B8EA33ED942469D4E6
C:\Windows\System32\drivers\filetrace.sys 87C51FDD50C17882BA93E28BBABB9847
C:\Windows\System32\drivers\flpydisk.sys E99261DD76D1C9E05AF575939CAE5AC5
C:\Windows\System32\drivers\fltmgr.sys 25D7A58625E1453E40D36825DE74E4F1
C:\Windows\System32\drivers\FLxHCIc.sys 6A1F1555E8FB8D44CCCC158111B3078D
C:\Windows\System32\drivers\FLxHCIh.sys FDBBBBCA75DB6C20E09CA1CB565E50E7
C:\Windows\System32\drivers\FsDepends.sys B4175E8BE60B099686FF55CA7D692316
C:\Windows\System32\Drivers\Fs_Rec.sys CC71372CEB811A72F1DC99089C5CBF53
C:\Windows\System32\DRIVERS\fvevol.sys 421497634C86EF4B8F86D0EBC076728F
C:\Windows\System32\drivers\gagp30kx.sys B9981A4CB9F728B3312A3885BFAA7204
C:\Windows\System32\drivers\vmgencounter.sys 77555B11B264991DDC26872FFCF1AB97
C:\Windows\System32\drivers\genericusbfn.sys F3AC9652D88BF87BA6596CBEA28CE10F
C:\Windows\System32\Drivers\msgpioclx.sys F802FBABF0C4DF1BAA733187B2E476F5
C:\Windows\System32\drivers\gpuenergydrv.sys D011B0ADB15F4815310CE1BF4780B33E
C:\Windows\System32\drivers\HDAudBus.sys 84BC034B6BB763733C1949B7B9BAF976
C:\Windows\System32\drivers\HidBatt.sys 6B8CB114B8E64C0636EB49F7B914D1FC
C:\Windows\System32\drivers\hidbth.sys D1AD197CCDAAC0CB4819DA1D6EB17BAE
C:\Windows\System32\drivers\hidi2c.sys 64909DECCFCC6FB5D9A5BAFDCCB31FEE
C:\Windows\System32\drivers\hidinterrupt.sys F510F7B7BF61DEAAC04E65C3B65E8D59
C:\Windows\System32\drivers\hidir.sys 90F3ED42D423C942BA5EA54E2FFE7AC7
C:\Windows\System32\drivers\hidusb.sys 128DEDDD61915DBA4D451D91D21F0513
C:\Windows\System32\drivers\HpSAMD.sys FF442DCDCE1F6E9FAA9C8AD0CD1D199B
C:\Windows\System32\drivers\HTTP.sys 318E816717431D3C23DC82779900C744
C:\Windows\System32\drivers\hwpolicy.sys CBA5E88A0F0475B7F49653BB72150BEF
C:\Windows\System32\drivers\hyperkbd.sys D668FAB4B0397B426EE3D41683B9A1C0
C:\Windows\System32\drivers\i8042prt.sys 53FDD9E69189E546DE4740F8C4D8AB2F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 59A20F5AD9F4AE54098154359519408E
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorA.sys 0FE66A51D81A25AACEAAE4C26308121D
C:\Windows\System32\drivers\iaStorAV.sys 6B0029A0253098CCE28EACCFDB9E7208
C:\Windows\System32\drivers\iaStorV.sys 9652E1E35A92D8C75710C17A63B15796
C:\Windows\System32\drivers\ibbus.sys FFADF691F7BF727AF5C863454A372723
C:\Windows\system32\DRIVERS\iBtFltCoex.sys 23E22B130EFE5A225E279467BE146317
C:\Windows\system32\DRIVERS\igdkmd64.sys 79AE3CC82CA1563A4B392207997ACE7C
C:\Windows\system32\drivers\RTKVHD64.sys 48AC5F706780BCC34811EA89A0727189
C:\Windows\system32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
C:\Windows\System32\drivers\intelide.sys ECDB27420D3A98424666904525A8562A
C:\Windows\System32\drivers\intelpep.sys 8FF1978643EFD219C5BA49690191D701
C:\Windows\System32\drivers\intelppm.sys B61B60F36E1C8022FA8166ABF0F66B07
C:\Windows\System32\drivers\ioqos.sys CA0D42029AFFC4514D295E1EF823D02D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 6E3F9D95235DFC9417384080A216F310
C:\Windows\System32\drivers\IPMIDrv.sys 4F527ECB5EAB47D8EAF34A469666C469
C:\Windows\System32\drivers\ipnat.sys 9E5E8F2A1996F23B7E9687846AA81B01
C:\Windows\System32\drivers\irenum.sys C317EB660138BC9CBFE37CCDE56351AE
C:\Windows\System32\drivers\isapnp.sys 531994A6D9399D9B74BE12B5BB58A81E
C:\Windows\System32\drivers\msiscsi.sys 68D5354A4A9692EEC24664C60F47D4A2
C:\Windows\System32\drivers\ISCTD64.sys 1ECC1A421B0AEBF9A6934451FBFD7848
C:\Windows\System32\drivers\kbdclass.sys 701D7DB13B0815E7076EF4CB4CE981F8
C:\Windows\System32\drivers\kbdhid.sys 884EBBDDBF5968003B40185BD96FF0E6
C:\Windows\System32\drivers\kdnic.sys 6B3A0C7902811E6372643447E41F7048
C:\Windows\System32\Drivers\ksecdd.sys 982C795DE20CED7AEDD2E7899B5D9BC1
C:\Windows\System32\Drivers\ksecpkg.sys 7D8B9214692C4D0F1646215D9984E19A
C:\Windows\system32\drivers\ksthunk.sys E9BB0023D730701BB5D9839B44F5E6B5
C:\Windows\System32\drivers\lltdio.sys EC34EED89C34B27C292166B725AC7A7B
C:\Windows\System32\drivers\lsi_sas.sys 961F28D879D345BFA50AF51285C90F2E
C:\Windows\System32\drivers\lsi_sas2i.sys 6BFB8D1B3407518BE06B6F81F92FA0F5
C:\Windows\System32\drivers\lsi_sas3i.sys BE0E47988D78F731DEC2C0CB03E765CB
C:\Windows\System32\drivers\lsi_sss.sys F99BF02BE9219986817BF094981EEB18
C:\Windows\system32\drivers\luafv.sys 2FCF837196082864F66CFD9CAB256275
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\System32\drivers\megasas.sys 2ED29B635F35E31A1C0D3DDB7DD2AD03
C:\Windows\System32\drivers\megasr.sys 22E3CB85870879CBAE13C5095A8B12E3
C:\Windows\System32\drivers\TeeDriverW8x64.sys E7C9F74D8CAAB1FF7964C27C070FB16C
C:\Windows\System32\drivers\mlx4_bus.sys D41920FBFFF2BBCBBC69A5B383AD022E
C:\Windows\system32\drivers\mmcss.sys 64BD0C87064EA20C2D3DC4199F9C239C
C:\Windows\System32\drivers\modem.sys 8D4B46FA84A3A3702EDADD37FAC6EDBA
C:\Windows\System32\drivers\monitor.sys 78FEC1BDB168370F131BFBFEA0A04E9D
C:\Windows\System32\drivers\mouclass.sys D1CC0833CFBC4222A95CAA5D0C8C78FF
C:\Windows\System32\drivers\mouhid.sys C2E05EC6B80BCF5AE362DA873E1BCE64
C:\Windows\System32\drivers\mountmgr.sys D5B7668A8F6C67C51FA5C6C513396D6C
C:\Windows\System32\drivers\mpsdrv.sys 5FBCB85D127BE21E3A9DAF11A13C00EA
C:\Windows\system32\drivers\mrxdav.sys BF6CA7EA5ECD6CF72D3D76652A9B8280
C:\Windows\System32\DRIVERS\mrxsmb.sys 61F9F27A8C3D7BCD287FE98A440421CE
C:\Windows\System32\DRIVERS\mrxsmb10.sys CCAD845F4D21D0E0E0468205EE865473
C:\Windows\System32\DRIVERS\mrxsmb20.sys 0F47A6C09F0A7FB5513D322A2B9BE4EC
C:\Windows\System32\drivers\bridge.sys A934DF064C503A31683DD7EECDBD327A
C:\Windows\System32\Drivers\Msfs.sys D123343DDB02E372B02BF2C4293F835F
C:\Windows\System32\drivers\msgpiowin32.sys B3358F380BA3F29F56BE0F7734C24D5F
C:\Windows\System32\drivers\mshidkmdf.sys B2044D5D125F249680508EC0B2AAEFAC
C:\Windows\System32\drivers\mshidumdf.sys 36ABE7FC80BED4FE44754AE5CFB51432
C:\Windows\System32\drivers\msisadrv.sys 59307FEAFC9E72EEEC56B7FD7D294F4C
C:\Windows\system32\DRIVERS\MSKSSRV.sys E9457EDFEBC774199F907395C6D09CA2
C:\Windows\System32\drivers\mslldp.sys C85D79735641D27C5821C35ECDDC2334
C:\Windows\system32\DRIVERS\MSPCLOCK.sys EF75184B64356850D0F04D049C253526
C:\Windows\system32\DRIVERS\MSPQM.sys 543933D166C618E7588EA77707EC1683
C:\Windows\System32\Drivers\MsRPC.sys 182711E9DDF70121A20EBB61B2DFB9E8
C:\Windows\System32\drivers\mssmbios.sys E887FFDD6734C496407E9219225CB6FF
C:\Windows\system32\DRIVERS\MSTEE.sys 83A2AB75951000D681FABDB80C07AEFC
C:\Windows\System32\drivers\MTConfig.sys 4FA0483896FC16583851EFB733FCB083
C:\Windows\System32\Drivers\mup.sys 60F88248608315E13391C2F1C3B4473F
C:\Windows\System32\drivers\mvumis.sys 218705233D02776AE4D19CC37D985C1B
C:\Windows\System32\DRIVERS\nwifi.sys 536A0806CE2061A2157E65D4D8ABF30C
C:\Windows\System32\drivers\ndfltr.sys B57CE307DA101C739885B7CC0678077F
C:\Windows\System32\drivers\ndis.sys AFAECF904F1C343EBD50F91BC8D0DBE8
C:\Windows\System32\drivers\ndiscap.sys 202260E7CDD731A32AF62ABD1ABEE008
C:\Windows\System32\drivers\NdisImPlatform.sys A1D473D0CF10561F29B58EA7C5412A92
C:\Windows\System32\DRIVERS\ndistapi.sys 1A0AE283B8DE6BB76412A0F8213D45AC
C:\Windows\System32\drivers\ndisuio.sys A74EE2D2C0BFF5EC3A6185791868C4CA
C:\Windows\System32\drivers\NdisVirtualBus.sys 32A9BD1342640D48AD85C8B3E812B984
C:\Windows\System32\drivers\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\NDProxy.sys 50AEF8EF0064A91ABB08D858D039C9DE
C:\Windows\System32\drivers\Ndu.sys D358DF634F52247CB43F0781218F4D6E
C:\Windows\System32\drivers\netbios.sys 026618ECF6C4BEBDCB7885D42EC0DBE4
C:\Windows\System32\DRIVERS\netbt.sys F51C02D992A8D6BC5EC4D990F227D4C7
C:\Windows\System32\drivers\Netwsw00.sys 272BB8C52BE106B5CC69171AF1D281D4
C:\Windows\System32\Drivers\Npfs.sys 465DC580170CD844206D7E3EF1DBF2A1
C:\Windows\System32\drivers\npsvctrig.sys 29395C214D2CD4C81F73166AB988A797
C:\Windows\System32\drivers\nsiproxy.sys 2871225495F832A8C8A7DD1A17EDB3DC
C:\Windows\System32\Drivers\NTFS.sys EFEFC245B884B1BE0401931398DCD707
C:\Windows\System32\Drivers\Null.sys 6DBD703320484C37CEA9E4E2D266A8CE
C:\Windows\System32\drivers\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D
C:\Windows\System32\drivers\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354
C:\Windows\System32\drivers\nvraid.sys 604D27CC38CC23493F218D0BB834B3FF
C:\Windows\System32\drivers\nvstor.sys 8B50D897657AB4A15FD9E251BBF7D107
C:\Windows\System32\drivers\nv_agp.sys 31F990B2B6B91E9D7A667405CE12FCB1
C:\Windows\System32\drivers\parport.sys 7D0FC96264C0F8F2C1321E33E8EB646C
C:\Windows\System32\drivers\partmgr.sys 24AC0FD10325FBC2303B29A5F237AEB0
C:\Windows\System32\drivers\pci.sys 1D4E995955BDAE781C46CB97AE1CFB58
C:\Windows\System32\drivers\pciide.sys 2B4D98DF0CA57FB9536DBC80D2449D1F
C:\Windows\System32\drivers\pcmcia.sys F4D5793BF2E58AF15C6CF2FEEF9E73EB
C:\Windows\System32\drivers\pcw.sys 22A53744CEEADFFFD33BA010FAD95229
C:\Windows\System32\drivers\pdc.sys 48F3A3222CF340FE31535CB6D49C6D6F
C:\Windows\System32\drivers\peauth.sys E2F8376F9731D12A009C522036C6073A
C:\Windows\System32\drivers\percsas2i.sys 1398A85E59698067CBBE1D66A9C13ADF
C:\Windows\System32\drivers\percsas3i.sys 35F7C7AD709D909D618D9EDF987FC3ED
C:\Windows\System32\drivers\raspptp.sys 5BA6B9AD03B81546BA64E488C4EF9D17
C:\Windows\System32\drivers\processr.sys 21AECFF3EB5748CBE12538A2500EFDE5
C:\Windows\System32\drivers\pacer.sys 596FB6C5A72F34B7566930985E543806
C:\Windows\system32\drivers\qwavedrv.sys CFBA9C976CBF6796E5DC39EF59984021
C:\Windows\System32\DRIVERS\rasacd.sys 7B2AD8C55217B514C14281AB97B4E21D
C:\Windows\System32\drivers\AgileVpn.sys E15A9CE1E2E7D1C8DF97A4FC1FFE6289
C:\Windows\System32\drivers\rasl2tp.sys 381B8F2311A0375676B635EA5E7C8AB0
C:\Windows\System32\DRIVERS\raspppoe.sys 3369023EB5790A75BA7DABA14B75D922
C:\Windows\System32\drivers\rassstp.sys 1E32A8CD65C4AD0A827CFEB13034DA29
C:\Windows\System32\DRIVERS\rdbss.sys 2B648363E4C5E34B469C58596F377DD9
C:\Windows\System32\drivers\rdpbus.sys D0221C13960E274CC539D72D5A842ED0
C:\Windows\System32\drivers\rdpdr.sys 1DC2CC74B51E4DC4CD5A20C1021E4010
C:\Windows\System32\drivers\rdpvideominiport.sys 177DF954D0DEC0465A380C75F6E7F65F
C:\Windows\System32\drivers\rdyboost.sys 5D1680871054D2B0B8A971BC8AB3B837
C:\Windows\System32\Drivers\ReFSv1.sys 341E6830DA70F65730300DAB4CB0B490
C:\Windows\System32\drivers\rfcomm.sys 60BFD9EE962C87747A0EB648634281ED
C:\Windows\System32\drivers\rspndr.sys 0AC5FCDC29ED97ECDEF1276425EE2059
C:\Windows\System32\drivers\vms3cap.sys 044890BB0D6CF1E23C1087234D320509
C:\Windows\System32\drivers\sbp2port.sys 530F797129776AA7E81994783A97E2AD
C:\Windows\System32\DRIVERS\scfilter.sys 9B6B1D4DB35A3D9BEAF023BC95E1F49D
C:\Windows\System32\drivers\sdbus.sys E1137E39C3BB3EF9AF2243745D901D60
C:\Windows\System32\drivers\sdstor.sys DE6D7DC78D956928F59F7415A0F41E13
C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\System32\drivers\SerCx.sys 67585C295FF2D221679E376B68893B35
C:\Windows\System32\drivers\SerCx2.sys B8C4852CBCAAC1374C08EC7445443824
C:\Windows\System32\drivers\serenum.sys D3A103944A8FCD78FD48B2B19092790C
C:\Windows\System32\drivers\serial.sys 88D58E1DAA6C5062DD3A26273106961F
C:\Windows\System32\drivers\sermouse.sys 0F5B43074AE731D2C6F061241C9D84A6
C:\Windows\System32\drivers\sfloppy.sys D9FE59276BD56A9643C32D5FACE2F251
C:\Windows\System32\drivers\SiSRaid2.sys ABBE803FE0BDAE0E5BE74DDEFBE62F23
C:\Windows\System32\drivers\sisraid4.sys 6043DF55CFE3C7ACF477645FA64DEA98
C:\Windows\System32\drivers\spaceport.sys 1A6CB30F0EFC1632E6F1B852CA892583
C:\Windows\System32\drivers\SpbCx.sys E1C158F6C00359278727A2CEE5D2ED71
C:\Windows\System32\DRIVERS\srv.sys ACC1709EC7FE6EB8999DBC91C50C2B34
C:\Windows\System32\DRIVERS\srv2.sys AFBCFC946FAE7483E27BD316D03F94A5
C:\Windows\System32\DRIVERS\srvnet.sys 107C1EBE79710E4A759449BD6604245A
C:\Windows\System32\drivers\stexstor.sys CCDA497C880AD16D87EDFAEFCFB2EDF5
C:\Windows\System32\drivers\storahci.sys BF8EA6FC3358C2F69678E3E94F764F84
C:\Windows\System32\drivers\vmstorfl.sys 32FF460DA8C1F370F5C08B7654899B73
C:\Windows\System32\drivers\stornvme.sys CC21DB3EF619B9480FE31A4EFE92CBEB
C:\Windows\System32\drivers\storqosflt.sys 390B8A75768E2689586539C224520895
C:\Windows\System32\drivers\storufs.sys 770A92D9D3A0BF61C97C3AFCB36847D9
C:\Windows\System32\drivers\storvsc.sys 736A2418E3E7F3DB3CF6EB0A55D1D581
C:\Windows\System32\drivers\swenum.sys BD98B0225BCD49E8A62F4F8EE1D1F613
C:\Windows\System32\drivers\Synth3dVsc.sys CAE4B27B469C583131EA5AAE622F5D76
C:\Windows\System32\drivers\tcpip.sys 892F30506DCCF230C5A57019C1D8D31B
C:\Windows\System32\drivers\tcpip.sys 892F30506DCCF230C5A57019C1D8D31B
C:\Windows\System32\drivers\tcpipreg.sys 17F37EC9042D84561C550620643D9A85
C:\Windows\system32\DRIVERS\tdx.sys 91D3F2A6253EF83EFBD7903028F58C4D
C:\Windows\System32\drivers\terminpt.sys E730D0EB1B84EBC98423FC8D285EDBC0
C:\Windows\System32\drivers\tpm.sys 169B0A246067457FEF8A18EED7EED9D5
C:\Windows\System32\drivers\tsusbflt.sys 48E828C66AB016E48F2CB4DD585315FD
C:\Windows\System32\drivers\TsUsbGD.sys 267C76EE60736EA5A1811A53FA02AABE
C:\Windows\System32\drivers\tunnel.sys 8CE72F094B822AD5EE9C3A3AFC0C16B6
C:\Windows\System32\drivers\uagp35.sys 42C546414F80BD6C0137FC3A106F8A69
C:\Windows\System32\drivers\uaspstor.sys 1686DBC81748B096232B15F16C302985
C:\Windows\System32\Drivers\UcmCx.sys 3995CC3DEDED258768B8EBC2F4C0DC73
C:\Windows\System32\drivers\UcmUcsi.sys 1C95F7CE37D9EFB90EBE987A9712356C
C:\Windows\System32\drivers\ucx01000.sys AED081772091C98173905E2DF28C223B
C:\Windows\System32\drivers\udecx.sys DCA34A111C29E4578DF2B8CEA3C7CDBD
C:\Windows\System32\DRIVERS\udfs.sys 718A956AE00CE086F381044AB66CC29C
C:\Windows\System32\drivers\UEFI.sys BA760F8E66428BA9FF1E8BFBC6248136
C:\Windows\System32\drivers\ufx01000.sys 5F0D997E6FC5A418D7673148CEF72887
C:\Windows\System32\drivers\UfxChipidea.sys 2B1DABA97DDF5365FC66EE7DEDD86A13
C:\Windows\System32\drivers\ufxsynopsys.sys DB630FC660443D63EBAB2C830C298EFE
C:\Windows\System32\drivers\uliagpkx.sys 6DE78C04BF32ECA7AF3064F53687C9A5
C:\Windows\System32\drivers\umbus.sys 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4
C:\Windows\System32\drivers\umpass.sys 11680607944A719EF20E0E740785712A
C:\Windows\System32\drivers\urschipidea.sys 2410A0C20D21A25E6C01979FA886BE90
C:\Windows\System32\drivers\urscx01000.sys 6E59CE43B6BA5AA1ADCF36A4DBBB92BB
C:\Windows\System32\drivers\urssynopsys.sys E8A59FA109A22FC07E44BDFCC9727DBD
C:\Windows\System32\drivers\usbccgp.sys D8A44550ECE102B6443F5D54DCE7DAB3
C:\Windows\System32\drivers\usbcir.sys 66B3D22DAB5312FF238ABF5C6D9F8FAB
C:\Windows\System32\drivers\usbehci.sys 3E4F20DB902D2E2914F3FF3DB9772200
C:\Windows\System32\drivers\usbhub.sys 41F7F00D76904416EF1F9EFA1A4C37A2
C:\Windows\System32\drivers\UsbHub3.sys 12A0B486EA13DF46C27B90CC2CE92FE5
C:\Windows\System32\drivers\usbohci.sys DAB35CCA86F5FBE77D870A40089BC4A1
C:\Windows\System32\drivers\usbprint.sys 21162F65C7756AAECAEBED9E67D0A5FE
C:\Windows\System32\drivers\usbser.sys F259A45D6B555B14CC8365AA6BC8DC20
C:\Windows\System32\drivers\USBSTOR.SYS 37C2CD8587BF7F785381EB7B26916B52
C:\Windows\System32\drivers\usbuhci.sys 8B3E458A8851F9A3B2109B1680EE1159
C:\Windows\System32\Drivers\usbvideo.sys 4B13B61CBB9CC3CB373C60B930D648F5
C:\Windows\System32\drivers\USBXHCI.SYS 325727F01F03C504CF788618A13DC266
C:\Windows\System32\drivers\vdrvroot.sys E1BE37312785A71862516F66B3FD24CE
C:\Windows\System32\drivers\VerifierExt.sys E42C0F2850735FF9D908B9DB581E6314
C:\Windows\System32\drivers\vhdmp.sys EC15FD6A28757793E2DA394CD94ABD52
C:\Windows\System32\drivers\vhf.sys D0C9632C350F46786643A069251BC249
C:\Windows\System32\drivers\vmbus.sys E886CB75DA2B6EB35469EF10135624C7
C:\Windows\System32\drivers\VMBusHID.sys 46D2EC27820EC0F798F85821E53C2942
C:\Windows\System32\drivers\volmgr.sys B9265F47E7A354BAAA0AF5CBA3F8F7CE
C:\Windows\System32\drivers\volmgrx.sys BEE9C8B72AB752B794F69C2B9B3678AA
C:\Windows\System32\drivers\volsnap.sys E1F91A727A04C9F8199D04FF3BBBF63C
C:\Windows\System32\drivers\vpci.sys F7B1B1101271E31F43CC76E890704F51
C:\Windows\System32\drivers\vsmraid.sys D48ED0A08BD2FD25A833E6AC99623091
C:\Windows\System32\drivers\vstxraid.sys 6990D4AFDF545669D4E6C232F26DE1FB
C:\Windows\System32\drivers\vwifibus.sys 1EE11F0508C58EF081F4176E66D6970B
C:\Windows\System32\drivers\vwififlt.sys 938E4EF58E42D252B742B0E243011B90
C:\Windows\System32\drivers\wacompen.sys 00C27B64C758C111E5D78A70DE6CA2B6
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\System32\drivers\WdBoot.sys 069D3D6E20AD753B34FCE856F0436869
C:\Windows\System32\drivers\Wdf01000.sys 6CC727E94CD84E9720FDCDA8089CABCC
C:\Windows\System32\drivers\WdFilter.sys E3E97151A1D1E87BB2D5371F66C5F169
C:\Windows\System32\DRIVERS\wdiwifi.sys E70DDD8E2245CC67547B0861983912D8
C:\Windows\System32\Drivers\WdNisDrv.sys 07B043160399AF4009054E2EA3464BF4
C:\Windows\System32\drivers\wfplwfs.sys C11272713719922DE5711094333BD166
C:\Windows\System32\drivers\wimmount.sys EF536C54AB9281FDC4E83B07279FCFC4
C:\Windows\System32\drivers\WindowsTrustedRT.sys D8966A76408107224C6013993135DD78
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 8B102A7B6CE326FD4208CC7C2D183343
C:\Windows\System32\drivers\winmad.sys 4A53441C1C4D2878BEF27E381138BB2D
C:\Windows\System32\drivers\WinUSB.SYS 260907CE034FE327AC99BDA4153AB22F
C:\Windows\System32\drivers\winverbs.sys 40A3E8D729F458B2C9A8BD9380FF83D5
C:\Windows\System32\drivers\wmiacpi.sys 8F010BF65238F3F822D22BA12831796E
C:\Windows\System32\Drivers\Wof.sys 2A9650FCC696DB28E45EA8B33B99B8E6
C:\Windows\System32\DRIVERS\wpcfltr.sys 22C52D7EE7C7D0E02C8EFD8CAE8E3A71
C:\Windows\System32\drivers\WpdUpFltr.sys 1C08E424CBDD5065BB7266F8C048C1B1
C:\Windows\system32\drivers\ws2ifsl.sys 638B43D39A3D0B47024555CF1095E6F1
C:\Windows\System32\drivers\WudfPf.sys A928F25CB62232F413EE655352856E10
C:\Windows\System32\drivers\WudfRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\System32\drivers\xboxgip.sys 80BC02A73A3949A7AEF34791206C7D7F
C:\Windows\System32\drivers\xinputhid.sys 1F1EF8E701859581251B52035C1C1CEF
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-13 18:53 - 2016-02-13 18:53 - 00000014 _____ C:\Users\Administrator\Desktop\helloworld.htm
2016-02-13 16:42 - 2016-02-13 16:42 - 00000000 ____D C:\Users\joe\AppData\Local\PeerDistRepub
2016-02-13 16:39 - 2016-02-13 16:39 - 00007034 _____ C:\Users\joe\Downloads\crashDump.txt
2016-02-13 16:39 - 2016-02-13 16:39 - 00007034 _____ C:\Users\joe\Downloads\crashDump (1).txt
2016-02-13 11:23 - 2016-02-13 11:24 - 101213136 _____ (Viber Media Inc.) C:\Users\joe\Downloads\ViberSetup.exe
2016-02-12 21:26 - 2016-02-12 21:26 - 00000000 ____D C:\Users\joe\AppData\LocalLow\Temp
2016-02-12 20:20 - 2016-02-12 20:20 - 00000000 ____D C:\vs2016projects
2016-02-10 20:54 - 2016-01-27 18:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 20:54 - 2016-01-27 18:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 20:54 - 2016-01-27 18:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 20:54 - 2016-01-27 18:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 20:54 - 2016-01-27 18:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 20:54 - 2016-01-27 18:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 20:54 - 2016-01-27 18:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 20:54 - 2016-01-27 17:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 20:54 - 2016-01-27 17:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 20:54 - 2016-01-27 17:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 20:54 - 2016-01-27 17:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 20:54 - 2016-01-27 17:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 20:53 - 2016-01-29 19:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 20:53 - 2016-01-29 19:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 20:53 - 2016-01-27 19:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 20:53 - 2016-01-27 19:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 20:53 - 2016-01-27 19:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 20:53 - 2016-01-27 19:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 20:53 - 2016-01-27 19:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 20:53 - 2016-01-27 18:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 20:53 - 2016-01-27 18:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 20:53 - 2016-01-27 18:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 20:53 - 2016-01-27 18:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 20:53 - 2016-01-27 18:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 20:53 - 2016-01-27 18:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 20:53 - 2016-01-27 18:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 20:53 - 2016-01-27 18:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 20:53 - 2016-01-27 18:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 20:53 - 2016-01-27 18:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 20:53 - 2016-01-27 18:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 20:53 - 2016-01-27 18:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 20:53 - 2016-01-27 18:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 20:53 - 2016-01-27 18:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 20:53 - 2016-01-27 18:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 20:53 - 2016-01-27 18:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 20:53 - 2016-01-27 18:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 20:53 - 2016-01-27 18:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 20:53 - 2016-01-27 18:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 20:53 - 2016-01-27 18:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 20:53 - 2016-01-27 18:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 20:53 - 2016-01-27 18:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 20:53 - 2016-01-27 18:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 20:53 - 2016-01-27 18:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 20:53 - 2016-01-27 18:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 20:53 - 2016-01-27 18:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 20:53 - 2016-01-27 18:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 20:53 - 2016-01-27 18:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 20:53 - 2016-01-27 18:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 20:53 - 2016-01-27 17:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 20:53 - 2016-01-27 17:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 20:53 - 2016-01-27 17:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 20:53 - 2016-01-27 17:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 20:53 - 2016-01-27 17:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 20:53 - 2016-01-27 17:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 20:53 - 2016-01-27 17:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 20:53 - 2016-01-27 17:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 20:53 - 2016-01-27 17:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 20:53 - 2016-01-27 17:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 20:53 - 2016-01-27 17:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 20:53 - 2016-01-27 17:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 20:53 - 2016-01-27 17:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 20:53 - 2016-01-27 17:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 20:53 - 2016-01-27 17:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 20:53 - 2016-01-27 17:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 20:53 - 2016-01-27 17:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-05 11:18 - 2016-02-05 11:18 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\DriverTalent
2016-02-05 10:12 - 2016-02-05 11:13 - 00000000 ____D C:\EFSTMPWP
2016-02-05 08:41 - 2016-02-05 08:41 - 00000000 ____D C:\SymCache
2016-02-05 08:36 - 2016-02-05 08:37 - 00000000 ____D C:\Users\Administrator\Documents\WPR Files
2016-02-05 08:34 - 2016-02-05 10:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\Windows Performance Analyzer
2016-02-05 08:34 - 2016-02-05 08:34 - 00000000 ____D C:\Users\Administrator\Documents\WPA Files
2016-02-04 20:24 - 2016-02-04 20:24 - 00000000 ____D C:\Program Files (x86)\IIS Express
2016-02-04 20:22 - 2016-02-04 20:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2016-02-04 20:20 - 2016-02-04 20:20 - 00000000 ____D C:\Program Files\Microsoft DNX
2016-02-04 20:20 - 2016-02-04 20:20 - 00000000 ____D C:\Program Files\DNX
2016-02-04 20:16 - 2016-02-04 20:16 - 00681408 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\AspNet5.ENU.RC1_Update1.exe
2016-02-04 20:16 - 2016-02-04 20:16 - 00681408 _____ (Microsoft Corporation) C:\Users\Administrator\Downloads\AspNet5.ENU.RC1_Update1 (1).exe
2016-02-04 20:00 - 2016-02-04 20:00 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\NuGet
2016-02-04 20:00 - 2016-02-04 20:00 - 00000000 ____D C:\Symbols
2016-02-04 18:28 - 2016-02-04 18:28 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Temp
2016-02-04 18:28 - 2016-02-04 18:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\GitHubVisualStudio
2016-02-04 18:27 - 2016-02-04 18:33 - 00000000 ____D C:\Users\Administrator\Documents\Visual Studio 2015
2016-02-04 18:27 - 2016-02-04 18:27 - 00000000 ____D C:\Users\Administrator\Documents\Visual Studio Next
2016-02-04 08:44 - 2016-02-04 08:44 - 00000000 ____D C:\Users\joe\AppData\Local\ActiveSync
2016-02-04 08:42 - 2016-02-04 08:42 - 00000000 ____D C:\Users\joe\AppData\Local\VirtualStore
2016-02-03 19:55 - 2016-02-03 19:55 - 00417064 _____ () C:\Users\Administrator\Downloads\DellSystemDetectLauncher.exe
2016-02-03 19:55 - 2016-02-03 19:55 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-02-03 19:55 - 2016-02-03 19:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub
2016-02-03 19:55 - 2016-02-03 19:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
2016-02-03 19:55 - 2016-02-03 19:55 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2016-02-03 19:39 - 2016-02-03 19:39 - 01508352 _____ C:\Users\Administrator\Downloads\adwcleaner_5.032 (3).exe
2016-02-03 19:28 - 2016-02-03 19:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\ActiveSync
2016-02-03 19:25 - 2016-02-03 18:58 - 00024064 _____ C:\WINDOWS\zoek-delete.exe
2016-02-03 19:21 - 2016-02-03 19:22 - 01508352 _____ C:\Users\Administrator\Downloads\adwcleaner_5.032 (2).exe
2016-02-03 18:58 - 2016-02-03 19:18 - 00000000 ____D C:\zoek_backup
2016-02-03 18:58 - 2016-02-03 18:58 - 01309184 _____ C:\Users\Administrator\Downloads\zoek.exe
2016-02-03 18:31 - 2016-02-03 18:31 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-02-03 14:53 - 2016-02-03 14:57 - 00253368 _____ C:\TDSSKiller.3.1.0.9_03.02.2016_14.53.26_log.txt
2016-02-03 14:52 - 2016-02-03 14:52 - 00004162 _____ C:\TDSSKiller.3.1.0.9_03.02.2016_14.52.22_log.txt
2016-02-03 14:42 - 2016-02-03 14:51 - 00504254 _____ C:\TDSSKiller.3.1.0.9_03.02.2016_14.42.47_log.txt
2016-02-03 14:42 - 2016-02-03 14:42 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller.exe
2016-02-03 14:22 - 2016-02-03 14:23 - 00064314 _____ C:\Users\Administrator\Downloads\MTB.txt
2016-02-03 14:21 - 2016-02-03 14:21 - 00891392 _____ (Farbar) C:\Users\Administrator\Downloads\MiniToolBox.exe
2016-02-03 12:37 - 2016-02-03 12:37 - 00033206 _____ C:\Users\Administrator\Downloads\Addition.txt
2016-02-03 12:35 - 2016-02-14 12:12 - 00036399 _____ C:\Users\Administrator\Downloads\FRST.txt
2016-02-03 12:35 - 2016-02-14 12:11 - 00000000 ____D C:\FRST
2016-02-03 12:32 - 2016-02-03 12:35 - 02370560 _____ (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2016-02-03 12:27 - 2016-02-03 12:27 - 02870984 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_enu (1).exe
2016-02-03 12:00 - 2016-02-03 12:01 - 01508352 _____ C:\Users\Administrator\Downloads\adwcleaner_5.032 (1).exe
2016-02-03 10:59 - 2016-02-03 11:51 - 00000000 ____D C:\AdwCleaner
2016-02-03 10:57 - 2016-02-03 10:59 - 01508352 _____ C:\Users\Administrator\Downloads\adwcleaner_5.032.exe
2016-02-03 10:55 - 2016-02-03 10:55 - 00000000 ____D C:\Program Files (x86)\ESET
2016-02-03 10:54 - 2016-02-03 10:55 - 02870984 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_enu.exe
2016-02-03 09:56 - 2016-02-03 09:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\join.me
2016-02-03 09:44 - 2016-02-03 09:44 - 00002314 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (4).lnk
2016-02-03 09:44 - 2016-02-03 09:44 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-02-03 09:38 - 2016-02-03 09:38 - 00002314 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (3).lnk
2016-02-03 09:38 - 2016-02-03 09:38 - 00000000 ____D C:\WINDOWS\pss
2016-02-03 09:33 - 2016-02-03 09:33 - 00002314 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support (2).lnk
2016-02-03 09:03 - 2016-02-03 09:03 - 00002314 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Support.lnk
2016-02-01 15:45 - 2016-02-01 15:45 - 00007605 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2016-02-01 15:27 - 2016-02-01 15:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2016-02-01 15:26 - 2016-02-11 17:47 - 00002387 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-01 15:26 - 2016-02-11 17:47 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-02-01 15:26 - 2016-02-01 15:26 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2016-02-01 15:25 - 2016-02-01 16:05 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-02-01 15:25 - 2016-02-01 15:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-02-01 15:25 - 2016-02-01 15:26 - 00000000 ____D C:\Users\Administrator
2016-02-01 15:25 - 2016-02-01 15:25 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-02-01 15:25 - 2016-02-01 15:25 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-02-01 15:25 - 2016-02-01 15:25 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2016-01-30 18:15 - 2016-01-30 18:15 - 00002024 _____ C:\Users\joe\Downloads\Add_Take_Ownership_to_context_menu.reg
2016-01-30 17:38 - 2016-02-13 21:03 - 00001208 _____ C:\Users\Public\Desktop\Security Task Manager.lnk
2016-01-30 17:38 - 2016-01-30 17:38 - 00000000 ____D C:\Program Files (x86)\Security Task Manager
2016-01-30 17:37 - 2016-01-30 17:37 - 02836520 _____ C:\Users\joe\Downloads\SecurityTaskManager_Setup.exe
2016-01-30 14:33 - 2016-01-30 14:33 - 00084792 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2016-01-30 14:33 - 2016-01-30 14:33 - 00000000 ____D C:\Users\joe\Downloads\processmonitor
2016-01-30 14:32 - 2016-01-30 14:32 - 00967601 _____ C:\Users\joe\Downloads\processmonitor.zip
2016-01-30 12:02 - 2016-01-30 12:02 - 00000000 ____D C:\Users\joe\AppData\Local\Intel
2016-01-30 12:01 - 2016-01-30 12:01 - 00001239 _____ C:\Users\Public\Desktop\Intel® Driver Update Utility 2.4.lnk
2016-01-30 12:01 - 2016-01-30 12:01 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2016-01-30 12:00 - 2016-01-30 12:00 - 04953064 _____ (Intel) C:\Users\joe\Downloads\Intel Driver Update Utility Installer.exe
2016-01-30 11:04 - 2016-01-30 11:04 - 00000000 ____D C:\iBTWU
2016-01-30 10:17 - 2016-01-31 19:49 - 00004134 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-01-30 10:17 - 2016-01-30 10:17 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-01-30 10:17 - 2016-01-30 10:17 - 00003418 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2016-01-30 10:17 - 2016-01-30 10:17 - 00003304 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2016-01-30 10:17 - 2016-01-30 10:17 - 00000000 ____D C:\Program Files\Dell Support Center
2016-01-30 10:15 - 2016-01-30 10:15 - 02219736 _____ (Dell Inc) C:\Users\joe\Downloads\aulauncher.exe
2016-01-30 10:13 - 2016-01-30 10:13 - 00417064 _____ () C:\Users\joe\Downloads\DellSystemDetect.exe
2016-01-29 18:15 - 2016-02-10 20:34 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-29 18:15 - 2016-02-03 10:42 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-29 18:15 - 2016-01-29 18:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-29 18:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-29 18:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-29 18:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-29 18:14 - 2016-01-29 18:14 - 22908888 _____ (Malwarebytes ) C:\Users\joe\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-29 17:56 - 2016-01-29 17:56 - 00003286 _____ C:\WINDOWS\System32\Tasks\{5D2A4D2B-1B4F-401C-9090-27C7B3BF7496}
2016-01-29 17:53 - 2016-01-29 17:56 - 137956376 _____ (Dell Inc.) C:\Users\joe\Downloads\Video_Driver_XGPWM_WN_9.17.10.3040_A12.EXE
2016-01-29 17:19 - 2016-01-29 17:20 - 129957096 _____ (Intel Corporation) C:\Users\joe\Downloads\win64_153338.exe
2016-01-28 17:02 - 2016-01-28 17:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-01-28 15:55 - 2016-01-28 15:55 - 04379104 _____ (Phoenix Technologies Ltd.) C:\Users\joe\Downloads\L321XA08 (2).exe
2016-01-28 15:47 - 2016-01-28 15:48 - 04379104 _____ (Phoenix Technologies Ltd.) C:\Users\joe\Downloads\L321XA08 (1).exe
2016-01-28 15:20 - 2016-01-28 15:20 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-01-28 15:20 - 2012-05-15 07:13 - 00144896 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2016-01-28 15:20 - 2012-05-15 07:13 - 00020992 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-01-28 15:20 - 2012-05-15 06:20 - 00104448 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2016-01-28 15:09 - 2016-01-28 15:18 - 153875272 _____ C:\Users\joe\Downloads\Video_Intel_W84_A00_Setup-H79NY_ZPE.exe
2016-01-28 15:05 - 2016-01-28 15:05 - 00000000 ____D C:\Users\joe\AppData\Local\Dell
2016-01-28 14:55 - 2016-01-28 15:05 - 165388443 _____ (Dell Inc.) C:\Users\joe\Downloads\XPS-L321X_Video_Driver_G7XF5_WN_8.15.10.2712_A04.EXE
2016-01-28 14:44 - 2016-01-28 14:45 - 07964184 _____ C:\Users\joe\Downloads\APP_Quickset_W78_A07_HP6F0-Setup_ZPE (1).exe
2016-01-28 14:00 - 2016-01-28 14:01 - 04275578 _____ (DriverIdentifier ) C:\Users\joe\Downloads\driveridentifier_setup.exe
2016-01-28 13:47 - 2016-01-28 13:49 - 105261768 _____ (Lenovo Group Limited ) C:\Users\joe\Downloads\had209ww.exe
2016-01-28 13:19 - 2016-01-16 19:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-28 13:19 - 2016-01-16 19:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-28 13:19 - 2016-01-16 19:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-28 13:19 - 2016-01-16 19:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-28 13:19 - 2016-01-16 19:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-28 13:19 - 2016-01-16 19:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-28 13:19 - 2016-01-16 19:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-28 13:19 - 2016-01-16 19:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-28 13:19 - 2016-01-16 19:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-28 13:19 - 2016-01-16 19:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-28 13:19 - 2016-01-16 19:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-28 13:19 - 2016-01-16 19:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-28 13:19 - 2016-01-16 19:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-28 13:19 - 2016-01-16 19:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-28 13:19 - 2016-01-16 19:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-28 13:19 - 2016-01-16 19:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-28 13:19 - 2016-01-16 19:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-28 13:19 - 2016-01-16 19:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-28 13:19 - 2016-01-16 19:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-28 13:19 - 2016-01-16 19:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-28 13:19 - 2016-01-16 19:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-28 13:19 - 2016-01-16 19:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-28 13:19 - 2016-01-16 18:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-28 13:19 - 2016-01-16 18:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-28 13:19 - 2016-01-16 18:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-28 13:19 - 2016-01-16 18:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-28 13:19 - 2016-01-16 18:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-28 13:19 - 2016-01-16 18:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-28 13:19 - 2016-01-16 18:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-28 13:19 - 2016-01-16 18:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-28 13:19 - 2016-01-16 18:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-28 13:19 - 2016-01-16 18:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-28 13:19 - 2016-01-16 18:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-28 13:19 - 2016-01-16 18:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-28 13:19 - 2016-01-16 18:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-28 13:19 - 2016-01-16 18:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-28 13:19 - 2016-01-16 18:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-28 13:19 - 2016-01-16 18:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-28 13:19 - 2016-01-16 18:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-28 13:19 - 2016-01-16 18:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-28 13:19 - 2016-01-16 18:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-28 13:19 - 2016-01-16 18:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-28 13:19 - 2016-01-16 18:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-28 13:19 - 2016-01-16 18:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-28 13:19 - 2016-01-16 18:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-28 13:19 - 2016-01-16 18:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-28 13:19 - 2016-01-16 18:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-28 13:19 - 2016-01-16 18:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-28 13:19 - 2016-01-16 18:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-28 13:19 - 2016-01-16 18:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-28 13:19 - 2016-01-16 18:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-28 13:19 - 2016-01-16 18:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-28 13:19 - 2016-01-16 18:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-28 13:19 - 2016-01-16 18:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-28 13:19 - 2016-01-16 18:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-28 13:19 - 2016-01-16 18:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-28 13:19 - 2016-01-16 18:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-28 13:19 - 2016-01-16 18:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-28 13:19 - 2016-01-16 18:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-28 13:19 - 2016-01-16 18:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-28 13:19 - 2016-01-16 18:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-28 13:19 - 2016-01-16 18:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-28 13:19 - 2016-01-16 18:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-28 13:19 - 2016-01-16 18:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-28 13:19 - 2016-01-16 18:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-28 13:19 - 2016-01-16 18:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-28 13:19 - 2016-01-16 18:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-28 13:19 - 2016-01-16 18:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-28 13:19 - 2016-01-16 18:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-28 13:19 - 2016-01-16 18:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-28 13:19 - 2016-01-16 18:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-28 13:19 - 2016-01-16 18:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-28 13:19 - 2016-01-16 18:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-28 13:19 - 2016-01-16 18:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-28 13:19 - 2016-01-16 18:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-28 13:19 - 2016-01-16 18:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-28 13:19 - 2016-01-16 18:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-28 13:19 - 2016-01-16 18:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-28 13:19 - 2016-01-16 18:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-28 13:19 - 2016-01-16 18:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-28 13:19 - 2016-01-16 18:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-28 13:19 - 2016-01-16 18:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-28 13:19 - 2016-01-16 18:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-28 13:19 - 2016-01-16 18:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-28 13:19 - 2016-01-16 18:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-28 13:19 - 2016-01-16 18:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-28 13:19 - 2016-01-16 18:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-28 13:19 - 2016-01-16 18:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-28 13:19 - 2016-01-16 18:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-28 13:19 - 2016-01-16 18:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-28 13:19 - 2016-01-16 18:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-28 13:19 - 2016-01-16 18:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-28 13:19 - 2016-01-16 18:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-28 13:19 - 2016-01-16 18:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-28 13:19 - 2016-01-16 18:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-28 13:19 - 2016-01-16 18:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-28 13:19 - 2016-01-16 18:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-28 13:19 - 2016-01-16 18:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-28 13:19 - 2016-01-16 18:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-28 13:19 - 2016-01-16 18:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-28 13:19 - 2016-01-16 18:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-28 13:19 - 2016-01-16 18:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-28 13:19 - 2016-01-16 18:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-28 13:19 - 2016-01-16 18:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-28 13:19 - 2016-01-16 18:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-28 13:19 - 2016-01-16 18:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-28 13:19 - 2016-01-16 18:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-28 13:19 - 2016-01-16 18:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-28 13:12 - 2016-01-28 13:13 - 07964184 _____ C:\Users\joe\Downloads\APP_Quickset_W78_A07_HP6F0-Setup_ZPE.exe
2016-01-28 13:09 - 2016-01-28 13:09 - 00938192 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-01-28 13:08 - 2016-01-28 13:08 - 00000000 ____D C:\Users\joe\AppData\Roaming\Intel Corporation
2016-01-28 12:58 - 2016-01-28 12:58 - 03013864 _____ C:\Users\joe\Downloads\Chipset_Intel_A00_Setup-X685F_ZPE (1).exe
2016-01-28 12:57 - 2012-07-04 10:55 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\WINDOWS\SysWOW64\CSVer.dll
2016-01-28 12:55 - 2016-01-28 12:55 - 03013864 _____ C:\Users\joe\Downloads\Chipset_Intel_A00_Setup-X685F_ZPE.exe
2016-01-28 12:52 - 2016-01-28 12:52 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-28 12:52 - 2016-01-28 12:52 - 00000000 ____D C:\Dell
2016-01-28 12:52 - 2012-07-09 13:43 - 00645952 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iaStorA.sys
2016-01-28 12:50 - 2016-01-28 12:51 - 12467064 _____ C:\Users\joe\Downloads\SATA_Intel_W8_A00_Setup-TVTKH_ZPE.exe
2016-01-28 12:44 - 2016-01-28 12:44 - 04379104 _____ (Phoenix Technologies Ltd.) C:\Users\joe\Downloads\L321XA08.exe
2016-01-28 11:07 - 2016-01-28 11:07 - 00768232 _____ (Reimage®) C:\Users\joe\Downloads\ReimageRepair.exe
2016-01-28 09:03 - 2016-01-28 09:03 - 04864677 _____ C:\Users\joe\Downloads\GitHub.VisualStudio.vsix
2016-01-28 09:01 - 2016-01-28 09:01 - 00000000 ____D C:\Users\joe\AppData\Roaming\NuGet
2016-01-28 08:59 - 2016-01-28 08:59 - 00000000 ____D C:\Users\joe\Documents\Visual Studio Next
2016-01-28 08:50 - 2016-02-03 18:47 - 00002589 _____ C:\Users\Public\Desktop\WPCups.lnk
2016-01-28 08:50 - 2016-02-03 18:47 - 00001105 _____ C:\Users\Public\Desktop\Windows TShell.lnk
2016-01-28 08:40 - 2016-01-28 08:40 - 01147432 _____ (Microsoft Corporation) C:\Users\joe\Downloads\wdksetup.exe
2016-01-27 20:27 - 2016-02-12 21:26 - 00000000 ____D C:\Users\joe\Documents\Visual Studio 2015
2016-01-27 20:25 - 2016-01-27 20:25 - 00000000 ____D C:\Program Files (x86)\Windows Phone Kits
2016-01-27 20:14 - 2016-01-27 20:14 - 00000000 ____D C:\Program Files\Application Verifier
2016-01-27 20:14 - 2016-01-27 20:14 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2016-01-27 20:07 - 2016-01-27 20:07 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-01-27 20:00 - 2016-01-27 20:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-01-27 19:58 - 2016-01-27 19:58 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-01-27 19:58 - 2016-01-27 19:58 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-01-27 19:52 - 2015-10-30 20:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-01-27 19:50 - 2016-02-13 17:18 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-27 19:50 - 2016-01-27 19:50 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-01-27 19:49 - 2016-01-28 15:19 - 00000000 ____D C:\Intel
2016-01-27 19:49 - 2016-01-27 19:49 - 00849474 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2016-01-27 19:49 - 2016-01-27 19:49 - 00190454 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2016-01-27 19:49 - 2016-01-27 19:49 - 00031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2016-01-27 19:49 - 2016-01-27 19:49 - 00010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2016-01-27 19:49 - 2016-01-27 19:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsAlsDriver_01_11_00.Wdf
2016-01-27 19:49 - 2016-01-27 19:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2016-01-27 19:49 - 2016-01-27 19:49 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-01-27 19:49 - 2016-01-27 19:49 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-01-27 19:49 - 2016-01-27 19:49 - 00000000 ____D C:\Program Files\Realtek
2016-01-27 19:48 - 2016-01-27 19:48 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-01-27 19:48 - 2016-01-27 07:47 - 00189240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-27 19:46 - 2016-01-27 19:46 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-01-27 19:44 - 2016-01-27 19:44 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-01-27 19:43 - 2016-01-27 19:43 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-01-27 19:37 - 2016-01-27 19:37 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-01-27 19:37 - 2016-01-27 19:37 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-01-27 19:37 - 2016-01-27 19:37 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
2016-01-27 19:32 - 2016-01-27 19:32 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2016-01-27 19:27 - 2016-01-27 19:27 - 00000000 ____D C:\WINDOWS\symbols
2016-01-27 19:26 - 2016-01-27 19:26 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2016-01-27 19:23 - 2016-01-27 19:59 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-01-27 19:23 - 2016-01-27 19:58 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-01-27 19:20 - 2016-01-27 19:25 - 00000000 ____D C:\WINDOWS\system32\1033
2016-01-27 19:19 - 2016-01-27 20:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-01-27 19:19 - 2016-01-27 19:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsSimulatorDriver_01_11_00.Wdf
2016-01-27 19:18 - 2016-01-27 20:25 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-01-27 19:18 - 2016-01-27 19:51 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-01-27 19:14 - 2016-01-27 19:14 - 00211832 _____ (Microsoft Corporation) C:\Users\joe\Downloads\VSToolsForWindows1C.exe
2016-01-27 18:48 - 2016-01-27 18:48 - 06826984 _____ (Piriform Ltd) C:\Users\joe\Downloads\ccsetup514pro (1).exe
2016-01-27 17:58 - 2016-01-27 17:59 - 04295760 _____ (Phoenix Technologies Ltd.) C:\Users\joe\Downloads\L321XA01.exe
2016-01-27 16:44 - 2016-01-27 16:44 - 00003920 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2016-01-27 16:44 - 2016-01-27 16:44 - 00000000 ____D C:\Program Files (x86)\Dell
2016-01-27 15:18 - 2016-01-28 13:13 - 00000000 ____D C:\Program Files\Dell
2016-01-27 15:18 - 2016-01-27 15:18 - 00000000 ____D C:\Users\joe\AppData\Roaming\Dell
2016-01-27 15:18 - 2016-01-27 15:18 - 00000000 ____D C:\Users\joe\AppData\LocalLow\PCDr
2016-01-27 15:17 - 2016-01-30 10:24 - 00000000 ____D C:\temp
2016-01-27 15:17 - 2016-01-27 16:42 - 00000000 ____D C:\Users\joe\AppData\Roaming\PCDr
2016-01-27 15:15 - 2016-01-27 15:15 - 00000000 ____D C:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-01-27 15:14 - 2016-01-30 10:13 - 00000000 ____D C:\Users\joe\AppData\Local\Deployment
2016-01-27 15:14 - 2016-01-27 15:14 - 00000000 ____D C:\Users\joe\AppData\Local\Apps\2.0
2016-01-27 14:54 - 2016-01-27 14:54 - 00000000 ____D C:\Users\Public\Thunder Network
2016-01-27 14:52 - 2016-02-13 23:57 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft
2016-01-27 14:52 - 2016-01-27 14:52 - 10599176 _____ (OSToto Co., Ltd.) C:\Users\joe\Downloads\DriverTalent_odld_setup(1).exe
2016-01-27 14:52 - 2016-01-27 14:52 - 00000000 ____D C:\Users\joe\AppData\Roaming\DriverTalent
2016-01-27 14:52 - 2016-01-27 14:52 - 00000000 ____D C:\OSTotoFolder
2016-01-27 14:51 - 2016-01-27 14:51 - 07229440 _____ C:\Users\joe\Downloads\DriverTalent_odld_setup.exe
2016-01-27 14:28 - 2016-02-14 11:49 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-27 14:28 - 2016-02-13 18:55 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-27 14:28 - 2016-02-11 17:56 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-27 14:28 - 2016-02-02 12:44 - 00003996 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-27 14:28 - 2016-02-02 12:44 - 00003764 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-27 14:28 - 2016-01-29 18:32 - 00000000 ____D C:\Users\joe\AppData\Local\Google
2016-01-27 14:28 - 2016-01-27 14:28 - 00002866 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-01-27 14:28 - 2016-01-27 14:28 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-01-27 14:28 - 2016-01-27 14:28 - 00000000 ____D C:\Program Files\CCleaner
2016-01-27 14:27 - 2016-01-27 14:28 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-27 14:26 - 2016-01-27 14:27 - 06826984 _____ (Piriform Ltd) C:\Users\joe\Downloads\ccsetup514pro.exe
2016-01-27 14:10 - 2016-02-13 11:13 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E6A4BD72-8FB1-4922-ADCB-DCAE85D4967A}
2016-01-27 12:00 - 2016-01-27 12:00 - 00121069 _____ C:\Users\joe\Downloads\memtest86+-5.01.usb.installer.zip
2016-01-27 11:48 - 2016-01-27 11:48 - 00000000 _____ C:\Recovery.txt
2016-01-27 11:47 - 2016-01-27 14:31 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-27 11:47 - 2016-01-27 11:47 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-01-27 11:47 - 2016-01-27 11:47 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-01-27 11:47 - 2016-01-27 11:47 - 00000000 ____D C:\Program Files\Cypress
2016-01-27 11:46 - 2016-01-27 19:27 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-01-27 11:46 - 2016-01-27 11:46 - 00000000 ____D C:\WINDOWS\Setup
2016-01-27 11:46 - 2016-01-27 11:46 - 00000000 ____D C:\WINDOWS\OCR
2016-01-27 11:46 - 2016-01-27 11:46 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-01-27 11:46 - 2016-01-27 11:46 - 00000000 ____D C:\Program Files\MSBuild
2016-01-27 11:46 - 2016-01-27 11:46 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-01-27 11:45 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-01-27 11:45 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-01-27 11:45 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-01-27 11:45 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-01-27 11:45 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-01-27 11:45 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-01-27 11:45 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-01-27 11:45 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-01-27 11:45 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-01-27 11:45 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-01-27 11:45 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\system32\0409
2016-01-27 11:45 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-01-27 11:44 - 2016-02-04 08:01 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-27 11:44 - 2016-02-04 08:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-27 11:43 - 2016-01-27 11:41 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2016-01-27 11:43 - 2016-01-27 11:41 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2016-01-27 11:43 - 2016-01-27 11:41 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2016-01-27 11:43 - 2016-01-27 11:41 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2016-01-27 11:43 - 2016-01-27 11:41 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2016-01-27 11:42 - 2016-02-13 20:26 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-27 11:42 - 2016-02-13 17:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-01-27 11:42 - 2016-02-12 19:32 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-27 11:42 - 2016-02-04 20:20 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-01-27 11:42 - 2016-02-04 13:59 - 00000000 ____D C:\WINDOWS\Registration
2016-01-27 11:42 - 2016-02-03 19:18 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-01-27 11:42 - 2016-01-30 13:22 - 00000000 ____D C:\WINDOWS\rescache
2016-01-27 11:42 - 2016-01-29 18:49 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2016-01-27 11:42 - 2016-01-29 08:30 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-01-27 11:42 - 2016-01-29 08:30 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-01-27 11:42 - 2016-01-29 08:30 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-01-27 11:42 - 2016-01-29 08:30 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-27 11:42 - 2016-01-29 08:30 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-27 11:42 - 2016-01-29 08:30 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-27 11:42 - 2016-01-28 15:49 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-01-27 11:42 - 2016-01-28 07:35 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-27 11:42 - 2016-01-27 19:52 - 00000000 ____D C:\WINDOWS\system32\spool
2016-01-27 11:42 - 2016-01-27 19:52 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-01-27 11:42 - 2016-01-27 19:50 - 00000000 ____D C:\WINDOWS\CSC
2016-01-27 11:42 - 2016-01-27 19:49 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-01-27 11:42 - 2016-01-27 19:20 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-27 11:42 - 2016-01-27 11:48 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\system32\setup
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\system32\Com
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\IME
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\Help
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-01-27 11:42 - 2016-01-27 11:45 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-01-27 11:42 - 2016-01-27 11:43 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-01-27 11:42 - 2016-01-27 11:43 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-01-27 11:42 - 2016-01-27 11:43 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-01-27 11:42 - 2016-01-27 11:43 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-01-27 11:42 - 2016-01-27 11:43 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-01-27 11:42 - 2016-01-27 11:43 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-01-27 11:42 - 2016-01-27 11:43 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-01-27 11:42 - 2016-01-27 11:43 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 __RSD C:\WINDOWS\Media
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 __RHD C:\Users\Public\Libraries
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\Web
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\Vss
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\tracing
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\TAPI
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SystemResources
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SystemApps
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\ras
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\IME
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\ias
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\System
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SKB
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\ShellNew
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\security
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\schemas
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\SchCache
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\Resources
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\PLA
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\Performance
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\InputMethod
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\Globalization
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\Cursors
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\Branding
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\addins
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\Program Files\Windows NT
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\Program Files\Common Files\Services
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-01-27 11:42 - 2016-01-27 11:42 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-01-27 11:42 - 2016-01-27 11:41 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-01-27 11:42 - 2016-01-27 11:41 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-01-27 11:42 - 2016-01-27 11:41 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-01-27 11:42 - 2016-01-27 11:41 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-01-27 11:42 - 2016-01-27 11:41 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2016-01-27 11:42 - 2016-01-27 11:41 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-01-27 11:42 - 2016-01-27 11:41 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2016-01-27 11:42 - 2016-01-27 11:41 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-01-27 11:42 - 2016-01-27 11:41 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-01-27 11:42 - 2016-01-27 11:41 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-01-27 11:42 - 2016-01-27 11:41 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-01-27 11:42 - 2016-01-27 11:41 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2016-01-27 11:42 - 2016-01-27 11:41 - 00000219 _____ C:\WINDOWS\system.ini
2016-01-27 11:42 - 2016-01-27 11:41 - 00000092 _____ C:\WINDOWS\win.ini
2016-01-27 11:42 - 2016-01-27 07:48 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-01-27 11:42 - 2016-01-27 07:45 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-01-27 11:42 - 2016-01-27 07:44 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-01-27 11:42 - 2016-01-27 07:44 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-01-27 11:42 - 2016-01-27 07:44 - 00000000 ____D C:\WINDOWS\Provisioning
2016-01-27 11:42 - 2016-01-27 07:35 - 00000000 ____D C:\WINDOWS\appcompat
2016-01-27 11:42 - 2016-01-26 22:57 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-01-27 11:42 - 2016-01-26 22:57 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-01-27 11:42 - 2016-01-26 22:57 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-01-27 11:41 - 2016-02-13 17:24 - 00000000 ____D C:\WINDOWS\INF
2016-01-27 11:38 - 2016-02-12 22:23 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-27 11:35 - 2016-02-13 17:18 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-27 11:35 - 2016-01-27 19:50 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-27 11:35 - 2016-01-27 11:45 - 00000000 ____D C:\WINDOWS\servicing
2016-01-27 11:35 - 2016-01-27 11:42 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-01-27 11:35 - 2015-10-30 19:33 - 00000164 _____ C:\WINDOWS\system32\config\FP
2016-01-27 11:08 - 2016-01-27 11:08 - 00000000 ____D C:\Users\joe\AppData\Roaming\Macromedia
2016-01-27 10:37 - 2016-01-29 18:00 - 00000000 ____D C:\Users\joe\AppData\Local\ElevatedDiagnostics
2016-01-27 10:09 - 2016-02-13 16:36 - 00007632 _____ C:\Users\joe\AppData\Local\resmon.resmoncfg
2016-01-27 10:02 - 2016-01-27 10:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-01-27 07:48 - 2016-01-27 07:48 - 00000000 ____D C:\Users\joe\AppData\Local\Comms
2016-01-27 07:42 - 2015-12-09 16:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-01-27 07:41 - 2016-02-12 22:30 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-27 07:41 - 2016-02-12 22:23 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-27 07:40 - 2016-01-28 15:20 - 00000000 ____D C:\Program Files (x86)\Intel
2016-01-27 07:39 - 2016-01-27 07:39 - 00000000 ____D C:\Users\joe\AppData\Local\MicrosoftEdge
2016-01-27 07:36 - 2016-02-10 20:35 - 00002361 _____ C:\Users\joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-27 07:36 - 2016-02-10 20:35 - 00000000 ___RD C:\Users\joe\OneDrive
2016-01-26 22:57 - 2016-02-13 18:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-26 22:57 - 2016-01-27 07:49 - 00000000 ____D C:\Users\joe\AppData\Local\Packages
2016-01-26 22:57 - 2016-01-27 07:36 - 00000000 ____D C:\Users\joe
2016-01-26 22:57 - 2016-01-26 22:57 - 00000020 ___SH C:\Users\joe\ntuser.ini
2016-01-26 22:57 - 2016-01-26 22:57 - 00000000 ____D C:\Users\joe\AppData\Roaming\Adobe
2016-01-26 22:57 - 2016-01-26 22:57 - 00000000 ____D C:\Users\joe\AppData\Local\TileDataLayer
2016-01-26 22:57 - 2016-01-26 22:57 - 00000000 ____D C:\Users\joe\AppData\Local\Publishers
2016-01-26 22:54 - 2016-02-13 17:24 - 00931094 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-26 21:59 - 2016-01-27 11:48 - 00000000 ___HD C:\$SysReset
2016-01-13 08:56 - 2016-01-05 15:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-13 08:56 - 2016-01-05 15:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-13 08:56 - 2016-01-05 15:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-13 08:56 - 2016-01-05 15:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-13 08:56 - 2016-01-05 15:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-13 08:56 - 2016-01-05 15:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-13 08:56 - 2016-01-05 15:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-13 08:56 - 2016-01-05 15:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-13 08:56 - 2016-01-05 15:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-13 08:56 - 2016-01-05 15:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-13 08:56 - 2016-01-05 15:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-13 08:56 - 2016-01-05 15:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-13 08:56 - 2016-01-05 15:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-13 08:56 - 2016-01-05 15:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-13 08:56 - 2016-01-05 15:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-13 08:56 - 2016-01-05 15:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-13 08:56 - 2016-01-05 15:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-13 08:56 - 2016-01-05 15:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-13 08:56 - 2016-01-05 15:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-13 08:56 - 2016-01-05 15:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-13 08:56 - 2016-01-05 15:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-13 08:56 - 2016-01-05 15:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-13 08:56 - 2016-01-05 15:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-13 08:56 - 2016-01-05 15:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-13 08:56 - 2016-01-05 15:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-13 08:56 - 2016-01-05 15:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-13 08:56 - 2016-01-05 15:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-13 08:56 - 2016-01-05 14:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-13 08:56 - 2016-01-05 14:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-13 08:56 - 2016-01-05 14:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-13 08:56 - 2016-01-05 14:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-13 08:56 - 2016-01-05 14:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-13 08:56 - 2016-01-05 14:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-13 08:56 - 2016-01-05 14:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-13 08:56 - 2016-01-05 14:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-13 08:56 - 2016-01-05 14:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-13 08:56 - 2016-01-05 14:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-13 08:56 - 2016-01-05 14:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-13 08:56 - 2016-01-05 14:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-13 08:56 - 2016-01-05 14:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-13 08:56 - 2016-01-05 14:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-13 08:56 - 2016-01-05 14:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-13 08:56 - 2016-01-05 14:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-13 08:56 - 2016-01-05 14:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-13 08:56 - 2016-01-05 14:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-13 08:56 - 2016-01-05 14:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-13 08:56 - 2016-01-05 14:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-13 08:56 - 2016-01-05 14:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-13 08:56 - 2016-01-05 14:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-13 08:56 - 2016-01-05 14:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-13 08:56 - 2016-01-05 14:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-13 08:56 - 2016-01-05 14:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-13 08:56 - 2016-01-05 14:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-13 08:56 - 2016-01-05 14:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-13 08:56 - 2016-01-05 14:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-13 08:56 - 2016-01-05 14:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-13 08:56 - 2016-01-05 14:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-13 08:56 - 2016-01-05 14:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-13 08:56 - 2016-01-05 14:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-13 08:56 - 2016-01-05 14:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-13 08:56 - 2016-01-05 14:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-13 08:56 - 2016-01-05 14:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-13 08:56 - 2016-01-05 14:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-13 08:56 - 2016-01-05 14:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-13 08:56 - 2016-01-05 14:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-13 08:56 - 2016-01-05 14:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-13 08:56 - 2016-01-05 14:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 10:50 - 2015-12-07 17:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 10:50 - 2015-12-07 17:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 10:50 - 2015-12-07 17:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 10:50 - 2015-12-07 17:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 10:50 - 2015-12-07 17:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 10:50 - 2015-12-07 17:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 10:50 - 2015-12-07 17:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 10:50 - 2015-12-07 17:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 10:50 - 2015-12-07 17:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 10:50 - 2015-12-07 17:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 10:50 - 2015-12-07 17:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 10:50 - 2015-12-07 17:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 10:50 - 2015-12-07 17:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 10:50 - 2015-12-07 17:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 10:50 - 2015-12-07 17:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 10:50 - 2015-12-07 17:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 10:50 - 2015-12-07 17:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 10:50 - 2015-12-07 17:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 10:50 - 2015-12-07 17:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 10:50 - 2015-12-07 17:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 10:50 - 2015-12-07 17:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 10:50 - 2015-12-07 17:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 10:50 - 2015-12-07 17:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 10:50 - 2015-12-07 17:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 10:50 - 2015-12-07 17:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 10:50 - 2015-12-07 17:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 10:50 - 2015-12-07 17:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 10:50 - 2015-12-07 17:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 10:50 - 2015-12-07 17:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 10:50 - 2015-12-07 17:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 10:50 - 2015-12-07 17:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 10:50 - 2015-12-07 17:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 10:50 - 2015-12-07 16:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 10:50 - 2015-12-07 16:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 10:50 - 2015-12-07 16:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 10:50 - 2015-12-07 16:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 10:50 - 2015-12-07 16:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 10:50 - 2015-12-07 16:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 10:50 - 2015-12-07 16:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 10:50 - 2015-12-07 16:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 10:50 - 2015-12-07 16:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 10:50 - 2015-12-07 16:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 10:50 - 2015-12-07 16:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 10:50 - 2015-12-07 16:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 10:50 - 2015-12-07 16:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 10:50 - 2015-12-07 16:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 10:50 - 2015-12-07 16:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 10:50 - 2015-12-07 16:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 10:50 - 2015-12-07 16:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 10:50 - 2015-12-07 16:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 10:50 - 2015-12-07 16:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 10:50 - 2015-12-07 16:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 10:50 - 2015-12-07 16:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 10:50 - 2015-12-07 16:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 10:50 - 2015-12-07 16:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 10:50 - 2015-12-07 16:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 10:50 - 2015-12-07 16:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-13 19:38 - 2015-12-01 20:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-13 19:38 - 2015-11-24 23:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-13 19:38 - 2015-11-24 23:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-13 19:38 - 2015-11-24 22:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-13 19:38 - 2015-11-24 22:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-13 19:38 - 2015-11-24 22:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-13 19:38 - 2015-11-24 22:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-13 19:38 - 2015-11-24 22:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-13 19:38 - 2015-11-24 22:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-13 19:38 - 2015-11-24 22:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-13 19:38 - 2015-11-24 21:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-13 19:38 - 2015-11-24 21:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-13 19:38 - 2015-11-24 21:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-13 19:38 - 2015-11-24 21:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-13 19:38 - 2015-11-24 21:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-13 19:38 - 2015-11-24 20:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-13 19:38 - 2015-11-24 20:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-13 19:38 - 2015-11-24 20:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-13 19:38 - 2015-11-24 20:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-04 21:49 - 2015-11-22 23:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-04 21:49 - 2015-11-22 23:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-04 21:49 - 2015-11-22 23:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-04 21:49 - 2015-11-22 23:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-04 21:49 - 2015-11-22 23:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-04 21:49 - 2015-11-22 23:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-04 21:49 - 2015-11-22 23:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-04 21:49 - 2015-11-22 23:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-04 21:49 - 2015-11-22 23:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-04 21:49 - 2015-11-22 23:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-04 21:49 - 2015-11-22 23:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-04 21:49 - 2015-11-22 23:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-04 21:49 - 2015-11-22 22:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-04 21:49 - 2015-11-22 22:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-04 21:49 - 2015-11-22 22:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-04 21:49 - 2015-11-22 22:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-04 21:49 - 2015-11-22 22:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-04 21:49 - 2015-11-22 22:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-04 21:49 - 2015-11-22 22:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-04 21:49 - 2015-11-22 22:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-04 21:49 - 2015-11-22 22:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-04 21:49 - 2015-11-22 22:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-04 21:49 - 2015-11-22 22:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-04 21:49 - 2015-11-22 22:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-04 21:49 - 2015-11-22 22:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-04 21:49 - 2015-11-22 22:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-04 21:49 - 2015-11-22 22:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-04 21:49 - 2015-11-22 22:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-04 21:49 - 2015-11-22 22:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-04 21:49 - 2015-11-22 22:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-04 21:49 - 2015-11-22 22:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-04 21:49 - 2015-11-22 22:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-04 21:49 - 2015-11-22 22:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-04 21:49 - 2015-11-22 22:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-04 21:49 - 2015-11-22 22:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-04 21:49 - 2015-11-22 22:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-04 21:49 - 2015-11-22 22:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-04 21:49 - 2015-11-22 22:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-04 21:49 - 2015-11-22 22:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-04 21:49 - 2015-11-22 22:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-04 21:49 - 2015-11-22 22:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-04 21:49 - 2015-11-22 22:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-04 21:49 - 2015-11-22 22:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-04 21:49 - 2015-11-22 22:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-04 21:49 - 2015-11-22 22:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-04 21:49 - 2015-11-22 22:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-04 21:49 - 2015-11-22 22:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-04 21:49 - 2015-11-22 22:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-04 21:49 - 2015-11-22 22:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-04 21:49 - 2015-11-22 22:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-04 21:49 - 2015-11-22 22:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-04 21:49 - 2015-11-22 22:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-04 21:49 - 2015-11-22 22:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-04 21:49 - 2015-11-22 22:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-04 21:49 - 2015-11-22 22:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-04 21:49 - 2015-11-22 22:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-04 21:49 - 2015-11-22 22:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-04 21:49 - 2015-11-22 22:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-04 21:49 - 2015-11-22 22:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-04 21:49 - 2015-11-22 22:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-04 21:49 - 2015-11-22 22:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-04 21:49 - 2015-11-22 22:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-04 21:49 - 2015-11-22 22:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-04 21:49 - 2015-11-22 22:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-04 21:49 - 2015-11-22 22:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-04 21:49 - 2015-11-22 22:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-04 21:49 - 2015-11-22 22:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-04 21:49 - 2015-11-22 22:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-04 21:49 - 2015-11-22 22:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-04 21:49 - 2015-11-22 22:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-04 21:49 - 2015-11-22 22:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-04 21:49 - 2015-11-22 22:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-04 21:49 - 2015-11-22 22:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-04 21:49 - 2015-11-22 22:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-04 21:49 - 2015-11-22 22:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-04 21:49 - 2015-11-22 22:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-04 21:49 - 2015-11-22 22:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-04 21:49 - 2015-11-22 22:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-04 21:49 - 2015-11-22 22:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-04 21:49 - 2015-11-22 22:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-04 21:49 - 2015-11-22 22:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-04 21:49 - 2015-11-22 22:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-04 21:49 - 2015-11-22 22:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-04 21:49 - 2015-11-22 22:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-04 21:49 - 2015-11-22 22:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-04 21:49 - 2015-11-22 22:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-04 21:49 - 2015-11-22 22:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-04 21:49 - 2015-11-22 22:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-04 21:49 - 2015-11-22 22:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-04 21:49 - 2015-11-22 22:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-04 21:48 - 2015-11-22 23:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-04 21:48 - 2015-11-22 22:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-04 21:48 - 2015-11-22 22:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-04 21:48 - 2015-11-22 22:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-04 21:48 - 2015-11-22 22:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-04 21:48 - 2015-11-22 22:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-04 21:48 - 2015-11-22 22:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-04 21:48 - 2015-11-22 22:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-04 21:48 - 2015-11-22 22:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-04 21:48 - 2015-11-22 22:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-04 21:48 - 2015-11-22 22:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-04 21:48 - 2015-11-22 22:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-04 21:48 - 2015-11-22 22:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-04 21:48 - 2015-11-22 22:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-04 21:48 - 2015-11-22 22:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-04 21:48 - 2015-11-22 22:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-04 21:48 - 2015-11-22 22:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-11-26 07:29 - 2015-11-21 18:44 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-11-26 07:29 - 2015-11-21 18:29 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-11-26 07:29 - 2015-11-21 18:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-11-20 09:25 - 2015-11-13 18:39 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-11-20 09:24 - 2015-11-13 19:55 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-11-20 09:24 - 2015-11-13 19:51 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-11-20 09:24 - 2015-11-13 19:51 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-11-20 09:24 - 2015-11-13 19:51 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-11-20 09:24 - 2015-11-13 19:43 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-11-20 09:24 - 2015-11-13 19:43 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-11-20 09:24 - 2015-11-13 19:43 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-11-20 09:24 - 2015-11-13 19:42 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-11-20 09:24 - 2015-11-13 19:42 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-11-20 09:24 - 2015-11-13 19:33 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-11-20 09:24 - 2015-11-13 19:33 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-11-20 09:24 - 2015-11-13 19:33 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-11-20 09:24 - 2015-11-13 19:32 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-11-20 09:24 - 2015-11-13 19:21 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-11-20 09:24 - 2015-11-13 19:21 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-11-20 09:24 - 2015-11-13 19:21 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-11-20 09:24 - 2015-11-13 19:21 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-11-20 09:24 - 2015-11-13 19:09 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-11-20 09:24 - 2015-11-13 19:07 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-11-20 09:24 - 2015-11-13 19:06 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-11-20 09:24 - 2015-11-13 19:05 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-11-20 09:24 - 2015-11-13 19:05 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-11-20 09:24 - 2015-11-13 19:05 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-11-20 09:24 - 2015-11-13 19:05 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-11-20 09:24 - 2015-11-13 19:04 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-11-20 09:24 - 2015-11-13 19:04 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-11-20 09:24 - 2015-11-13 19:04 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-11-20 09:24 - 2015-11-13 19:03 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-11-20 09:24 - 2015-11-13 19:00 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-11-20 09:24 - 2015-11-13 18:59 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-11-20 09:24 - 2015-11-13 18:58 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-11-20 09:24 - 2015-11-13 18:57 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-11-20 09:24 - 2015-11-13 18:57 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2015-11-20 09:24 - 2015-11-13 18:56 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-11-20 09:24 - 2015-11-13 18:55 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-11-20 09:24 - 2015-11-13 18:55 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2015-11-20 09:24 - 2015-11-13 18:54 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2015-11-20 09:24 - 2015-11-13 18:53 - 01073664 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2015-11-20 09:24 - 2015-11-13 18:53 - 00727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2015-11-20 09:24 - 2015-11-13 18:53 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-11-20 09:24 - 2015-11-13 18:52 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2015-11-20 09:24 - 2015-11-13 18:51 - 08574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2015-11-20 09:24 - 2015-11-13 18:50 - 05562880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2015-11-20 09:24 - 2015-11-13 18:49 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-11-20 09:24 - 2015-11-13 18:40 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-11-20 09:24 - 2015-11-13 18:40 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-11-20 09:24 - 2015-11-13 18:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-11-20 09:24 - 2015-11-13 18:33 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-11-20 09:24 - 2015-11-13 18:31 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2015-11-20 09:24 - 2015-11-13 18:30 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-11-20 09:24 - 2015-11-13 18:30 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-11-20 09:24 - 2015-11-13 18:29 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2015-11-20 09:24 - 2015-11-13 18:29 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2015-11-20 09:24 - 2015-11-13 18:28 - 00763904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2015-11-20 09:24 - 2015-11-13 18:28 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2015-11-20 09:24 - 2015-11-13 18:27 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-11-20 09:24 - 2015-11-13 18:26 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2015-11-20 09:24 - 2015-11-13 18:25 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2015-11-20 09:24 - 2015-11-13 18:23 - 06584320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2015-11-20 09:24 - 2015-11-13 18:23 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-11-20 09:24 - 2015-11-13 18:19 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-11-20 04:55 - 2015-11-20 04:55 - 00634712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfprintpthelper.dll
2015-11-20 04:55 - 2015-11-20 04:55 - 00341680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfprint.dll
2015-11-20 04:55 - 2015-11-20 04:55 - 00176400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vrfcore.dll
2015-11-20 04:55 - 2015-11-20 04:55 - 00100056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfrdvcompat.dll
2015-11-20 04:55 - 2015-11-20 04:55 - 00094880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfnet.dll
2015-11-20 04:55 - 2015-11-20 04:55 - 00072504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfnws.dll
2015-11-20 04:55 - 2015-11-20 04:55 - 00043472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfntlmless.dll
2015-11-20 04:54 - 2015-11-20 04:54 - 00374928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfbasics.dll
2015-11-20 04:54 - 2015-11-20 04:54 - 00249736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfluapriv.dll
2015-11-20 04:54 - 2015-11-20 04:54 - 00169688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appverif.exe
2015-11-20 04:54 - 2015-11-20 04:54 - 00083376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfcompat.dll
2015-11-20 04:54 - 2015-11-20 04:54 - 00046032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfcuzz.dll
2015-11-20 04:54 - 2015-11-20 04:54 - 00022232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cuzzapi.dll
2015-11-20 04:47 - 2015-11-20 04:47 - 01514688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbased.dll
2015-11-20 04:47 - 2015-11-20 04:47 - 00655040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11ref.dll
2015-11-20 04:47 - 2015-11-20 04:47 - 00489664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10sdklayers.dll
2015-11-20 04:47 - 2015-11-20 04:47 - 00370368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10ref.dll
2015-11-20 04:47 - 2015-11-20 04:47 - 00064704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DRefDebug.dll
2015-11-20 04:03 - 2015-11-20 04:03 - 00197248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vrfcore.dll
2015-11-20 04:02 - 2015-11-20 04:02 - 01155744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfprintpthelper.dll
2015-11-20 04:02 - 2015-11-20 04:02 - 00459648 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfprint.dll
2015-11-20 04:02 - 2015-11-20 04:02 - 00422184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfbasics.dll
2015-11-20 04:02 - 2015-11-20 04:02 - 00285664 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfluapriv.dll
2015-11-20 04:02 - 2015-11-20 04:02 - 00204080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appverif.exe
2015-11-20 04:02 - 2015-11-20 04:02 - 00117712 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfnet.dll
2015-11-20 04:02 - 2015-11-20 04:02 - 00109456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfrdvcompat.dll
2015-11-20 04:02 - 2015-11-20 04:02 - 00088680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfcompat.dll
2015-11-20 04:02 - 2015-11-20 04:02 - 00088672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfnws.dll
2015-11-20 04:02 - 2015-11-20 04:02 - 00048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfntlmless.dll
2015-11-20 04:02 - 2015-11-20 04:02 - 00048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfcuzz.dll
2015-11-20 04:02 - 2015-11-20 04:02 - 00024336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cuzzapi.dll
2015-11-20 03:56 - 2015-11-20 03:56 - 01810112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbased.dll
2015-11-20 03:56 - 2015-11-20 03:56 - 00780992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11ref.dll
2015-11-20 03:56 - 2015-11-20 03:56 - 00669376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10sdklayers.dll
2015-11-20 03:56 - 2015-11-20 03:56 - 00469696 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10ref.dll
2015-11-20 03:56 - 2015-11-20 03:56 - 00082624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DRefDebug.dll
2015-11-20 03:56 - 2015-11-20 03:56 - 00031424 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft.windows.softwarelogo.showdesktop.exe
2015-11-19 21:31 - 2015-11-19 21:31 - 01825984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsHelper.dll
2015-11-19 21:31 - 2015-11-19 21:31 - 00222376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSPerf140.dll
2015-11-19 21:22 - 2015-11-19 21:22 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dref9.dll
2015-11-19 21:02 - 2015-11-19 21:02 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dref9.dll
2015-11-19 20:02 - 2015-11-19 20:02 - 03189960 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSGraphicsHelper.dll
2015-11-19 20:02 - 2015-11-19 20:02 - 00274088 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSPerf140.dll
2015-11-18 10:23 - 2015-11-18 10:23 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-11-18 10:23 - 2015-11-18 10:23 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-11-18 10:23 - 2015-11-18 10:23 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-11-18 10:23 - 2015-11-18 10:23 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-11-18 10:23 - 2015-11-18 10:23 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-11-18 10:23 - 2015-11-18 10:23 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-11-18 10:23 - 2015-11-18 10:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-11-18 10:23 - 2015-11-18 10:23 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-11-18 10:23 - 2015-11-18 10:23 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-11-18 10:23 - 2015-11-18 10:23 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-11-18 10:23 - 2015-11-18 10:23 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-11-18 10:23 - 2015-11-18 10:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-11-18 10:23 - 2015-11-18 10:23 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-11-18 10:23 - 2015-11-18 10:23 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-11-18 10:23 - 2015-11-18 10:23 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-11-18 10:23 - 2015-11-18 10:23 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-11-18 10:21 - 2015-10-24 06:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-11-18 10:21 - 2015-10-24 06:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-11-18 10:21 - 2015-10-24 06:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-11-18 10:21 - 2015-10-24 06:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-11-18 10:21 - 2015-10-24 06:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-11-18 10:21 - 2015-10-24 06:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-11-17 22:30 - 2015-10-29 20:12 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2015-11-17 22:30 - 2015-10-29 20:12 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2015-11-17 22:30 - 2015-10-29 19:41 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2015-11-17 22:30 - 2015-10-29 19:40 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2015-11-17 22:30 - 2015-10-29 19:38 - 00369152 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2015-11-17 22:30 - 2015-10-29 19:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2015-11-17 22:30 - 2015-10-29 19:37 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2015-11-17 22:30 - 2015-10-29 19:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2015-11-17 22:30 - 2015-10-29 19:36 - 00349184 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2015-11-17 22:30 - 2015-10-29 19:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2015-11-17 22:30 - 2015-10-29 19:35 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2015-11-17 22:30 - 2015-10-29 19:35 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2015-11-17 22:30 - 2015-10-29 19:34 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2015-11-17 22:30 - 2015-10-29 19:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll
2015-11-17 22:30 - 2015-10-29 19:30 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2015-11-17 22:30 - 2015-10-29 19:29 - 05667840 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2015-11-17 22:30 - 2015-10-29 19:28 - 03292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2015-11-17 22:30 - 2015-10-29 19:27 - 04533760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2015-11-17 22:30 - 2015-10-29 19:27 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2015-11-17 22:30 - 2015-10-29 19:26 - 02470912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2015-11-17 22:30 - 2015-10-29 19:13 - 01001984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2015-11-17 22:30 - 2015-10-29 19:12 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2015-11-17 22:30 - 2015-10-29 19:11 - 01064960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2015-11-17 22:30 - 2015-10-29 19:11 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2015-11-17 21:09 - 2015-11-17 21:09 - 01721216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01009.dll
2015-11-17 21:09 - 2015-11-17 21:09 - 01390904 _____ (Motorola Solutions, Inc.) C:\WINDOWS\system32\Drivers\btmhsf.sys
2015-11-17 21:09 - 2015-11-17 21:09 - 00080184 _____ (Motorola Solutions, Inc.) C:\WINDOWS\system32\btmwu.dll
2015-11-17 21:09 - 2015-11-17 21:09 - 00069088 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\iBtFltCoex.sys
2015-11-17 21:09 - 2015-11-17 21:09 - 00047008 _____ C:\WINDOWS\system32\Drivers\ISCTD64.sys
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
 
==================== Files in the root of some directories =======
 
2016-02-01 15:45 - 2016-02-01 15:45 - 0007605 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2016-01-27 19:49 - 2016-01-27 19:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-GB
inherit                 {globalsettings}
default                 {current}
resumeobject            {cd963d2d-c47e-11e5-9a5e-8d06fd1f8dfc}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0
 
Windows Boot Loader
-------------------
identifier              {63a358b1-6c56-11e5-bb24-f2a52b683591}
device                  ramdisk=[C:]\Recovery\63a358b1-6c56-11e5-bb24-f2a52b683591\Winre.wim,{63a358b2-6c56-11e5-bb24-f2a52b683591}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\63a358b1-6c56-11e5-bb24-f2a52b683591\Winre.wim,{63a358b2-6c56-11e5-bb24-f2a52b683591}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {b2315b14-8d71-11e5-886c-91ecfce5bd42}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{b2315b15-8d71-11e5-886c-91ecfce5bd42}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-GB
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{b2315b15-8d71-11e5-886c-91ecfce5bd42}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.exe
description             Windows 10
locale                  en-GB
inherit                 {bootloadersettings}
recoverysequence        {b2315b14-8d71-11e5-886c-91ecfce5bd42}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {cd963d2d-c47e-11e5-9a5e-8d06fd1f8dfc}
nx                      OptIn
bootmenupolicy          Standard
debug                   No
 
Windows Boot Loader
-------------------
identifier              {e0addb66-6c43-11e5-8af9-9d857d7d4d15}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{e0addb67-6c43-11e5-8af9-9d857d7d4d15}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-GB
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{e0addb67-6c43-11e5-8af9-9d857d7d4d15}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {63a358af-6c56-11e5-bb24-f2a52b683591}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {b11cceb3-6c43-11e5-8af9-9d857d7d4d15}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-GB
inherit                 {resumeloadersettings}
recoverysequence        {e0addb66-6c43-11e5-8af9-9d857d7d4d15}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {cd963d2d-c47e-11e5-9a5e-8d06fd1f8dfc}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-GB
inherit                 {resumeloadersettings}
recoverysequence        {b2315b14-8d71-11e5-886c-91ecfce5bd42}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-GB
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {63a358b2-6c56-11e5-bb24-f2a52b683591}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\63a358b1-6c56-11e5-bb24-f2a52b683591\boot.sdi
 
Device options
--------------
identifier              {63a358b3-6c56-11e5-bb24-f2a52b683591}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi
 
Device options
--------------
identifier              {b2315b15-8d71-11e5-886c-91ecfce5bd42}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Device options
--------------
identifier              {e0addb67-6c43-11e5-8af9-9d857d7d4d15}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
Device options
--------------
identifier              {e5f03232-8d03-11e5-9bcd-00dbdf0d73b0}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi
 
 
 
LastRegBack: 2016-02-08 20:09
 
==================== End of FRST.txt ============================
 
The addition.txt is as follows - 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-01-2016
Ran by Administrator (2016-02-14 12:12:56)
Running from C:\Users\Administrator\Downloads
Windows 10 Pro (X64) (2016-01-26 09:56:01)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1134921887-2961836692-3154474486-500 - Administrator - Enabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1134921887-2961836692-3154474486-503 - Limited - Disabled)
Guest (S-1-5-21-1134921887-2961836692-3154474486-501 - Limited - Disabled)
joe (S-1-5-21-1134921887-2961836692-3154474486-1001 - Administrator - Enabled) => C:\Users\joe
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{B87B45A1-B23C-48DC-8857-9B619B420925}) (Version: 4.1.60107.3 - Microsoft Corporation)
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools for Windows 10 - ENU (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Build Tools for Windows 10 (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
CodedUITestUAP (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Cypress TrackPad (HKLM\...\{7F2F6CC5-434B-4311-9DE2-60C7CAF50B73}_is1) (Version: 2.5.1.72 - Cypress Semiconductor, Inc.)
Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
Dell System Detect (HKU\S-1-5-21-1134921887-2961836692-3154474486-1001\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Dell System Detect (HKU\S-1-5-21-1134921887-2961836692-3154474486-500\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Dotfuscator and Analytics Community Edition 5.19.0 (x32 Version: 5.19.0.2930 - PreEmptive Solutions) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
IDE Tools for Windows 10 - ENU (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Imaging Tools Support (x32 Version: 10.1.10586.0 - Microsoft) Hidden
Intel® Driver Update Utility 2.4 (x32 Version: 2.4.0.5 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{270e4d1a-19f9-46c3-93b3-e61d4a24ab9f}) (Version: 2.4.0.5 - Intel)
Intellisense Lang Pack Mobile Extension SDK 10.0.10586.0 (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Kits Configuration Installer (x32 Version: 10.1.10586.0 - Microsoft) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft ASP.NET 5 RC1 Update 1 (HKLM-x32\...\{782d25e1-8377-4417-a491-3013700fe300}) (Version: 1.0.11123.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.24720 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 1 (HKLM-x32\...\{1d03ad7c-fa27-4517-91b0-410bb49f94d9}) (Version: 14.0.24720.1 - Microsoft Corporation)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Professionald 2015 - ENU (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.39 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.24728 - Microsoft Corporation) Hidden
SDK ARM Additions (x32 Version: 10.1.10586.0 - Microsoft Corporation) Hidden
SDK ARM Additions EULA (x32 Version: 10.1.10586.0 - Microsoft Corporations) Hidden
SDK ARM Redistributables (x32 Version: 10.1.10586.0 - Microsoft Corporation) Hidden
SDK Debuggers ARM (x32 Version: 10.1.10586.0 - Microsoft Corporation) Hidden
Security Task Manager 2.1e (HKLM-x32\...\Security Task Manager) (Version: 2.1e - Neuber Software)
Team Explorer for Microsoft Visual Studio 2015 (x32 Version: 14.0.24712 - Microsoft Corporation) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
TypeScript Power Tool (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.7.6.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 1.7.6.0 (HKLM-x32\...\{5ee9a47a-3630-4016-b76d-dc752e9218dd}) (Version: 1.7.24809.0 - Microsoft Corporation)
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual Studio 2015 Update 1 (KB3022398) (HKLM-x32\...\{fcaa9dba-9438-48b6-ad91-4e9b4cc7084a}) (Version: 14.0.24720 - Microsoft Corporation)
VS Update core components (x32 Version: 14.0.24720 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
Windows Driver Kit - Windows 10.0.10586.0 (HKLM-x32\...\{39fdd508-112c-4e73-b736-c5378725b145}) (Version: 10.1.10586.0 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{E65EDBCC-C437-45DF-96BE-46B672317F41}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.15 (HKLM-x32\...\{28a123e5-1799-4f20-9bd8-7c46f30eb7bf}) (Version: 10.1.10586.15 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.1.10586.15 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1134921887-2961836692-3154474486-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\joe\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1134921887-2961836692-3154474486-500_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Administrator\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {1CBBBEC1-0C0C-4100-A3D6-6D8F6E0EF46F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-27] (Google Inc.)
Task: {2104FE42-C21E-4DB8-B23F-6C8D3F8937A8} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-30] (PC-Doctor, Inc.)
Task: {46F47876-C0FF-42C3-830C-4F542FD9349A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-27] (Google Inc.)
Task: {57854E39-EF9B-4D66-832A-FD59A3D1C569} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-12-30] (PC-Doctor, Inc.)
Task: {A9195B2F-CA6A-45D2-8B5F-C54BC4A05007} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-16] (Piriform Ltd)
Task: {AAAAA4CC-A221-455A-A915-8F8D6EDFA65E} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {BF7F1BE6-8D48-4A49-BA9F-5B226C003BA0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-12] (Microsoft Corporation)
Task: {D4B88C2A-4D7E-4D1A-A6DC-641E5441B6F0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {D58639B7-FBBD-416D-921F-6B2BF8FAE2C0} - System32\Tasks\{5D2A4D2B-1B4F-401C-9090-27C7B3BF7496} => pcalua.exe -a C:\Users\joe\Downloads\win64_153338.exe -d C:\Users\joe\Downloads
Task: {DB14246F-0AC6-492B-9549-CDEDFAC862BA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
Task: {DC020181-6FF9-4C99-BAB2-6643E4676516} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 20:18 - 2015-10-30 20:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-04 21:49 - 2015-11-22 23:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-04 21:49 - 2015-11-22 23:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-18 10:50 - 2015-12-07 17:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 10:50 - 2015-12-07 17:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 10:50 - 2015-12-07 17:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-01-13 08:56 - 2016-01-05 14:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 08:56 - 2016-01-05 14:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 13:19 - 2016-01-16 18:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 13:19 - 2016-01-16 18:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-06 12:48 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2016-01-07 05:41 - 2016-01-07 05:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2015-10-30 20:18 - 2015-10-30 20:18 - 02100064 _____ () C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
2016-02-11 17:56 - 2016-02-10 00:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-11 17:56 - 2016-02-10 00:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
2016-02-13 20:41 - 2016-02-13 20:41 - 00747520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Vbeb7089b#\d3965a2425cb2d243acd883693abd6ab\Microsoft.VisualStudio.Threading.ni.dll
2016-02-13 20:41 - 2016-02-13 20:41 - 00052224 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.Vd43b287e#\c9cbbe58406f71b99f7846d7cc371ea1\Microsoft.VisualStudio.Validation.ni.dll
2016-02-11 17:56 - 2016-02-10 00:58 - 16810824 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll
2016-01-30 17:38 - 2013-05-20 08:58 - 00620718 _____ () C:\Program Files (x86)\Security Task Manager\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-01-27 11:42 - 2016-01-27 11:41 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1134921887-2961836692-3154474486-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1134921887-2961836692-3154474486-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: CyTpService => 2
MSCONFIG\Services: DellDataVault => 2
MSCONFIG\Services: DellDataVaultWiz => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: LMIRescue_2edc319d-2a43-451a-bbbf-26556998b015 => 2
MSCONFIG\Services: SupportAssistAgent => 2
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3ADA0A8C-9DB6-4F8C-86EA-CC7DBC29DC6D}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [{6802D727-DA05-4750-8134-1703801CF821}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{69B1D4CF-F483-4B64-B5A7-E2CB16EB9EF7}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{5D7F3F03-3540-4B6F-974B-C769EC5403DA}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [{46890ABF-1057-4D50-88F3-06C8A0C9EAAC}] => (Allow) LPort=21
FirewallRules: [{B36086D4-D795-4A78-A6B3-11A31523F5E0}] => (Allow) LPort=29817
FirewallRules: [TCP Query User{8C9AB666-EF77-4BDE-BD04-46DBB7EC0B08}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [UDP Query User{D1B5DD67-F668-46DE-AEE1-FB74E2E865B5}C:\windows\system32\mmc.exe] => (Allow) C:\windows\system32\mmc.exe
FirewallRules: [TCP Query User{4EF80829-1AA6-4D90-8CFA-937A38385BF4}C:\program files (x86)\windows kits\10\debuggers\x86\windbg.exe] => (Allow) C:\program files (x86)\windows kits\10\debuggers\x86\windbg.exe
FirewallRules: [UDP Query User{37A59169-3CDD-4A1E-88E2-ED7C34A31D1D}C:\program files (x86)\windows kits\10\debuggers\x86\windbg.exe] => (Allow) C:\program files (x86)\windows kits\10\debuggers\x86\windbg.exe
FirewallRules: [TCP Query User{1E828B2A-0F30-4E80-B9A7-881FC6E04EB8}C:\program files (x86)\windows kits\10\debuggers\x64\windbg.exe] => (Block) C:\program files (x86)\windows kits\10\debuggers\x64\windbg.exe
FirewallRules: [UDP Query User{C4BDDAFC-8A5A-4D1E-850A-A4DB5BB84DDB}C:\program files (x86)\windows kits\10\debuggers\x64\windbg.exe] => (Block) C:\program files (x86)\windows kits\10\debuggers\x64\windbg.exe
FirewallRules: [{0E4A17B5-E44A-496D-ACFD-4D89B8489A65}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-02-2016 20:16:26 Microsoft ASP.NET 5 RC1 Update 1
12-02-2016 22:21:16 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/13/2016 06:53:59 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-L2QIGK4)
Description: Activation of application Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppXre20k58eaa822f0smszc2fbv5y0azn7k.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/13/2016 11:32:39 AM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-L2QIGK4)
Description: Product: Viber -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502. The arguments are: , ,
 
Error: (02/13/2016 11:32:38 AM) (Source: MsiInstaller) (EventID: 10005) (User: DESKTOP-L2QIGK4)
Description: Product: Viber -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2503. The arguments are: , ,
 
Error: (02/12/2016 11:07:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35, time stamp: 0x566505bc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0
Exception code: 0xc000027b
Fault offset: 0x00000000006943bb
Faulting process ID: 0x22f0
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report ID: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
 
Error: (02/12/2016 10:21:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (02/11/2016 08:09:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-L2QIGK4)
Description: Activation of application Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147467259 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/11/2016 08:00:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-L2QIGK4)
Description: Activation of application Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147467259 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/11/2016 08:00:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-L2QIGK4)
Description: Activation of application Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/11/2016 08:00:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35, time stamp: 0x566505bc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0
Exception code: 0xc000027b
Fault offset: 0x00000000006fce8b
Faulting process ID: 0x1e40
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report ID: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
 
Error: (02/11/2016 06:07:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-L2QIGK4)
Description: Activation of application Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (02/14/2016 12:00:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L2QIGK4)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-L2QIGK4joeS-1-5-21-1134921887-2961836692-3154474486-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/14/2016 11:57:23 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/14/2016 11:47:14 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L2QIGK4)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-L2QIGK4joeS-1-5-21-1134921887-2961836692-3154474486-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/14/2016 11:38:45 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L2QIGK4)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-L2QIGK4joeS-1-5-21-1134921887-2961836692-3154474486-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/14/2016 11:14:31 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L2QIGK4)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-L2QIGK4joeS-1-5-21-1134921887-2961836692-3154474486-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/14/2016 11:08:59 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L2QIGK4)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-L2QIGK4joeS-1-5-21-1134921887-2961836692-3154474486-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/14/2016 10:02:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/14/2016 09:52:02 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L2QIGK4)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-L2QIGK4joeS-1-5-21-1134921887-2961836692-3154474486-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/14/2016 09:22:07 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-L2QIGK4)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-L2QIGK4joeS-1-5-21-1134921887-2961836692-3154474486-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/14/2016 12:21:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-02-14 09:22:10.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-13 17:18:34.556
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-12 22:49:39.159
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-30 17:08:46.550
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-30 12:24:06.095
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-29 08:34:26.899
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-28 12:19:28.538
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-28 07:33:48.845
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-27 07:47:25.548
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-26 22:55:44.856
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2637M CPU @ 1.70GHz
Percentage of memory in use: 83%
Total physical RAM: 3406.59 MB
Available physical RAM: 553.06 MB
Total Virtual: 7502.59 MB
Available Virtual: 2756.47 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:237.94 GB) (Free:188.96 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: CD53C12E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=237.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================
 
Hope this makes sense to someone.
 
Thank you
 
 

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Get the free version of Speccy:
 
http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Download, Save and Install it.  Run Speccy.  When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  (It will be near the top about 10 lines down.) Attach the file to your next post.
 
 
et Process Explorer
 
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Open the file Procexp.txt on your desktop and copy and paste the text to a reply.
 
 

  • 0

#3
joe1990

joe1990

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Hi RKinner,

 

Thanks for your reply. Please see attached.

 

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 76.11 0 K 4 K 0
WmiPrvSE.exe 4.50 10,412 K 16,116 K 5536 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 2.82 1,435,040 K 1,034,660 K 856 Google Chrome Google Inc. (Verified) Google Inc
procexp64.exe 2.22 30,860 K 48,292 K 10104 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
svchost.exe 1.62 35,380 K 45,652 K 356 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Interrupts 1.27 0 K 0 K n/a Hardware Interrupts and DPCs
Taskmgr.exe 1.26 17,644 K 36,880 K 5988 Task Manager Microsoft Corporation (Verified) Microsoft Windows
perfmon.exe 1.10 37,240 K 30,184 K 9856 Resource and Performance Monitor Microsoft Corporation (Verified) Microsoft Windows
IAStorDataMgrSvc.exe 1.04 468,916 K 61,884 K 3728 IAStorDataSvc Intel Corporation (No signature was present in the subject) Intel Corporation
System 0.93 1,900 K 65,892 K 4
pcdrcui.exe 0.92 164,564 K 8,172 K 7828 SupportAssist PC-Doctor, Inc. (Verified) Dell Inc.
dwm.exe 0.88 43,996 K 33,312 K 1008 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
MsMpEng.exe 0.88 140,412 K 78,444 K 2208 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
csrss.exe 0.56 1,984 K 15,388 K 588 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
WmiPrvSE.exe 0.52 5,108 K 8,412 K 11192 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
TaskMan.exe 0.51 19,128 K 23,356 K 5700 Security Task Manager Neuber Software (Verified) A. & M. Neuber Software
TaskMan.exe 0.47 18,924 K 22,724 K 2084 Security Task Manager Neuber Software (Verified) A. & M. Neuber Software
pcdrrealtime.p5x 0.41 17,772 K 6,068 K 4416 PC-Doctor Module PC-Doctor, Inc. (Verified) PC-Doctor
Speccy64.exe 0.33 13,696 K 35,888 K 6536 Speccy Piriform Ltd (Verified) Piriform Ltd
WmiPrvSE.exe 0.29 26,520 K 15,048 K 5072 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.24 69,724 K 84,004 K 3804 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
FRST64.exe 0.14 24,200 K 22,984 K 7308 Farbar Recovery Scan Tool Farbar (No signature was present in the subject) Farbar
svchost.exe 0.14 23,332 K 20,476 K 1288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.11 6,596 K 9,988 K 888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.09 107,748 K 70,340 K 4164 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.08 176,248 K 51,044 K 4148 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.07 115,532 K 71,424 K 10692 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.06 10,436 K 17,956 K 360 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
devenv.exe 0.04 145,288 K 65,680 K 3940 Microsoft Visual Studio 2015 Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 0.04 16,288 K 23,676 K 376 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.04 56,832 K 40,180 K 2132 Google Chrome Google Inc. (Verified) Google Inc
Microsoft.VsHub.Server.HttpHost.exe 0.03 102,248 K 80,656 K 496 Microsoft.VsHub.Server.HttpHost.exe Microsoft Corporation (Verified) Microsoft Corporation
WmiApSrv.exe 0.03 1,396 K 6,560 K 7108 WMI Performance Reverse Adapter Microsoft Corporation (Verified) Microsoft Windows
MSASCui.exe 0.03 5,096 K 16,500 K 2784 Windows Defender User Interface Microsoft Corporation (Verified) Microsoft Windows
chrome.exe 0.02 84,908 K 37,476 K 7064 Google Chrome Google Inc. (Verified) Google Inc
lsass.exe 0.02 5,896 K 10,728 K 720 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.02 13,108 K 23,028 K 1252 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.02 116,840 K 68,752 K 6984 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.01 65,368 K 42,076 K 4960 Google Chrome Google Inc. (Verified) Google Inc
NisSrv.exe 0.01 11,780 K 6,568 K 2988 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe 0.01 35,008 K 42,612 K 1080 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
CCleaner64.exe 0.01 8,988 K 16,500 K 9792 CCleaner Piriform Ltd (Verified) Piriform Ltd
explorer.exe 0.01 52,552 K 72,304 K 6916 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
CCleaner64.exe 0.01 8,392 K 20,048 K 5376 CCleaner Piriform Ltd (Verified) Piriform Ltd
quickset.exe 0.01 3,140 K 11,920 K 4468 QuickSet Dell Inc. (Verified) Dell Inc
chrome.exe 0.01 44,488 K 28,184 K 8316 Google Chrome Google Inc. (Verified) Google Inc
quickset.exe 0.01 3,164 K 11,740 K 8400 QuickSet Dell Inc. (Verified) Dell Inc
svchost.exe 0.01 7,228 K 15,864 K 832 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
NetworkUXBroker.exe 0.01 4,848 K 15,848 K 5760 Network UX Broker Microsoft Corporation (Verified) Microsoft Windows
dllhost.exe 0.01 1,692 K 8,888 K 5716 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
mmc.exe < 0.01 60,108 K 16,676 K 5012 Microsoft Management Console Microsoft Corporation (Verified) Microsoft Windows
notepad.exe < 0.01 1,948 K 10,600 K 9008 Notepad Microsoft Corporation (Verified) Microsoft Windows
notepad.exe < 0.01 2,512 K 10,812 K 3172 Notepad Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 1,568 K 14,932 K 5060 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
conhost.exe < 0.01 10,512 K 9,212 K 3832 Console Window Host Microsoft Corporation (Verified) Microsoft Windows
notepad.exe < 0.01 2,044 K 10,832 K 8188 Notepad Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 1,860 K 6,608 K 1140 Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,988 K 6,428 K 668 Windows Log-on Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 1,808 K 6,304 K 7372 Windows Log-on Application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 944 K 3,476 K 580 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows Publisher
VsHub.exe 24,220 K 35,736 K 1280 VsHub.exe Microsoft Corporation (Verified) Microsoft Corporation
unsecapp.exe 1,376 K 6,404 K 5504 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1,224 K 6,228 K 9888 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
TrustedInstaller.exe 1,472 K 5,264 K 7092 Windows Modules Installer Microsoft Corporation (Verified) Microsoft Windows
TiWorker.exe 1,968 K 7,580 K 9128 Windows Modules Installer Worker Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 5,644 K 14,400 K 1704 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
taskhostw.exe 4,856 K 12,140 K 8224 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
SystemSettingsBroker.exe 3,832 K 16,568 K 5632 System Settings Broker Microsoft Corporation (Verified) Microsoft Windows
SystemSettingsAdminFlows.exe 2,684 K 8,964 K 3252 Settings Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 7,784 K 17,780 K 1088 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,852 K 6,836 K 2616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,320 K 16,376 K 2168 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,456 K 19,628 K 1600 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,940 K 4,616 K 7204 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,224 K 11,560 K 10288 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,136 K 7,080 K 2152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,288 K 11,456 K 620 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 5,828 K 10,584 K 1844 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
smss.exe 364 K 888 K 340 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows Publisher
sihost.exe 4,608 K 20,592 K 124 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 3,760 K 15,288 K 8924 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 35,180 K 55,300 K 4128 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 19,400 K 37,320 K 9272 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
services.exe 3,144 K 5,476 K 712 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchUI.exe Suspended 79,736 K 47,336 K 4280 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 38,696 K 51,488 K 9432 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 36,476 K 27,144 K 3932 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 15,772 K 33,044 K 3856 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 10,584 K 31,668 K 7196 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe 4,300 K 11,032 K 3900 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkNGUI64.exe 4,264 K 11,488 K 10180 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RtkAudioService64.exe 1,536 K 5,720 K 1640 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 5,464 K 11,576 K 1324 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 5,416 K 12,100 K 9664 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 5,444 K 11,800 K 4512 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 5,724 K 11,764 K 1508 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 5,412 K 11,916 K 8972 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RAVBg64.exe 5,632 K 12,484 K 8828 HD Audio Background Process Realtek Semiconductor (Verified) Realtek Semiconductor Corp
procexp.exe 2,536 K 7,568 K 8928 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
OneDrive.exe 5,864 K 16,276 K 5316 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
OneDrive.exe 6,068 K 18,416 K 7460 Microsoft OneDrive Microsoft Corporation (Verified) Microsoft Corporation
LogonUI.exe 16,544 K 45,260 K 8556 Windows Logon User Interface Host Microsoft Corporation (Verified) Microsoft Windows
LockAppHost.exe 13,260 K 29,484 K 5372 LockAppHost Microsoft Corporation (Verified) Microsoft Windows
LockApp.exe Suspended 10,392 K 29,988 K 8444 (Verified) Microsoft Windows
IpOverUsbSvc.exe 6,572 K 11,636 K 1896 Windows IP Over USB PC Service Microsoft Corporation (Verified) Microsoft Corporation
IntelCpHeciSvc.exe 1,616 K 5,492 K 1620 IntelCpHeciSvc Executable Intel Corporation (Verified) Intel Corporation - pGFX
igfxtray.exe 1,668 K 7,880 K 4024 igfxTray Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxpers.exe 2,068 K 8,864 K 5260 persistence Module Intel Corporation (Verified) Intel Corporation - pGFX
igfxpers.exe 1,960 K 8,520 K 3396 persistence Module Intel Corporation (Verified) Intel Corporation - pGFX
IAStorIcon.exe 17,616 K 33,688 K 4748 IAStorIcon Intel Corporation (No signature was present in the subject) Intel Corporation
IAStorIcon.exe 20,704 K 30,756 K 8312 IAStorIcon Intel Corporation (No signature was present in the subject) Intel Corporation
hkcmd.exe 1,616 K 6,968 K 7844 hkcmd Module Intel Corporation (Verified) Intel Corporation - pGFX
hkcmd.exe 1,720 K 7,076 K 5216 hkcmd Module Intel Corporation (Verified) Intel Corporation - pGFX
dwm.exe 9,328 K 16,596 K 7352 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 6,312 K 11,536 K 3180 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
csrss.exe 1,300 K 2,820 K 476 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 44,384 K 27,112 K 6304 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 149,452 K 64,844 K 5548 Google Chrome Google Inc. (Verified) Google Inc
ApplicationFrameHost.exe 4,848 K 17,800 K 4764 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
 
 
 
Awaiting your reply.
 
Joe

 

 

 

 

 

Attached Files


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
 (CPU) 68 °C

 

 

It's getting too hot.  This should be down around 50 or lower.  I expect when it gets up to 75 or 80 is when the display gets the bars.

 

This is usually caused by dust building up between the fan and the heatsink (unless you are running on a soft surface like a bed and blocking the air vents).  You may be in luck.  The last Dell I worked on had a panel on the bottom with 8 screws.  You popped the panel off and the fan was right there.  It was held in place with a few more screws and you could remove the fan then clean the heatsink fins with a brush and a vacuum cleaner hose.  (DO NOT REMOVE THE SCREWS THAT HOLD THE HEATSINK AND THE COPPER HEATPIPE IN PLACE UNLESS YOU WANT TO CLEAN THE THERMAL PADS AND REPLACE WITH ARCTIC SILVER 5).  Google the make and model number and you will usually find instructions (often on YouTube) on how to do it.

 

Get Speedfan.  http://www.filehippo...nload_speedfan/

 
Download, save and Install it (Win 7+ or Vista right click and Run As Admin.) then run it  (Win 7+ or Vista right click and Run As Admin.).
 
It will tell you your temps in real time.  I expect you will see them climb as it gets busy.

  • 0

#5
joe1990

joe1990

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts

Rkinner,

 

Thank you for your help and advice. Just out of curiosity , did you have a look at that FRST scan results? I was worried about entries marked with an (x) but I take it that its not relevant to anything? 

 

Thanks

Joe


Edited by joe1990, 15 February 2016 - 12:08 AM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Yes, no obvious malware and Process Explorer agrees.  You've got some errors and WMI is messed up but fixing them without fixing the overheat problem would be like rearranging the deck chairs on the Titanic.  The overheat issue will kill it and needs to be addressed first.  Your video problem is a common overheat symptom.

 

Not sure what you mean by " entries marked with an (x)".  Usually I see these in FRST in the Services (Whitelisted) and Drivers (Whitelisted) sections when the files are missing but your log doesn't show any.  

 

I found this which shows how to open it up:

 

https://www.ifixit.c... Teardown/36157

 

Apparently getting the fan out on this model is difficult but the heat sink is easier.  I would get the  Arctic Silver 5 kit (Available from Amazon UK  http://www.amazon.co...cticlean bundle )

 

And remove the heat sink, clean it and the replace the thermal paste.  (Verify that the fan does run)

 

Or get a very strong cooling tray.

 

To try and fix your errors first open a Command Prompt as administrator. Type the following command and press Enter. DISM will check your Windows component store for corruption and automatically fix any problems it finds.


DISM /Online /Cleanup-Image /RestoreHealth

Allow the command to finish running before closing the Command Prompt window. This may take five to ten minutes. It’s normal for the progress bar to stay at 20 percent for a while, so don’t worry about that.

 

Reboot when done.

Open a new Command Prompt (Admin) and type (with an Enter after the line):

sfc  /scannow
(This will check your critical system files. Does this finish without complaint?  IF it says it couldn't fix everything then:
 
Copy the next two lines:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \windows\logs\cbs\junk.txt 
notepad \windows\logs\cbs\junk.txt 
 
Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue.  Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)
 
 
 
For the WMI try:
 
 
(Just kill the you need to join popup)
 
Then run Junkware Removal Tool
 

 
Please download Junkware Removal Tool to your desktop.  Make sure you get the correct Download button.  Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus.  Close all browsers.
  • Run the tool by right-mouse clicking JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
  •  
     
    Mostly because it removes old errors.
     
    Reboot.
     
    Then 
     

     
     
    1. Please download the Event Viewer Tool by Vino Rosso
    and save it to your Desktop:
    2. Right-click VEW.exe and Run AS Administrator
    3. Under 'Select log to query', select:
     
    * System
    4. Under 'Select type to list', select:
    * Error
    * Warning
     
     
    Then use the 'Number of events' as follows:
     
     
    1. Click the radio button for 'Number of events'
    Type 20 in the 1 to 20 box
    Then click the Run button.
    Notepad will open with the output log.
     
     
    Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

    • 0

    #7
    joe1990

    joe1990

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    My bad, must have deleted the line with the (x) accidentally when copying and pasting. Ive pasted it all below.

     

    Will run the checks and get back to you asap.

     

    ===================== Drivers (Whitelisted) ==========================
     
    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
    R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2015-11-17] (Motorola Solutions, Inc.)
    R3 cyhid; C:\Windows\System32\drivers\cyhid.sys [145408 2014-02-21] (Cypress Semiconductor, Inc.)
    R3 cykbfltrService; C:\Windows\System32\drivers\cykbfltr.sys [19968 2014-02-21] (Cypress Semiconductor, Inc.)
    R3 cymfltrService; C:\Windows\System32\drivers\cymfltr.sys [111104 2015-11-14] (Cypress Semiconductor, Inc.)
    R3 CySmb; C:\Windows\System32\drivers\cysmb.sys [10752 2013-12-04] (Cypress Semiconductor, Inc.)
    R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-12] (Dell Computer Corporation)
    R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-12] (Dell Computer Corporation)
    S3 FLxHCIh; C:\Windows\System32\drivers\FLxHCIh.sys [77480 2013-08-30] (Fresco Logic)
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2015-11-17] ()
    S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-10] (Malwarebytes)
    R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-10-06] (Intel Corporation)
    U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [84792 2016-01-30] (Sysinternals - www.sysinternals.com)
    R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
    R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    S3 TDKLIB; \??\C:\Users\joe\AppData\Local\Temp\ExtactTemp\TdkLib64.sys [X]

    • 0

    #8
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    I think it's a line leftover from a BIOS update program.  We can remove it:

     

    Download the attached fixlist.txt to the same location as FRST
     
     
    Run FRST and press Fix
    A fix log will be generated please post that 

    • 0

    #9
    joe1990

    joe1990

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Sorry for the delay. 

     

    I will have to get the fan issues sorted, thank you for pointing me in the right direction, will get that arctic silver 5 kit and have a go.

     

    Find those logs attached.

     

    Trying to run scannow and DISM commands and had some difficulty, copied and pasted the command prompt screen below.

     

    Have reset WMI but I am not sure if this has done the trick or not. 

     

    Thank you.

     

     

     

     

    C:\WINDOWS\system32>DISM /Online /Cleanup-Image /RestoreHealth
     
    Deployment Image Servicing and Management tool
    Version: 10.0.10586.0
     
    Image Version: 10.0.10586.0
     
    [==========================100.0%==========================]
     
    Error: 0x800f081f
     
    The source files could not be found.
    Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft..../?LinkId=243077.
     
    The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log
     
    C:\WINDOWS\system32>Dism.exe /online /Cleanup-Image /StartComponentCleanup
     
    Deployment Image Servicing and Management tool
    Version: 10.0.10586.0
     
    Image Version: 10.0.10586.0
     
    [===========                19.0%                   [===========                20.0%                   [===========                20.0%                   [==========================100.0%==========================]
    The operation completed successfully.
     
    C:\WINDOWS\system32>sfc /scannow
     
    Beginning system scan.  This process will take some time.
     
    Beginning verification phase of system scan.
    Verification 100% complete.
     
    Windows Resource Protection found corrupt files but was unable to fix some
    of them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For
    example C:\Windows\Logs\CBS\CBS.log. Note that logging is currently not
    supported in offline servicing scenarios.
     
    C:\WINDOWS\system32>DISM /Online /Cleanup-Image /RestoreHealth
     
    Deployment Image Servicing and Management tool
    Version: 10.0.10586.0
     
    Image Version: 10.0.10586.0
     
    [==========================100.0%==========================]
     
    Error: 0x800f081f
     
    The source files could not be found.
    Use the "Source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft..../?LinkId=243077.
     
    The DISM log file can be found at C:\WINDOWS\Logs\DISM\dism.log

    Attached Files


    • 0

    #10
    joe1990

    joe1990

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    VEW file for system and apps after reboot attached, my bad.

    Attached Files


    • 0

    #11
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP
    I don't see why this is on your PC.  It's not something you use is it?
     
    Visual Studio 2015 Update 1 (KB3022398)
     
    Unless you know why it is there I would uninstall it.  It's the cause of some of your errors.
     
    Doesn't appear that the DISM /Online /Cleanup-Image /RestoreHealth command worked as it should.  The error is one you get when it can't talk to Microsoft. 

    • 0

    #12
    joe1990

    joe1990

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    Yes,have downloaded it recently, going to attempt to teach myself some programming. I thought some of the errors may have been related to it but others were confusing the [bleep] out of me, obviously those errors that stem from WMI. You think thats all thats wrong with this then?

     

    The DISM didnt work. I didnt want to attempt a fix while we were discussing, can you point me in the right direction? 


    • 0

    #13
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Looks like Visual Studio 2015 Update 1 (KB3022398) might not be the whole program but just an update judging by the errors I see.  Is it working?

     

    I think DISM needs BITS to be working.  

     

    Download the attached Fixbits.zip file.  Save it then right click and Extract All.  Find Fixbit.bat and right click on it and Run As Admin.  Reboot after it finishes and see if 

    Dism /Online /Cleanup-Image /RestoreHealth
    

    works now.  Remember to use an Elevated Command Prompt.


    • 0

    #14
    joe1990

    joe1990

      New Member

    • Topic Starter
    • Member
    • Pip
    • 8 posts

    visual seems to be working ok, yeah i seen a few errors that mention BITS but dont think the file was attached there  :smashcomp:  


    • 0

    #15
    RKinner

    RKinner

      Malware Expert

    • Expert
    • 24,598 posts
    • MVP

    Sorry  


    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP