Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Admin tools all unavailable, seemingly fake dropbox and a few other pr

Started by BrandiCopas , Jul 11 2017 06:52 AM
Malware unknown virus

  • Please log in to reply

#91
BrandiCopas
Posted 04 August 2017 - 10:51 AM

BrandiCopas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

update installing.JPG Oh, and several times recently a pop up has told me that SmartScreen is unavailable - now that I think about it, edge is no longer available either

 

smart screen.JPG Then I got this one, shortly after 

 

 

recent webpages, but i didn't visit here.JPG  This was a strange issue too.

 

10 infections.JPG running two days ago, several found, but none documented

 

smb.JPG I received this notification ALL day yesterday, several times.


  • 0

Advertisements

#92
RKinner
Posted 04 August 2017 - 11:08 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

The SmartScreen error is caused by your ESET firewall blocking its attempt to communicate with the mother ship.

 

 

No idea what Phabricator is.

 

MSRT

 

https://answers.micr...53-9cfd63f85039

 

As far as I know MSRT finds a file it think might be bad, clicks the malware counter, sends it off to MS for a check and gets a notice back that it is not malware.  So false positives.

 

The NTLB stuff is because the computer thinks there should be a domain controller to talk to.

You can turn it off:

https://technet.micr...1(v=ws.11).aspx


  • 0

#93
BrandiCopas
Posted 04 August 2017 - 11:26 AM

BrandiCopas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Thanks :o

 

That was quick. So, now I cannot even run a frst scan?


  • 0

#94
BrandiCopas
Posted 04 August 2017 - 11:27 AM

BrandiCopas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Oh, the phabricator was on my internet chrome tiles, as recently visited, that page, that is about script "cheat sheets" for remote applications


  • 0

#95
BrandiCopas
Posted 04 August 2017 - 11:31 AM

BrandiCopas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Oh, and normally, when I use cmd prompt, even admin - the file command present is something like c:\Windows\System32>

 

Now, on this pc it is set to C:\Users\Airworx 2>


  • 0

#96
BrandiCopas
Posted 04 August 2017 - 11:38 AM

BrandiCopas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

 

! tried running defender offline in safe mode, it won't allow that program to run AT ALL!!! No mode, no overriding no cmdprompt or run with admin etc.

 

 

 

Perfectly normal.  It's not a windows files can only run from boot.  By the way.  If you install an anti-virus program the first thing it does is kill off Windows Defender so that there will not be 2 anti-viruses running.

 

 

So I was looking in the regedit-er earlier this am, and found a lot of odd looking registry entries. I only look, didn't change anything in there. These are a few that looked strange to me?

 

"C:\Program Files\WindowsApps\Microsoft.WinJS.1.0_1.0.9200.20789_neutral__8wekyb3d8bbwe"

 

Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\XWizards\Components\{009F3B45-8A6B-4360-B997-B2A009A16402}
 
There were several others, but these looked pretty strange, specifically the XWizards? Well, if you remember correctly, the messaging app I couldn't uninstall has the 8wekyb3dbbwe file name added to it too. 
 
And the file isn't Windows, it's WindowsApps, yet the directory should be Windows\Apps\Microsoft , right? 

 

 
Also normal/
 

See:

https://www.maketech...der-windows-10/

 

 


I also have several new folders on desktop, one named Encrypted Documents, inside is only an excel "csv" file, I haven't opened the document. Also, one called Documents_1, one called Videos, one called Pictures each with nothing inside but an excel CSV file. Each created by "System" on July 25th '17
 

 

Can you zip up one of the csv files and attach it?

 

 

<script src="/cdn-cgi/apps/head/WF48Gl3PKYxHrReiZymeg1SEI3M.js"></script>Attached File  Encrypted documents - Copy.zip   546bytes   195 downloads


  • 0

#97
BrandiCopas
Posted 04 August 2017 - 12:06 PM

BrandiCopas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

This is rogue killer from this am, off expert mode

 

RogueKiller V12.11.8.0 (x64) [Jul 24 2017] (Premium) by Adlice Software
 
Operating System : Windows 10 (10.0.15063) 64 bits version
Started in : Safe mode
User : AIRWORX 2 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 08/04/2017 06:58:58 (Duration : 00:45:28)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] %WINDIR%\Tasks\G2MUploadTask-S-1-5-21-2671885098-678752524-1400920573-1001.job -- C:\Users\AIRWORX 2\AppData\Local\GoToMeeting\7297\g2mupload.exe -> Found
 
¤¤¤ Files : 2 ¤¤¤
[File.Forged][File] C:\Windows\System32\drivers\ks.sys -> Found
[File.Forged][File] C:\Windows\System32\drivers\nwifi.sys -> Found
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Profile 10 [SecurePrefs] : session.startup_urls [https://www.bleeping...me/KobCsRA5DC4]-> Found
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST2000DM001-1CH164 +++++
--- User ---
[MBR] f86f4a6d732d5d11731309772e1fbe7f
[BSP] 2bf3dd60e501e1f0f760c942b8d1b006 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 3096576 | Size: 1886686 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 3867029504 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 3867951104 | Size: 19076 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Hitachi HDT725032VLAT80 USB Device +++++
--- User ---
[MBR] 8a091895aeee523486684cb2eda22243
[BSP] 66c33a22222e88b4dafebdce5d6cb93a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Edited by BrandiCopas, 04 August 2017 - 12:06 PM.

  • 0

#98
RKinner
Posted 04 August 2017 - 03:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Oh, and normally, when I use cmd prompt, even admin - the file command present is something like c:\Windows\System32>
 
Now, on this pc it is set to C:\Users\Airworx 2>
 

 

 

 

If you don't see C:\Windows\System32>  then you do not have an elevated command prompt.  


  • 0

#99
BrandiCopas
Posted 07 August 2017 - 01:34 PM

BrandiCopas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

Updated Frst reports, as I was finally able to run the program Just noticed that the bottom says MBR is Windows XP??? Wonder why?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2017
Ran by AIRWORX 2 (administrator) on AIRWORX2-PC (07-08-2017 12:22:46)
Running from C:\Users\AIRWORX 2\Desktop
Loaded Profiles: AIRWORX 2 (Available Profiles: AIRWORX 2 & Administrator)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(ESET) C:\Program Files\ESET\ESET Security\egui.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Farbar) C:\Users\AIRWORX 2\Desktop\FRST64 (2).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (MicrosoftCorporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2013-11-20] (IDT,Inc.)
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [41664 2013-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [18248 2013-05-14] (NuanceCommunications,Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-07-12] (Dropbox,Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit,Inc.)
HKLM\...\Policies\Explorer: [0] 0
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit,Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{6d74992a-85de-4a60-9382-4cc8d294c55b}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{fa3ce8d6-7afe-4ad0-a04f-b501407fe7a5}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2671885098-678752524-1400920573-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2671885098-678752524-1400920573-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (MicrosoftCorporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-02-25] (HP)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDFViewer\Bin\PlusIEContextMenu.dll [2011-06-30] (ZeonCorporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-24] (OracleCorporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (MicrosoftCorporation)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (ZeonCorporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-24] (OracleCorporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-25] (HP)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDFCreate\Bin\ZeonIEFavClient.dll [2011-03-26] (ZeonCorporation)
Toolbar: HKU\S-1-5-21-2671885098-678752524-1400920573-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1499697116239
DPF: HKLM-x32 {D66F9BB1-7D8E-4A96-9166-20FCC91CBFE9} hxxp://99.7.214.118/FDSH_DVR.CAB
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} hxxps://secure.logmein.com//activex/ractrl.cab?lmi=3563
 
FireFox:
========
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird => not found
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDFViewer\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
FF Plugin HKU\S-1-5-21-2671885098-678752524-1400920573-1001: @citrixonline.com/appdetectorplugin -> C:\Users\AIRWORX 2\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-04-02] (Citrix Online)
 
Chrome: 
=======
CHR DefaultProfile: Profile 10
CHR StartupUrls: Profile 10 -> "hxxps://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/","hxxps://www.google.com/","hxxps://productforums.google.com/forum/#!topic/chrome/KobCsRA5DC4"
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-07-28]
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10 [2017-08-07]
CHR Extension: (Google Slides) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-07-28]
CHR Extension: (Google Docs) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\aohghmighlieiainnegkcijnfilokake [2017-07-28]
CHR Extension: (Google Drive) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-07-28]
CHR Extension: (YouTube) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-07-28]
CHR Extension: (Google Sheets) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-07-28]
CHR Extension: (Google Docs Offline) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-07-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-28]
CHR Extension: (Gmail) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-07-28]
CHR Extension: (Chrome Media Router) - C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\Profile 10\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-28]
CHR Profile: C:\Users\AIRWORX 2\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-28]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeActiveFileMonitor4.0; C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] () [File not signed]
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (AdobeSystems,Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [351944 2015-11-04] (AdvancedMicroDevices,Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (BrotherIndustries,Ltd.) [File not signed]
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft,LuisCobian) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-24] (Dropbox,Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-24] (Dropbox,Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-07-12] (Dropbox,Inc.)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [2624856 2017-03-09] (ESET)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit,Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HPInc.)
S2 MySQL; C:\Program Files (x86)\MySQL\MySQL Server 5.0\my.ini [8958 2017-07-19] () [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-05-14] (NuanceCommunications,Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2013-11-20] (IDT,Inc.) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (MicrosoftCorporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-14] (MicrosoftCorporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (AdvancedMicroDevices)
R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [132848 2017-03-09] (ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [107344 2017-03-09] (ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [14880 2017-03-09] (ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [178056 2017-03-09] (ESET)
S4 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [50752 2017-03-09] (ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [78192 2017-03-09] (ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [101648 2017-03-09] (ESET)
S3 ESETCleanersDriver; C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys [181160 2017-07-27] (ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R2 NPF; C:\WINDOWS\system32\drivers\npf.sys [35344 2015-01-08] (CACETechnologies,Inc.)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2016-10-27] (RealsilSemiconductorCorporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-08-04] ()
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [141920 2016-03-03] (Acronis)
S0 vsmraid; C:\WINDOWS\System32\drivers\vsmraid.sys [166816 2017-03-18] (VIATechnologiesInc.,Ltd)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (MicrosoftCorporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (MicrosoftCorporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (MicrosoftCorporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-07 10:00 - 2017-08-07 10:00 - 000879551 _____ C:\Users\AIRWORX 2\Desktop\CryptoSearch.zip
2017-08-07 09:19 - 2017-08-07 09:21 - 1126641287 _____ C:\Users\AIRWORX 2\Desktop\windows10.0-kb4012606-x64_e805b81ee08c3bb0a8ab2c5ce6be5b35127f8773.msu
2017-08-04 11:10 - 2017-08-04 14:39 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\AP
2017-08-04 10:48 - 2017-08-04 10:48 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-08-04 10:37 - 2017-08-04 10:37 - 000000546 _____ C:\Users\AIRWORX 2\Desktop\Encrypted documents - Copy.zip
2017-08-04 10:34 - 2017-07-25 07:46 - 000000595 _____ C:\Users\AIRWORX 2\Desktop\Encrypted documents - Copy.CSV
2017-08-04 10:16 - 2017-08-07 12:22 - 002381312 _____ (Farbar) C:\Users\AIRWORX 2\Desktop\FRST64 (2).exe
2017-08-04 10:01 - 2017-08-04 10:02 - 000047265 _____ C:\Users\AIRWORX 2\Desktop\appcrashview (1).zip
2017-08-04 05:40 - 2017-08-04 09:24 - 000004816 _____ C:\Users\AIRWORX 2\Desktop\links to findings.txt
2017-08-03 20:55 - 2017-08-03 20:55 - 000055111 _____ C:\Users\AIRWORX 2\Desktop\ACFrOgAjZaC8g0bE5UVjMkDU-EGyfCbydESYIcl5Ek-Jk2dgOtZdX5ShW7Uo0TTTXhI7ZV4o60JCCrjfMp-q84aBwoJKcJbRGbK_B2rm9Yaii0wppseh1AkAy87pTKo=.pdf
2017-08-03 18:35 - 2017-08-03 19:07 - 000001974 _____ C:\Users\AIRWORX 2\Desktop\cvv windows microsoft.txt
2017-08-03 13:10 - 2017-08-03 13:10 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset.txt
2017-08-03 12:55 - 2017-08-03 12:55 - 000019119 _____ C:\Users\AIRWORX 2\Desktop\es.dat
2017-08-03 12:52 - 2017-08-03 12:52 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset scans.txt
2017-08-03 07:53 - 2017-08-03 07:53 - 000333952 _____ (ESET) C:\Users\AIRWORX 2\Downloads\ESETEternalBlueChecker.exe
2017-08-03 07:38 - 2017-08-03 07:38 - 004836307 _____ C:\Users\AIRWORX 2\Downloads\eset_sysrescue_userguide_enu.pdf
2017-08-03 04:01 - 2017-08-07 12:13 - 099876864 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-03 03:58 - 2017-08-03 03:59 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-08-02 15:53 - 2017-08-02 15:53 - 044003024 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\Windows-KB890830-x64-V5.50 (1).exe
2017-08-02 15:41 - 2017-08-02 15:41 - 135088408 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\mpam-fe.exe
2017-08-02 15:41 - 2017-08-02 15:41 - 135088408 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\mpam-fe (1).exe
2017-08-02 10:02 - 2017-08-02 10:02 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\LogMeIn
2017-08-02 07:44 - 2017-08-02 07:44 - 000000000 ____D C:\Users\AIRWORX 2\Documents\Security
2017-08-02 07:20 - 2017-08-02 07:20 - 000000000 ____D C:\Users\AIRWORX 2\Documents\LocaleMetaData
2017-08-02 07:19 - 2017-08-02 07:20 - 000069632 _____ C:\Users\AIRWORX 2\Documents\events.evtx
2017-08-02 03:08 - 2017-08-02 03:08 - 145707800 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\msert.exe
2017-08-02 03:05 - 2017-08-02 03:05 - 000001174 _____ C:\Users\AIRWORX 2\Desktop\app crash viewer.txt
2017-08-02 03:03 - 2017-08-04 10:06 - 000000469 _____ C:\Users\AIRWORX 2\Desktop\AppCrashView.cfg
2017-08-01 11:21 - 2017-07-19 13:47 - 000072503 _____ C:\Users\AIRWORX 2\Documents\MTB.txt
2017-08-01 11:21 - 2017-07-12 16:08 - 000003350 _____ C:\Users\AIRWORX 2\Documents\aswMBR.txt
2017-08-01 08:19 - 2017-08-01 08:19 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset yesterday.txt
2017-08-01 06:18 - 2017-08-07 12:22 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\FRST-OlderVersion
2017-08-01 05:58 - 2017-08-01 05:58 - 000000000 ____D C:\WINDOWS\Panther
2017-07-31 15:33 - 2017-07-31 15:33 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\NetworkTiles
2017-07-31 15:25 - 2017-07-31 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\MicrosoftEdge
2017-07-31 13:36 - 2017-07-31 13:36 - 006754944 _____ (ESET spol. s r.o.) C:\Users\AIRWORX 2\Downloads\esetonlinescanner_enu (1).exe
2017-07-31 13:29 - 2017-07-31 13:29 - 000511683 _____ C:\Users\AIRWORX 2\Desktop\find files.txt
2017-07-28 08:44 - 2017-07-28 08:44 - 000000000 _____ C:\WINDOWS\system32\set
2017-07-28 07:54 - 2017-07-28 07:54 - 000003032 _____ C:\Users\AIRWORX 2\Documents\kasp report.txt
2017-07-28 06:15 - 2017-07-28 06:15 - 000576231 _____ C:\Users\AIRWORX 2\Downloads\DTec13656.pdf
2017-07-28 06:06 - 2017-07-28 06:06 - 000075669 _____ C:\Users\AIRWORX 2\Downloads\COSMIC JUMP (4).pdf
2017-07-28 06:01 - 2017-07-28 06:01 - 000053739 _____ C:\Users\AIRWORX 2\Downloads\HS-2.8.17 #2888 CJump KCity Jan Inv&Rep SH (1).pdf
2017-07-28 05:54 - 2017-07-28 05:54 - 000151083 _____ C:\Users\AIRWORX 2\Downloads\COSMIC JUMP - Inv.pdf
2017-07-28 05:39 - 2017-07-28 06:17 - 000002182 _____ C:\Users\AIRWORX 2\Downloads\data (35).csv
2017-07-28 05:17 - 2017-07-28 05:17 - 000002299 _____ C:\Users\AIRWORX 2\Desktop\Google Chrome.lnk
2017-07-28 03:35 - 2017-07-28 03:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2017-07-27 07:33 - 2017-07-27 07:33 - 008162248 _____ (Malwarebytes) C:\Users\AIRWORX 2\Downloads\AdwCleaner.exe
2017-07-27 07:33 - 2017-07-27 07:33 - 001790024 _____ (Malwarebytes) C:\Users\AIRWORX 2\Downloads\JRT.exe
2017-07-27 07:31 - 2017-08-07 12:12 - 000100352 _____ C:\Users\AIRWORX 2\Desktop\copy and paste stuff.txt
2017-07-27 06:25 - 2017-07-27 06:25 - 000995572 _____ C:\Users\AIRWORX 2\Desktop\rel.XML
2017-07-27 06:02 - 2017-07-27 06:02 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\.IdentityService
2017-07-27 04:08 - 2017-07-27 04:08 - 000183220 _____ C:\Users\AIRWORX 2\Downloads\Appsdiagnostic10.diagcab
2017-07-27 03:23 - 2017-07-27 03:23 - 000011327 _____ C:\Users\AIRWORX 2\Desktop\eset threat findings.txt
2017-07-26 12:22 - 2017-07-26 12:22 - 000004857 _____ C:\Users\AIRWORX 2\Desktop\msrt results no infected files.txt
2017-07-26 11:56 - 2017-07-26 11:56 - 140634896 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\msert (4).exe
2017-07-26 10:47 - 2017-07-26 10:47 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (3).exe
2017-07-26 10:45 - 2017-07-26 10:46 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (2).exe
2017-07-26 10:45 - 2017-07-26 10:45 - 129732880 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe (1).exe
2017-07-26 10:38 - 2017-07-26 10:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-07-26 10:25 - 2017-07-28 02:15 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\Visual Studio Setup
2017-07-26 10:25 - 2017-07-26 10:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\vstelemetry
2017-07-26 10:25 - 2017-07-26 10:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ServiceHub
2017-07-26 10:24 - 2017-07-28 02:15 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-07-26 09:01 - 2017-07-26 09:01 - 000000000 ____D C:\DGLogs
2017-07-26 09:00 - 2017-07-26 09:00 - 000000000 ____D C:\Users\AIRWORX 2\Downloads\DG_CG_hardware_readiness_tool_v3.2
2017-07-26 08:59 - 2017-05-04 12:11 - 000075680 _____ C:\Users\AIRWORX 2\Downloads\DG_Readiness_Tool_v3.2.ps1
2017-07-26 08:58 - 2017-07-26 08:58 - 000031743 _____ C:\Users\AIRWORX 2\Downloads\DG_CG_hardware_readiness_tool_v3.2.zip
2017-07-26 07:41 - 2017-07-26 07:42 - 000901670 _____ C:\Users\AIRWORX 2\Desktop\reliability history 7-26-2017.XML
2017-07-26 07:34 - 2017-07-26 07:34 - 044003024 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\Windows-KB890830-x64-V5.50.exe
2017-07-26 07:16 - 2017-07-26 07:17 - 001771288 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\nis_full.exe
2017-07-26 07:12 - 2017-07-26 07:12 - 000002259 _____ C:\WINDOWS\epplauncher.mif
2017-07-26 07:11 - 2017-07-26 07:17 - 129705744 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\mpam-fe.exe
2017-07-26 03:19 - 2017-07-26 03:19 - 000195346 _____ C:\Users\AIRWORX 2\Desktop\wu170509.diagcab
2017-07-26 02:59 - 2017-07-26 02:59 - 000022932 _____ C:\Users\AIRWORX 2\Desktop\allowed outbound firewall rules.txt
2017-07-26 02:58 - 2017-07-26 02:58 - 000033651 _____ C:\Users\AIRWORX 2\Desktop\allowed inbound firewall settings.txt
2017-07-25 15:23 - 2017-07-25 15:23 - 000162545 _____ C:\Users\AIRWORX 2\Documents\My Vendor List 8-15-12.xlsx
2017-07-25 07:46 - 2017-08-04 10:36 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Encrypted documents
2017-07-25 07:46 - 2017-07-25 07:46 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Documents_1
2017-07-25 05:46 - 2017-07-25 05:46 - 000068611 _____ C:\Users\AIRWORX 2\Downloads\f.txt
2017-07-25 04:56 - 2017-07-25 04:56 - 005780817 _____ C:\Users\AIRWORX 2\Downloads\17351442_117133718779563_5086019384804114432_n.bin
2017-07-24 18:39 - 2017-07-24 18:25 - 3007731185 ____N C:\Users\AIRWORX 2\Desktop\LGBackup_170724.lbf
2017-07-24 11:31 - 2017-07-24 11:31 - 000843873 _____ C:\Users\AIRWORX 2\Downloads\TS103488179.potx
2017-07-24 11:29 - 2017-07-24 11:29 - 000004318 _____ C:\Users\AIRWORX 2\Downloads\MC900054580.WMF
2017-07-24 11:07 - 2017-07-24 11:07 - 000000000 ____D C:\Program Files (x86)\Seagate
2017-07-24 09:54 - 2017-07-24 09:54 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2017-07-24 09:54 - 2017-07-24 09:54 - 000000000 ____D C:\Program Files\IDT
2017-07-24 09:54 - 2013-11-20 10:43 - 006101504 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2017-07-24 09:54 - 2013-11-20 10:43 - 001897984 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2017-07-24 09:54 - 2013-11-20 10:43 - 001703424 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2017-07-24 09:54 - 2013-11-20 10:43 - 000464384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slapoi64.dll
2017-07-24 09:54 - 2013-11-20 10:43 - 000030389 _____ C:\WINDOWS\system32\DTS_TOWER.XML
2017-07-24 09:48 - 2017-08-01 13:25 - 000000000 ____D C:\WINDOWS\Minidump
2017-07-24 09:42 - 2017-07-24 09:42 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\FBA95002-17BB-4264-B1E2-EE748AD9FCC7
2017-07-24 09:42 - 2017-07-24 09:42 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\BE7A0D4F-259E-4ACF-95D4-65A4A82C6258
2017-07-24 09:33 - 2017-07-24 09:33 - 000479815 _____ C:\Users\AIRWORX 2\Documents\eStmt_2016-06-30.pdf
2017-07-24 09:33 - 2017-07-24 09:33 - 000477980 _____ C:\Users\AIRWORX 2\Documents\eStmt_2016-09-30.pdf
2017-07-24 09:33 - 2017-07-24 09:33 - 000469343 _____ C:\Users\AIRWORX 2\Documents\eStmt_2016-08-31.pdf
2017-07-24 09:33 - 2017-07-24 09:33 - 000453034 _____ C:\Users\AIRWORX 2\Documents\eStmt_2016-10-31.pdf
2017-07-24 08:36 - 2017-07-24 08:36 - 000206704 _____ C:\Users\AIRWORX 2\Documents\FTIBank of America _ Online Banking _ Accounts _ Account Details _ Account Activity.pdf
2017-07-24 08:29 - 2017-07-24 08:29 - 000453034 _____ C:\Users\AIRWORX 2\Downloads\eStmt_2016-10-31.pdf
2017-07-24 08:28 - 2017-07-24 08:28 - 000477980 _____ C:\Users\AIRWORX 2\Downloads\eStmt_2016-09-30.pdf
2017-07-24 08:27 - 2017-07-24 08:27 - 000479815 _____ C:\Users\AIRWORX 2\Downloads\eStmt_2016-06-30.pdf
2017-07-24 08:25 - 2017-07-24 08:25 - 000469343 _____ C:\Users\AIRWORX 2\Downloads\eStmt_2016-08-31.pdf
2017-07-24 08:18 - 2017-07-24 08:18 - 003286340 _____ C:\Users\AIRWORX 2\Downloads\DOC071317-002.pdf
2017-07-24 06:56 - 2017-07-24 14:50 - 000002073 _____ C:\Users\AIRWORX 2\Desktop\my post.txt
2017-07-24 05:55 - 2017-07-24 05:55 - 000000000 _____ C:\Users\AIRWORX 2\defogger_reenable
2017-07-24 05:54 - 2017-07-24 05:54 - 000050477 _____ C:\Users\AIRWORX 2\Downloads\Defogger.exe
2017-07-24 05:30 - 2017-07-24 05:30 - 002001544 _____ C:\Users\AIRWORX 2\Downloads\pc-decrapifier-3.0.1.exe
2017-07-24 05:12 - 2017-07-24 05:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-07-24 05:12 - 2017-07-24 05:12 - 000000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-07-24 05:10 - 2017-07-24 05:10 - 019709440 ____N (Luis Cobian, CobianSoft) C:\Users\AIRWORX 2\Downloads\cbSetup.exe
2017-07-24 05:04 - 2017-08-01 06:24 - 000055219 _____ C:\Users\AIRWORX 2\Desktop\Addition.txt
2017-07-24 05:01 - 2017-08-07 12:23 - 000015357 _____ C:\Users\AIRWORX 2\Desktop\FRST.txt
2017-07-24 05:01 - 2017-08-07 12:22 - 000000000 ____D C:\FRST
2017-07-24 04:15 - 2017-07-24 04:15 - 000059467 ____N C:\Users\AIRWORX 2\Downloads\HS-5.8.17 #3104 CJump Allen April Inv&Rep SH (1).pdf
2017-07-24 04:12 - 2017-07-24 04:12 - 000071158 ____N C:\Users\AIRWORX 2\Downloads\07.11.17 Olathe-Holmes III LLC.pdf
2017-07-24 04:10 - 2017-07-24 04:10 - 000196464 ____N C:\Users\AIRWORX 2\Downloads\07.01.17 Olathe-AT&T.pdf
2017-07-24 04:09 - 2017-07-24 04:09 - 000480772 ____N C:\Users\AIRWORX 2\Downloads\07.17 Olathe-BOA Stmt.pdf
2017-07-24 04:08 - 2017-07-24 04:08 - 000072792 ____N C:\Users\AIRWORX 2\Downloads\06.30.17 Houston-CocaCola.pdf
2017-07-24 04:07 - 2017-07-24 04:07 - 000073576 ____N C:\Users\AIRWORX 2\Downloads\06.30.17 Dallas II-CocaCola.pdf
2017-07-24 04:01 - 2017-07-24 04:01 - 000044143 ____N C:\Users\AIRWORX 2\Downloads\Texas Notice of Tax-Fee Due.pdf
2017-07-24 03:48 - 2017-07-24 03:48 - 000257899 ____N C:\Users\AIRWORX 2\Downloads\1718abcdecalendar.pdf
2017-07-24 03:47 - 2017-07-24 03:47 - 001494216 ____N C:\Users\AIRWORX 2\Downloads\1718districtcalendar071917.pdf
2017-07-21 07:57 - 2017-07-21 07:57 - 001118208 ____N C:\Users\AIRWORX 2\Desktop\eventviewer.evtx
2017-07-21 07:54 - 2017-07-21 07:54 - 000626956 ____N C:\Users\AIRWORX 2\Desktop\sys info.txt
2017-07-21 05:16 - 2017-07-21 05:16 - 000003784 ____N C:\Users\AIRWORX 2\Downloads\fixlist.txt
2017-07-21 02:37 - 2017-07-21 02:37 - 000031963 ____N C:\Users\AIRWORX 2\Downloads\Backup_17-17-07 10-43AM (1).zip
2017-07-21 02:36 - 2017-07-21 02:36 - 000031963 ____N C:\Users\AIRWORX 2\Downloads\Backup_17-17-07 10-43AM.zip
2017-07-21 02:18 - 2017-07-21 02:18 - 000001516 ____N C:\Users\AIRWORX 2\Desktop\malware bytes quar.txt
2017-07-20 12:57 - 2017-07-20 12:57 - 000000000 ____D C:\WINDOWS\ERUNT
2017-07-20 12:56 - 2017-07-20 12:58 - 000000646 _____ C:\DelFix.txt
2017-07-20 12:30 - 2015-08-09 11:12 - 000043104 _____ (NirSoft) C:\Users\AIRWORX 2\Desktop\AppCrashView.exe
2017-07-20 12:30 - 2015-08-09 11:12 - 000015426 ____N C:\Users\AIRWORX 2\Desktop\AppCrashView.chm
2017-07-20 12:30 - 2015-08-09 11:12 - 000007123 ____N C:\Users\AIRWORX 2\Desktop\readme.txt
2017-07-20 12:29 - 2017-07-20 12:29 - 000047265 ____N C:\Users\AIRWORX 2\Desktop\appcrashview.zip
2017-07-20 08:55 - 2017-06-27 12:06 - 000077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-20 08:54 - 2017-07-20 08:55 - 065033984 ____N (Malwarebytes ) C:\Users\AIRWORX 2\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-20 08:16 - 2017-07-20 08:16 - 135729424 ____N (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\msert (3).exe
2017-07-20 04:48 - 2017-07-20 04:48 - 001818624 ____N C:\Users\AIRWORX 2\Downloads\MBSASetup-x64-EN.msi
2017-07-19 08:41 - 2017-07-19 08:42 - 000066957 _____ C:\WINDOWS\system32\AIRWORX
2017-07-19 08:36 - 2017-07-19 08:40 - 000051333 ____N C:\Users\AIRWORX 2\Desktop\sfcdetails.txt
2017-07-19 07:56 - 2017-07-19 07:56 - 000342981 ____N C:\Users\AIRWORX 2\Downloads\PATIENT ACQUAINTENCE FORM 2017-signed.pdf
2017-07-19 07:13 - 2017-07-19 07:13 - 044003024 ____N (Microsoft Corporation) C:\Users\AIRWORX 2\Desktop\Windows-KB890830-x64-V5.50.exe
2017-07-19 06:58 - 2017-07-19 06:58 - 006361088 ____N C:\Users\AIRWORX 2\Desktop\windows security logs.evtx
2017-07-19 06:56 - 2017-07-19 06:56 - 001118208 ____N C:\Users\AIRWORX 2\Desktop\recent events.evtx
2017-07-19 06:56 - 2017-07-19 06:56 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\LocaleMetaData
2017-07-19 05:13 - 2017-07-19 05:13 - 000335756 ____N C:\Users\AIRWORX 2\Desktop\reliability history.XML
2017-07-19 04:31 - 2017-07-19 04:31 - 000006054 ____N C:\Users\AIRWORX 2\Desktop\Kas findings some not addressed.txt
2017-07-19 03:06 - 2017-07-19 03:06 - 000012672 ____N C:\Users\AIRWORX 2\Desktop\full scan kas.txt
2017-07-19 03:05 - 2017-07-19 03:05 - 000002066 ____N C:\Users\AIRWORX 2\Desktop\Vul scan.txt
2017-07-18 19:47 - 2017-07-18 19:47 - 000455756 ____N C:\Users\AIRWORX 2\Downloads\OFFICE POLICIES FOR PPWORK 2017 WITH  LOGO-signed.pdf
2017-07-18 14:04 - 2017-07-19 07:59 - 000100526 ____N C:\Users\AIRWORX 2\Downloads\HIPAA Privacy Authorization Form.pdf
2017-07-18 14:04 - 2017-07-18 14:04 - 000377763 ____N C:\Users\AIRWORX 2\Downloads\OFFICE POLICIES FOR PPWORK 2017 WITH  LOGO.pdf
2017-07-18 14:04 - 2017-07-18 14:04 - 000179165 ____N C:\Users\AIRWORX 2\Downloads\PATIENT ACQUAINTENCE FORM 2017.pdf
2017-07-18 13:40 - 2017-07-18 13:58 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\kc
2017-07-18 13:16 - 2017-07-18 13:16 - 000002066 ____N C:\Users\AIRWORX 2\Desktop\ks items found.txt
2017-07-18 13:15 - 2017-07-18 13:15 - 000002066 ____N C:\Users\AIRWORX 2\Desktop\kas items found.txt
2017-07-18 13:05 - 2017-07-18 13:05 - 000631136 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016 (2).pdf
2017-07-18 13:05 - 2017-07-18 13:05 - 000631136 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016 (2) (1).pdf
2017-07-18 13:05 - 2017-07-18 13:05 - 000627784 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016 (3).pdf
2017-07-18 13:05 - 2017-07-18 13:05 - 000413116 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016 (1).pdf
2017-07-18 13:02 - 2017-07-18 13:02 - 000531500 ____N C:\Users\AIRWORX 2\Desktop\KC Receipts April 2016.pdf
2017-07-18 12:59 - 2017-07-18 12:59 - 000779604 ____N C:\Users\AIRWORX 2\Downloads\KC May 2016 Receipts.pdf
2017-07-18 12:59 - 2017-07-18 12:59 - 000779604 ____N C:\Users\AIRWORX 2\Desktop\KC May 2016 Receipts (1).pdf
2017-07-18 12:56 - 2017-07-18 12:56 - 000888660 ____N C:\Users\AIRWORX 2\Desktop\KC Receipts June 2016.pdf
2017-07-18 12:54 - 2017-07-18 12:54 - 000218291 ____N C:\Users\AIRWORX 2\Downloads\KC Reports 8.1.pdf
2017-07-18 12:51 - 2017-07-18 12:51 - 001149113 ____N C:\Users\AIRWORX 2\Desktop\KC Receipts July 2016.pdf
2017-07-18 12:49 - 2017-07-18 12:49 - 000234159 ____N C:\Users\AIRWORX 2\Downloads\CCI09012016.pdf
2017-07-18 12:48 - 2017-07-18 12:48 - 000458582 ____N C:\Users\AIRWORX 2\Downloads\9.7.16 (1).pdf
2017-07-18 12:46 - 2017-07-18 12:46 - 000005049 ____N C:\Users\AIRWORX 2\Downloads\Aged Receivables.pdf
2017-07-18 12:45 - 2017-07-18 12:45 - 000413116 ____N C:\Users\AIRWORX 2\Downloads\CCF10112016.pdf
2017-07-18 12:41 - 2017-07-18 12:41 - 000197013 ____N C:\Users\AIRWORX 2\Downloads\CCF01102017 (1).pdf
2017-07-18 12:38 - 2017-07-18 12:38 - 000023765 ____N C:\Users\AIRWORX 2\Downloads\KC Tramp Specs.pdf
2017-07-18 12:34 - 2017-07-18 12:34 - 000195196 ____N C:\Users\AIRWORX 2\Downloads\07-15-17.pdf
2017-07-18 12:31 - 2017-07-18 12:31 - 000384839 ____N C:\Users\AIRWORX 2\Downloads\CCF06172017_0001.pdf
2017-07-18 12:30 - 2017-07-18 12:30 - 000374743 ____N C:\Users\AIRWORX 2\Downloads\CCF07092017 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000101084 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700104306)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000098532 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700058437)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000096973 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700180809)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000095005 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700030432)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000092177 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700012338)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000088715 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700081692)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:24 - 2017-07-18 12:24 - 000085982 ____N C:\Users\AIRWORX 2\Downloads\OTC---Z01---Customer-Invoice-(9700224605)-for-Customer-ID-600932145 (1).pdf
2017-07-18 12:23 - 2017-07-18 12:23 - 000433166 ____N C:\Users\AIRWORX 2\Downloads\CUSTSTMT.PDF
2017-07-18 12:22 - 2017-07-18 12:22 - 000604455 ____N C:\Users\AIRWORX 2\Downloads\20161221131018092.pdf
2017-07-18 12:21 - 2017-07-18 12:21 - 000174841 ____N C:\Users\AIRWORX 2\Downloads\20161221131237330 (1).pdf
2017-07-18 12:11 - 2017-07-18 12:11 - 000084006 ____N C:\Users\AIRWORX 2\Documents\https___email02.godaddy.com_view_print_multi.pdf
2017-07-18 11:24 - 2017-07-18 11:24 - 001143460 ____N C:\Users\AIRWORX 2\Downloads\Coke contract Houston.pdf
2017-07-18 11:24 - 2017-07-18 11:24 - 000176568 ____N C:\Users\AIRWORX 2\Downloads\Airowx Cosmic Jump Contract signed by Maura-signed.pdf
2017-07-18 11:04 - 2017-07-18 11:04 - 000384804 ____N C:\Users\AIRWORX 2\Downloads\img034 (1).pdf
2017-07-18 11:02 - 2017-07-18 11:02 - 000147945 ____N C:\Users\AIRWORX 2\Downloads\Airworx Contract Coke (1).pdf
2017-07-18 11:00 - 2017-07-18 11:00 - 000151856 ____N C:\Users\AIRWORX 2\Downloads\Airworx Contract Coke.pdf
2017-07-18 11:00 - 2017-07-18 11:00 - 000129543 ____N C:\Users\AIRWORX 2\Downloads\Airowx Cosmic Jump Contract signed by Maura.pdf
2017-07-18 10:57 - 2017-07-18 10:57 - 000384804 ____N C:\Users\AIRWORX 2\Downloads\img034.pdf
2017-07-18 10:39 - 2017-07-18 10:39 - 000194482 ____N C:\Users\AIRWORX 2\Documents\Bank of America _ Online Banking _ Accounts _ Account Details _ Account Activity1.pdf
2017-07-18 10:38 - 2017-07-18 10:38 - 000203708 ____N C:\Users\AIRWORX 2\Documents\Bank of America _ Online Banking _ Accounts _ Account Details _ Account Activity.pdf
2017-07-18 07:12 - 2017-07-18 07:12 - 000000000 ____D C:\ProgramData\Emsisoft
2017-07-18 07:08 - 2017-07-18 07:09 - 320730544 ____N C:\Users\AIRWORX 2\Downloads\EmsisoftEmergencyKit.exe
2017-07-18 06:18 - 2017-07-18 06:18 - 000037290 ____N C:\Users\AIRWORX 2\Downloads\redeppening (1).pdf
2017-07-18 06:13 - 2017-07-18 06:13 - 000469373 ____N C:\Users\AIRWORX 2\Downloads\Jason Le Incident.pdf
2017-07-18 06:12 - 2017-07-18 06:12 - 000197755 ____N C:\Users\AIRWORX 2\Downloads\6.4.2017.pdf
2017-07-18 06:04 - 2017-07-18 06:04 - 000350407 ____N C:\Users\AIRWORX 2\Downloads\Baur 4 national treasure.pdf
2017-07-18 06:02 - 2017-07-18 06:02 - 000374743 ____N C:\Users\AIRWORX 2\Downloads\CCF07092017.pdf
2017-07-18 05:54 - 2017-07-18 05:54 - 001004434 ____N C:\Users\AIRWORX 2\Downloads\CCF02012017.pdf
2017-07-18 05:43 - 2017-07-18 05:43 - 000000801 ____N C:\Users\AIRWORX 2\Downloads\Downloads - Shortcut.lnk
2017-07-18 04:35 - 2017-07-17 10:14 - 005542722 ____N C:\Users\AIRWORX 2\Downloads\SysInspector-AIRWORX2-PC-170717-072446.xml
2017-07-18 03:46 - 2017-07-18 03:46 - 000006522 ____N C:\Users\AIRWORX 2\Documents\case.txt
2017-07-17 10:26 - 2017-07-17 10:26 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2017-07-17 10:25 - 2017-07-17 10:25 - 002724512 ____N (Sysinternals - www.sysinternals.com) C:\Users\AIRWORX 2\Downloads\procexp.exe
2017-07-17 10:14 - 2017-07-17 10:14 - 000504650 _____ C:\Users\AIRWORX 2\SysInspector-AIRWORX2-PC-170717-072446.zip
2017-07-17 09:55 - 2017-07-17 09:55 - 000000000 _____ C:\WINDOWS\system32\wmic
2017-07-17 09:22 - 2017-07-17 09:22 - 141475088 ____N (Microsoft Corporation) C:\Users\AIRWORX 2\Downloads\msert (2).exe
2017-07-17 09:21 - 2017-07-17 09:21 - 007340032 ____N C:\Users\AIRWORX 2\Downloads\msert (1).exe
2017-07-17 09:14 - 2017-07-17 09:14 - 001048576 ____N C:\Users\AIRWORX 2\Downloads\msert.exe
2017-07-17 07:40 - 2017-07-17 07:40 - 006754944 ____N (ESET spol. s r.o.) C:\Users\AIRWORX 2\Downloads\esetonlinescanner_enu.exe
2017-07-17 07:11 - 2017-07-17 07:11 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\DBG
2017-07-17 03:31 - 2017-07-24 04:50 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Cleanup apps
2017-07-14 11:00 - 2017-07-14 11:00 - 000000000 ____D C:\Users\Public\Documents\MDMDiagnostics
2017-07-14 10:40 - 2017-07-14 10:40 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-2671885098-678752524-1400920573-1001
2017-07-14 09:14 - 2017-07-14 09:14 - 000000000 ____D C:\WINDOWS\PCHEALTH
2017-07-14 06:50 - 2017-07-14 06:50 - 000000020 ___SH C:\Users\AIRWORX 2\ntuser.ini
2017-07-14 06:30 - 2017-07-14 06:30 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-14 06:30 - 2017-07-14 06:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-14 06:30 - 2017-07-14 06:30 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-14 06:30 - 2017-07-14 06:30 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-14 06:30 - 2017-07-14 06:30 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-14 06:30 - 2017-07-14 06:30 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-14 06:30 - 2017-07-14 06:30 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-14 06:30 - 2017-07-14 06:30 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-14 06:30 - 2017-07-14 06:30 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-14 06:30 - 2017-07-14 06:30 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-14 06:30 - 2017-07-14 06:30 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-14 06:30 - 2017-07-14 06:30 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-14 06:30 - 2017-07-14 06:30 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-14 06:30 - 2017-07-14 06:30 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-14 06:30 - 2017-07-14 06:30 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-14 06:30 - 2017-07-14 06:30 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-14 06:30 - 2017-07-14 06:30 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-14 06:30 - 2017-07-14 06:30 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-14 06:30 - 2017-07-14 06:30 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 006726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 006535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 004709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 004672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 003135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 002625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 002085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 001003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-07-14 06:22 - 2017-07-14 06:22 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-07-14 06:22 - 2017-07-14 06:22 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-07-14 06:22 - 2017-07-14 06:22 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-07-14 06:22 - 2017-07-14 06:22 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-07-14 06:22 - 2017-07-14 06:22 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-07-14 06:22 - 2017-07-14 06:22 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-07-14 06:22 - 2017-07-14 06:22 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-07-14 06:22 - 2017-07-14 06:22 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-07-14 06:20 - 2017-07-14 06:23 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2017-07-14 06:20 - 2017-07-14 06:23 - 000015243 _____ C:\WINDOWS\diagerr.xml
2017-07-14 06:17 - 2017-07-20 04:56 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-07-14 06:17 - 2017-07-14 06:17 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-07-14 06:14 - 2017-07-28 02:14 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-07-14 06:14 - 2017-07-14 06:14 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-07-14 06:14 - 2017-07-14 06:14 - 000000000 ____D C:\Program Files\MSBuild
2017-07-14 06:14 - 2017-07-14 06:14 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-07-14 06:14 - 2017-07-14 06:14 - 000000000 ____D C:\inetpub
2017-07-14 06:13 - 2017-07-14 06:13 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-07-14 06:13 - 2017-02-10 12:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-07-14 06:13 - 2017-02-10 12:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-07-14 06:13 - 2017-02-10 12:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-07-14 06:13 - 2017-02-10 12:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-07-14 06:13 - 2017-02-10 12:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-07-14 06:13 - 2017-02-10 12:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-07-14 06:12 - 2017-08-07 12:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-14 06:12 - 2017-08-07 00:10 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DBB8FF06-B999-4A95-A7CE-15C213181723}
2017-07-14 06:12 - 2017-07-15 06:57 - 000003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-07-14 06:12 - 2017-07-14 06:12 - 000002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2671885098-678752524-1400920573-1001
2017-07-14 06:12 - 2017-07-14 06:12 - 000002134 _____ C:\WINDOWS\System32\Tasks\RGP Backup
2017-07-14 06:12 - 2017-07-14 06:12 - 000002118 _____ C:\WINDOWS\System32\Tasks\{39393239-4118-43A9-9EF4-579F68CFC882}
2017-07-14 06:12 - 2017-07-14 06:12 - 000001984 _____ C:\WINDOWS\System32\Tasks\{32B26120-173E-4516-BA92-CE080FB3608E}
2017-07-14 06:12 - 2017-07-14 06:12 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-07-14 06:11 - 2017-08-02 16:55 - 000003280 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAIRWORX 2
2017-07-14 06:11 - 2017-07-14 06:12 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-07-14 06:11 - 2017-07-14 06:12 - 000003452 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-07-14 06:11 - 2017-07-14 06:12 - 000003374 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA1cf8dc0ce6bb10d
2017-07-14 06:11 - 2017-07-14 06:12 - 000003300 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2671885098-678752524-1400920573-1001
2017-07-14 06:11 - 2017-07-14 06:12 - 000003228 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-07-14 06:11 - 2017-07-14 06:12 - 000003150 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d0bf681e553bf8
2017-07-14 06:11 - 2017-07-14 06:12 - 000003070 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d08f601e825b6
2017-07-14 06:11 - 2017-07-14 06:12 - 000003070 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore1d040ece2e11a19
2017-07-14 06:11 - 2017-07-14 06:12 - 000003070 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-14 06:11 - 2017-07-14 06:12 - 000002802 _____ C:\WINDOWS\System32\Tasks\[email protected]
2017-07-14 06:11 - 2017-07-14 06:12 - 000002310 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller
2017-07-14 06:11 - 2017-07-14 06:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2017-07-14 06:11 - 2017-07-14 06:11 - 000000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2017-07-14 05:56 - 2017-07-14 05:56 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-07-14 05:49 - 2017-07-14 05:59 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-07-14 05:47 - 2017-07-14 05:47 - 000000000 ____D C:\ProgramData\USOShared
2017-07-14 05:46 - 2017-08-01 13:39 - 000000000 ____D C:\Users\AIRWORX 2
2017-07-14 05:46 - 2017-07-14 06:05 - 000000000 ____D C:\Users\Administrator
2017-07-14 05:45 - 2017-08-04 03:20 - 001401184 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-14 05:44 - 2017-07-14 05:44 - 000939752 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2017-07-14 05:44 - 2017-07-14 05:44 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-07-14 05:39 - 2017-07-14 05:39 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-07-14 05:39 - 2017-07-14 05:39 - 000000000 ____D C:\Program Files\AMD
2017-07-14 05:39 - 2017-07-14 05:39 - 000000000 _____ C:\WINDOWS\ativpsrm.bin
2017-07-14 05:39 - 2017-03-18 13:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-07-14 05:38 - 2017-07-14 05:38 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-07-14 05:36 - 2017-08-07 11:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-14 05:36 - 2017-07-18 03:53 - 000532544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-14 04:28 - 2017-07-14 04:28 - 000002103 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2017-07-14 03:44 - 2017-07-14 03:44 - 000087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-07-14 02:37 - 2017-07-14 02:38 - 195931824 ____N (Kaspersky Lab) C:\Users\AIRWORX 2\Downloads\kts17.0.0.611abcden_12159.exe
2017-07-13 13:47 - 2017-07-14 05:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-07-12 12:58 - 2017-07-12 12:58 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-07-12 12:58 - 2017-07-12 12:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-07-12 12:58 - 2017-07-12 12:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-07-12 12:58 - 2017-07-12 12:58 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-07-12 09:28 - 2017-08-07 09:22 - 000000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-07-12 06:53 - 2017-08-07 12:10 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-12 06:53 - 2017-07-20 08:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-07-11 13:45 - 2017-07-14 09:28 - 000004565 _____ C:\VEW.txt
2017-07-11 09:24 - 2017-07-11 14:53 - 000010285 _____ C:\junk.txt
2017-07-11 04:04 - 2017-08-04 11:07 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-07-11 04:03 - 2017-08-04 10:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-07-11 04:03 - 2017-08-04 10:48 - 000000000 ____D C:\Program Files\RogueKiller
2017-07-11 04:03 - 2017-07-11 05:12 - 000000000 ____D C:\ProgramData\RogueKiller
2017-07-10 07:25 - 2017-07-10 07:25 - 000195346 ____N C:\Users\AIRWORX 2\Documents\wu170509.diagcab
2017-07-10 07:16 - 2017-07-10 07:16 - 130903960 ____C (Microsoft Corporation) C:\WINDOWS\SysWOW64\MRT.exe
2017-07-10 06:58 - 2017-08-04 11:09 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-07-10 04:54 - 2017-07-10 04:53 - 000009804 ____N C:\Users\AIRWORX 2\Documents\GatewaySettings.bin
2017-07-10 04:53 - 2017-07-10 04:53 - 000009804 ____N C:\Users\AIRWORX 2\Downloads\GatewaySettings.bin
2017-07-10 04:53 - 2017-07-10 04:53 - 000009804 ____N C:\Users\AIRWORX 2\Downloads\GatewaySettings (1).bin
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-08-07 12:13 - 2017-03-18 04:40 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-08-07 12:13 - 2016-07-01 17:30 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2017-08-07 08:43 - 2017-06-26 07:43 - 000002065 _____ C:\Users\Public\Desktop\ESET Banking & Payment protection.lnk
2017-08-07 08:43 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-07 08:40 - 2013-10-14 16:36 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2017-08-07 08:37 - 2013-10-14 16:40 - 000000000 ____D C:\Program Files (x86)\CyberLink
2017-08-07 08:37 - 2013-10-14 16:33 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-07 08:34 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-07 08:34 - 2014-01-10 13:21 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Packages
2017-08-04 10:43 - 2015-01-29 18:03 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ElevatedDiagnostics
2017-08-03 22:40 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-03 10:06 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-03 06:10 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-03 04:54 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-03 02:41 - 2017-06-28 16:45 - 000000372 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAIRWORX 2.job
2017-08-02 15:54 - 2014-03-06 03:09 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-02 12:59 - 2014-03-27 13:37 - 000000000 ____D C:\Program Files (x86)\DahuaTech
2017-08-02 12:02 - 2017-03-18 04:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-02 10:02 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-08-02 10:02 - 2014-03-13 11:19 - 000000000 ____D C:\ProgramData\LogMeIn
2017-08-02 09:23 - 2015-06-05 11:23 - 000000000 ____D C:\Program Files (x86)\SetupLogs
2017-08-02 09:01 - 2015-04-20 17:06 - 000000000 __RDO C:\Users\AIRWORX 2\OneDrive
2017-08-02 09:01 - 2014-04-18 14:27 - 000000000 ____D C:\Program Files (x86)\ASAP Utilities
2017-08-02 08:07 - 2014-09-11 15:41 - 000000496 _____ C:\Users\AIRWORX 2\Desktop\ITSupport247 (3).website
2017-08-02 08:06 - 2015-01-07 12:51 - 000001552 _____ C:\Users\AIRWORX 2\Desktop\iexplore - Shortcut.lnk
2017-08-02 05:04 - 2017-02-16 07:37 - 000000000 ____D C:\Users\AIRWORX 2\.android
2017-08-02 03:02 - 2017-07-07 09:56 - 017225690 _____ C:\Users\AIRWORX 2\Desktop\calls and txtsBook2.xlsx
2017-08-01 13:25 - 2014-01-11 04:08 - 000178568 ____N C:\WINDOWS\Minidump\080117-28453-01.dmp
2017-08-01 05:58 - 2014-03-04 13:12 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ESET
2017-07-31 15:42 - 2017-02-20 08:22 - 000000000 ____D C:\Program Files\Recuva
2017-07-31 15:37 - 2014-01-21 15:23 - 000000000 ___RD C:\Users\AIRWORX 2\Google Drive
2017-07-31 15:16 - 2015-07-08 12:08 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Western Digital
2017-07-31 15:16 - 2014-03-12 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\Nuance
2017-07-31 02:19 - 2015-11-12 07:03 - 000000000 ____D C:\Program Files\Common Files\AV
2017-07-31 02:17 - 2015-10-29 23:28 - 000000000 ____D C:\Users\Default.migrated
2017-07-28 12:54 - 2014-03-26 13:47 - 000007609 _____ C:\Users\AIRWORX 2\AppData\Local\resmon.resmoncfg
2017-07-28 02:14 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-07-27 10:31 - 2012-07-25 22:26 - 000000222 _____ C:\WINDOWS\win.ini
2017-07-27 03:54 - 2017-06-26 09:52 - 000181160 _____ (ESET) C:\WINDOWS\system32\Drivers\ESETCleanersDriver.sys
2017-07-26 19:40 - 2015-01-29 16:07 - 000000519 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2017-07-26 09:41 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Registration
2017-07-26 07:02 - 2016-02-09 09:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TaxAct
2017-07-26 04:53 - 2014-05-15 13:29 - 000000000 ____D C:\Program Files (x86)\Brother
2017-07-26 04:50 - 2014-12-30 17:16 - 000000000 ____D C:\Program Files (x86)\AVIGenerator2.0
2017-07-26 04:50 - 2014-05-15 13:29 - 000000000 ____D C:\Program Files (x86)\ControlCenter4
2017-07-24 11:00 - 2017-02-20 09:27 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\VERIZON
2017-07-24 05:40 - 2014-10-29 11:50 - 000000000 ____D C:\Users\Public\Documents\CyberLink
2017-07-24 05:40 - 2013-10-14 16:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2017-07-24 05:39 - 2013-10-14 16:53 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2017-07-21 10:44 - 2014-06-19 09:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SurveillanceSystem
2017-07-20 06:51 - 2014-03-26 16:20 - 000000000 ___RD C:\Users\AIRWORX 2\Dropbox
2017-07-19 09:59 - 2017-01-24 15:31 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2017-07-19 03:26 - 2014-06-19 09:37 - 000000000 ____D C:\Program Files (x86)\SurveillanceSystem
2017-07-18 22:47 - 2016-03-08 09:58 - 000000000 ____D C:\Users\AIRWORX 2\Documents\Outlook Files
2017-07-18 20:18 - 2015-07-30 12:30 - 000525312 _____ C:\Users\AIRWORX 2\Outlook.pst
2017-07-18 13:58 - 2014-03-12 15:25 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Roaming\.oit
2017-07-18 13:40 - 2014-11-12 15:43 - 000124551 ____H C:\Users\AIRWORX 2\Desktop\maxdesk.ini2
2017-07-18 13:40 - 2014-11-12 15:43 - 000008230 ____H C:\Users\AIRWORX 2\Desktop\PP11Thumbs.ptn2
2017-07-18 13:40 - 2014-09-04 12:53 - 000021516 ____H C:\Users\AIRWORX 2\Downloads\.ppinfocache
2017-07-18 13:39 - 2014-11-12 15:33 - 007196349 ____H C:\Users\AIRWORX 2\Desktop\PP11Thumbs.ptn
2017-07-18 13:27 - 2014-03-26 12:59 - 000042262 ____H C:\Users\AIRWORX 2\Documents\PP11Thumbs.ptn2
2017-07-18 04:26 - 2017-02-20 09:10 - 000001887 ____N C:\Users\AIRWORX 2\Desktop\Recuva.lnk
2017-07-18 04:25 - 2016-10-02 22:21 - 000000000 ____D C:\Users\AIRWORX 2\AppData\Local\ConnectedDevicesPlatform
2017-07-18 03:55 - 2017-02-13 05:55 - 000565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-07-18 03:51 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-07-17 03:43 - 2016-04-19 19:11 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Alarm Activity Formatted Download_files
2017-07-15 06:57 - 2016-07-02 19:55 - 000002424 _____ C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-15 03:54 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-07-14 10:51 - 2017-06-20 08:47 - 000000000 ____D C:\Program Files (x86)\LG Electronics
2017-07-14 10:47 - 2013-10-14 16:40 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2017-07-14 10:46 - 2014-08-04 13:01 - 000000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2017-07-14 06:50 - 2017-03-18 14:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-14 06:50 - 2016-04-26 23:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-14 06:35 - 2017-03-18 14:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-07-14 06:32 - 2017-03-18 14:06 - 000000000 ____D C:\WINDOWS\Setup
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-14 06:31 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-14 06:24 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-07-14 06:23 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-07-14 06:23 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-07-14 06:23 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Provisioning
2017-07-14 06:23 - 2017-03-18 04:40 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-07-14 06:19 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-07-14 06:14 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-07-14 06:14 - 2017-03-18 13:59 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2017-07-14 06:14 - 2017-03-18 13:59 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2017-07-14 06:14 - 2017-03-18 13:59 - 000015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\cngkeyhelper.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cngkeyhelper.dll
2017-07-14 06:14 - 2017-03-18 13:59 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2017-07-14 06:12 - 2017-03-18 19:31 - 000000000 ____D C:\WINDOWS\HoloShell
2017-07-14 06:12 - 2014-10-29 11:58 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-07-14 06:11 - 2017-03-18 14:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-07-14 06:04 - 2014-07-02 11:24 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-14 06:02 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-14 05:59 - 2017-06-27 05:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkasoft Evidence Center Ultimate
2017-07-14 05:59 - 2017-06-13 19:20 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-07-14 05:59 - 2017-05-10 18:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutterfly Uploader
2017-07-14 05:59 - 2017-05-03 08:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Family Lawyer
2017-07-14 05:59 - 2017-04-21 05:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cox Cloud Drive
2017-07-14 05:59 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-07-14 05:59 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-07-14 05:59 - 2017-03-17 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Escaperoom Software
2017-07-14 05:59 - 2017-03-16 15:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-07-14 05:59 - 2017-02-20 09:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2017-07-14 05:59 - 2016-12-21 09:20 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-07-14 05:59 - 2016-10-27 03:53 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2017-07-14 05:59 - 2016-09-30 14:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2017-07-14 05:59 - 2016-05-12 20:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2017-07-14 05:59 - 2016-04-28 08:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-07-14 05:59 - 2016-04-26 23:20 - 000000000 ____D C:\WINDOWS\ShellNew
2017-07-14 05:59 - 2015-06-08 09:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-14 05:59 - 2014-12-30 17:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVIGenerator2.0
2017-07-14 05:59 - 2014-04-18 14:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASAP Utilities
2017-07-14 05:59 - 2014-03-13 16:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2017-07-14 05:59 - 2014-03-13 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Scan
2017-07-14 05:59 - 2014-03-12 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PDF Create 7
2017-07-14 05:59 - 2014-03-12 15:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nuance PaperPort 14
2017-07-14 05:59 - 2014-03-04 16:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-07-14 05:59 - 2014-03-04 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rock Gym Pro
2017-07-14 05:59 - 2013-10-14 16:40 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-07-14 05:59 - 2013-10-14 16:34 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\IME
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\et-EE
2017-07-14 05:52 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\en-GB
2017-07-14 05:52 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2017-07-14 05:52 - 2013-08-22 08:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2017-07-14 05:51 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-14 05:51 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\InputMethod
2017-07-14 05:51 - 2016-02-04 13:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2017-07-14 05:51 - 2014-03-04 12:07 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2017-07-14 05:50 - 2017-06-26 07:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2017-07-14 05:50 - 2017-05-31 09:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2017-07-14 05:50 - 2014-03-13 16:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2017-07-14 05:50 - 2014-03-04 13:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2017-07-14 05:50 - 2013-10-14 16:38 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2017-07-14 05:49 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-07-14 05:49 - 2013-08-22 08:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-07-14 05:47 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-07-14 05:46 - 2013-04-03 17:13 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2017-07-14 05:44 - 2017-03-18 04:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-07-14 04:28 - 2014-03-04 16:20 - 000000000 ____D C:\ProgramData\Adobe
2017-07-13 13:48 - 2015-10-19 12:01 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-07-11 14:08 - 2014-03-06 03:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-11 12:11 - 2017-06-13 19:20 - 000000000 ____D C:\Program Files\UNP
2017-07-11 12:03 - 2017-06-27 16:06 - 000000000 ____D C:\WINDOWS\pss
2017-07-10 15:42 - 2017-06-16 12:04 - 000000000 ____D C:\Users\AIRWORX 2\Desktop\Babe
2017-07-10 06:42 - 2016-07-01 14:24 - 000000000 ____D C:\Windows10Upgrade
 
==================== Files in the root of some directories =======
 
2015-04-01 09:26 - 2005-12-08 19:51 - 000000060 ____R () C:\Program Files (x86)\BRINST.INI
2017-04-14 06:58 - 2017-04-14 06:58 - 000000000 _____ () C:\Users\AIRWORX 2\AppData\Roaming\IVOPEN.$$$
2014-12-17 10:09 - 2014-12-17 10:10 - 000012962 _____ () C:\Users\AIRWORX 2\AppData\Roaming\Microsoft Excel 97-2003.CAL
2014-03-26 13:47 - 2017-07-28 12:54 - 000007609 _____ () C:\Users\AIRWORX 2\AppData\Local\resmon.resmoncfg
2015-12-09 12:34 - 2015-12-09 12:34 - 000000145 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
2014-03-24 15:02 - 2014-10-23 13:06 - 000000226 _____ () C:\ProgramData\RSUserCfg.ini
 
Files to move or delete:
====================
C:\Users\AIRWORX 2\ASAP_Utilities_5-2-1_HS_Setup.exe
C:\Users\AIRWORX 2\WDMyCloud_win.exe
 
 
Some files in TEMP:
====================
2017-07-24 09:42 - 2017-07-24 09:42 - 005146944 _____ (Seagate) C:\Users\AIRWORX 2\AppData\Local\Temp\6E330CFC-ACCF-452F-A6C9-1B82B0413B6D.exe
2017-08-01 04:48 - 2017-07-14 06:30 - 001930320 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\dllnt_dump.dll
2013-10-05 01:38 - 2013-10-05 01:38 - 000455328 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\msvcp120.dll
2013-10-05 01:38 - 2013-10-05 01:38 - 000970912 _____ (Microsoft Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\msvcr120.dll
2016-07-30 17:08 - 2016-07-30 17:08 - 003112960 _____ (Jason York) C:\Users\AIRWORX 2\AppData\Local\Temp\pc-decrapifier.exe
2017-07-28 02:28 - 2017-07-28 02:28 - 000510752 _____ (Acronis) C:\Users\AIRWORX 2\AppData\Local\Temp\setupapp_amd64.exe
2017-07-28 02:28 - 2017-07-28 02:28 - 000540432 _____ () C:\Users\AIRWORX 2\AppData\Local\Temp\setupnt64.dll
2017-07-26 04:50 - 2006-05-24 10:10 - 000455600 _____ (Macrovision Corporation) C:\Users\AIRWORX 2\AppData\Local\Temp\_isC014.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-08-07 04:17
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-08-2017
Ran by AIRWORX 2 (07-08-2017 12:25:20)
Running from C:\Users\AIRWORX 2\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-14 13:25:55)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2671885098-678752524-1400920573-500 - Administrator - Disabled) => C:\Users\Administrator
AIRWORX 2 (S-1-5-21-2671885098-678752524-1400920573-1001 - Administrator - Enabled) => C:\Users\AIRWORX 2
DefaultAccount (S-1-5-21-2671885098-678752524-1400920573-503 - Limited - Disabled)
Guest (S-1-5-21-2671885098-678752524-1400920573-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Smart Security (Enabled - Up to date) {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
AS: ESET Smart Security (Enabled - Up to date) {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall (Enabled) {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\{05E5AD66-7CD0-4719-A229-0D3A7A5240D2}) (Version: 20.22.2217.13862 - Alcor Micro Corp.) Hidden
Alcor Micro USB Card Reader Driver  (HKLM-x32\...\AmUStor) (Version: 20.22.2217.13862 - Alcor Micro Corp.)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{40959651-122E-1A16-9011-40629C01703F}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 7.1 - Bastien Mensink - A Must in Every Office BV)
Broderbund Family Lawyer (HKLM-x32\...\{ED95E1BA-8C35-4D78-8A20-FD5A728711E2}) (Version: 1.00.0000 - Bluecase) Hidden
Broderbund Family Lawyer (HKLM-x32\...\InstallShield_{ED95E1BA-8C35-4D78-8A20-FD5A728711E2}) (Version: 1.00.0000 - Bluecase)
Cloud Drive (HKLM-x32\...\{F40EC703-6B64-4C2D-80BC-5ED2D8295C04}) (Version: 5.1.30.18 - Cox Secure Online Backup for Windows)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Drag and Drop Backup (HKLM-x32\...\{480EA68A-699D-450D-9869-2216AC49D23C}) (Version: 2.1.33 - Cox)
Dropbox (HKLM-x32\...\Dropbox) (Version: 30.4.22 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM-x32\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Escaperoom Software (HKLM-x32\...\{7BAA7E0D-9B92-4FE7-AEC8-F11EAE801922}) (Version: 3.1.0.0 - Escaperoom Software)
ESET Smart Security (HKLM\...\{2B587448-4CE3-4196-A237-A425E557F052}) (Version: 10.1.204.0 - ESET, spol. s r.o.)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.4.19.3 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.7.27.15 - HP)
Java 8 Update 131 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MySQL Connector/ODBC 5.1 (HKLM-x32\...\{38CDEC3E-ABC4-4EB8-BE3B-2181A97813AE}) (Version: 5.1.12 - Oracle Corporation)
MySQL Server 5.0 (HKLM-x32\...\{97EFE060-CE35-4709-9B3A-5D3C8F686FED}) (Version: 5.0.90 - MySQL AB)
Nuance PaperPort 14 (HKLM-x32\...\{14CB3B82-FBDC-4462-919E-86147983F09B}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Create 7 (HKLM-x32\...\{AAA715B7-02F9-4F2D-92C9-80EC63835AA1}) (Version: 7.10.6408 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{FC984E39-43D0-4AB2-ACC7-A7B87977B009}) (Version: 7.20.3274 - Nuance Communications, Inc.)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0001 - Nuance Communications, Inc.)
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rock Gym Pro (HKLM-x32\...\{827570FB-0E88-444C-ADBC-9E799571E292}) (Version: 1.1.21247 - RGP Development LLC)
RogueKiller version 12.11.9.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.9.0 - Adlice Software)
Scansoft PDF Create (HKLM-x32\...\{068724F8-D8BE-4B43-8DDD-B9FE9E49FD76}) (Version:  - ) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shutterfly Uploader (HKLM-x32\...\{CD928A00-1C70-4353-B9B9-7BC8600F3E43}) (Version: 2.9.0.737 - Shutterfly, Inc.)
Smart Switch (HKLM-x32\...\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.) Hidden
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.1.17054.16 - Samsung Electronics Co., Ltd.)
SyncFileSetup (x86) (HKLM-x32\...\{04848A0A-02B1-4703-B15D-6E7DCF95FB84}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc) Hidden
TaxAct 2016 1040 Edition (HKLM-x32\...\TaxAct 2016 1040 Edition) (Version: 1.03 - TaxAct, Inc.)
WD Sync (HKLM-x32\...\{0d591303-bbc5-4645-a03b-1c3f75f1a762}) (Version: 1.3.5949.26210 - Western Digital Technologies, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17332 - Microsoft Corporation)
WorkForce GT-1500 Scanner Driver Update (HKLM-x32\...\{37D0F29D-AB95-4598-ACF0-D3CC38C161D9}) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll => No File
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\1350\G2MOutlookAddin64.dll => No File
CustomCLSID: HKU\S-1-5-21-2671885098-678752524-1400920573-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncApi64.dll => No File
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ShellIconOverlayIdentifiers: [EnhancedStorageShell] -> {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => C:\Windows\System32\EhStorShell.dll [2017-03-18] (MicrosoftCorporation)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (IgorPavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ContextMenuHandlers1: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-03-09] (ESET)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers1: [ModernSharing] -> {e2bf9676-5f8f-435c-97eb-11607a5bedf7} => C:\WINDOWS\system32\ntshrui.dll [2017-03-18] (MicrosoftCorporation)
ContextMenuHandlers1: [Open With] -> {09799AFB-AD67-11d1-ABCD-00C04FC30936} => C:\WINDOWS\system32\shell32.dll [2017-07-14] (MicrosoftCorporation)
ContextMenuHandlers1: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-18] (MicrosoftCorporation)
ContextMenuHandlers1: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (MicrosoftCorporation)
ContextMenuHandlers1: [Zeon.MFCDirectShellExt] -> {353C642C-F13D-4699-9FF2-EFAF490B6C69} => C:\Program Files (x86)\Nuance\PDFCreate\bin\DirectShellExt.dll [2010-07-16] (ZeonInternationalInvestmentCorp.)
ContextMenuHandlers2: [EnhancedStorageShell] -> {2854F705-3548-414C-A113-93E27C808C85} => C:\Windows\System32\EhStorShell.dll [2017-03-18] (MicrosoftCorporation)
ContextMenuHandlers2: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-03-09] (ESET)
ContextMenuHandlers2: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-18] (MicrosoftCorporation)
ContextMenuHandlers3: [CopyAsPathMenu] -> {f3d06e7c-1e45-4a26-847e-f9fcdee59be0} => C:\WINDOWS\system32\shell32.dll [2017-07-14] (MicrosoftCorporation)
ContextMenuHandlers3: [SendTo] -> {7BA4C740-9E81-11CF-99D3-00AA004AE837} => C:\WINDOWS\system32\shell32.dll [2017-07-14] (MicrosoftCorporation)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (IgorPavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files (x86)\Google\Drive\contextmenu64.dll [2017-03-21] (Google)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (PiriformLtd)
ContextMenuHandlers4: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-18] (MicrosoftCorporation)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-11-04] (AdvancedMicroDevices,Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.17.0.dll [2017-07-12] (Dropbox,Inc.)
ContextMenuHandlers5: [New] -> {D969A300-E7FF-11d0-A93B-00A0C90F2719} => C:\WINDOWS\system32\shell32.dll [2017-07-14] (MicrosoftCorporation)
ContextMenuHandlers5: [Sharing] -> {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} => C:\WINDOWS\system32\ntshrui.dll [2017-03-18] (MicrosoftCorporation)
ContextMenuHandlers6: [ESET Smart Security - Context Menu Shell Extension] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2017-03-09] (ESET)
ContextMenuHandlers6: [Library Location] -> {3dad6c5d-2167-4cae-9914-f99e41c12cfa} => C:\WINDOWS\system32\shell32.dll [2017-07-14] (MicrosoftCorporation)
ContextMenuHandlers6: [PintoStartScreen] -> {470C0EBD-5D73-4d58-9CED-E91E22E23282} => C:\Windows\System32\appresolver.dll [2017-07-14] (MicrosoftCorporation)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (PiriformLtd)
ContextMenuHandlers6: [WDSyncContextMenuHandler] -> {5A51BDCB-F8C2-4698-B79C-A77DF0AA466B} => C:\WINDOWS\system32\mscoree.dll [2017-03-18] (MicrosoftCorporation)
ContextMenuHandlers1_S-1-5-21-2671885098-678752524-1400920573-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ContextMenuHandlers4_S-1-5-21-2671885098-678752524-1400920573-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
ContextMenuHandlers5_S-1-5-21-2671885098-678752524-1400920573-1001: [ FileSyncEx] -> {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B} => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileSyncShell64.dll [2017-01-27] (MicrosoftCorporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {005B78DE-9ECF-4C1D-85D3-6330FE864BA6} - System32\Tasks\GoogleUpdateTaskMachineCore1d040ece2e11a19 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (GoogleInc.)
Task: {05C35C43-30B0-478C-A045-7452BCE45E4E} - System32\Tasks\Microsoft\Windows\Defrag\ScheduledDefrag => C:\WINDOWS\system32\defrag.exe [2017-03-18] (MicrosoftCorp.)
Task: {073958F3-8E5F-4CF7-8625-ABD15377481E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HPInc.)
Task: {0A1E4A40-752E-425E-B7D0-0A0AE002C93C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0C2CFBA2-41EC-4F78-BAE9-CD8FD25FB070} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2017-07-14] (MicrosoftCorporation)
Task: {0C518199-F01B-42CF-9CB7-16710B002812} - System32\Tasks\Microsoft\Windows\EnterpriseMgmt\MDMMaintenenceTask => C:\WINDOWS\system32\MDMAgent.exe [2017-03-18] (MicrosoftCorporation)
Task: {0CC2C164-C391-4AE1-AC44-61014D23FC1F} - System32\Tasks\Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization => C:\WINDOWS\system32\defrag.exe [2017-03-18] (MicrosoftCorp.)
Task: {1F22D99D-93CA-4064-A299-22E8455A602E} - System32\Tasks\Microsoft\Windows\Windows Media Sharing\UpdateLibrary => C:\Program Files\Windows Media Player\wmpnscfg.exe [2017-03-17] (MicrosoftCorporation)
Task: {240478A4-B7D2-43B1-AF21-626C77E72C1F} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\WINDOWS\system32\disksnapshot.exe [2017-03-18] (MicrosoftCorporation)
Task: {248C5EA1-A4FF-4E79-A307-83E6C14DE27A} - System32\Tasks\User_Feed_Synchronization-{DBB8FF06-B999-4A95-A7CE-15C213181723} => C:\WINDOWS\system32\msfeedssync.exe [2017-03-18] (MicrosoftCorporation)
Task: {2532DB2F-A598-4946-BA1F-6EBE9D19C34C} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\WINDOWS\System32\WindowsActionDialog.exe [2017-03-18] (MicrosoftCorporation)
Task: {259AE203-7AAC-4A0D-93DD-5EB4EE090A28} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {264F49CB-3415-488D-B8DA-9F6F8BE48331} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HPInc.)
Task: {2A29F449-0D43-41E4-AD23-4BAEF31F8B66} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval => C:\WINDOWS\system32\MusNotification.exe [2017-07-14] (MicrosoftCorporation)
Task: {2D496E36-2A8D-4075-BD2B-168A247C2CEF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2017-07-14] (MicrosoftCorporation)
Task: {2E84AC4F-16D2-4F2F-AF13-EF11260452E1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2EE58945-C40B-43A8-A167-173E412D9D98} - System32\Tasks\GoogleUpdateTaskMachineCore1d0bf681e553bf8 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (GoogleInc.)
Task: {323F3EF0-CE36-4380-A48B-7716BB3CB809} - System32\Tasks\Microsoft\Windows\Subscription\LicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2017-03-18] (MicrosoftCorporation)
Task: {3281C116-3203-4658-A085-BBE538A854BA} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe [2017-07-14] (MicrosoftCorporation)
Task: {33C04DDB-DE68-4033-8570-ADDDBFF99E1B} - System32\Tasks\Microsoft\Windows\NlaSvc\WiFiTask => C:\WINDOWS\System32\WiFiTask.exe [2017-03-18] (MicrosoftCorporation)
Task: {351BE84A-8A08-49B4-8F42-A1A68DF4B6BA} - System32\Tasks\Microsoft\Windows\UNP\RunCampaignManager => C:\WINDOWS\System32\UNP\UNPCampaignManager.exe [2017-05-20] (MicrosoftCorporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37C32B19-9630-4A28-9E5A-8EA8CD06CFA2} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-24] (Dropbox,Inc.)
Task: {3AEEF4D4-C4A8-42A1-8A1E-80CA054C2E9C} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\WINDOWS\system32\srtasks.exe [2017-03-18] (MicrosoftCorporation)
Task: {3EA82649-A360-4898-A6FB-C273024D1364} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\WINDOWS\System32\wpcmon.exe [2017-03-18] (MicrosoftCorporation)
Task: {4051EB0B-2917-432F-B9F9-431C7E3C9181} - System32\Tasks\Microsoft\Windows\RemoteAssistance\RemoteAssistanceTask => C:\WINDOWS\system32\RAServer.exe [2017-03-18] (MicrosoftCorporation)
Task: {438F072B-AAE9-40AF-AC57-02A64C04DE3D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {46064571-564C-4D46-9842-A167DDF1D942} - System32\Tasks\GoogleUpdateTaskMachineCore1d08f601e825b6 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (GoogleInc.)
Task: {4A5D4628-E32A-4422-9B01-D37DD4C1CE75} - System32\Tasks\Microsoft\Windows\WwanSvc\NotificationTask => C:\WINDOWS\System32\WiFiTask.exe [2017-03-18] (MicrosoftCorporation)
Task: {4B6926D3-D490-4D93-82CE-D109F1D1BC80} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\WINDOWS\System32\sihclient.exe [2017-07-14] (MicrosoftCorporation)
Task: {4F1C7B6F-3451-443B-A7EA-F05EF590C939} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {4FD0925E-6E79-4BC0-A382-3D5CCA5C36B1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-06-28] (HPInc.)
Task: {52C4776E-11B1-402C-A230-0A0306A146C4} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\Consolidator => C:\WINDOWS\System32\wsqmcons.exe [2017-03-18] (MicrosoftCorporation)
Task: {539BC66E-22B0-4E65-AEC5-11020ABC8764} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2017-07-14] (MicrosoftCorporation)
Task: {56FA405C-914E-41DB-A1DA-640837A26134} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-04-06] (HPInc.)
Task: {5BC5A21F-4785-41A6-B4B1-62FB9B08FABD} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\WINDOWS\System32\dsregcmd.exe [2017-03-18] (MicrosoftCorporation)
Task: {5C326114-085E-444C-9B7A-D3E2E59C549E} - System32\Tasks\Microsoft\Windows\Device Information\Device => C:\WINDOWS\system32\devicecensus.exe [2017-07-14] (MicrosoftCorporation)
Task: {5D81326C-D6EC-49A0-AAB5-D8A874E06E83} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\WINDOWS\system32\MusNotification.exe [2017-07-14] (MicrosoftCorporation)
Task: {5DB34D0B-4B82-47F6-B06D-2D195446A83A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (GoogleInc.)
Task: {641E0A9C-46E1-42D7-AFBA-529F66B25645} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTaskLogon => C:\WINDOWS\System32\XblGameSaveTask.exe [2017-03-18] (MicrosoftCorporation)
Task: {6772AC65-7600-4DF2-9BD5-F17292FAAE4B} - System32\Tasks\Microsoft\Windows\Speech\SpeechModelDownloadTask => C:\WINDOWS\system32\speech_onecore\common\SpeechModelDownload.exe [2017-03-18] (MicrosoftCorporation)
Task: {6C72359D-F9AB-4242-B223-BAEF507D06F6} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Combined Scan Download Install => C:\WINDOWS\system32\usoclient.exe [2017-03-18] (MicrosoftCorporation)
Task: {70DBC4DD-6DE6-48DB-A77B-732338AD113D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (AdobeSystemsIncorporated)
Task: {70E0A093-79B7-461E-A9C7-B67CD7B1511E} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClientOnScenarioDownload => C:\WINDOWS\system32\dmclient.exe [2017-03-18] (MicrosoftCorporation)
Task: {78F037B8-98B7-4FB4-8208-86D30D156F8F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {799AC654-A37D-49AA-B0F3-433D7D5EBBD9} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\WINDOWS\System32\WiFiTask.exe [2017-03-18] (MicrosoftCorporation)
Task: {7A8C073B-9921-4385-A061-FF8B5410A453} - System32\Tasks\{39393239-4118-43A9-9EF4-579F68CFC882} => C:\WINDOWS\system32\pcalua.exe -a C:\PROGRA~2\SAAZOD\Uninstall\uninstall.exe -c "/U:C:\PROGRA~2\SAAZOD\Uninstall\uninstall.xml"
Task: {7B37578B-4BF4-4425-8377-596EBF578C58} - System32\Tasks\HPCeeScheduleForAIRWORX 2 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {8258540A-E194-4B1C-A446-B100E53A7B7B} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
Task: {829C695F-E874-432A-9A9F-7862D04236B9} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\WINDOWS\system32\dstokenclean.exe [2017-03-18] (MicrosoftCorporation)
Task: {87488988-70F6-44C5-A1BD-E328BE17C205} - System32\Tasks\Microsoft\Windows\AppID\PolicyConverter => C:\WINDOWS\system32\appidpolicyconverter.exe [2017-03-18] (MicrosoftCorporation)
Task: {88209412-5377-4AA1-B01E-F5D5A6F39E21} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\WINDOWS\system32\SpaceAgent.exe [2017-03-18] (MicrosoftCorporation)
Task: {88E18EB0-E633-47C9-8FE5-84CEAB8F5EF7} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierdaily => C:\WINDOWS\system32\AppHostRegistrationVerifier.exe [2017-03-18] (MicrosoftCorporation)
Task: {896ED842-4861-49E9-A2C1-0AE31689F876} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\WINDOWS\system32\ClipUp.exe [2017-03-18] (MicrosoftCorporation)
Task: {8A6CE6D2-BAFF-47BD-B636-5632FA76D78E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HPInc.)
Task: {8D5B2911-B38B-4561-8EAA-AFBC641F0206} - System32\Tasks\Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver => C:\WINDOWS\system32\DFDWiz.exe [2017-03-18] (MicrosoftCorporation)
Task: {8EE52AD7-9F81-40D3-AE0C-9F5DB09BC56F} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\WINDOWS\system32\cleanmgr.exe [2017-03-18] (MicrosoftCorporation)
Task: {8EE60D19-E484-4EC5-87B6-BEB1AE19CF50} - System32\Tasks\GoogleUpdateTaskMachineUA1cf8dc0ce6bb10d => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (GoogleInc.)
Task: {8F19D715-D157-4BCA-929B-21A853D268A7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2017-07-14] (MicrosoftCorporation)
Task: {8F630B83-069D-434E-B4C4-59AD3C10A507} - System32\Tasks\[email protected] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: {916845C6-0741-433C-AC62-C4B3A5F302DB} - System32\Tasks\S-1-5-21-2671885098-678752524-1400920573-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (MicrosoftCorporation)
Task: {936FF605-A684-4476-8E62-E051A903B3D3} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\WINDOWS\system32\tzsync.exe [2017-03-18] (MicrosoftCorporation)
Task: {938954E2-DAFB-4BCD-8740-6AC11EBFE13C} - System32\Tasks\Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck => C:\WINDOWS\system32\appidcertstorecheck.exe [2017-03-18] (MicrosoftCorporation)
Task: {93AEF1AF-7D4C-4016-BAB0-E265F1ED6902} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\WINDOWS\system32\usoclient.exe [2017-03-18] (MicrosoftCorporation)
Task: {95517185-3F69-4925-B015-3CE70B008FAA} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HPInc.)
Task: {9CF304F4-4D08-4DBB-A568-102240A2160B} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\WINDOWS\System32\MbaeParserTask.exe [2017-03-18] (MicrosoftCorporation)
Task: {A06C2463-6FDA-437F-BFAC-91F03898B57C} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {A2F4B50C-42AF-47A5-A487-67B906ED9945} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe [2017-07-14] (MicrosoftCorporation)
Task: {A7CF62C0-17A6-42AB-A10F-9A6C446B7B33} - System32\Tasks\G2MUploadTask-S-1-5-21-2671885098-678752524-1400920573-1001 => C:\Users\AIRWORX 2\AppData\Local\Citrix\GoToMeeting\5530\g2mupload.exe [2016-09-03] (CitrixOnline,adivisionofCitrixSystems,Inc.)
Task: {ACE8B2E6-FDA5-4314-A2D5-4B96CC439AEB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HPInc.)
Task: {AF0278DE-91EC-48AE-BDAF-F7FE516AF428} - System32\Tasks\{32B26120-173E-4516-BA92-CE080FB3608E} => C:\WINDOWS\system32\pcalua.exe -a F:\Display_menu.exe -d F:\
Task: {B0B01AAA-FF6C-4441-B75E-44A24B0B37CD} - System32\Tasks\Microsoft\Windows\DUSM\dusmtask => C:\WINDOWS\System32\dusmtask.exe [2017-03-18] (MicrosoftCorporation)
Task: {B5EA650A-8EE9-4BA5-BAA0-2A8ACE00500D} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceManagerTask => C:\WINDOWS\system32\spaceman.exe [2017-03-18] (MicrosoftCorporation)
Task: {B9FA1D84-F00D-445B-8400-F7C7E90DD53E} - System32\Tasks\RGP Backup => C:\Program Files (x86)\Rock Gym Pro\Backup.exe [2017-06-04] ()
Task: {BCC432F2-7A57-4195-881F-9013CF46F613} - System32\Tasks\Microsoft\Windows\MUI\LPRemove => C:\WINDOWS\system32\lpremove.exe [2017-03-18] (MicrosoftCorporation)
Task: {BD69C6ED-AD55-467C-B787-533200C3B376} - System32\Tasks\Microsoft\XblGameSave\XblGameSaveTask => C:\WINDOWS\System32\XblGameSaveTask.exe [2017-03-18] (MicrosoftCorporation)
Task: {C05E2FFD-7D0D-4F6B-952B-A3318F829D19} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Cellular => C:\WINDOWS\system32\ProvTool.exe [2017-03-18] (MicrosoftCorporation)
Task: {C162FF56-952F-4ABA-AE13-AA8CB0F4C087} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\WINDOWS\System32\drvinst.exe [2017-03-18] (MicrosoftCorporation)
Task: {C42799B6-75B2-42CF-8197-3BE332E05553} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\WINDOWS\system32\usoclient.exe [2017-03-18] (MicrosoftCorporation)
Task: {C69ACA3E-3E95-4E55-BDA2-7DB64222AE3E} - System32\Tasks\Microsoft\Windows\Subscription\EnableLicenseAcquisition => C:\WINDOWS\system32\ClipRenew.exe [2017-03-18] (MicrosoftCorporation)
Task: {C97B639A-C1BF-4E0C-ACFD-CF5B27B65B3C} - System32\Tasks\Microsoft\Windows\Windows Error Reporting\QueueReporting => C:\WINDOWS\system32\wermgr.exe [2017-03-18] (MicrosoftCorporation)
Task: {CDC553D2-B5AD-4AF3-BB6D-5AA47466C1F9} - System32\Tasks\Microsoft\Windows\Management\Provisioning\Logon => C:\WINDOWS\system32\ProvTool.exe [2017-03-18] (MicrosoftCorporation)
Task: {CE775C70-F807-4E1F-891C-712F82A9408E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {CFE9501D-B60F-45DB-B48F-19C572F7F30E} - System32\Tasks\microsoft\windows\applicationdata\appuriverifierinstall => C:\WINDOWS\system32\AppHostRegistrationVerifier.exe [2017-03-18] (MicrosoftCorporation)
Task: {D2C50CE0-7E9B-4F0D-A2A4-95AC59829444} - System32\Tasks\Microsoft\Windows\Bluetooth\UninstallDeviceTask => C:\WINDOWS\system32\BthUdTask.exe [2017-03-18] (MicrosoftCorporation)
Task: {D49BBE31-42CE-4B75-AA63-3EA027AABF40} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\WINDOWS\system32\usoclient.exe [2017-03-18] (MicrosoftCorporation)
Task: {D5EBF28C-A33D-4CBA-8355-0F457EE12498} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => C:\WINDOWS\system32\compattelrunner.exe [2017-07-14] (MicrosoftCorporation)
Task: {D7E60E76-AB93-449D-99DB-17494EB2C958} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {DE280E27-41E3-43DD-8D0C-7D14FBD3A6ED} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Refresh Settings => C:\WINDOWS\system32\usoclient.exe [2017-03-18] (MicrosoftCorporation)
Task: {E11183CC-FCAC-479E-B422-6A72654C14EA} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\WINDOWS\System32\LocationNotificationWindows.exe [2017-03-18] (MicrosoftCorporation)
Task: {E54307A9-7162-47D8-8248-3338B0B1FF91} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\WINDOWS\system32\usoclient.exe [2017-03-18] (MicrosoftCorporation)
Task: {E622463C-A190-4A30-A528-A6EF1AACE5FC} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-24] (Dropbox,Inc.)
Task: {E6505B7C-6B08-451F-A300-AF1087B421C6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HPInc.)
Task: {EB36552D-B62E-434C-886E-E3CAF1B991A9} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\AIRWORX 2\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe [2017-07-15] (MicrosoftCorporation)
Task: {EC11A6F7-343D-49E9-A974-A3716157F2C1} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\WINDOWS\system32\compattelrunner.exe [2017-07-14] (MicrosoftCorporation)
Task: {F88E01C2-99E3-4AF6-BFAA-7ACC8EF521D4} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\WINDOWS\system32\dmclient.exe [2017-03-18] (MicrosoftCorporation)
Task: {F9015704-44A7-4962-B811-A4C0206CF851} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\WINDOWS\System32\sihclient.exe [2017-07-14] (MicrosoftCorporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d040ece2e11a19.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d08f601e825b6.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForAIRWORX 2.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d76736477ba15566\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 10"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\600fb694c0849943\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 9"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Brandi - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"
 
==================== Loaded Modules (Whitelisted) ==============
 
2005-09-09 03:24 - 2005-09-09 03:24 - 000102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2015-11-04 16:43 - 2015-11-04 16:43 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 000746816 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 001787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2015-12-11 01:07 - 2017-07-12 12:58 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000020432 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 01:07 - 2017-07-12 12:58 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-06 10:17 - 2017-07-12 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-07-13 13:47 - 2017-07-12 12:58 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-06 10:17 - 2017-07-12 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-05-17 12:53 - 2017-07-12 13:01 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2015-12-11 01:07 - 2017-07-12 13:01 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-02-24 11:41 - 2017-07-12 13:01 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2016-04-15 15:18 - 2017-07-12 13:01 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 12:26 - 2017-07-12 13:01 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-11 01:07 - 2017-07-12 12:58 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2016-02-25 12:07 - 2017-07-12 13:01 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-07-13 13:47 - 2017-07-12 12:58 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-07-28 16:09 - 2017-07-12 13:01 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-07-13 13:47 - 2017-07-12 12:59 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-07-13 13:47 - 2017-07-12 12:59 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-06 10:17 - 2017-07-12 13:01 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-07 11:59 - 2017-07-12 13:01 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-07-13 13:47 - 2017-07-12 13:00 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2014-12-11 17:40 - 2014-12-11 17:40 - 040622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2013-08-22 06:25 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\Control Panel\Desktop\\Wallpaper -> c:\users\airworx 2\appdata\local\microsoft\windows\themes\transcodedwallpaper
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: CDPUserSvc_492c3 => 2
MSCONFIG\Services: CDPUserSvc_5d4d8 => 2
MSCONFIG\Services: GoToAssist => 3
MSCONFIG\Services: MessagingService_492c3 => 3
MSCONFIG\Services: MessagingService_5d4d8 => 3
MSCONFIG\Services: OneSyncSvc_492c3 => 2
MSCONFIG\Services: OneSyncSvc_5d4d8 => 2
HKLM\...\StartupApproved\StartupFolder: => "BackupRemind.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Cox Cloud Drive.lnk"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run: => "BeatsOSDApp"
HKLM\...\StartupApproved\Run: => "Lathem.USBTM.UI"
HKLM\...\StartupApproved\Run: => "Seagate Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "PPort14reminder"
HKLM\...\StartupApproved\Run32: => "IndexSearch"
HKLM\...\StartupApproved\Run32: => "PaperPort PTD"
HKLM\...\StartupApproved\Run32: => "PDFCreHook"
HKLM\...\StartupApproved\Run32: => "PDFProHook"
HKLM\...\StartupApproved\Run32: => "PDF7 Registry Controller"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKLM\...\StartupApproved\Run32: => "Adobe Photo Downloader"
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "DiscWizardMonitor.exe"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "Vault Explorer Cache Watcher"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\StartupFolder: => "Verizon Wireless Software Utility Application for Android – Samsung.lnk"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2671885098-678752524-1400920573-1001\...\StartupApproved\Run: => "SmartSwitchPDLR.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{4E0064DA-7DC1-46E8-A80F-30CBA40D4B4B}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{FB9DD912-3695-46A5-AB95-70BCD176799A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
 
==================== Restore Points =========================
 
31-07-2017 09:26:21 Scheduled Checkpoint
07-08-2017 08:34:46 Configured Media Suite
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/07/2017 12:25:14 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting
 
 
For more information, see Help and Support Center at http://www.mysql.com.
 
Error: (08/07/2017 12:25:14 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Default storage engine (InnoDB) is not available
 
For more information, see Help and Support Center at http://www.mysql.com.
 
Error: (08/07/2017 12:24:14 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting
 
 
For more information, see Help and Support Center at http://www.mysql.com.
 
Error: (08/07/2017 12:24:14 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Default storage engine (InnoDB) is not available
 
For more information, see Help and Support Center at http://www.mysql.com.
 
Error: (08/07/2017 12:23:13 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting
 
 
For more information, see Help and Support Center at http://www.mysql.com.
 
Error: (08/07/2017 12:23:13 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Default storage engine (InnoDB) is not available
 
For more information, see Help and Support Center at http://www.mysql.com.
 
Error: (08/07/2017 12:22:12 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting
 
 
For more information, see Help and Support Center at http://www.mysql.com.
 
Error: (08/07/2017 12:22:12 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Default storage engine (InnoDB) is not available
 
For more information, see Help and Support Center at http://www.mysql.com.
 
Error: (08/07/2017 12:21:11 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Aborting
 
 
For more information, see Help and Support Center at http://www.mysql.com.
 
Error: (08/07/2017 12:21:11 PM) (Source: MySQL) (EventID: 100) (User: )
Description: Default storage engine (InnoDB) is not available
 
For more information, see Help and Support Center at http://www.mysql.com.
 
 
System errors:
=============
Error: (08/07/2017 12:25:22 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "WORKGROUP      :1d" could not be registered on the interface with IP address 192.168.0.10.
The computer with the IP address 192.168.0.7 did not allow the name to be claimed by
this computer.
 
Error: (08/07/2017 12:25:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/07/2017 12:24:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/07/2017 12:23:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/07/2017 12:22:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/07/2017 12:21:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/07/2017 12:20:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/07/2017 12:19:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/07/2017 12:18:09 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (08/07/2017 12:17:08 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2017-08-04 13:32:04.554
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-08-04 12:19:23.333
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-03 18:52:04.664
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-03 04:44:31.790
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-08-03 04:44:21.927
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-08-02 15:46:17.401
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-08-02 13:22:06.397
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-02 12:03:31.634
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-08-02 12:03:24.882
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-07-31 15:35:01.363
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Windows signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-6500 APU with Radeon™ HD Graphics 
Percentage of memory in use: 30%
Total physical RAM: 7365.48 MB
Available physical RAM: 5100.05 MB
Total Virtual: 7765.48 MB
Available Virtual: 5614.48 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:1842.47 GB) (Free:1703.22 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:18.63 GB) (Free:2.32 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (New Volume) (Fixed) (Total:298.09 GB) (Free:106.28 GB) NTFS
Drive f: (Aug 03 2017) (CDROM) (Total:4.38 GB) (Free:3.57 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 8834CD72)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 497B7DD2)
Partition 1: (Not Active) - (Size=298.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

  • 0

#100
RKinner
Posted 07 August 2017 - 03:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

It says XP MBR because it's an old system that was upgraded to Windows 10.  Probably not even used in 10 since it uses GPT.

 

This is odd:

 

ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d76736477ba15566\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 10"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\600fb694c0849943\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 9"
ShortcutWithArgument: C:\Users\AIRWORX 2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\48499db33039e897\Brandi - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 4"
 
 
I only see Profile 10 and a System Profile in your log.  There is no  2, 1, 9, or 4.  Is there a reason for these shortcuts?

  • 0

Advertisements

#101
BrandiCopas
Posted 08 August 2017 - 06:27 AM

BrandiCopas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

I'm so glad that those were there, that's what I've been telling you about. This thing is disguising it's self as windows and actual vendor programs. Those were created by this infection, what ever it is. 

 

Re the upgrade to windows 10, I started with windows 7.1, so no reason for xp to have ever been on here. 

 

Also, just received this error msg, after a reboot. "Successfully scheduled Software Protection service for re-start at 2117-07-15T11:55:34Z. Reason: RulesEngine".

 

That's roughly 100 years from now?

 

 

For giggles I did a VEW scan this am, 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 08/08/2017 5:08:33 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/08/2017 12:08:22 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Aborting
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:08:22 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Default storage engine (InnoDB) is not available  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:07:21 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Aborting
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:07:21 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Default storage engine (InnoDB) is not available  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:06:21 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Aborting
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:06:21 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Default storage engine (InnoDB) is not available  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:05:21 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Aborting
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:05:21 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Default storage engine (InnoDB) is not available  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:04:21 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Aborting
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:04:21 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Default storage engine (InnoDB) is not available  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:03:20 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Aborting
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:03:20 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Default storage engine (InnoDB) is not available  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:02:20 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Aborting
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:02:20 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Default storage engine (InnoDB) is not available  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:01:20 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Aborting
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:01:20 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Default storage engine (InnoDB) is not available  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:00:20 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Aborting
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:00:20 PM
Type: Error Category: 0
Event: 100 Source: MySQL
Default storage engine (InnoDB) is not available  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 11:59:20 AM
Type: Error Category: 0
Event: 100 Source: MySQL
Aborting
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 11:59:20 AM
Type: Error Category: 0
Event: 100 Source: MySQL
Default storage engine (InnoDB) is not available  For more information, see Help and Support Center at http://www.mysql.com.  
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/08/2017 12:08:22 PM
Type: Information Category: 0
Event: 100 Source: MySQL
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt: Shutdown complete
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:07:55 PM
Type: Information Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: -2147024894, retrying in 60000 milliseconds
 
Log: 'Application' Date/Time: 08/08/2017 12:07:21 PM
Type: Information Category: 0
Event: 100 Source: MySQL
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt: Shutdown complete
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:06:55 PM
Type: Information Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: -2147024894, retrying in 60000 milliseconds
 
Log: 'Application' Date/Time: 08/08/2017 12:06:21 PM
Type: Information Category: 0
Event: 100 Source: MySQL
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt: Shutdown complete
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:05:55 PM
Type: Information Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: -2147024894, retrying in 60000 milliseconds
 
Log: 'Application' Date/Time: 08/08/2017 12:05:21 PM
Type: Information Category: 0
Event: 100 Source: MySQL
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt: Shutdown complete
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:04:55 PM
Type: Information Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: -2147024894, retrying in 60000 milliseconds
 
Log: 'Application' Date/Time: 08/08/2017 12:04:21 PM
Type: Information Category: 0
Event: 100 Source: MySQL
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt: Shutdown complete
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:03:55 PM
Type: Information Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: -2147024894, retrying in 60000 milliseconds
 
Log: 'Application' Date/Time: 08/08/2017 12:03:20 PM
Type: Information Category: 0
Event: 100 Source: MySQL
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt: Shutdown complete
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:02:55 PM
Type: Information Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: -2147024894, retrying in 60000 milliseconds
 
Log: 'Application' Date/Time: 08/08/2017 12:02:20 PM
Type: Information Category: 0
Event: 100 Source: MySQL
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt: Shutdown complete
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:01:55 PM
Type: Information Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: -2147024894, retrying in 60000 milliseconds
 
Log: 'Application' Date/Time: 08/08/2017 12:01:20 PM
Type: Information Category: 0
Event: 100 Source: MySQL
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt: Shutdown complete
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 12:00:55 PM
Type: Information Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: -2147024894, retrying in 60000 milliseconds
 
Log: 'Application' Date/Time: 08/08/2017 12:00:20 PM
Type: Information Category: 0
Event: 100 Source: MySQL
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt: Shutdown complete
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 11:59:55 AM
Type: Information Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: -2147024894, retrying in 60000 milliseconds
 
Log: 'Application' Date/Time: 08/08/2017 11:59:20 AM
Type: Information Category: 0
Event: 100 Source: MySQL
C:\Program Files (x86)\MySQL\MySQL Server 5.0\bin\mysqld-nt: Shutdown complete
  For more information, see Help and Support Center at http://www.mysql.com.  
 
Log: 'Application' Date/Time: 08/08/2017 11:58:55 AM
Type: Information Category: 3
Event: 320 Source: DbxSvc
Failed to connect to the driver: -2147024894, retrying in 60000 milliseconds
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 08/08/2017 11:57:27 AM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
 
Log: 'Application' Date/Time: 08/08/2017 11:47:39 AM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
 
Log: 'Application' Date/Time: 07/08/2017 3:54:03 PM
Type: Warning Category: 0
Event: 2901 Source: HP Active Health
Error getting Windows updates: System.Threading.ThreadAbortException: Thread was being aborted.    at Interop.WUApiLib.IUpdateSearcher.Search(String criteria)    at HP.ActiveHealth.Agents.WindowsUpdates.WindowsUpdatesAgent.GetWindowsUpdates()
 
Log: 'Application' Date/Time: 07/08/2017 3:53:28 PM
Type: Warning Category: 0
Event: 2903 Source: HP Active Health
Unable to get WindowsUpdate information in able time
 
Log: 'Application' Date/Time: 07/08/2017 3:53:25 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 07/08/2017 3:53:25 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 07/08/2017 3:53:25 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 07/08/2017 3:53:25 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 07/08/2017 3:53:16 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 07/08/2017 3:40:04 PM
Type: Warning Category: 0
Event: 8303 Source: Microsoft-Windows-System-Restore
Scoping unsuccessful for shadowcopy \\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy3 with error 0x80070057.
 
Log: 'Application' Date/Time: 06/08/2017 8:26:56 PM
Type: Warning Category: 0
Event: 2901 Source: HP Active Health
Error getting Windows updates: System.Threading.ThreadAbortException: Thread was being aborted.    at Interop.WUApiLib.IUpdateSearcher.Search(String criteria)    at HP.ActiveHealth.Agents.WindowsUpdates.WindowsUpdatesAgent.GetWindowsUpdates()
 
Log: 'Application' Date/Time: 06/08/2017 8:25:52 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 06/08/2017 8:25:52 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 06/08/2017 8:25:52 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 06/08/2017 8:25:52 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl EXECUTE Diags.ThermalDiagnostics command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 06/08/2017 8:25:42 PM
Type: Warning Category: 0
Event: 2003 Source: Microsoft-Windows-Perflib
The configuration information of the performance library "C:\Windows\System32\perfts.dll" for the "TermService" service does not match the trusted performance library information stored in the registry. The functions in this library will not be treated as trusted.
 
Log: 'Application' Date/Time: 06/08/2017 8:25:39 PM
Type: Warning Category: 0
Event: 3 Source: HP Active Health
Error running a Casl GET EmbeddedController.AuditLog.JSON command: Exception has been thrown by the target of an invocation.
 
Log: 'Application' Date/Time: 06/08/2017 8:25:35 PM
Type: Warning Category: 0
Event: 2903 Source: HP Active Health
Unable to get WindowsUpdate information in able time
 
Log: 'Application' Date/Time: 05/08/2017 4:05:09 PM
Type: Warning Category: 0
Event: 2901 Source: HP Active Health
Error getting Windows updates: System.Threading.ThreadAbortException: Thread was being aborted.    at Interop.WUApiLib.IUpdateSearcher.Search(String criteria)    at HP.ActiveHealth.Agents.WindowsUpdates.WindowsUpdatesAgent.GetWindowsUpdates()
 
Log: 'Application' Date/Time: 05/08/2017 4:04:36 PM
Type: Warning Category: 0
Event: 2903 Source: HP Active Health
Unable to get WindowsUpdate information in able time
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/08/2017 12:08:22 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 12:07:21 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 12:06:21 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 12:05:21 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 12:04:21 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 12:03:20 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 12:02:20 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 12:01:20 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 12:00:20 PM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 11:59:20 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 11:58:19 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 11:57:19 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 11:56:19 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 11:55:19 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 11:54:19 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 11:53:18 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 11:52:18 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 11:51:18 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 11:50:18 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Log: 'System' Date/Time: 08/08/2017 11:49:17 AM
Type: Error Category: 0
Event: 7031 Source: Service Control Manager
The MySQL service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Information Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/08/2017 12:06:13 PM
Type: Information Category: 0
Event: 158 Source: Microsoft-Windows-Time-Service
The time provider 'VMICTimeProvider' has indicated that the current hardware and operating environment is not supported and has stopped. This behavior is expected for VMICTimeProvider on non-HyperV-guest environments. This may be the expected behavior for the current provider in the current operating environment as well.
 
Log: 'System' Date/Time: 08/08/2017 11:57:21 AM
Type: Information Category: 1
Event: 19 Source: Microsoft-Windows-WindowsUpdateClient
Installation Successful: Windows successfully installed the following update: Definition Update for Windows Defender - KB2267602 (Definition 1.249.799.0)
 
Log: 'System' Date/Time: 08/08/2017 11:56:36 AM
Type: Information Category: 1
Event: 43 Source: Microsoft-Windows-WindowsUpdateClient
Installation Started: Windows has started installing the following update: Definition Update for Windows Defender - KB2267602 (Definition 1.249.799.0)
 
Log: 'System' Date/Time: 08/08/2017 11:56:36 AM
Type: Information Category: 1
Event: 44 Source: Microsoft-Windows-WindowsUpdateClient
Windows Update started downloading an update.
 
Log: 'System' Date/Time: 08/08/2017 11:54:23 AM
Type: Information Category: 0
Event: 2 Source: Lfsvc
Geolocation positioning has been disabled by the user.
 
Log: 'System' Date/Time: 08/08/2017 11:53:09 AM
Type: Information Category: 1101
Event: 7001 Source: Microsoft-Windows-Winlogon
User Logon Notification for Customer Experience Improvement Program
 
Log: 'System' Date/Time: 08/08/2017 11:49:17 AM
Type: Information Category: 10
Event: 12 Source: Microsoft-Windows-UserModePowerService
Process C:\Windows\System32\atieclxx.exe (process ID:1104) reset policy scheme from {381B4222-F694-41F0-9685-FF5BB260DF2E} to {381B4222-F694-41F0-9685-FF5BB260DF2E}
 
Log: 'System' Date/Time: 08/08/2017 11:49:17 AM
Type: Information Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) did not load:  dam EhStorClass
 
Log: 'System' Date/Time: 08/08/2017 11:48:56 AM
Type: Information Category: 0
Event: 14206 Source: Microsoft-Windows-WMPNSS-Service
Media server 'AIRWORX2-PC: AIRWORX 2:' was successfully initialized and is sharing media with network media devices.
 
Log: 'System' Date/Time: 08/08/2017 11:48:55 AM
Type: Information Category: 0
Event: 14204 Source: Microsoft-Windows-WMPNSS-Service
Service 'WMPNetworkSvc' started.
 
Log: 'System' Date/Time: 08/08/2017 11:48:53 AM
Type: Information Category: 0
Event: 158 Source: Microsoft-Windows-Time-Service
The time provider 'VMICTimeProvider' has indicated that the current hardware and operating environment is not supported and has stopped. This behavior is expected for VMICTimeProvider on non-HyperV-guest environments. This may be the expected behavior for the current provider in the current operating environment as well.
 
Log: 'System' Date/Time: 08/08/2017 11:48:51 AM
Type: Information Category: 0
Event: 4000 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully started. 
 
Log: 'System' Date/Time: 08/08/2017 11:48:50 AM
Type: Information Category: 4
Event: 51046 Source: Microsoft-Windows-DHCPv6-Client
DHCPv6 client service is started
 
Log: 'System' Date/Time: 08/08/2017 11:48:50 AM
Type: Information Category: 101
Event: 10114 Source: Microsoft-Windows-DriverFrameworks-UserMode
WUDFPf (part of UMDF) did not load yet. After it does, Windows will start the device again.
 
Log: 'System' Date/Time: 08/08/2017 11:48:50 AM
Type: Information Category: 0
Event: 6 Source: Microsoft-Windows-FilterManager
File System Filter 'storqosflt' (10.0, ?2015?-?12?-?17T20:36:27.000000000Z) has successfully loaded and registered with Filter Manager.
 
Log: 'System' Date/Time: 08/08/2017 11:48:50 AM
Type: Information Category: 4
Event: 50103 Source: Microsoft-Windows-Dhcp-Client
DHCPv4 client registered for shutdown notification
 
Log: 'System' Date/Time: 08/08/2017 11:48:50 AM
Type: Information Category: 4
Event: 50036 Source: Microsoft-Windows-Dhcp-Client
DHCPv4 client service is started
 
Log: 'System' Date/Time: 08/08/2017 11:48:50 AM
Type: Information Category: 0
Event: 6 Source: Microsoft-Windows-FilterManager
File System Filter 'luafv' (10.0, ?2037?-?06?-?08T02:55:59.000000000Z) has successfully loaded and registered with Filter Manager.
 
Log: 'System' Date/Time: 08/08/2017 11:48:50 AM
Type: Information Category: 0
Event: 6 Source: Microsoft-Windows-FilterManager
File System Filter 'wcifs' (10.0, ?2079?-?07?-?15T11:50:57.000000000Z) has successfully loaded and registered with Filter Manager.
 
Log: 'System' Date/Time: 08/08/2017 11:48:50 AM
Type: Information Category: 0
Event: 16962 Source: Microsoft-Windows-Directory-Services-SAM
Remote calls to the SAM database are being restricted using the default security descriptor: O:SYG:SYD:(A;;RC;;;BA). For more information please see http://go.microsoft..../?LinkId=787651.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 08/08/2017 11:48:54 AM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.
 
Log: 'System' Date/Time: 08/08/2017 11:48:53 AM
Type: Warning Category: 0
Event: 2511 Source: Server
The server service was unable to recreate the share DrFoneForAndroid because the directory C:\DrFoneForAndroid no longer exists.  Please run "net share DrFoneForAndroid /delete" to delete the share, or recreate the directory C:\DrFoneForAndroid.
 
Log: 'System' Date/Time: 08/08/2017 11:48:50 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\{424b1165-697b-11e7-ad60-78e3b588cafb}#0000000000007E00.
 
Log: 'System' Date/Time: 07/08/2017 8:18:20 PM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.
 
Log: 'System' Date/Time: 07/08/2017 8:18:20 PM
Type: Warning Category: 0
Event: 2511 Source: Server
The server service was unable to recreate the share DrFoneForAndroid because the directory C:\DrFoneForAndroid no longer exists.  Please run "net share DrFoneForAndroid /delete" to delete the share, or recreate the directory C:\DrFoneForAndroid.
 
Log: 'System' Date/Time: 07/08/2017 8:18:17 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\{424b1165-697b-11e7-ad60-78e3b588cafb}#0000000000007E00.
 
Log: 'System' Date/Time: 07/08/2017 7:45:08 PM
Type: Warning Category: 0
Event: 2511 Source: Server
The server service was unable to recreate the share DrFoneForAndroid because the directory C:\DrFoneForAndroid no longer exists.  Please run "net share DrFoneForAndroid /delete" to delete the share, or recreate the directory C:\DrFoneForAndroid.
 
Log: 'System' Date/Time: 07/08/2017 7:45:05 PM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.
 
Log: 'System' Date/Time: 07/08/2017 7:45:00 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\{424b1165-697b-11e7-ad60-78e3b588cafb}#0000000000007E00.
 
Log: 'System' Date/Time: 07/08/2017 7:43:04 PM
Type: Warning Category: 0
Event: 8021 Source: BROWSER
The browser service was unable to retrieve a list of servers from the browser master \\AIRWORXLAPTOP on the network \Device\NetBT_Tcpip_{FA3CE8D6-7AFE-4AD0-A04F-B501407FE7A5}.    Browser master: \\AIRWORXLAPTOP  Network: \Device\NetBT_Tcpip_{FA3CE8D6-7AFE-4AD0-A04F-B501407FE7A5}    This event may be caused by a temporary loss of network connectivity. If this message appears again, verify that the server is still connected to the network. The return code is in the Data text box.
 
Log: 'System' Date/Time: 07/08/2017 7:14:02 PM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.
 
Log: 'System' Date/Time: 07/08/2017 7:14:01 PM
Type: Warning Category: 0
Event: 2511 Source: Server
The server service was unable to recreate the share DrFoneForAndroid because the directory C:\DrFoneForAndroid no longer exists.  Please run "net share DrFoneForAndroid /delete" to delete the share, or recreate the directory C:\DrFoneForAndroid.
 
Log: 'System' Date/Time: 07/08/2017 7:13:58 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\{424b1165-697b-11e7-ad60-78e3b588cafb}#0000000000007E00.
 
Log: 'System' Date/Time: 07/08/2017 7:11:08 PM
Type: Warning Category: 0
Event: 1073 Source: User32
The attempt by user AIRWORX2-PC\AIRWORX 2 to restart/shutdown computer AIRWORX2-PC failed
 
Log: 'System' Date/Time: 07/08/2017 3:45:05 PM
Type: Warning Category: 0
Event: 121 Source: MSiSCSI
The firewall exception to allow Internet Storage Name Server (iSNS) client functionality is not enabled. iSNS client functionality is not available.
 
Log: 'System' Date/Time: 07/08/2017 3:45:05 PM
Type: Warning Category: 0
Event: 2511 Source: Server
The server service was unable to recreate the share DrFoneForAndroid because the directory C:\DrFoneForAndroid no longer exists.  Please run "net share DrFoneForAndroid /delete" to delete the share, or recreate the directory C:\DrFoneForAndroid.
 
Log: 'System' Date/Time: 07/08/2017 3:45:00 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WudfRd failed to load for the device SWD\WPDBUSENUM\{424b1165-697b-11e7-ad60-78e3b588cafb}#0000000000007E00.
 
Log: 'System' Date/Time: 05/08/2017 7:19:13 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name sls.update.microsoft.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 05/08/2017 5:47:02 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name mtalk.google.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 05/08/2017 5:46:07 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name bolt.dropbox.com timed out after none of the configured DNS servers responded.

  • 0

#102
RKinner
Posted 08 August 2017 - 07:52 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

The SoftwareProtectionPlatform is a task so you can search for

task scheduler

hit Enter

 

Then click on Task Scheduler Library

then

Microsoft

then 

Windows

then

SoftwareProtectionPlatform

 

If you look in the top pane you will see Next Run Time.  Does it say 2117?  This is not really a task that we care about.  MS uses it to make sure you have a legal copy.  Its their software they are protecting.  On my Win 7 it is Disabled.  Clicking on Actions and it should say

 

start a program   sc.exe start sppsvc

 

 

Does it?

 

 

Copy the next 6 lines.

mkdir C:\DrFoneForAndroid
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
sc config WUDFRd start= auto
sfc /scanfile=C:\Windows\System32\drivers\WUDFRd.sys > \junk.txt
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WUDFRd" /s >> \junk.txt
notepad \junk.txt
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 

  • 0

#103
BrandiCopas
Posted 08 August 2017 - 09:14 AM

BrandiCopas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

firewall blocking.JPG This was only part of the firewall blocked items, and over the course of only 15 minutes. 

 

amazon.JPG this one still plagues me, as it seems that it might be spyware or something like that maybe? 

 

 


  • 0

#104
RKinner
Posted 08 August 2017 - 10:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP

ESET is blocking a bunch of Microsoft stuff so I doubt it's anything.

 

The other thing seems to be related to Amzn llc kindle for windows.  Doesn't appear to be in your uninstall list so expect it's just a remnant from a poor uninstall.

 

Perhaps if you reinstall it 

 

https://www.microsof...le/9wzdncrfj3vn

 

Then get the Free version of Revo uninstaller.
 
 
The free version download is near the bottom of the page where it says:
 
Free Full Downloads of Revo Uninstaller 
 
It should be able to get rid of your program.  (From the reviews it's a piece of junk so not surprising that it doesn't want to uninstall completely)

  • 0

#105
BrandiCopas
Posted 09 August 2017 - 11:56 AM

BrandiCopas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 79 posts

I, at first when I opened tasks, was able to see many of them, it was a bit difficult to get there, as I couldn't do the regular cortana search that I usually do, i.e. start search in the box. I couldn't even click in the box, so I went to the windows explorer and started that way. 

 

I really again, appreciate your help!!! :o

 

Just to be clear, I didn't intend to download Kindle, nor did I ebay, and several of these, beats audio, etc.. and it has hijacked several programs I did use, and now have no ability to, i.e. paperport, rock gym pro, which is my point of sale sofrware, mysql database driven. Or Beats, onenote, 

 

Also, in the task scheduler, there were several tasks that were either scheduled instead of what appeared to be factory tasks???, and in it's place, were (Root) tasks, etc... Before the system blocked access to most of them from my user profile, I took a few screen shots. Several of them, I wasn't able to run, or edit, or change users, etc.. 

 

 
 
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   d i d   n o t   f i n d   a n y   i n t e g r i t y   v i o l a t i o n s . 
 
 
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WUDFRd
    ImagePath    REG_EXPAND_SZ    \SystemRoot\System32\drivers\WUDFRd.sys
    Type    REG_DWORD    0x1
    Start    REG_DWORD    0x2
    ErrorControl    REG_DWORD    0x1
    Owners    REG_MULTI_SZ    hidbthle.inf\0SDFLauncher.inf\0ehstorpwddrv.inf
    DisplayName    REG_SZ    @%SystemRoot%\system32\drivers\WudfRd.sys,-1000
    Group    REG_SZ    base
    Tag    REG_DWORD    0xf
 

 

 

 

Also, I'm attaching a few clips of weird stuff, as the only thing i have for comparison, is my other pc, also issues. Same network. 

 

temp signed certs.JPG this seemed weird, how to things just exchange their Certificate?

 

Siuf.JPG Not sure about this one either. 

 

netflix twitter and amazon.JPG  

 

AppX.JPG strange entries

 

programs in question.JPG Several of the entries listed here, seem to be involved, ironically. The Latham, Beats, Segate (Not able to uninstall) Itunes again, Verizon, One Note, Adobe Creative CLoud, Messaging and Go To MY PC have all been uninstalled, unless otherwise noted. Yet, they have daily errors 

 

random log ons daily note the dollar sign after my username with this profile.JPG Seems like they just log in and out of my pc as they wish. 

 

7-17-17 again.JPG This, I saw several of these items in the tasks as how my system is being monitored, and my user priv. are being restricted. "Consult Admin" 

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Malware, unknown virus

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP