Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

I was a victim of a virus link PLEASE HELP...

Started by K3ito , Sep 19 2017 01:55 PM

  • Please log in to reply

#1
K3ito
Posted 19 September 2017 - 01:55 PM

K3ito

    Member

  • Member
  • PipPip
  • 14 posts

I have no idea what to do...

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-09-2017 02
Ran by Syst3 (administrator) on DESKTOP-EDV9KD5 (13-09-2017 22:52:21)
Running from C:\Users\Syst3\Downloads
Loaded Profiles: Syst3 (Available Profiles: Syst3)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxCUIService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Discord Inc.) C:\Users\Syst3\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\Syst3\AppData\Local\Discord\app-0.0.298\Discord.exe
(Discord Inc.) C:\Users\Syst3\AppData\Local\Discord\app-0.0.298\Discord.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [263112 2016-03-22] (Razer Inc.)
HKU\S-1-5-21-1705482426-2229210781-2881064529-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-1705482426-2229210781-2881064529-1001\...\Run: [Discord] => C:\Users\Syst3\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{549528f9-e428-442e-9d18-7e1f96d28d95}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{c84835c3-5b1a-4fae-b6b8-fce0e38b33e7}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1705482426-2229210781-2881064529-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHoI37El3suDg82ceauxkDma32cFXsIk35yOQj2LjTY4FjpkTT5vuwYL-zqxzhc5ddL-2pgDPVxobIxTGRWc2xdYpatxnLAIU1gBs4FwvVarckloIHxtUl3NBcBVIkPwhBNoWRag5h0pCBp0ybXgH93MPUfPNdWknOYxrEs54g,,
HKU\S-1-5-21-1705482426-2229210781-2881064529-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://ca.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=xy_6a16b5d3&param1=ArFaIWVoNqArQGMVHFFoNqAqBbFaITMsQGR7xTVoN9I4y7IsQGR7B7JoN9JbDSk8vFE9GqQANFdcFCk8vFQ3vmIXvFFdJGYTNVM3vCIVvmk3vmoXwVNdICoVvFM9GqYVNUI3wGYGwVM4JmoXvmo9GqUNNos3wCIYwVA9JmoUwVA3vCITvFI4ICILNFdcJ6k8wV5cGWUSNFRcEqULNopcGWUIvmFbF6IVvmpdJCk4NVQ4ISoVwVI9I6IWwVVdJCoWwVxdJGYUwVVdISISwVJdJGYUvFI9I6IXwVU9JmoXwVU9JaYVvFM9IWYVNVM4IWQIwV5cGGUTNFRbDqUDNF5bDGUNNEU3wGQGwVNdIGYTvmk3vCoVwVNdICISNVRdIGYTNVA9I6oUwVNdJmoWwVw3vCoVNVI4ISISvFNdJmIXNVRdICoVNVU9JCIWwVVdICIXNoU9GqYYNVc3wCoUQGR7B6RoN9J9MWZbNaF9MqRoNqAsQGMVvDIlC6MuNGAuMWAuyCMrQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=MqV9MWJcNaZc
hxxp://ca.yhs4.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_pwrisofs_15_37&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCyEtAtCyDtDtAyD0D0Dzzzy0B0D0E0DtN0D0Tzu0StCtAyEyCtN1L2XzutAtFtCtBtFyDtFtCtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StD0B0DtC0CyD0DtCtGyD0FyBtDtGyEtAyDzytGzzzz0D0FtG0BzyyE0A0Bzyzz0DtA0A0AyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEzy0DyDyDzz0CtAtGzz0F0ByCtGyE0ByE0FtGzytB0C0CtGzytDtA0AtDtA0FyB0AyEzyyB2QtN0A0LzuyEtN1B2Z1V1T1S1NzuzyyEtA%26cr%3D2146841362%26a%3Dwncy_pwrisofs_15_37%26os%3DWindows%2B10%2BHome
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-13] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-09-13] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Profile: C:\Users\Syst3\AppData\Local\Google\Chrome\User Data\Default [2017-09-13]
CHR Extension: (Adblock Plus) - C:\Users\Syst3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-09-13]
CHR Extension: (Adblock for Youtube™) - C:\Users\Syst3\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2017-09-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Syst3\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-09-13]
CHR Extension: (Chrome Media Router) - C:\Users\Syst3\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-09-13]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440 2017-03-16] (NVIDIA Corporation)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-22] (Razer Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-09-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 CMUSBDAC; C:\WINDOWS\system32\DRIVERS\CMUSBDAC.sys [3792904 2016-11-30] (C-MEDIA)
R3 e1dexpress; C:\WINDOWS\system32\DRIVERS\e1d62x64.sys [520168 2016-10-26] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_f37f8f12da8b10d7\nvlddmkm.sys [14574640 2017-03-17] (NVIDIA Corporation)
S3 rzbtendpt; C:\WINDOWS\System32\drivers\rzbtendpt.sys [51912 2015-08-13] (Razer Inc)
S3 rzdaendpt; C:\WINDOWS\System32\drivers\rzdaendpt.sys [43720 2015-08-13] (Razer Inc)
R3 rzendpt; C:\WINDOWS\System32\drivers\rzendpt.sys [50392 2015-08-13] (Razer Inc)
S3 rzhnet; C:\WINDOWS\System32\Drivers\rzhnet.sys [29912 2015-08-13] (Razer Inc)
S3 rzjstk; C:\WINDOWS\System32\drivers\rzjstk.sys [36568 2015-08-13] (Razer Inc)
S3 rzkeypadendpt; C:\WINDOWS\System32\drivers\rzkeypadendpt.sys [46280 2015-08-13] (Razer Inc)
S3 rzmpos; C:\WINDOWS\System32\drivers\rzmpos.sys [48840 2015-08-13] (Razer Inc)
S3 rzp1endpt; C:\WINDOWS\System32\drivers\rzp1endpt.sys [52424 2015-08-13] (Razer Inc)
S3 rzvkeyboard; C:\WINDOWS\System32\drivers\rzvkeyboard.sys [44232 2015-08-13] (Razer Inc)
S3 rzvmouse; C:\WINDOWS\System32\drivers\rzvmouse.sys [42712 2015-08-13] (Razer Inc)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-14 01:36 - 2017-09-14 01:36 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-09-14 01:36 - 2017-09-14 01:36 - 000000000 ____D C:\WINDOWS\InfusedApps
2017-09-14 01:36 - 2017-09-14 01:36 - 000000000 ____D C:\Windows.old
2017-09-14 01:36 - 2017-09-14 00:49 - 000000000 ____D C:\Program Files (x86)\Razer
2017-09-14 01:35 - 2017-09-14 01:35 - 000000000 ____D C:\WINDOWS\Setup
2017-09-14 01:33 - 2017-09-14 01:33 - 000000000 ____D C:\WINDOWS\OCR
2017-09-14 01:33 - 2017-09-14 01:33 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-09-14 01:33 - 2017-09-14 01:33 - 000000000 ____D C:\Program Files\MSBuild
2017-09-14 01:33 - 2017-09-14 01:33 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-09-14 01:33 - 2017-09-14 01:33 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-09-14 01:32 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-09-14 01:32 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-09-14 01:32 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-09-14 01:32 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-09-14 01:32 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-09-14 01:32 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2017-09-14 01:32 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-09-14 01:32 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-09-14 01:32 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-09-14 01:32 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-09-14 01:32 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\0409
2017-09-14 01:32 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\DigitalLocker
2017-09-14 01:30 - 2017-09-14 01:26 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-09-14 01:30 - 2017-09-14 01:26 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-09-14 01:29 - 2017-09-14 01:26 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-09-14 01:29 - 2017-09-14 01:26 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-09-14 01:29 - 2017-09-14 01:26 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-09-14 01:28 - 2017-09-14 01:36 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-09-14 01:28 - 2017-09-14 01:33 - 000000000 ____D C:\WINDOWS\SystemApps
2017-09-14 01:28 - 2017-09-14 01:33 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\setup
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\system32\Com
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\IME
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\Program Files\Windows Defender
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\Program Files\Common Files\System
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-09-14 01:28 - 2017-09-14 01:32 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-09-14 01:28 - 2017-09-14 01:29 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-09-14 01:28 - 2017-09-14 01:29 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-09-14 01:28 - 2017-09-14 01:29 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-09-14 01:28 - 2017-09-14 01:29 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-09-14 01:28 - 2017-09-14 01:29 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-09-14 01:28 - 2017-09-14 01:29 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-09-14 01:28 - 2017-09-14 01:29 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-09-14 01:28 - 2017-09-14 01:29 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 __RSD C:\WINDOWS\Media
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 __RHD C:\Users\Public\Libraries
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ___SD C:\WINDOWS\system32\Nui
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\Web
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\Vss
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\tracing
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\TAPI
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SystemResources
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\winevt
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\ras
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\IME
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\ias
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\downlevel
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\DDFs
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\System
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SKB
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\security
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\schemas
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\SchCache
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\Resources
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\Registration
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\Provisioning
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\PLA
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\Performance
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\L2Schemas
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\InputMethod
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\Globalization
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\Cursors
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\Branding
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\appcompat
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\addins
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\Program Files\Windows Security
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\Program Files\Windows NT
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\Program Files\Common Files\Services
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\Program Files (x86)\Windows NT
2017-09-14 01:28 - 2017-09-14 01:28 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-09-14 01:28 - 2017-09-14 01:26 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-09-14 01:28 - 2017-09-14 01:26 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2017-09-14 01:28 - 2017-09-14 01:26 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-09-14 01:28 - 2017-09-14 01:26 - 000015940 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-09-14 01:28 - 2017-09-14 01:26 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-09-14 01:28 - 2017-09-14 01:26 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-09-14 01:28 - 2017-09-14 01:26 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-09-14 01:28 - 2017-09-14 01:26 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-09-14 01:28 - 2017-09-14 01:26 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-09-14 01:28 - 2017-09-14 01:26 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-09-14 01:28 - 2017-09-14 01:26 - 000000219 _____ C:\WINDOWS\system.ini
2017-09-14 01:28 - 2017-09-14 01:26 - 000000092 _____ C:\WINDOWS\win.ini
2017-09-14 01:28 - 2017-09-14 00:58 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-09-14 01:28 - 2017-09-14 00:58 - 000000000 ____D C:\WINDOWS\rescache
2017-09-14 01:28 - 2017-09-14 00:57 - 000000000 ____D C:\WINDOWS\system32\spool
2017-09-14 01:28 - 2017-09-14 00:57 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-09-14 01:28 - 2017-09-14 00:56 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-09-14 01:28 - 2017-09-14 00:52 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-09-14 01:28 - 2017-09-14 00:49 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-09-14 01:28 - 2017-09-14 00:49 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-09-14 01:28 - 2017-09-14 00:49 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-09-14 01:28 - 2017-09-14 00:49 - 000000000 ____D C:\WINDOWS\HoloShell
2017-09-14 01:28 - 2017-09-14 00:48 - 000000000 ____D C:\WINDOWS\Help
2017-09-14 01:28 - 2017-09-13 22:51 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-14 01:28 - 2017-09-13 22:51 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-14 01:28 - 2017-09-13 22:20 - 000000000 ___RD C:\Program Files (x86)
2017-09-14 01:28 - 2017-09-13 22:11 - 000000000 ____D C:\ProgramData\USOPrivate
2017-09-14 01:27 - 2017-09-13 22:35 - 000000000 ____D C:\WINDOWS\INF
2017-09-14 01:20 - 2017-09-13 22:12 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-14 01:16 - 2017-09-14 01:32 - 000000000 ____D C:\WINDOWS\servicing
2017-09-14 01:16 - 2017-09-14 01:31 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2017-09-14 01:16 - 2017-09-14 01:28 - 000000000 ____D C:\WINDOWS\system32\SMI
2017-09-14 01:16 - 2017-09-14 00:56 - 000000000 ____D C:\WINDOWS\Panther
2017-09-14 01:16 - 2017-09-14 00:56 - 000000000 ____D C:\$Windows.~BT
2017-09-14 01:16 - 2017-09-14 00:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-09-14 01:16 - 2017-09-13 22:01 - 066060288 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-09-14 01:16 - 2017-09-13 22:01 - 012582912 _____ C:\WINDOWS\system32\config\SYSTEM
2017-09-14 01:16 - 2017-09-13 22:01 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-09-14 01:16 - 2017-09-13 22:01 - 000262144 _____ C:\WINDOWS\system32\config\DEFAULT
2017-09-14 01:16 - 2017-09-13 22:01 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2017-09-14 00:59 - 2017-09-13 22:06 - 000907408 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-14 00:57 - 2017-03-18 16:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-09-14 00:55 - 2017-09-14 00:55 - 000000000 _SHDL C:\Users\Default User
2017-09-14 00:55 - 2017-09-14 00:55 - 000000000 _SHDL C:\Users\All Users
2017-09-14 00:55 - 2017-09-14 00:55 - 000000000 _SHDL C:\Documents and Settings
2017-09-14 00:49 - 2017-09-14 00:49 - 000000000 ____D C:\ProgramData\Razer
2017-09-14 00:48 - 2017-09-14 00:48 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-14 00:48 - 2017-09-14 00:48 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-09-14 00:48 - 2017-09-14 00:48 - 000000000 ____D C:\Program Files\Intel
2017-09-14 00:48 - 2017-09-14 00:48 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-09-14 00:48 - 2017-09-14 00:48 - 000000000 ____D C:\Intel
2017-09-14 00:48 - 2017-09-14 00:48 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-09-14 00:48 - 2017-09-13 22:02 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-14 00:48 - 2017-03-16 19:31 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-09-14 00:48 - 2017-03-16 19:16 - 006401984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-09-14 00:48 - 2017-03-16 19:16 - 002477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-09-14 00:48 - 2017-03-16 19:16 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-09-14 00:48 - 2017-03-16 19:16 - 000549944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-09-14 00:48 - 2017-03-16 19:16 - 000392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-09-14 00:48 - 2017-03-16 19:16 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-09-14 00:48 - 2017-03-16 19:16 - 000069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-09-14 00:48 - 2017-03-16 05:39 - 007813427 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-09-14 00:48 - 2016-11-01 23:05 - 000113672 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-09-14 00:48 - 2016-11-01 23:05 - 000104464 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-09-14 00:45 - 2017-09-13 22:02 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-14 00:44 - 2017-09-14 00:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-14 00:44 - 2017-09-14 00:44 - 000217864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-14 00:44 - 2017-09-14 00:44 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-09-14 00:43 - 2017-09-14 00:43 - 000000000 __SHD C:\found.000
2017-09-13 22:52 - 2017-09-13 22:52 - 000010082 _____ C:\Users\Syst3\Downloads\FRST.txt
2017-09-13 22:52 - 2017-09-13 22:50 - 002398208 _____ (Farbar) C:\Users\Syst3\Desktop\FRST64.exe
2017-09-13 22:51 - 2017-09-13 22:52 - 000000000 ____D C:\FRST
2017-09-13 22:50 - 2017-09-13 22:50 - 002398208 _____ (Farbar) C:\Users\Syst3\Downloads\FRST64.exe
2017-09-13 22:46 - 2017-09-13 22:46 - 000000000 ____D C:\Users\Syst3\Desktop\Games
2017-09-13 22:37 - 2017-09-13 22:37 - 000000000 ____D C:\Users\Syst3\Desktop\Perro
2017-09-13 22:37 - 2017-09-13 22:37 - 000000000 ____D C:\Users\Syst3\Desktop\Montage Clips
2017-09-13 22:37 - 2017-09-13 22:37 - 000000000 ____D C:\Users\Syst3\Desktop\Media Things
2017-09-13 22:37 - 2017-09-13 22:37 - 000000000 ____D C:\Users\Syst3\Desktop\Demos
2017-09-13 22:37 - 2017-09-13 22:37 - 000000000 ____D C:\Users\Syst3\AppData\Local\DBG
2017-09-13 22:36 - 2017-09-13 22:36 - 000000000 ____D C:\Users\Syst3\Desktop\Nancy's Stuff
2017-09-13 22:35 - 2017-09-13 22:35 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-09-13 22:35 - 2017-09-13 22:35 - 000000000 ____D C:\Users\Syst3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-13 22:31 - 2017-09-13 22:31 - 000000000 ____D C:\Users\Syst3\AppData\Local\Steam
2017-09-13 22:31 - 2017-09-13 22:31 - 000000000 ____D C:\Users\Syst3\AppData\Local\CEF
2017-09-13 22:26 - 2017-09-13 22:26 - 000000000 ____D C:\Users\Syst3\AppData\Local\PackageStaging
2017-09-13 22:21 - 2017-09-13 22:25 - 000000000 ____D C:\Users\Syst3\AppData\Roaming\discord
2017-09-13 22:21 - 2017-09-13 22:21 - 000002237 _____ C:\Users\Syst3\Desktop\Discord.lnk
2017-09-13 22:21 - 2017-09-13 22:21 - 000000000 ____D C:\Users\Syst3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
2017-09-13 22:21 - 2017-09-13 22:21 - 000000000 ____D C:\Users\Syst3\AppData\Local\SquirrelTemp
2017-09-13 22:21 - 2017-09-13 22:21 - 000000000 ____D C:\Users\Syst3\AppData\Local\Discord
2017-09-13 22:20 - 2017-09-13 22:34 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-13 22:20 - 2017-09-13 22:20 - 000001036 _____ C:\Users\Public\Desktop\Steam.lnk
2017-09-13 22:20 - 2017-09-13 22:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-09-13 22:19 - 2017-09-13 22:21 - 054332920 _____ (Discord Inc.) C:\Users\Syst3\Downloads\DiscordSetup.exe
2017-09-13 22:19 - 2017-09-13 22:19 - 001446792 _____ C:\Users\Syst3\Downloads\SteamSetup.exe
2017-09-13 22:17 - 2017-09-13 22:17 - 000000000 ____D C:\Users\Syst3\AppData\Roaming\Google
2017-09-13 22:16 - 2017-09-13 22:16 - 000002348 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-09-13 22:16 - 2017-09-13 22:16 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-09-13 22:14 - 2017-09-13 22:16 - 000000000 ____D C:\Users\Syst3\AppData\Local\Google
2017-09-13 22:14 - 2017-09-13 22:16 - 000000000 ____D C:\Program Files (x86)\Google
2017-09-13 22:14 - 2017-09-13 22:14 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-09-13 22:14 - 2017-09-13 22:14 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-09-13 22:14 - 2017-09-13 22:14 - 000000000 ____D C:\Users\Syst3\AppData\Local\MicrosoftEdge
2017-09-13 22:13 - 2017-09-13 22:13 - 000003378 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1705482426-2229210781-2881064529-1001
2017-09-13 22:13 - 2017-09-13 22:13 - 000000000 ____D C:\Users\Syst3\AppData\Roaming\Skype
2017-09-13 22:12 - 2017-09-13 22:13 - 000002367 _____ C:\Users\Syst3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-13 22:12 - 2017-09-13 22:13 - 000000000 ___RD C:\Users\Syst3\OneDrive
2017-09-13 22:12 - 2017-09-13 22:12 - 000000000 ____D C:\Users\Syst3\AppData\Local\Razer_Inc
2017-09-13 22:11 - 2017-09-13 22:12 - 000000000 ____D C:\Users\Syst3\AppData\Local\Comms
2017-09-13 22:11 - 2017-09-13 22:11 - 000001051 _____ C:\Users\Syst3\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2017-09-13 22:10 - 2017-09-13 22:10 - 000000000 ____D C:\ProgramData\USOShared
2017-09-13 22:10 - 2017-09-13 22:10 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-09-13 22:09 - 2017-09-13 22:09 - 000000000 ____D C:\Users\Syst3\AppData\Local\Publishers
2017-09-13 22:08 - 2017-09-13 22:51 - 000000000 ____D C:\Users\Syst3\AppData\Local\Packages
2017-09-13 22:08 - 2017-09-13 22:09 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-09-13 22:08 - 2017-09-13 22:08 - 000000000 __SHD C:\Users\Syst3\IntelGraphicsProfiles
2017-09-13 22:08 - 2017-09-13 22:08 - 000000000 ____D C:\Users\Syst3\AppData\Roaming\Adobe
2017-09-13 22:08 - 2017-09-13 22:08 - 000000000 ____D C:\Users\Syst3\AppData\Local\VirtualStore
2017-09-13 22:08 - 2017-09-13 22:08 - 000000000 ____D C:\Users\Syst3\AppData\Local\TileDataLayer
2017-09-13 22:08 - 2017-09-13 22:08 - 000000000 ____D C:\Users\Syst3\AppData\Local\ConnectedDevicesPlatform
2017-09-13 22:05 - 2017-09-13 22:12 - 000000000 ____D C:\Users\Syst3
2017-09-13 22:05 - 2017-09-13 22:05 - 000000020 ___SH C:\Users\Syst3\ntuser.ini
2017-09-13 22:00 - 2017-07-12 00:39 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-09-13 21:13 - 2017-09-14 01:36 - 000000000 ___HD C:\$SysReset
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-14 01:33 - 2017-03-18 22:29 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-09-14 01:33 - 2017-03-18 22:29 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-09-14 01:33 - 2017-03-18 22:29 - 000387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-09-14 01:26 - 2017-03-18 16:59 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-09-14 01:26 - 2017-03-18 16:59 - 007335936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-09-14 01:26 - 2017-03-18 16:59 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-09-14 01:26 - 2017-03-18 16:59 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-09-14 01:26 - 2017-03-18 16:59 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-14 01:26 - 2017-03-18 16:59 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-14 01:26 - 2017-03-18 16:59 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-09-14 01:26 - 2017-03-18 16:58 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-09-14 01:26 - 2017-03-18 16:58 - 004212624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 002765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 002673152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 002298880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 001707008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 001450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 001027584 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-09-14 01:26 - 2017-03-18 16:58 - 000892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000875520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-09-14 01:26 - 2017-03-18 16:58 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-09-14 01:26 - 2017-03-18 16:58 - 000790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-09-14 01:26 - 2017-03-18 16:58 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-09-14 01:26 - 2017-03-18 16:58 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000609048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000559008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-09-14 01:26 - 2017-03-18 16:58 - 000550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-14 01:26 - 2017-03-18 16:58 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000364544 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000321384 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-09-14 01:26 - 2017-03-18 16:58 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-09-14 01:26 - 2017-03-18 16:58 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000179616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000168352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-09-14 01:26 - 2017-03-18 16:58 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-09-14 01:26 - 2017-03-18 16:58 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 003672064 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-09-14 01:26 - 2017-03-18 16:57 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 001600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-09-14 01:26 - 2017-03-18 16:57 - 001402368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 001321800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 000973312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-09-14 01:26 - 2017-03-18 16:57 - 000924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-09-14 01:26 - 2017-03-18 16:57 - 000809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 000750008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-14 01:26 - 2017-03-18 16:57 - 000707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-14 01:26 - 2017-03-18 16:57 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-14 01:26 - 2017-03-18 16:57 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 000408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 000381848 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-09-14 01:26 - 2017-03-18 16:57 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 000199072 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-09-14 01:26 - 2017-03-18 16:57 - 000103408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 000087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-09-14 01:26 - 2017-03-18 16:57 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-09-14 01:26 - 2017-03-18 16:56 - 004537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-09-14 01:26 - 2017-03-18 16:56 - 002612008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-09-14 01:26 - 2017-03-18 16:56 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-09-14 01:26 - 2017-03-18 16:56 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-09-14 01:26 - 2017-03-18 16:56 - 000219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-09-14 01:26 - 2017-03-18 16:56 - 000081824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-09-14 01:26 - 2017-03-18 16:56 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-09-14 01:25 - 2017-03-18 16:59 - 019334144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-09-14 01:25 - 2017-03-18 16:59 - 011869696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-09-14 01:25 - 2017-03-18 16:59 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-09-14 01:25 - 2017-03-18 16:59 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-09-14 01:25 - 2017-03-18 16:59 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-09-14 01:25 - 2017-03-18 16:59 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 020374432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 017365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 008330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 003135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 003110912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 002344960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 002142720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001474288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001411128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001402368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001194696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001136640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 001035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-09-14 01:25 - 2017-03-18 16:58 - 000940960 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000805376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-09-14 01:25 - 2017-03-18 16:58 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000643072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000491008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-09-14 01:25 - 2017-03-18 16:58 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-09-14 01:25 - 2017-03-18 16:58 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-09-14 01:25 - 2017-03-18 16:58 - 000316416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-09-14 01:25 - 2017-03-18 16:58 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-09-14 01:25 - 2017-03-18 16:58 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-09-14 01:25 - 2017-03-18 16:58 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-09-14 01:25 - 2017-03-18 16:58 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000101800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-09-14 01:25 - 2017-03-18 16:58 - 000100224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-09-14 01:25 - 2017-03-18 16:58 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-09-14 01:25 - 2017-03-18 16:58 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 005892608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 005302456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 003331584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 002515968 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 002328480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-09-14 01:25 - 2017-03-18 16:57 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 001759752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 001702912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-09-14 01:25 - 2017-03-18 16:57 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-09-14 01:25 - 2017-03-18 16:57 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-09-14 01:25 - 2017-03-18 16:57 - 001318816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 001243040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-09-14 01:25 - 2017-03-18 16:57 - 001214368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-09-14 01:25 - 2017-03-18 16:57 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-09-14 01:25 - 2017-03-18 16:57 - 001017248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-09-14 01:25 - 2017-03-18 16:57 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-09-14 01:25 - 2017-03-18 16:57 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-09-14 01:25 - 2017-03-18 16:57 - 000832648 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000777728 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-09-14 01:25 - 2017-03-18 16:57 - 000775832 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-09-14 01:25 - 2017-03-18 16:57 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000542624 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000333216 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-09-14 01:25 - 2017-03-18 16:57 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-09-14 01:25 - 2017-03-18 16:57 - 000104944 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-09-14 01:25 - 2017-03-18 16:57 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-09-14 01:25 - 2017-03-18 16:57 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 008247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 005802976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-09-14 01:25 - 2017-03-18 16:56 - 001832960 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 001669472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 001224208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 000388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-09-14 01:25 - 2017-03-18 16:56 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 000144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-09-14 01:25 - 2017-03-18 16:56 - 000117152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-09-14 01:25 - 2017-03-18 16:56 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-09-14 01:25 - 2017-03-18 16:56 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-09-14 01:25 - 2017-03-18 16:56 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-09-14 01:25 - 2017-03-18 16:56 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-09-14 01:25 - 2017-03-18 16:56 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-09-14 01:24 - 2017-03-18 17:00 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-09-14 01:24 - 2017-03-18 16:59 - 020505088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-09-14 01:24 - 2017-03-18 16:59 - 003659264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-09-14 01:24 - 2017-03-18 16:59 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-09-14 01:24 - 2017-03-18 16:59 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-09-14 01:24 - 2017-03-18 16:59 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-09-14 01:24 - 2017-03-18 16:59 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-09-14 01:24 - 2017-03-18 16:59 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-14 01:24 - 2017-03-18 16:59 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 021353720 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 006761560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 006535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-09-14 01:24 - 2017-03-18 16:58 - 004847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-09-14 01:24 - 2017-03-18 16:58 - 004446720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 003379712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-09-14 01:24 - 2017-03-18 16:58 - 002653184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 002624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 002597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 002328984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 002158040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001432576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-09-14 01:24 - 2017-03-18 16:58 - 001099776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-09-14 01:24 - 2017-03-18 16:58 - 000909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000759808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-09-14 01:24 - 2017-03-18 16:58 - 000754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000666528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-09-14 01:24 - 2017-03-18 16:58 - 000643072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000472176 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-14 01:24 - 2017-03-18 16:58 - 000437552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-09-14 01:24 - 2017-03-18 16:58 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-09-14 01:24 - 2017-03-18 16:58 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-09-14 01:24 - 2017-03-18 16:58 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-09-14 01:24 - 2017-03-18 16:58 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-09-14 01:24 - 2017-03-18 16:58 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000203160 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000192408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000166400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-09-14 01:24 - 2017-03-18 16:58 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-09-14 01:24 - 2017-03-18 16:58 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 008319904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-09-14 01:24 - 2017-03-18 16:57 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 002834432 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 002682776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-09-14 01:24 - 2017-03-18 16:57 - 002446752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-09-14 01:24 - 2017-03-18 16:57 - 002434048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 002399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 002084768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 002056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-09-14 01:24 - 2017-03-18 16:57 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-09-14 01:24 - 2017-03-18 16:57 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-09-14 01:24 - 2017-03-18 16:57 - 001086976 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-09-14 01:24 - 2017-03-18 16:57 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000867312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-09-14 01:24 - 2017-03-18 16:57 - 000721632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-09-14 01:24 - 2017-03-18 16:57 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000636136 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000516608 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-09-14 01:24 - 2017-03-18 16:57 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-09-14 01:24 - 2017-03-18 16:57 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000315296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-09-14 01:24 - 2017-03-18 16:57 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000181664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-09-14 01:24 - 2017-03-18 16:57 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-09-14 01:24 - 2017-03-18 16:57 - 000120224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-09-14 01:24 - 2017-03-18 16:57 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-09-14 01:24 - 2017-03-18 16:57 - 000102208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-09-14 01:24 - 2017-03-18 16:57 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-09-14 01:24 - 2017-03-18 16:57 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-09-14 01:24 - 2017-03-18 16:57 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-09-14 01:24 - 2017-03-18 16:57 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-09-14 01:24 - 2017-03-18 16:56 - 023680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 012787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 006551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 004673872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 001455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 000723352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-09-14 01:24 - 2017-03-18 16:56 - 000721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 000590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-09-14 01:24 - 2017-03-18 16:56 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 000335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-09-14 01:24 - 2017-03-18 16:56 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-09-14 01:24 - 2017-03-18 16:56 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-09-14 01:24 - 2017-03-18 16:56 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 000218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-09-14 01:24 - 2017-03-18 16:56 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-14 01:24 - 2017-03-18 16:56 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2017-09-14 01:24 - 2017-03-18 16:56 - 000030456 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-14 01:23 - 2017-03-18 17:00 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 006296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 005960704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-09-14 01:23 - 2017-03-18 16:59 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-09-14 01:23 - 2017-03-18 16:59 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-09-14 01:23 - 2017-03-18 16:58 - 006726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-09-14 01:23 - 2017-03-18 16:58 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 003114136 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 002957824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-09-14 01:23 - 2017-03-18 16:58 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 002799616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 002635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 002347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 002088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001911808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001885696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001853296 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001604824 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001517024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001300992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001284608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001267056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001223168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001074688 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001056160 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 001013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000984512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-09-14 01:23 - 2017-03-18 16:58 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-09-14 01:23 - 2017-03-18 16:58 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-09-14 01:23 - 2017-03-18 16:58 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000729600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-09-14 01:23 - 2017-03-18 16:58 - 000673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-14 01:23 - 2017-03-18 16:58 - 000605936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000557376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000434688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-14 01:23 - 2017-03-18 16:58 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-09-14 01:23 - 2017-03-18 16:58 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000387072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-09-14 01:23 - 2017-03-18 16:58 - 000356992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000332192 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000282624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-09-14 01:23 - 2017-03-18 16:58 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-09-14 01:23 - 2017-03-18 16:58 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000118880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000090456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-09-14 01:23 - 2017-03-18 16:58 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000036768 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-09-14 01:23 - 2017-03-18 16:58 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-09-14 01:23 - 2017-03-18 16:58 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-09-14 01:23 - 2017-03-18 16:57 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 001886720 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 001575144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 001459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 001337336 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-09-14 01:23 - 2017-03-18 16:57 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 001035264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 001024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-09-14 01:23 - 2017-03-18 16:57 - 001003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-09-14 01:23 - 2017-03-18 16:57 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-09-14 01:23 - 2017-03-18 16:57 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-09-14 01:23 - 2017-03-18 16:57 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000777728 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-09-14 01:23 - 2017-03-18 16:57 - 000543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-09-14 01:23 - 2017-03-18 16:57 - 000509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000455616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-09-14 01:23 - 2017-03-18 16:57 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-09-14 01:23 - 2017-03-18 16:57 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-09-14 01:23 - 2017-03-18 16:57 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000141720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-09-14 01:23 - 2017-03-18 16:57 - 000130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-09-14 01:23 - 2017-03-18 16:57 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-09-14 01:23 - 2017-03-18 16:57 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-09-14 01:23 - 2017-03-18 16:57 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-09-14 01:23 - 2017-03-18 16:56 - 004745728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 004711648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 002430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 001700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 001611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 000730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-09-14 01:23 - 2017-03-18 16:56 - 000716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-09-14 01:23 - 2017-03-18 16:56 - 000287136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-14 01:23 - 2017-03-18 16:56 - 000277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-09-14 01:23 - 2017-03-18 16:56 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2017-09-14 01:23 - 2017-03-18 16:56 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 000224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-09-14 01:23 - 2017-03-18 16:56 - 000199072 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 000188832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-14 01:23 - 2017-03-18 16:56 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-09-14 01:23 - 2017-03-18 16:56 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-09-14 01:23 - 2017-03-18 16:56 - 000027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-09-14 01:22 - 2017-03-18 16:59 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-14 01:22 - 2017-03-18 16:59 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 013840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 002678784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 002443264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 001505688 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 001478656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 001297920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-09-14 01:22 - 2017-03-18 16:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-09-14 01:22 - 2017-03-18 16:57 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-09-14 01:22 - 2017-03-18 16:57 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-09-14 01:22 - 2017-03-18 16:57 - 001528872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-09-14 01:22 - 2017-03-18 16:57 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-09-14 01:22 - 2017-03-18 16:57 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-09-14 01:22 - 2017-03-18 16:57 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-09-14 01:22 - 2017-03-18 16:57 - 000361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-09-14 01:22 - 2017-03-18 16:57 - 000095072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-09-14 01:22 - 2017-03-18 16:57 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-09-14 01:22 - 2017-03-18 16:56 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-09-14 01:22 - 2017-03-18 16:56 - 001120872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-09-14 01:22 - 2017-03-18 16:56 - 000553888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-09-14 01:22 - 2017-03-18 16:56 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-14 01:22 - 2017-03-18 16:56 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-09-14 01:22 - 2017-03-18 16:56 - 000412496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-09-14 01:22 - 2017-03-18 16:56 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-14 00:44
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-09-2017 02
Ran by Syst3 (13-09-2017 22:53:38)
Running from C:\Users\Syst3\Downloads
Windows 10 Home Version 1703 (X64) (2017-09-14 04:56:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1705482426-2229210781-2881064529-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1705482426-2229210781-2881064529-503 - Limited - Disabled)
Guest (S-1-5-21-1705482426-2229210781-2881064529-501 - Limited - Disabled)
Syst3 (S-1-5-21-1705482426-2229210781-2881064529-1001 - Administrator - Enabled) => C:\Users\Syst3
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Discord (HKU\S-1-5-21-1705482426-2229210781-2881064529-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.79 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Microsoft OneDrive (HKU\S-1-5-21-1705482426-2229210781-2881064529-1001\...\OneDriveSetup.exe) (Version: 17.3.6966.0824 - Microsoft Corporation)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-03-16] (NVIDIA Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {514CBA62-A8FF-4679-9047-728A6CCB2AB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-13] (Google Inc.)
Task: {86B6CBB4-BE03-4BFD-BE2D-C12E42E67D8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-13] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-14 00:48 - 2017-03-16 19:16 - 000133056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-13 22:16 - 2017-09-04 04:12 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\libglesv2.dll
2017-09-13 22:16 - 2017-09-04 04:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\libegl.dll
2017-09-13 22:21 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\Syst3\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-09-13 22:21 - 2017-09-13 22:21 - 001577976 _____ () \\?\C:\Users\Syst3\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-09-13 22:21 - 2017-08-08 15:13 - 001938424 _____ () C:\Users\Syst3\AppData\Local\Discord\app-0.0.298\libglesv2.dll
2017-09-13 22:21 - 2017-08-08 15:13 - 000095736 _____ () C:\Users\Syst3\AppData\Local\Discord\app-0.0.298\libegl.dll
2017-09-13 22:21 - 2017-09-13 22:23 - 009622008 _____ () \\?\C:\Users\Syst3\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-09-13 22:21 - 2017-09-13 22:21 - 001440248 _____ () \\?\C:\Users\Syst3\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-09-13 22:25 - 2017-09-13 22:25 - 000148992 _____ () \\?\C:\Users\Syst3\AppData\Local\Temp\AC18.tmp.node
2017-09-13 22:21 - 2017-09-13 22:21 - 002658296 _____ () \\?\C:\Users\Syst3\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-09-13 22:26 - 2017-09-13 22:26 - 002673656 _____ () \\?\C:\Users\Syst3\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2017-09-13 22:27 - 2017-08-04 17:19 - 000678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-09-13 22:27 - 2016-08-31 21:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-09-13 22:27 - 2017-09-07 00:51 - 002505504 _____ () C:\Program Files (x86)\Steam\video.dll
2017-09-13 22:27 - 2016-08-31 21:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-09-13 22:27 - 2016-08-31 21:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-09-13 22:27 - 2016-01-27 03:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-09-13 22:27 - 2016-01-27 03:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-09-13 22:27 - 2016-01-27 03:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-09-13 22:27 - 2016-01-27 03:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-09-13 22:27 - 2016-01-27 03:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-09-13 22:27 - 2017-09-07 00:51 - 000885024 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-09-13 22:27 - 2016-07-04 18:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-09-13 22:30 - 2017-05-16 21:54 - 000678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-09-13 22:30 - 2017-07-17 18:50 - 073115424 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-09-13 22:27 - 2015-09-24 19:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-14 01:28 - 2017-09-14 01:26 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1705482426-2229210781-2881064529-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Syst3\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "RzWizard"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{43F6B230-22A0-4C5A-8C24-0BFABC7EA005}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0EC8E59B-14FB-4C13-ABF8-5AFBBE90E116}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{374F21E9-DE78-46C5-9ED1-14883177AF82}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D9A8BD1D-B4EC-4569-8312-9576970CDCDA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{224E22AD-9F6C-4421-BB74-C381AA269A79}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
 
==================== Restore Points =========================
 
13-09-2017 22:00:39 Windows Modules Installer
 
==================== Faulty Device Manager Devices =============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/13/2017 10:38:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.0, time stamp: 0x58ccbae4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x5c4
Faulting application start time: 0x01d32d026fd21032
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: c71a9bba-a15a-46ff-bf87-3eb2b34f8109
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (09/13/2017 10:37:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.0, time stamp: 0x58ccbae4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x5c4
Faulting application start time: 0x01d32d026fd21032
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 5a72fb73-297d-441b-9739-e3b10a04606a
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (09/13/2017 10:11:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EDV9KD5)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/13/2017 10:11:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EDV9KD5)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/13/2017 10:09:14 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (09/13/2017 10:09:13 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (09/13/2017 10:09:05 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (09/13/2017 10:08:53 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (09/14/2017 12:48:05 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.
 
Error: (09/14/2017 12:48:05 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Windows Defender status to SECURITY_PRODUCT_STATE_ON.
 
 
System errors:
=============
Error: (09/13/2017 10:31:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/13/2017 10:31:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (09/13/2017 10:27:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/13/2017 10:27:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/13/2017 10:27:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/13/2017 10:27:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/13/2017 10:02:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (09/14/2017 12:58:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/14/2017 12:57:21 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The Printer Extensions and Notifications service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (09/14/2017 12:55:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzWizardService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 23%
Total physical RAM: 16272.27 MB
Available physical RAM: 12402.96 MB
Total Virtual: 19216.27 MB
Available Virtual: 15085.47 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.48 GB) (Free:1638.12 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B3EF088E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 19 September 2017 - 02:41 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 
 
Open an elevated command prompt:
 
 
If you open an elevated command prompt it will by default open in c:\Windows\system32
 
Once you have an elevated command prompt:
 
Type:
 
 DISM  /Online  /Cleanup-Image  /RestoreHealth
 
 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:
 
Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):
 
sfc  /scannow
 
 
 
This will also take a few minutes.  
 
When it finishes it will say one of the following:
 
Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)
 
If you get the last result then type:
 
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  \junk.txt 
 
Hit Enter.  Then type::
 
 
notepad  \junk.txt 
 
Hit Enter. 
 
 Copy the text from notepad and paste it into a reply.
 
 
After you finish SFC, regardless of the result:
 
 
 
1. Please download the Event Viewer Tool by Vino Rosso
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:
 
* System
4. Under 'Select type to list', select:
* Error
* Warning
 
 
Then use the 'Number of events' as follows:
 
 
1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.
 
 
Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)
 
 
Run Process Explorer as before and post the log.
 
 
 
Run MBAR:
 
 
Does it find anything?
 

 


  • 0

#3
K3ito
Posted 19 September 2017 - 07:04 PM

K3ito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

I dont know if this will work but check if u can open this it wont let me send the text document....

file:///C:/Users/Syst3/Desktop/Anti-Rootkit/VEW%20Application.txt <---------Application

file:///C:/Users/Syst3/Desktop/Anti-Rootkit/VEW%20system.txt <--------- System

No Malware found by the way


Edited by K3ito, 19 September 2017 - 07:18 PM.

  • 0

#4
RKinner
Posted 19 September 2017 - 09:24 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Just copy the text from the logs and paste it into a Reply.


  • 0

#5
K3ito
Posted 19 September 2017 - 10:00 PM

K3ito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 19/09/2017 8:45:34 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/09/2017 2:16:51 AM
Type: Error Category: 0
Event: 1023 Source: Microsoft-Windows-Perflib
Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Log: 'Application' Date/Time: 19/09/2017 2:16:50 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Log: 'Application' Date/Time: 18/09/2017 3:09:57 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: CAM_V3.exe, version: 0.3.0.0, time stamp: 0x598d205c Faulting module name: KERNELBASE.dll, version: 10.0.15063.608, time stamp: 0xadaa6ed6 Exception code: 0xe0434352 Fault offset: 0x000eb832 Faulting process id: 0x31d0 Faulting application start time: 0x01d3308f69ceb565 Faulting application path: C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 14a069e2-460c-4ced-89ea-d13f82b3f3a0 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 18/09/2017 3:09:56 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: CAM_V3.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Threading.Tasks.TaskCanceledException
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at CAMV2.V2_UserControl.CoolingPage+<CAMV2.IComputerDataHandler.NotifyUpdate>d__3.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__6_1(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
 
Log: 'Application' Date/Time: 18/09/2017 2:05:12 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: RocketLeague.exe, version: 1.0.10897.0, time stamp: 0x59656779 Faulting module name: nvd3dum.dll, version: 22.21.13.8541, time stamp: 0x599b5a19 Exception code: 0xc0000005 Fault offset: 0x0075e3ff Faulting process id: 0x24d8 Faulting application start time: 0x01d33022776f4117 Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe Faulting module path: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ce1961376673184c\nvd3dum.dll Report Id: 2541bfce-cef7-4ea2-8f8b-fca01cfef87e Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 18/09/2017 2:05:10 AM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: RocketLeague.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 165AE3FF
 
 
Log: 'Application' Date/Time: 18/09/2017 1:13:11 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_AppReadiness, version: 10.0.15063.0, time stamp: 0x02799ef5 Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b Exception code: 0xc0000374 Fault offset: 0x00000000000f775f Faulting process id: 0x1658 Faulting application start time: 0x01d3301b0328b4cb Faulting application path: c:\windows\system32\svchost.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: f0b2fba5-328f-416d-b9a4-49f19257a775 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 18/09/2017 1:09:37 AM
Type: Error Category: 0
Event: 1023 Source: Microsoft-Windows-Perflib
Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Log: 'Application' Date/Time: 18/09/2017 1:09:36 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Log: 'Application' Date/Time: 15/09/2017 6:24:47 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 14/09/2017 10:51:30 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Log: 'Application' Date/Time: 14/09/2017 4:34:48 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll". Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis.
 
Log: 'Application' Date/Time: 14/09/2017 3:29:21 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ShellExperienceHost.exe, version: 10.0.15063.0, time stamp: 0x58ccbd2e Faulting module name: dwrite.dll, version: 10.0.15063.0, time stamp: 0x86cf89f5 Exception code: 0xc0000005 Fault offset: 0x0000000000038877 Faulting process id: 0x1840 Faulting application start time: 0x01d32d09991e7e23 Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Faulting module path: C:\WINDOWS\SYSTEM32\dwrite.dll Report Id: f0a23f02-4e33-4aa9-86f2-67f6ad991fee Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/09/2017 1:12:31 AM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> took 78 second(s) to handle the notification event (CreateSession).
 
Log: 'Application' Date/Time: 18/09/2017 1:12:13 AM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).
 
Log: 'Application' Date/Time: 15/09/2017 6:24:36 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe' (pid 9128) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 15/09/2017 6:24:36 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe' (pid 9804) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 14/09/2017 6:44:50 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (1236) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 733184 (0x00000000000b3000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:44:36 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (2960) {5A3083BF-711D-4CAD-B5AF-D95DB2DFE6B4}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1015808 (0x00000000000f8000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (59 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:44:17 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (2960) {5A3083BF-711D-4CAD-B5AF-D95DB2DFE6B4}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1015808 (0x00000000000f8000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:44:10 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
wuaueng.dll (1236) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 724992 (0x00000000000b1000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (55 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 55 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:43:54 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (1236) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 724992 (0x00000000000b1000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:43:37 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (2960) {5A3083BF-711D-4CAD-B5AF-D95DB2DFE6B4}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.chk" at offset 4096 (0x0000000000001000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (38 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:43:30 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (2960) {5A3083BF-711D-4CAD-B5AF-D95DB2DFE6B4}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.chk" at offset 4096 (0x0000000000001000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:43:14 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1236) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 720896 (0x00000000000b0000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (22 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 4:38:15 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (4804) {AEB40916-D186-42B8-A8C3-A72158E65E18}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb" at offset 1032192 (0x00000000000fc000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (18 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 4:38:13 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (4804) {AEB40916-D186-42B8-A8C3-A72158E65E18}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb.log" at offset 208896 (0x0000000000033000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (16 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 4:38:10 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (4804) {37DDCC56-3811-433D-907A-3C351FE4E772}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1015808 (0x00000000000f8000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:37 AM
Type: Warning Category: 7
Event: 510 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" at offset 118784 (0x000000000001d000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (38 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 38 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:20 AM
Type: Warning Category: 7
Event: 510 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1130496 (0x0000000000114000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (40 seconds) to be serviced by the OS. In addition, 3 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 14 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:18 AM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1179648 (0x0000000000120000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:18 AM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1163264 (0x000000000011c000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:18 AM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1130496 (0x0000000000114000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

  • 0

#6
K3ito
Posted 19 September 2017 - 10:00 PM

K3ito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 19/09/2017 8:44:58 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 18/09/2017 1:24:37 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
Log: 'System' Date/Time: 17/09/2017 6:06:50 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/09/2017 11:37:03 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The RzWizardService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 19/09/2017 11:37:03 PM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the RzWizardService service to connect.
 
Log: 'System' Date/Time: 19/09/2017 11:36:17 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The CldFlt service failed to start due to the following error:  The request is not supported.
 
Log: 'System' Date/Time: 19/09/2017 11:35:18 PM
Type: Error Category: 0
Event: 7043 Source: Service Control Manager
The avgbIDSAgent service did not shut down properly after receiving a preshutdown control.
 
Log: 'System' Date/Time: 18/09/2017 1:25:08 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The CldFlt service failed to start due to the following error:  The request is not supported.
 
Log: 'System' Date/Time: 18/09/2017 1:25:09 AM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 9:07:17 PM on ?2017-?09-?17 was unexpected.
 
Log: 'System' Date/Time: 18/09/2017 1:13:31 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The App Readiness service terminated unexpectedly.  It has done this 1 time(s).
 
Log: 'System' Date/Time: 18/09/2017 1:12:22 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {B91D5831-B1BD-4608-8198-D72E155020F7} did not register with DCOM within the required timeout.
 
Log: 'System' Date/Time: 18/09/2017 1:07:17 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The CldFlt service failed to start due to the following error:  The request is not supported.
 
Log: 'System' Date/Time: 17/09/2017 6:12:58 PM
Type: Error Category: 0
Event: 7022 Source: Service Control Manager
The Downloaded Maps Manager service hung on starting.
 
Log: 'System' Date/Time: 17/09/2017 6:07:13 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The CldFlt service failed to start due to the following error:  The request is not supported.
 
Log: 'System' Date/Time: 17/09/2017 6:06:43 PM
Type: Error Category: 0
Event: 29 Source: Microsoft-Windows-Kernel-Boot
Windows failed fast startup with error status 0xC00000D4.
 
Log: 'System' Date/Time: 17/09/2017 6:07:13 PM
Type: Error Category: 0
Event: 6008 Source: EventLog
The previous system shutdown at 9:57:02 PM on ?2017-?09-?16 was unexpected.
 
Log: 'System' Date/Time: 14/09/2017 10:49:29 PM
Type: Error Category: 1
Event: 20 Source: Microsoft-Windows-WindowsUpdateClient
Installation Failure: Windows failed to install the following update with error 0x80070103: NVIDIA - Display - 5/1/2017 12:00:00 AM - 22.21.13.8205.
 
Log: 'System' Date/Time: 14/09/2017 3:28:10 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The RzWizardService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
 
Log: 'System' Date/Time: 14/09/2017 3:28:10 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (30000 milliseconds) while waiting for the RzWizardService service to connect.
 
Log: 'System' Date/Time: 14/09/2017 3:27:27 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The CldFlt service failed to start due to the following error:  The request is not supported.
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/09/2017 11:33:31 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.googleapis.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 19/09/2017 2:14:11 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name win10.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 18/09/2017 1:26:35 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name pool.ntp.org timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 17/09/2017 10:50:05 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.googleapis.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 17/09/2017 6:15:19 PM
Type: Warning Category: 0
Event: 27 Source: e1dexpress
Intel® Ethernet Connection (2) I219-V  Network link is disconnected. 
 
Log: 'System' Date/Time: 17/09/2017 6:15:10 PM
Type: Warning Category: 0
Event: 7044 Source: Service Control Manager
The following service is taking more than 3 minutes to start and may have stopped responding: User Data Storage_69a28  Contact your system administrator or service vendor for approximate startup times for this service.  If you think this service might be slowing system response or logon time, talk to your system administrator about whether the service should be disabled until the problem is identified.  You may have to restart the computer in safe mode before you can disable the service.
 
Log: 'System' Date/Time: 17/09/2017 6:07:04 PM
Type: Warning Category: 0
Event: 27 Source: e1dexpress
Intel® Ethernet Connection (2) I219-V  Network link is disconnected. 
 
Log: 'System' Date/Time: 16/09/2017 9:28:03 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name www.googleapis.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 16/09/2017 4:59:26 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 16/09/2017 5:29:26 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 16/09/2017 5:29:24 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 15/09/2017 4:29:35 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 15/09/2017 4:29:35 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name wpad timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 14/09/2017 6:33:45 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name win10.ipv6.microsoft.com. timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 14/09/2017 3:16:36 PM
Type: Warning Category: 0
Event: 10400 Source: Microsoft-Windows-NDIS
The network interface "Intel® Ethernet Connection (2) I219-V" has begun resetting.  There will be a momentary disruption in network connectivity while the hardware resets. Reason: The network driver detected that its hardware has stopped responding to commands. This network interface has reset 1 time(s) since it was last initialized.
 
Log: 'System' Date/Time: 14/09/2017 3:16:18 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name safebrowsing.googleapis.com timed out after none of the configured DNS servers responded.
 
Log: 'System' Date/Time: 14/09/2017 3:15:26 PM
Type: Warning Category: 0
Event: 27 Source: e1dexpress
Intel® Ethernet Connection (2) I219-V  Network link is disconnected. 

  • 0

#7
RKinner
Posted 20 September 2017 - 04:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the next 5 lines:
 
FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
Esentutl /r \Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb 
Esentutl /p \Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb 
Esentutl /r \Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb
Esentutl /p \Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb 
 
 
Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
An elevated Command Prompt will open with the C:\Windows\System32> prompt.  If you do not see that you did not do it correclty.
 
Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply. 
 
Search for
internet options
hit Enter
This should bring up a window with several tabs at the top.  Click on Connections.  Then on LAN Settings.  Uncheck All boxes.  OK. OK.
 
 
I am seeing errors from CAM_V3.exe, version: 0.3.0.0.  I do not see it installed but there is a newer version out 3.3.5.
 
 
Reboot and run VEW again as before and post the logs.

  • 0

#8
K3ito
Posted 20 September 2017 - 09:32 AM

K3ito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 19/09/2017 8:45:34 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/09/2017 2:16:51 AM
Type: Error Category: 0
Event: 1023 Source: Microsoft-Windows-Perflib
Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Log: 'Application' Date/Time: 19/09/2017 2:16:50 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Log: 'Application' Date/Time: 18/09/2017 3:09:57 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: CAM_V3.exe, version: 0.3.0.0, time stamp: 0x598d205c Faulting module name: KERNELBASE.dll, version: 10.0.15063.608, time stamp: 0xadaa6ed6 Exception code: 0xe0434352 Fault offset: 0x000eb832 Faulting process id: 0x31d0 Faulting application start time: 0x01d3308f69ceb565 Faulting application path: C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 14a069e2-460c-4ced-89ea-d13f82b3f3a0 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 18/09/2017 3:09:56 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: CAM_V3.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Threading.Tasks.TaskCanceledException
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at CAMV2.V2_UserControl.CoolingPage+<CAMV2.IComputerDataHandler.NotifyUpdate>d__3.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__6_1(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
 
Log: 'Application' Date/Time: 18/09/2017 2:05:12 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: RocketLeague.exe, version: 1.0.10897.0, time stamp: 0x59656779 Faulting module name: nvd3dum.dll, version: 22.21.13.8541, time stamp: 0x599b5a19 Exception code: 0xc0000005 Fault offset: 0x0075e3ff Faulting process id: 0x24d8 Faulting application start time: 0x01d33022776f4117 Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe Faulting module path: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ce1961376673184c\nvd3dum.dll Report Id: 2541bfce-cef7-4ea2-8f8b-fca01cfef87e Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 18/09/2017 2:05:10 AM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: RocketLeague.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 165AE3FF
 
 
Log: 'Application' Date/Time: 18/09/2017 1:13:11 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_AppReadiness, version: 10.0.15063.0, time stamp: 0x02799ef5 Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b Exception code: 0xc0000374 Fault offset: 0x00000000000f775f Faulting process id: 0x1658 Faulting application start time: 0x01d3301b0328b4cb Faulting application path: c:\windows\system32\svchost.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: f0b2fba5-328f-416d-b9a4-49f19257a775 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 18/09/2017 1:09:37 AM
Type: Error Category: 0
Event: 1023 Source: Microsoft-Windows-Perflib
Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Log: 'Application' Date/Time: 18/09/2017 1:09:36 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Log: 'Application' Date/Time: 15/09/2017 6:24:47 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 14/09/2017 10:51:30 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Log: 'Application' Date/Time: 14/09/2017 4:34:48 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll". Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis.
 
Log: 'Application' Date/Time: 14/09/2017 3:29:21 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ShellExperienceHost.exe, version: 10.0.15063.0, time stamp: 0x58ccbd2e Faulting module name: dwrite.dll, version: 10.0.15063.0, time stamp: 0x86cf89f5 Exception code: 0xc0000005 Fault offset: 0x0000000000038877 Faulting process id: 0x1840 Faulting application start time: 0x01d32d09991e7e23 Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Faulting module path: C:\WINDOWS\SYSTEM32\dwrite.dll Report Id: f0a23f02-4e33-4aa9-86f2-67f6ad991fee Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/09/2017 1:12:31 AM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> took 78 second(s) to handle the notification event (CreateSession).
 
Log: 'Application' Date/Time: 18/09/2017 1:12:13 AM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).
 
Log: 'Application' Date/Time: 15/09/2017 6:24:36 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe' (pid 9128) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 15/09/2017 6:24:36 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe' (pid 9804) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 14/09/2017 6:44:50 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (1236) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 733184 (0x00000000000b3000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:44:36 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (2960) {5A3083BF-711D-4CAD-B5AF-D95DB2DFE6B4}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1015808 (0x00000000000f8000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (59 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:44:17 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (2960) {5A3083BF-711D-4CAD-B5AF-D95DB2DFE6B4}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1015808 (0x00000000000f8000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:44:10 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
wuaueng.dll (1236) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 724992 (0x00000000000b1000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (55 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 55 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:43:54 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (1236) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 724992 (0x00000000000b1000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:43:37 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (2960) {5A3083BF-711D-4CAD-B5AF-D95DB2DFE6B4}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.chk" at offset 4096 (0x0000000000001000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (38 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:43:30 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (2960) {5A3083BF-711D-4CAD-B5AF-D95DB2DFE6B4}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.chk" at offset 4096 (0x0000000000001000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:43:14 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1236) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 720896 (0x00000000000b0000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (22 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 4:38:15 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (4804) {AEB40916-D186-42B8-A8C3-A72158E65E18}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb" at offset 1032192 (0x00000000000fc000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (18 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 4:38:13 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (4804) {AEB40916-D186-42B8-A8C3-A72158E65E18}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb.log" at offset 208896 (0x0000000000033000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (16 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 4:38:10 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (4804) {37DDCC56-3811-433D-907A-3C351FE4E772}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1015808 (0x00000000000f8000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:37 AM
Type: Warning Category: 7
Event: 510 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" at offset 118784 (0x000000000001d000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (38 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 38 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:20 AM
Type: Warning Category: 7
Event: 510 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1130496 (0x0000000000114000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (40 seconds) to be serviced by the OS. In addition, 3 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 14 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:18 AM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1179648 (0x0000000000120000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:18 AM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1163264 (0x000000000011c000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:18 AM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1130496 (0x0000000000114000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

  • 0

#9
K3ito
Posted 20 September 2017 - 09:32 AM

K3ito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Vino's Event Viewer v01c run on Windows 7 in English
Report run at 19/09/2017 8:45:34 PM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/09/2017 2:16:51 AM
Type: Error Category: 0
Event: 1023 Source: Microsoft-Windows-Perflib
Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Log: 'Application' Date/Time: 19/09/2017 2:16:50 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Log: 'Application' Date/Time: 18/09/2017 3:09:57 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: CAM_V3.exe, version: 0.3.0.0, time stamp: 0x598d205c Faulting module name: KERNELBASE.dll, version: 10.0.15063.608, time stamp: 0xadaa6ed6 Exception code: 0xe0434352 Fault offset: 0x000eb832 Faulting process id: 0x31d0 Faulting application start time: 0x01d3308f69ceb565 Faulting application path: C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 14a069e2-460c-4ced-89ea-d13f82b3f3a0 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 18/09/2017 3:09:56 PM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: CAM_V3.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Threading.Tasks.TaskCanceledException
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(System.Threading.Tasks.Task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(System.Threading.Tasks.Task)
   at System.Runtime.CompilerServices.TaskAwaiter.GetResult()
   at CAMV2.V2_UserControl.CoolingPage+<CAMV2.IComputerDataHandler.NotifyUpdate>d__3.MoveNext()
   at System.Runtime.CompilerServices.AsyncMethodBuilderCore+<>c.<ThrowAsync>b__6_1(System.Object)
   at System.Threading.QueueUserWorkItemCallback.WaitCallback_Context(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
   at System.Threading._ThreadPoolWaitCallback.PerformWaitCallback()
 
 
 
Log: 'Application' Date/Time: 18/09/2017 2:05:12 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: RocketLeague.exe, version: 1.0.10897.0, time stamp: 0x59656779 Faulting module name: nvd3dum.dll, version: 22.21.13.8541, time stamp: 0x599b5a19 Exception code: 0xc0000005 Fault offset: 0x0075e3ff Faulting process id: 0x24d8 Faulting application start time: 0x01d33022776f4117 Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe Faulting module path: C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_ce1961376673184c\nvd3dum.dll Report Id: 2541bfce-cef7-4ea2-8f8b-fca01cfef87e Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 18/09/2017 2:05:10 AM
Type: Error Category: 0
Event: 1026 Source: .NET Runtime
Application: RocketLeague.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 165AE3FF
 
 
Log: 'Application' Date/Time: 18/09/2017 1:13:11 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: svchost.exe_AppReadiness, version: 10.0.15063.0, time stamp: 0x02799ef5 Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b Exception code: 0xc0000374 Fault offset: 0x00000000000f775f Faulting process id: 0x1658 Faulting application start time: 0x01d3301b0328b4cb Faulting application path: c:\windows\system32\svchost.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: f0b2fba5-328f-416d-b9a4-49f19257a775 Faulting package full name:  Faulting package-relative application ID: 
 
Log: 'Application' Date/Time: 18/09/2017 1:09:37 AM
Type: Error Category: 0
Event: 1023 Source: Microsoft-Windows-Perflib
Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Log: 'Application' Date/Time: 18/09/2017 1:09:36 AM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Log: 'Application' Date/Time: 15/09/2017 6:24:47 PM
Type: Error Category: 0
Event: 8193 Source: VSS
Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid. . 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Log: 'Application' Date/Time: 14/09/2017 10:51:30 PM
Type: Error Category: 0
Event: 1008 Source: Microsoft-Windows-Perflib
The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Log: 'Application' Date/Time: 14/09/2017 4:34:48 AM
Type: Error Category: 0
Event: 33 Source: SideBySide
Activation context generation failed for "C:\Program Files (x86)\AVG\Antivirus\setup\iplugins\IStats.dll". Dependent Assembly Avast.VC110.CRT,processorArchitecture="x86",publicKeyToken="2036b14a11e83e4a",type="win32",version="11.0.60610.1" could not be found. Please use sxstrace.exe for detailed diagnosis.
 
Log: 'Application' Date/Time: 14/09/2017 3:29:21 AM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: ShellExperienceHost.exe, version: 10.0.15063.0, time stamp: 0x58ccbd2e Faulting module name: dwrite.dll, version: 10.0.15063.0, time stamp: 0x86cf89f5 Exception code: 0xc0000005 Fault offset: 0x0000000000038877 Faulting process id: 0x1840 Faulting application start time: 0x01d32d09991e7e23 Faulting application path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe Faulting module path: C:\WINDOWS\SYSTEM32\dwrite.dll Report Id: f0a23f02-4e33-4aa9-86f2-67f6ad991fee Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.15063.0_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: App
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 18/09/2017 1:12:31 AM
Type: Warning Category: 0
Event: 6006 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> took 78 second(s) to handle the notification event (CreateSession).
 
Log: 'Application' Date/Time: 18/09/2017 1:12:13 AM
Type: Warning Category: 0
Event: 6005 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <TrustedInstaller> is taking long time to handle the notification event (CreateSession).
 
Log: 'Application' Date/Time: 15/09/2017 6:24:36 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe' (pid 9128) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 15/09/2017 6:24:36 PM
Type: Warning Category: 0
Event: 10010 Source: Microsoft-Windows-RestartManager
Application 'C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe' (pid 9804) cannot be restarted - Application SID does not match Conductor SID..
 
Log: 'Application' Date/Time: 14/09/2017 6:44:50 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (1236) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 733184 (0x00000000000b3000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:44:36 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (2960) {5A3083BF-711D-4CAD-B5AF-D95DB2DFE6B4}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1015808 (0x00000000000f8000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (59 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:44:17 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (2960) {5A3083BF-711D-4CAD-B5AF-D95DB2DFE6B4}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1015808 (0x00000000000f8000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:44:10 PM
Type: Warning Category: 7
Event: 510 Source: ESENT
wuaueng.dll (1236) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 724992 (0x00000000000b1000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (55 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 55 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:43:54 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
wuaueng.dll (1236) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 724992 (0x00000000000b1000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:43:37 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (2960) {5A3083BF-711D-4CAD-B5AF-D95DB2DFE6B4}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.chk" at offset 4096 (0x0000000000001000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (38 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:43:30 PM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (2960) {5A3083BF-711D-4CAD-B5AF-D95DB2DFE6B4}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.chk" at offset 4096 (0x0000000000001000) for 4096 (0x00001000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 6:43:14 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
wuaueng.dll (1236) SUS20ClientDataStore: A request to write to the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log" at offset 720896 (0x00000000000b0000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (22 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 4:38:15 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (4804) {AEB40916-D186-42B8-A8C3-A72158E65E18}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\meta.edb" at offset 1032192 (0x00000000000fc000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (18 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 4:38:13 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (4804) {AEB40916-D186-42B8-A8C3-A72158E65E18}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\remotemetastore\v1\edb.log" at offset 208896 (0x0000000000033000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (16 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 4:38:10 AM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (4804) {37DDCC56-3811-433D-907A-3C351FE4E772}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1015808 (0x00000000000f8000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (15 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:37 AM
Type: Warning Category: 7
Event: 510 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" at offset 118784 (0x000000000001d000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (38 seconds) to be serviced by the OS. In addition, 0 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 38 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:20 AM
Type: Warning Category: 7
Event: 510 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1130496 (0x0000000000114000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (40 seconds) to be serviced by the OS. In addition, 3 other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted 14 seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:18 AM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1179648 (0x0000000000120000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:18 AM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1163264 (0x000000000011c000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 14/09/2017 3:25:18 AM
Type: Warning Category: 1
Event: 533 Source: ESENT
SettingSyncHost (4128) {08B908E2-C664-47F4-BE04-14DEC67CBA0F}: A request to write to the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 1130496 (0x0000000000114000) for 16384 (0x00004000) bytes has not completed for 36 second(s). This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.

  • 0

#10
RKinner
Posted 20 September 2017 - 10:04 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

You posted the application log twice.  Can you post the System log?


  • 0

Advertisements

#11
K3ito
Posted 20 September 2017 - 10:24 AM

K3ito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Um in vew when i do system under query it comes out as application in text file?


  • 0

#12
RKinner
Posted 20 September 2017 - 11:53 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Try it again and just do System.  VEW overwrites its logs


  • 0

#13
K3ito
Posted 20 September 2017 - 12:34 PM

K3ito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts

Yea it still does not work. I have no idea how to fix this.


  • 0

#14
RKinner
Posted 20 September 2017 - 01:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Run FRST scan again and post the both logs.


  • 0

#15
K3ito
Posted 20 September 2017 - 01:58 PM

K3ito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-09-2017
Ran by Syst3 (20-09-2017 15:44:00)
Running from C:\Users\Syst3\Desktop\Anti-Rootkit
Windows 10 Home Version 1703 (X64) (2017-09-14 04:56:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1705482426-2229210781-2881064529-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1705482426-2229210781-2881064529-503 - Limited - Disabled)
Guest (S-1-5-21-1705482426-2229210781-2881064529-501 - Limited - Disabled)
Syst3 (S-1-5-21-1705482426-2229210781-2881064529-1001 - Administrator - Enabled) => C:\Users\Syst3
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: AVG Antivirus (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Antivirus (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 385.41 - NVIDIA Corporation) Hidden
AVG (HKLM\...\{BA40B3B4-7707-437E-84FF-8C18BE5AD9B6}) (Version: 1.211.2 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 17.6.3029 - AVG Technologies)
CAM (HKLM-x32\...\{DAE3326B-E922-4BFF-98FB-F5639001A326}) (Version: 3.3.50 - NZXT)
Discord (HKU\S-1-5-21-1705482426-2229210781-2881064529-1001\...\Discord) (Version: 0.0.298 - Discord Inc.)
FMW 1 (HKLM\...\{2B66FCDA-0BD6-47CC-8EC5-C2EA02E03EB2}) (Version: 1.224.4 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.79 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gyazo 3.3.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Java 8 Update 144 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-1705482426-2229210781-2881064529-1001\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 385.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.9.0.61 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.9.0.61 - NVIDIA Corporation)
NVIDIA Graphics Driver 385.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 385.41 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 20.0.1 - OBS Project)
PLAYERUNKNOWN'S BATTLEGROUNDS (HKLM\...\Steam App 578080) (Version:  - Bluehole, Inc.)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Spotify (HKU\S-1-5-21-1705482426-2229210781-2881064529-1001\...\Spotify) (Version: 1.0.63.617.g5aca9a2a - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.14.1 - Synaptics Incorporated)
Vulkan Run Time Libraries 1.0.51.0 (HKLM\...\VulkanRT1.0.51.0) (Version: 1.0.51.0 - LunarG, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-09-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_0745f11ce6fc197c\igfxDTCM.dll [2016-11-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-08-21] (NVIDIA Corporation)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files (x86)\AVG\Antivirus\ashShA64.dll [2017-09-14] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {382E4681-1237-45AD-9833-58C2CA1430D8} - System32\Tasks\Antivirus Emergency Update => C:\Program Files (x86)\AVG\Antivirus\AvEmUpdate.exe [2017-09-14] (AVG Technologies CZ, s.r.o.)
Task: {3EBBC929-473A-4CF3-AA59-5FBC7FB6D981} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-08-18] (NVIDIA Corporation)
Task: {514CBA62-A8FF-4679-9047-728A6CCB2AB4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-13] (Google Inc.)
Task: {5399D3A2-882C-4941-AEEC-67A0653B4C11} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-08-18] (NVIDIA Corporation)
Task: {77C86007-410E-4C37-88A9-41445E54FDA5} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-08-18] (NVIDIA Corporation)
Task: {86B6CBB4-BE03-4BFD-BE2D-C12E42E67D8B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-09-13] (Google Inc.)
Task: {8A83B0E2-718B-4D4A-A8B2-072C37BEABD0} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-08-18] (NVIDIA Corporation)
Task: {8EF51630-B853-4A6D-9C34-B0E1B3ADF354} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
Task: {91B10C2F-2B89-4122-B02F-D3FAF31A2E57} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {BBEB25EC-8EE7-4E86-A380-8A6C6099924E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {BF69436E-E957-4A37-B455-6CB0DFD60F38} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
Task: {D89623A0-445D-4BCE-BCF3-9F5F2C04C746} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-08-18] (NVIDIA Corporation)
Task: {DC3B630D-F7B2-41A4-BAA2-9F1DBB636185} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-08-18] (NVIDIA Corporation)
Task: {DF2B70E5-DDC8-4C22-8DFE-6697B31C41FD} - System32\Tasks\CAM => C:\Program Files (x86)\NZXT\CAM\CAM_V3.exe [2017-08-11] ()
Task: {F02ED072-2AF5-47D4-BD25-6EBD68341F9F} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-09-13 23:09 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-07-27 02:22 - 2017-07-27 02:22 - 000030320 _____ () C:\Program Files (x86)\NZXT\CAM\Service\CAMService.exe
2017-09-14 16:16 - 2017-08-18 00:32 - 001267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-09-13 23:03 - 2017-09-13 23:03 - 000074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-09-13 23:03 - 2017-09-13 23:03 - 000203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-09-13 23:03 - 2017-09-13 23:03 - 036162048 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-09-13 23:03 - 2017-09-13 23:03 - 002237952 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\skypert.dll
2017-09-14 00:33 - 2017-09-14 00:33 - 000068528 _____ () C:\Program Files (x86)\AVG\Antivirus\x64\module_lifetime.dll
2017-09-13 22:16 - 2017-09-04 04:12 - 004022616 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\libglesv2.dll
2017-09-13 22:16 - 2017-09-04 04:12 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\61.0.3163.79\libegl.dll
2017-09-04 21:47 - 2017-09-14 11:34 - 000965632 _____ () C:\Users\Syst3\Desktop\AlphaConsole\AlphaConsole.exe
2017-09-14 00:27 - 2017-09-14 00:26 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2017-09-14 00:33 - 2017-09-14 00:33 - 000168216 _____ () C:\Program Files (x86)\AVG\Antivirus\JsonRpcServer.dll
2017-09-14 00:33 - 2017-09-14 00:33 - 000060160 _____ () C:\Program Files (x86)\AVG\Antivirus\module_lifetime.dll
2017-09-14 00:33 - 2017-09-14 00:33 - 067109376 _____ () C:\Program Files (x86)\AVG\Antivirus\libcef.dll
2017-09-14 00:33 - 2017-09-14 00:33 - 000213024 _____ () C:\Program Files (x86)\AVG\Antivirus\event_routing_rpc.dll
2017-09-14 00:33 - 2017-09-14 00:33 - 000243080 _____ () C:\Program Files (x86)\AVG\Antivirus\tasks_core.dll
2017-09-14 00:33 - 2017-09-14 00:33 - 000686808 _____ () C:\Program Files (x86)\AVG\Antivirus\ffl2.dll
2017-09-13 22:27 - 2017-08-04 17:19 - 000678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-09-13 22:27 - 2016-08-31 21:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-09-13 22:27 - 2017-09-07 00:51 - 002505504 _____ () C:\Program Files (x86)\Steam\video.dll
2017-09-13 22:27 - 2016-08-31 21:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-09-13 22:27 - 2016-08-31 21:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-09-13 22:27 - 2016-01-27 03:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-09-13 22:27 - 2016-01-27 03:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-09-13 22:27 - 2016-01-27 03:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-09-13 22:27 - 2016-01-27 03:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-09-13 22:27 - 2016-01-27 03:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-09-13 22:27 - 2017-09-07 00:51 - 000885024 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-09-13 22:27 - 2016-07-04 18:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-09-13 22:21 - 2017-08-08 15:13 - 001893880 _____ () C:\Users\Syst3\AppData\Local\Discord\app-0.0.298\ffmpeg.dll
2017-09-13 22:21 - 2017-09-13 22:21 - 001577976 _____ () \\?\C:\Users\Syst3\AppData\Roaming\discord\0.0.298\modules\discord_toaster\discord_toaster.node
2017-09-14 16:16 - 2017-08-18 00:31 - 069807552 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-09-16 16:04 - 2017-09-16 16:04 - 071818864 _____ () C:\Users\Syst3\AppData\Roaming\Spotify\libcef.dll
2017-09-13 22:21 - 2017-09-13 22:23 - 009622008 _____ () \\?\C:\Users\Syst3\AppData\Roaming\discord\0.0.298\modules\discord_voice\discord_voice.node
2017-09-13 22:21 - 2017-09-13 22:21 - 001440248 _____ () \\?\C:\Users\Syst3\AppData\Roaming\discord\0.0.298\modules\discord_utils\discord_utils.node
2017-09-20 11:28 - 2017-09-20 11:28 - 000148992 _____ () \\?\C:\Users\Syst3\AppData\Local\Temp\F8BE.tmp.node
2017-09-13 22:21 - 2017-09-13 22:21 - 002658296 _____ () \\?\C:\Users\Syst3\AppData\Roaming\discord\0.0.298\modules\discord_rpc\discord_rpc.node
2017-09-13 22:26 - 2017-09-13 22:26 - 002673656 _____ () \\?\C:\Users\Syst3\AppData\Roaming\discord\0.0.298\modules\discord_contact_import\discord_contact_import.node
2017-09-16 16:04 - 2017-09-16 16:04 - 002969200 _____ () C:\Users\Syst3\AppData\Roaming\Spotify\libglesv2.dll
2017-09-16 16:04 - 2017-09-16 16:04 - 000086640 _____ () C:\Users\Syst3\AppData\Roaming\Spotify\libegl.dll
2017-09-14 16:16 - 2017-08-18 00:32 - 001040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-09-13 22:30 - 2017-07-17 18:50 - 073115424 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-09-13 22:30 - 2017-05-16 21:54 - 000678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-09-13 22:27 - 2015-09-24 19:52 - 000119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-09-04 16:26 - 2017-09-14 11:34 - 000072192 _____ () C:\Users\Syst3\Desktop\AlphaConsole\ACInjector.dll
2017-09-13 22:27 - 2017-07-18 21:53 - 000384288 _____ () C:\Program Files (x86)\Steam\steam.dll
2017-09-04 23:06 - 2017-09-14 11:34 - 000331776 _____ () C:\Users\Syst3\Desktop\AlphaConsole\AlphaConsole.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-14 01:28 - 2017-09-14 01:26 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1705482426-2229210781-2881064529-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Syst3\Desktop\Background.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run32: => "RzWizard"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{43F6B230-22A0-4C5A-8C24-0BFABC7EA005}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0EC8E59B-14FB-4C13-ABF8-5AFBBE90E116}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{374F21E9-DE78-46C5-9ED1-14883177AF82}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D9A8BD1D-B4EC-4569-8312-9576970CDCDA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{224E22AD-9F6C-4421-BB74-C381AA269A79}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A2EC66AF-6BB6-458B-A8AD-904D1AC3BCCA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{61D4570B-A5DF-4FBB-B486-FD01F22FDF1F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{72D299F3-8540-4202-A9FA-EF8DD2AEF778}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [UDP Query User{DE15D31E-943D-4C80-9B47-F56669AE9F2A}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{6CDF5CD7-7837-4901-B645-203A14A9EFA1}] => (Block) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{99A01C3E-E8B4-40F5-AE3E-3C4C0D623C61}] => (Block) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe
FirewallRules: [{E61D05D7-6D95-4306-BE57-074DCEEF010D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DC8AE5B0-0262-472D-96D9-0A2A59225E7A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D91A4B0F-7178-43D4-A408-6FBE6B4A3AD7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{40D6B7F8-5EB1-4C67-A755-FC1D09D6FFFF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{1479988D-B049-4DEB-93B4-FB2B4C53B8E6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{60CCB4CE-7E93-4231-B067-83635CCFEEBC}C:\users\syst3\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\syst3\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D737598D-8AF0-461C-B738-2D0582C0C298}C:\users\syst3\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\syst3\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{736B3B08-A402-4EDC-BA7B-82CC519AC4F4}C:\users\syst3\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\syst3\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4A02EF34-38CE-4F62-B320-3A28BB70F198}C:\users\syst3\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\syst3\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8CD24053-F6C2-4813-BBBB-9A2265523B52}] => (Allow) LPort=9143
FirewallRules: [{012734AA-EAB1-4306-95B3-ED4FE0934429}] => (Allow) LPort=2333
FirewallRules: [{65620650-8DD9-4589-AE82-7B99D8201211}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
FirewallRules: [{A0E2883E-4CD6-4D52-B3EB-4844CAE0BD6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe
 
==================== Restore Points =========================
 
13-09-2017 22:00:39 Windows Modules Installer
17-09-2017 14:52:48 Windows Update
 
==================== Faulty Device Manager Devices =============
 
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/20/2017 11:20:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-EDV9KD5)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (09/20/2017 11:20:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.15063.608, time stamp: 0x59ae240c
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x1074
Faulting application start time: 0x01d33224048d5b7c
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: unknown
Report Id: 58b60855-e335-4053-9798-9d11b2df44b6
Faulting package full name: Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (09/20/2017 11:10:25 AM) (Source: ESENT) (EventID: 489) (User: )
Description: esentutl (9176) An attempt to open the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/20/2017 11:10:15 AM) (Source: ESENT) (EventID: 489) (User: )
Description: esentutl (9176) An attempt to open the file "C:\Users\Syst3\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ".  The open file operation will fail with error -1032 (0xfffffbf8).
 
Error: (09/20/2017 11:08:40 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (09/20/2017 11:08:35 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
 
System errors:
=============
Error: (09/20/2017 11:26:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RzWizardService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (09/20/2017 11:26:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the RzWizardService service to connect.
 
Error: (09/20/2017 11:25:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
 
CodeIntegrity:
===================================
  Date: 2017-09-20 11:20:40.084
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-20 11:20:39.803
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-6500 CPU @ 3.20GHz
Percentage of memory in use: 40%
Total physical RAM: 16272.27 MB
Available physical RAM: 9620.36 MB
Total Virtual: 19216.27 MB
Available Virtual: 11639.97 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1862.48 GB) (Free:1607.09 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B3EF088E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1862.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
==================== End of Addition.txt ============================

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP