I was trying to install Google Earth Pro, or Google Earth, but shortly after the installation started I got Error 1632. I read up on this, found that I had Administrator rights and cleared the %temp% folder, with the exception of an aria-debug-7996 item that claimed to be open in One Drive. However a search for it on One Drive was negative. I tried rebooting and the whole process again with the same results except that the number on the aria-debug- item increased. I used the Windows Clean up tool, but nothing changed and the MS Troublshooter found nothing.
I began to be suspicious of an infection and ran FRST and started on this message, then realised that I should have run some other scans. So I ran Avast but it found nothing, however Malwarebytes found 2 PUPs and an adware infection. These were quarantined and removed, but no change. Here are the results from the FRST run, I also include the Malwarebytes report:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.02.2018
Ran by Philip (administrator) on LAPTOP (22-02-2018 20:23:38)
Running from C:\Users\Philip\Desktop
Loaded Profiles: Philip (Available Profiles: Adele & Philip)
Platform: Windows 10 Home Version 1709 16299.248 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Windows\SysWOW64\EtmService.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(CANON INC.) C:\Program Files (x86)\Canon\My Image Garden\cnmigmain.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18388416 2017-12-12] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [243496 2018-02-21] (AVAST Software)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10290608 2018-02-07] (Piriform Ltd)
HKU\S-1-5-21-2230651175-1392670207-592406347-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [570880 2017-09-29] (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{790dd4ff-3428-493e-8461-c69f326b8059}: [DhcpNameServer] 192.168.0.1
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-04] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-12-04] (Belarc, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-04] (Microsoft Corporation)
FireFox:
========
FF DefaultProfile: 8o7g1qlk.default
FF ProfilePath: C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\8o7g1qlk.default [2018-02-22]
FF Homepage: Mozilla\Firefox\Profiles\8o7g1qlk.default -> about:newtab
FF Session Restore: Mozilla\Firefox\Profiles\8o7g1qlk.default -> is enabled.
FF Extension: (Amazon Assistant for Firefox) - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\8o7g1qlk.default\Extensions\[email protected] [2018-01-15]
FF Extension: (Avast SafePrice) - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\8o7g1qlk.default\Extensions\[email protected] [2018-02-07]
FF Extension: (Avast Online Security) - C:\Users\Philip\AppData\Roaming\Mozilla\Firefox\Profiles\8o7g1qlk.default\Extensions\[email protected] [2018-01-31]
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-01-20] (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
FF Plugin HKU\S-1-5-21-2230651175-1392670207-592406347-1001: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll [2013-01-18] (Tracker Software Products (Canada) Ltd.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7564512 2018-02-21] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [300600 2018-02-21] (AVAST Software)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7968424 2018-02-08] (Microsoft Corporation)
R2 ETMService; C:\WINDOWS\SysWOW64\EtmService.exe [207680 2012-10-13] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [263264 2017-04-05] (Synaptics Incorporated)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-14] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-14] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [98848 2017-11-03] (Advanced Micro Devices, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [192944 2018-02-21] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [321512 2018-01-31] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199448 2018-01-31] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343768 2018-01-31] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57696 2018-01-31] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [190440 2018-02-21] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-02-21] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [146648 2018-02-21] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [110328 2018-02-21] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [84368 2018-02-21] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1026696 2018-02-21] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [459952 2018-02-21] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205464 2018-02-21] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [379448 2018-02-21] (AVAST Software)
S3 cykbfltrService; C:\WINDOWS\System32\drivers\cykbfltr.sys [19968 2016-12-21] (Cypress Semiconductor, Inc.)
R1 ElRawDisk; C:\WINDOWS\system32\drivers\rsdrvx64.sys [26024 2009-02-12] (EldoS Corporation)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [32840 2017-02-10] (ELAN Microelectronic Corp.)
S3 EtmDevDram; C:\WINDOWS\System32\drivers\EtmDevDram.sys [73536 2016-12-21] (Intel Corporation)
S3 EtmDevGen; C:\WINDOWS\System32\drivers\EtmDevGen.sys [64320 2016-12-21] (Intel Corporation)
S3 EtmDevMcp; C:\WINDOWS\System32\drivers\EtmDevMcp.sys [96576 2016-12-21] (Intel Corporation)
R3 EtmDevPch; C:\WINDOWS\System32\drivers\EtmDevPch.sys [67392 2016-12-21] (Intel Corporation)
S3 EtmDrvMgr; C:\WINDOWS\System32\drivers\EtmDrvMgr.sys [150336 2016-12-21] (Intel Corporation)
S3 EtmFan; C:\WINDOWS\System32\drivers\EtmDevFan.sys [41280 2016-12-21] (Intel Corporation)
S0 FlashBoot; C:\WINDOWS\System32\drivers\FlashBoot.sys [17616 2014-04-03] (Challenger Backup Solutions, LLC)
S3 FlashUSB; C:\WINDOWS\System32\drivers\FlashUSB.sys [19968 2013-08-21] (Intel Mobile Communications)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2018-01-14] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2018-01-27] (Malwarebytes)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410848 2016-09-06] (Realsil Semiconductor Corporation)
S3 shspusb; C:\WINDOWS\System32\drivers\HSPUSB.sys [24064 2013-08-21] (MobileTop)
S3 sscdserd; C:\WINDOWS\System32\drivers\sscdserd.sys [158024 2013-08-21] (MCCI Corporation)
S3 ssceserd; C:\WINDOWS\System32\drivers\ssceserd.sys [158024 2013-08-21] (MCCI Corporation)
S3 ssdudfu; C:\WINDOWS\System32\drivers\ssdudfu.sys [101960 2013-08-21] (MCCI)
S3 ssm_bus; C:\WINDOWS\System32\drivers\ssm_bus.sys [136192 2013-08-21] (MCCI Corporation)
S3 ssm_mdm; C:\WINDOWS\System32\drivers\ssm_mdm.sys [172032 2013-08-21] (MCCI Corporation)
S3 ssuddmgr; C:\WINDOWS\System32\drivers\ssuddmgr.sys [204568 2013-08-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudobex; C:\WINDOWS\System32\drivers\ssudobex.sys [204568 2013-08-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ssudrmnet; C:\WINDOWS\System32\drivers\ssudrmnet.sys [68888 2013-08-21] (DEVGURU Co., LTD.)
S3 ssudserd; C:\WINDOWS\System32\drivers\ssudserd.sys [204568 2013-08-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 ss_bserd; C:\WINDOWS\System32\drivers\ss_bserd.sys [128000 2013-08-21] (MCCI Corporation)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2018-02-10] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-01-14] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [288848 2018-01-14] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-14] (Microsoft Corporation)
S3 dot4usb; \SystemRoot\System32\drivers\dot4usb.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-22 20:23 - 2018-02-22 20:24 - 000014960 _____ C:\Users\Philip\Desktop\FRST.txt
2018-02-22 20:17 - 2018-02-22 20:18 - 002403328 _____ (Farbar) C:\Users\Philip\Desktop\FRST64.exe
2018-02-22 19:57 - 2018-02-22 19:58 - 000036605 _____ C:\Users\Philip\Downloads\Addition.txt
2018-02-22 19:54 - 2018-02-22 20:23 - 000000000 ____D C:\FRST
2018-02-22 19:54 - 2018-02-22 19:58 - 000086685 _____ C:\Users\Philip\Downloads\FRST.txt
2018-02-22 19:53 - 2018-02-22 19:53 - 002403328 _____ (Farbar) C:\Users\Philip\Downloads\FRST64.exe
2018-02-22 18:30 - 2018-02-22 18:30 - 000021232 _____ C:\Users\Philip\Downloads\Fix WU.zip
2018-02-22 18:30 - 2018-02-22 18:30 - 000000000 ____D C:\Users\Philip\Downloads\Fix WU
2018-02-22 17:40 - 2018-02-22 17:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-21 20:25 - 2018-02-21 20:25 - 000380768 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-02-21 20:22 - 2018-02-21 20:22 - 000000000 ____D C:\ProgramData\SWCUTemp
2018-02-21 19:24 - 2018-02-21 19:24 - 000000000 ____D C:\Users\Philip\Documents\FeedbackHub
2018-02-21 19:05 - 2018-02-21 19:05 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-02-21 19:05 - 2018-02-21 19:05 - 000002854 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-02-21 19:05 - 2018-02-21 19:05 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-02-21 19:05 - 2018-02-21 19:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-02-21 19:04 - 2018-02-21 19:05 - 000000000 ____D C:\Program Files\CCleaner
2018-02-21 19:03 - 2018-02-21 19:03 - 011217088 _____ (Piriform Ltd) C:\Users\Philip\Documents\ccsetup540pro.exe
2018-02-20 22:02 - 2018-02-20 22:02 - 001065376 _____ (Google Inc.) C:\Users\Philip\Downloads\GoogleEarthSetup.exe
2018-02-20 22:01 - 2018-02-20 22:01 - 001744248 _____ (Kop ) C:\Users\Philip\Documents\GoogleEarthSetup_0447516995.exe
2018-02-20 21:56 - 2018-02-20 21:56 - 001129816 _____ (Google Inc.) C:\Users\Philip\Documents\GoogleEarthProSetup(1).exe
2018-02-20 21:51 - 2018-02-20 21:51 - 001129816 _____ (Google Inc.) C:\Users\Philip\Documents\GoogleEarthProSetup.exe
2018-02-20 14:07 - 2018-02-20 14:07 - 000517993 _____ C:\Users\Philip\Documents\IMG_20180220_0001.pdf
2018-02-20 14:06 - 2018-02-20 14:07 - 000000000 ___HD C:\ProgramData\CanonIJScan
2018-02-20 07:30 - 2018-02-20 07:30 - 000000000 ___HD C:\OneDriveTemp
2018-02-18 20:22 - 2018-02-20 16:14 - 000000000 ____D C:\Users\Public\Documents\Heiko
2018-02-18 14:17 - 2018-02-18 14:17 - 000000000 ____D C:\WINDOWS\Performance
2018-02-18 14:01 - 2018-02-10 07:20 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-02-18 14:01 - 2018-02-10 07:20 - 001055640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-02-18 14:01 - 2018-02-10 07:20 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-02-18 14:01 - 2018-02-10 07:20 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-02-18 14:01 - 2018-02-10 07:16 - 008603032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-02-18 14:01 - 2018-02-10 07:16 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-02-18 14:01 - 2018-02-10 07:15 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-02-18 14:01 - 2018-02-10 07:15 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-18 14:01 - 2018-02-10 07:14 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-02-18 14:01 - 2018-02-10 07:13 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-02-18 14:01 - 2018-02-10 07:12 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-02-18 14:01 - 2018-02-10 07:12 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-02-18 14:01 - 2018-02-10 07:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-02-18 14:01 - 2018-02-10 07:08 - 003010248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-02-18 14:01 - 2018-02-10 07:08 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-02-18 14:01 - 2018-02-10 07:07 - 002710728 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-02-18 14:01 - 2018-02-10 07:06 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-02-18 14:01 - 2018-02-10 07:06 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-02-18 14:01 - 2018-02-10 07:06 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-02-18 14:01 - 2018-02-10 07:06 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-18 14:01 - 2018-02-10 07:04 - 001254144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-02-18 14:01 - 2018-02-10 07:04 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-02-18 14:01 - 2018-02-10 07:04 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-02-18 14:01 - 2018-02-10 07:04 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-02-18 14:01 - 2018-02-10 07:02 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-02-18 14:01 - 2018-02-10 07:02 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-02-18 14:01 - 2018-02-10 07:02 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-02-18 14:01 - 2018-02-10 06:21 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-02-18 14:01 - 2018-02-10 06:17 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-02-18 14:01 - 2018-02-10 06:08 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-02-18 14:01 - 2018-02-10 06:06 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-02-18 14:01 - 2018-02-10 06:06 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-02-18 14:01 - 2018-02-10 06:06 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-02-18 14:01 - 2018-02-10 06:05 - 001149272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-02-18 14:01 - 2018-02-10 06:05 - 000662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-02-18 14:01 - 2018-02-10 06:05 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-02-18 14:01 - 2018-02-10 06:05 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-02-18 14:01 - 2018-02-10 05:50 - 003665408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-02-18 14:01 - 2018-02-10 05:49 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-02-18 14:01 - 2018-02-10 05:49 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-02-18 14:01 - 2018-02-10 05:49 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-02-18 14:01 - 2018-02-10 05:47 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-18 14:01 - 2018-02-10 05:47 - 013704192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-02-18 14:01 - 2018-02-10 05:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-02-18 14:01 - 2018-02-10 05:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-02-18 14:01 - 2018-02-10 05:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-02-18 14:01 - 2018-02-10 05:46 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-02-18 14:01 - 2018-02-10 05:46 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-02-18 14:01 - 2018-02-10 05:46 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rndismp6.sys
2018-02-18 14:01 - 2018-02-10 05:45 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-02-18 14:01 - 2018-02-10 05:45 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-02-18 14:01 - 2018-02-10 05:45 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-02-18 14:01 - 2018-02-10 05:44 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-02-18 14:01 - 2018-02-10 05:44 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-02-18 14:01 - 2018-02-10 05:44 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-02-18 14:01 - 2018-02-10 05:44 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-02-18 14:01 - 2018-02-10 05:43 - 018923008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-02-18 14:01 - 2018-02-10 05:43 - 008020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-02-18 14:01 - 2018-02-10 05:43 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-02-18 14:01 - 2018-02-10 05:43 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-02-18 14:01 - 2018-02-10 05:43 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-02-18 14:01 - 2018-02-10 05:43 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-02-18 14:01 - 2018-02-10 05:42 - 023671808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-02-18 14:01 - 2018-02-10 05:42 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-02-18 14:01 - 2018-02-10 05:42 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-02-18 14:01 - 2018-02-10 05:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-02-18 14:01 - 2018-02-10 05:42 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-02-18 14:01 - 2018-02-10 05:42 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-02-18 14:01 - 2018-02-10 05:42 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-02-18 14:01 - 2018-02-10 05:41 - 019352576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-02-18 14:01 - 2018-02-10 05:41 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-02-18 14:01 - 2018-02-10 05:41 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-02-18 14:01 - 2018-02-10 05:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-02-18 14:01 - 2018-02-10 05:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-02-18 14:01 - 2018-02-10 05:41 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-02-18 14:01 - 2018-02-10 05:40 - 012831744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-02-18 14:01 - 2018-02-10 05:40 - 008110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-02-18 14:01 - 2018-02-10 05:40 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-02-18 14:01 - 2018-02-10 05:40 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-02-18 14:01 - 2018-02-10 05:40 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-02-18 14:01 - 2018-02-10 05:39 - 011925504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-02-18 14:01 - 2018-02-10 05:39 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-02-18 14:01 - 2018-02-10 05:38 - 006567936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-02-18 14:01 - 2018-02-10 05:38 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-02-18 14:01 - 2018-02-10 05:38 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-02-18 14:01 - 2018-02-10 05:38 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-02-18 14:01 - 2018-02-10 05:38 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-02-18 14:01 - 2018-02-10 05:38 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-02-18 14:01 - 2018-02-10 05:38 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-02-18 14:01 - 2018-02-10 05:38 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-02-18 14:01 - 2018-02-10 05:38 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-02-18 14:01 - 2018-02-10 05:38 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-02-18 14:01 - 2018-02-10 05:38 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-02-18 14:01 - 2018-02-10 05:37 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-02-18 14:01 - 2018-02-10 05:37 - 003678720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-02-18 14:01 - 2018-02-10 05:37 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-02-18 14:01 - 2018-02-10 05:37 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-02-18 14:01 - 2018-02-10 05:37 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-02-18 14:01 - 2018-02-10 05:36 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-02-18 14:01 - 2018-02-10 05:36 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-02-18 14:01 - 2018-02-10 05:36 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-02-18 14:01 - 2018-02-10 05:36 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-02-18 14:01 - 2018-02-10 05:36 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-02-18 14:01 - 2018-02-10 05:36 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-02-18 14:01 - 2018-02-10 05:35 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-02-18 14:01 - 2018-02-10 05:35 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-02-18 14:01 - 2018-02-10 05:35 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-02-18 14:01 - 2018-02-10 05:35 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-02-18 14:01 - 2018-02-10 05:34 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-02-18 14:00 - 2018-02-10 07:24 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-02-18 14:00 - 2018-02-10 07:23 - 001577880 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-02-18 14:00 - 2018-02-10 07:23 - 000758168 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-02-18 14:00 - 2018-02-10 07:23 - 000613272 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-02-18 14:00 - 2018-02-10 07:23 - 000138136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-18 14:00 - 2018-02-10 07:22 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-02-18 14:00 - 2018-02-10 07:22 - 000662936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-02-18 14:00 - 2018-02-10 07:22 - 000460696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-02-18 14:00 - 2018-02-10 07:22 - 000387480 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-02-18 14:00 - 2018-02-10 07:22 - 000272800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-02-18 14:00 - 2018-02-10 07:22 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-02-18 14:00 - 2018-02-10 07:21 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-02-18 14:00 - 2018-02-10 07:21 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-02-18 14:00 - 2018-02-10 07:20 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-02-18 14:00 - 2018-02-10 07:19 - 001133888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-02-18 14:00 - 2018-02-10 07:18 - 001193192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-02-18 14:00 - 2018-02-10 07:18 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-02-18 14:00 - 2018-02-10 07:17 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-02-18 14:00 - 2018-02-10 07:16 - 002406456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-02-18 14:00 - 2018-02-10 07:15 - 002514944 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-02-18 14:00 - 2018-02-10 07:15 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-02-18 14:00 - 2018-02-10 07:14 - 004504464 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-02-18 14:00 - 2018-02-10 07:14 - 001002592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-02-18 14:00 - 2018-02-10 07:13 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-02-18 14:00 - 2018-02-10 07:11 - 001029528 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-02-18 14:00 - 2018-02-10 07:11 - 000711432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-02-18 14:00 - 2018-02-10 07:11 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-02-18 14:00 - 2018-02-10 07:11 - 000494496 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-02-18 14:00 - 2018-02-10 07:10 - 002447768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-02-18 14:00 - 2018-02-10 07:10 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-02-18 14:00 - 2018-02-10 07:10 - 000614160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-02-18 14:00 - 2018-02-10 07:10 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-02-18 14:00 - 2018-02-10 07:09 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-02-18 14:00 - 2018-02-10 07:09 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-02-18 14:00 - 2018-02-10 07:09 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-02-18 14:00 - 2018-02-10 07:08 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-02-18 14:00 - 2018-02-10 07:08 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-02-18 14:00 - 2018-02-10 07:08 - 000687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-02-18 14:00 - 2018-02-10 07:08 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-02-18 14:00 - 2018-02-10 07:07 - 004506576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-02-18 14:00 - 2018-02-10 07:07 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-02-18 14:00 - 2018-02-10 07:07 - 000436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-02-18 14:00 - 2018-02-10 07:06 - 004486904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-02-18 14:00 - 2018-02-10 07:06 - 000824896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-02-18 14:00 - 2018-02-10 07:06 - 000594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-02-18 14:00 - 2018-02-10 07:06 - 000519144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-02-18 14:00 - 2018-02-10 07:05 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-02-18 14:00 - 2018-02-10 07:05 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-02-18 14:00 - 2018-02-10 07:04 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-18 14:00 - 2018-02-10 07:04 - 006791984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-02-18 14:00 - 2018-02-10 07:04 - 001430760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-02-18 14:00 - 2018-02-10 07:04 - 001426672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-02-18 14:00 - 2018-02-10 07:04 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-02-18 14:00 - 2018-02-10 07:04 - 000339872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-02-18 14:00 - 2018-02-10 07:04 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-02-18 14:00 - 2018-02-10 07:03 - 001619808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-02-18 14:00 - 2018-02-10 07:03 - 000722616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-02-18 14:00 - 2018-02-10 07:03 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-02-18 14:00 - 2018-02-10 07:02 - 000628632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-02-18 14:00 - 2018-02-10 06:22 - 001930224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-02-18 14:00 - 2018-02-10 06:18 - 001384288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-02-18 14:00 - 2018-02-10 06:17 - 002255112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-02-18 14:00 - 2018-02-10 06:17 - 000211864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-02-18 14:00 - 2018-02-10 06:15 - 001145624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-02-18 14:00 - 2018-02-10 06:12 - 004382032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2018-02-18 14:00 - 2018-02-10 06:11 - 001250528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-02-18 14:00 - 2018-02-10 06:09 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-02-18 14:00 - 2018-02-10 06:09 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-02-18 14:00 - 2018-02-10 06:09 - 002338776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-02-18 14:00 - 2018-02-10 06:09 - 001123456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-02-18 14:00 - 2018-02-10 06:09 - 000559976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-02-18 14:00 - 2018-02-10 06:09 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-02-18 14:00 - 2018-02-10 06:08 - 003980720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-02-18 14:00 - 2018-02-10 06:08 - 000592792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-02-18 14:00 - 2018-02-10 06:07 - 025253376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-02-18 14:00 - 2018-02-10 06:07 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-02-18 14:00 - 2018-02-10 06:07 - 000527864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2018-02-18 14:00 - 2018-02-10 06:06 - 006481640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-02-18 14:00 - 2018-02-10 06:05 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-02-18 14:00 - 2018-02-10 06:05 - 000551672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-02-18 14:00 - 2018-02-10 06:05 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-02-18 14:00 - 2018-02-10 05:50 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-02-18 14:00 - 2018-02-10 05:50 - 001294848 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-02-18 14:00 - 2018-02-10 05:49 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-02-18 14:00 - 2018-02-10 05:49 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-02-18 14:00 - 2018-02-10 05:49 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-02-18 14:00 - 2018-02-10 05:49 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-02-18 14:00 - 2018-02-10 05:48 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-02-18 14:00 - 2018-02-10 05:46 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-02-18 14:00 - 2018-02-10 05:46 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-02-18 14:00 - 2018-02-10 05:45 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-02-18 14:00 - 2018-02-10 05:45 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-02-18 14:00 - 2018-02-10 05:45 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-02-18 14:00 - 2018-02-10 05:45 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-02-18 14:00 - 2018-02-10 05:44 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-02-18 14:00 - 2018-02-10 05:44 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-02-18 14:00 - 2018-02-10 05:44 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2018-02-18 14:00 - 2018-02-10 05:43 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-02-18 14:00 - 2018-02-10 05:43 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-02-18 14:00 - 2018-02-10 05:43 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-02-18 14:00 - 2018-02-10 05:42 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-02-18 14:00 - 2018-02-10 05:42 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-02-18 14:00 - 2018-02-10 05:42 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-02-18 14:00 - 2018-02-10 05:42 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-02-18 14:00 - 2018-02-10 05:42 - 000634880 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2018-02-18 14:00 - 2018-02-10 05:42 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-02-18 14:00 - 2018-02-10 05:42 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-02-18 14:00 - 2018-02-10 05:42 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-02-18 14:00 - 2018-02-10 05:41 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-02-18 14:00 - 2018-02-10 05:41 - 000721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-02-18 14:00 - 2018-02-10 05:41 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-02-18 14:00 - 2018-02-10 05:40 - 004498432 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-02-18 14:00 - 2018-02-10 05:40 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-02-18 14:00 - 2018-02-10 05:40 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-02-18 14:00 - 2018-02-10 05:40 - 001234432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvc.dll
2018-02-18 14:00 - 2018-02-10 05:40 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-02-18 14:00 - 2018-02-10 05:40 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-02-18 14:00 - 2018-02-10 05:40 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-02-18 14:00 - 2018-02-10 05:40 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-02-18 14:00 - 2018-02-10 05:39 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-02-18 14:00 - 2018-02-10 05:39 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-02-18 14:00 - 2018-02-10 05:39 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-02-18 14:00 - 2018-02-10 05:39 - 002677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-02-18 14:00 - 2018-02-10 05:39 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-02-18 14:00 - 2018-02-10 05:39 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-02-18 14:00 - 2018-02-10 05:38 - 004815360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-02-18 14:00 - 2018-02-10 05:38 - 003169280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-02-18 14:00 - 2018-02-10 05:38 - 002184192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-02-18 14:00 - 2018-02-10 05:38 - 001968640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-02-18 14:00 - 2018-02-10 05:38 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-02-18 14:00 - 2018-02-10 05:38 - 001228800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-02-18 14:00 - 2018-02-10 05:38 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-02-18 14:00 - 2018-02-10 05:38 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-02-18 14:00 - 2018-02-10 05:38 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-02-18 14:00 - 2018-02-10 05:38 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-02-18 14:00 - 2018-02-10 05:38 - 000885248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-02-18 14:00 - 2018-02-10 05:38 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-02-18 14:00 - 2018-02-10 05:38 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-02-18 14:00 - 2018-02-10 05:37 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-02-18 14:00 - 2018-02-10 05:37 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-02-18 14:00 - 2018-02-10 05:37 - 003419136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-02-18 14:00 - 2018-02-10 05:37 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-02-18 14:00 - 2018-02-10 05:36 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-02-18 14:00 - 2018-02-10 05:36 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-02-18 14:00 - 2018-02-10 05:36 - 001759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-02-18 14:00 - 2018-02-10 05:36 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-02-18 14:00 - 2018-02-10 05:36 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2018-02-18 14:00 - 2018-02-10 05:36 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-02-18 14:00 - 2018-02-10 05:36 - 000915968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-02-18 14:00 - 2018-02-10 05:36 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-02-18 14:00 - 2018-02-10 05:36 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-02-18 14:00 - 2018-02-10 05:35 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-02-18 14:00 - 2018-02-10 05:35 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-02-18 14:00 - 2018-02-10 05:35 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-02-18 14:00 - 2018-02-10 05:34 - 002983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-02-18 14:00 - 2018-02-10 05:34 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-02-18 14:00 - 2018-02-10 05:33 - 001936384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-02-18 14:00 - 2018-02-10 05:33 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-02-18 14:00 - 2018-02-10 05:33 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-02-18 14:00 - 2018-02-10 05:33 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-02-18 14:00 - 2018-02-10 05:32 - 002427904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2018-02-18 14:00 - 2018-02-10 05:32 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-02-18 14:00 - 2018-02-10 05:31 - 001488896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2018-02-18 14:00 - 2018-02-10 03:59 - 000804240 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-02-18 14:00 - 2018-02-10 03:59 - 000804240 _____ C:\WINDOWS\system32\locale.nls
2018-02-18 14:00 - 2018-02-09 04:35 - 004959688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2018-02-18 14:00 - 2018-02-09 04:35 - 001234888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2018-02-18 14:00 - 2018-02-09 04:35 - 001002952 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2018-02-18 14:00 - 2018-02-02 04:36 - 003903944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2018-02-18 14:00 - 2018-02-02 04:36 - 000921032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2018-02-18 13:59 - 2018-02-10 07:22 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-02-18 13:59 - 2018-02-10 07:21 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-02-18 13:59 - 2018-02-10 07:18 - 000098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2018-02-18 13:59 - 2018-02-10 07:18 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-02-18 13:59 - 2018-02-10 07:13 - 000535960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-02-18 13:59 - 2018-02-10 07:13 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-02-18 13:59 - 2018-02-10 07:12 - 004537040 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2018-02-18 13:59 - 2018-02-10 07:12 - 001313016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-02-18 13:59 - 2018-02-10 07:10 - 000154520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-02-18 13:59 - 2018-02-10 07:09 - 000491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-02-18 13:59 - 2018-02-10 07:08 - 000398824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-02-18 13:59 - 2018-02-10 07:08 - 000096200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2018-02-18 13:59 - 2018-02-10 07:06 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-02-18 13:59 - 2018-02-10 07:06 - 000189336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-02-18 13:59 - 2018-02-10 07:06 - 000100248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-02-18 13:59 - 2018-02-10 07:05 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-02-18 13:59 - 2018-02-10 07:05 - 000070856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-02-18 13:59 - 2018-02-10 07:04 - 000212880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-02-18 13:59 - 2018-02-10 07:04 - 000093592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-02-18 13:59 - 2018-02-10 07:03 - 000849304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-02-18 13:59 - 2018-02-10 07:03 - 000706600 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-02-18 13:59 - 2018-02-10 07:03 - 000098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2018-02-18 13:59 - 2018-02-10 06:17 - 000542856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-02-18 13:59 - 2018-02-10 06:10 - 000422592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-02-18 13:59 - 2018-02-10 06:07 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-02-18 13:59 - 2018-02-10 06:07 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-02-18 13:59 - 2018-02-10 06:07 - 000123808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2018-02-18 13:59 - 2018-02-10 06:07 - 000089504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2018-02-18 13:59 - 2018-02-10 06:07 - 000083216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbrand.dll
2018-02-18 13:59 - 2018-02-10 06:07 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-02-18 13:59 - 2018-02-10 06:05 - 000718232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-02-18 13:59 - 2018-02-10 06:05 - 000654456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-02-18 13:59 - 2018-02-10 06:05 - 000193248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2018-02-18 13:59 - 2018-02-10 06:05 - 000079256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceReactivation.dll
2018-02-18 13:59 - 2018-02-10 06:05 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2018-02-18 13:59 - 2018-02-10 06:03 - 000505160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2018-02-18 13:59 - 2018-02-10 05:50 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-02-18 13:59 - 2018-02-10 05:50 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-02-18 13:59 - 2018-02-10 05:49 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-02-18 13:59 - 2018-02-10 05:49 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-02-18 13:59 - 2018-02-10 05:48 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-02-18 13:59 - 2018-02-10 05:48 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-02-18 13:59 - 2018-02-10 05:47 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-02-18 13:59 - 2018-02-10 05:47 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-02-18 13:59 - 2018-02-10 05:47 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-02-18 13:59 - 2018-02-10 05:47 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-02-18 13:59 - 2018-02-10 05:47 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-02-18 13:59 - 2018-02-10 05:47 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-02-18 13:59 - 2018-02-10 05:47 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-02-18 13:59 - 2018-02-10 05:47 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-02-18 13:59 - 2018-02-10 05:47 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-02-18 13:59 - 2018-02-10 05:47 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb80236.sys
2018-02-18 13:59 - 2018-02-10 05:47 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-02-18 13:59 - 2018-02-10 05:46 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-02-18 13:59 - 2018-02-10 05:46 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-02-18 13:59 - 2018-02-10 05:46 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-02-18 13:59 - 2018-02-10 05:46 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2018-02-18 13:59 - 2018-02-10 05:46 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-02-18 13:59 - 2018-02-10 05:46 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2018-02-18 13:59 - 2018-02-10 05:46 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-02-18 13:59 - 2018-02-10 05:46 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2018-02-18 13:59 - 2018-02-10 05:45 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2018-02-18 13:59 - 2018-02-10 05:45 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2018-02-18 13:59 - 2018-02-10 05:45 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-02-18 13:59 - 2018-02-10 05:45 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EnterpriseAppMgmtClient.dll
2018-02-18 13:59 - 2018-02-10 05:44 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2018-02-18 13:59 - 2018-02-10 05:44 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-02-18 13:59 - 2018-02-10 05:44 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-02-18 13:59 - 2018-02-10 05:44 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-02-18 13:59 - 2018-02-10 05:44 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-02-18 13:59 - 2018-02-10 05:44 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-02-18 13:59 - 2018-02-10 05:44 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-02-18 13:59 - 2018-02-10 05:44 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2018-02-18 13:59 - 2018-02-10 05:44 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-02-18 13:59 - 2018-02-10 05:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-02-18 13:59 - 2018-02-10 05:43 - 003756032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2018-02-18 13:59 - 2018-02-10 05:43 - 000580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-02-18 13:59 - 2018-02-10 05:43 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2018-02-18 13:59 - 2018-02-10 05:43 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-02-18 13:59 - 2018-02-10 05:43 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsku.dll
2018-02-18 13:59 - 2018-02-10 05:43 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-02-18 13:59 - 2018-02-10 05:43 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-02-18 13:59 - 2018-02-10 05:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2018-02-18 13:59 - 2018-02-10 05:43 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-02-18 13:59 - 2018-02-10 05:43 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2018-02-18 13:59 - 2018-02-10 05:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCShellCommonProxyStub.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 001113600 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2018-02-18 13:59 - 2018-02-10 05:42 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 000792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2018-02-18 13:59 - 2018-02-10 05:42 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-02-18 13:59 - 2018-02-10 05:42 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContent.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-02-18 13:59 - 2018-02-10 05:42 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
2018-02-18 13:59 - 2018-02-10 05:41 - 000859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-02-18 13:59 - 2018-02-10 05:41 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-02-18 13:59 - 2018-02-10 05:41 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2018-02-18 13:59 - 2018-02-10 05:41 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2018-02-18 13:59 - 2018-02-10 05:41 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-02-18 13:59 - 2018-02-10 05:41 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-02-18 13:59 - 2018-02-10 05:41 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-02-18 13:59 - 2018-02-10 05:41 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2018-02-18 13:59 - 2018-02-10 05:41 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2018-02-18 13:59 - 2018-02-10 05:41 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 003367936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2018-02-18 13:59 - 2018-02-10 05:40 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2018-02-18 13:59 - 2018-02-10 05:40 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2018-02-18 13:59 - 2018-02-10 05:40 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-02-18 13:59 - 2018-02-10 05:40 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 005500928 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 002490880 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysdm.cpl
2018-02-18 13:59 - 2018-02-10 05:39 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2018-02-18 13:59 - 2018-02-10 05:39 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regsvr32.exe
2018-02-18 13:59 - 2018-02-10 05:38 - 006722560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2018-02-18 13:59 - 2018-02-10 05:38 - 001166336 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-02-18 13:59 - 2018-02-10 05:38 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2018-02-18 13:59 - 2018-02-10 05:38 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2018-02-18 13:59 - 2018-02-10 05:38 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2018-02-18 13:59 - 2018-02-10 05:38 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2018-02-18 13:59 - 2018-02-10 05:38 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-02-18 13:59 - 2018-02-10 05:38 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-02-18 13:59 - 2018-02-10 05:38 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2018-02-18 13:59 - 2018-02-10 05:38 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-02-18 13:59 - 2018-02-10 05:38 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-02-18 13:59 - 2018-02-10 05:38 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeHelper.dll
2018-02-18 13:59 - 2018-02-10 05:37 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll
2018-02-18 13:59 - 2018-02-10 05:37 - 002523648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-02-18 13:59 - 2018-02-10 05:37 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2018-02-18 13:59 - 2018-02-10 05:37 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-02-18 13:59 - 2018-02-10 05:37 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2018-02-18 13:59 - 2018-02-10 05:37 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\srchadmin.dll
2018-02-18 13:59 - 2018-02-10 05:37 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2018-02-18 13:59 - 2018-02-10 05:37 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2018-02-18 13:59 - 2018-02-10 05:37 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-02-18 13:59 - 2018-02-10 05:36 - 002462208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2018-02-18 13:59 - 2018-02-10 05:36 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2018-02-18 13:59 - 2018-02-10 05:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2018-02-18 13:59 - 2018-02-10 05:36 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-02-18 13:59 - 2018-02-10 05:36 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcomapi.dll
2018-02-18 13:59 - 2018-02-10 05:36 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2018-02-18 13:59 - 2018-02-10 05:36 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 005388800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 002814976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 000943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-02-18 13:59 - 2018-02-10 05:35 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srchadmin.dll
2018-02-18 13:59 - 2018-02-10 05:35 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2018-02-18 13:59 - 2018-02-10 05:34 - 006532096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2018-02-18 13:59 - 2018-02-10 05:34 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2018-02-18 13:59 - 2018-02-10 05:34 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2018-02-18 13:59 - 2018-02-10 05:34 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-02-18 13:59 - 2018-02-10 05:33 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2018-02-18 13:59 - 2018-02-10 05:33 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-02-18 13:59 - 2018-02-10 05:33 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-18 13:59 - 2018-02-10 05:33 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-02-18 13:59 - 2018-02-10 05:33 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-02-18 13:59 - 2018-02-10 05:33 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2018-02-18 13:59 - 2018-02-10 05:33 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-02-18 13:59 - 2018-02-10 05:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-02-18 13:59 - 2018-02-10 05:33 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-02-18 13:59 - 2018-02-10 05:33 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-02-18 13:59 - 2018-02-10 05:32 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2018-02-18 13:59 - 2018-02-10 05:32 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2018-02-18 13:59 - 2018-02-10 05:32 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-02-18 13:59 - 2018-02-10 05:32 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.ProxyStub.dll
2018-02-18 13:59 - 2018-02-10 05:31 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2018-02-18 13:59 - 2018-02-10 05:31 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcbase.dll
2018-02-18 13:59 - 2018-02-10 05:31 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-02-18 13:59 - 2018-02-10 05:31 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-02-18 13:59 - 2018-02-09 04:35 - 000892872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2018-02-18 13:59 - 2018-02-09 04:35 - 000065992 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2018-02-18 13:59 - 2018-02-02 04:36 - 000854976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2018-02-18 13:59 - 2018-02-02 04:36 - 000649672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2018-02-18 13:59 - 2018-02-02 04:36 - 000054720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2018-02-12 22:50 - 2018-02-12 23:02 - 000000000 ____D C:\Users\Philip\Documents\Bank
2018-02-07 22:00 - 2018-02-07 22:00 - 000001158 _____ C:\Users\Philip\Desktop\Notepad.lnk
2018-02-05 23:37 - 2018-02-05 23:37 - 000000000 ____D C:\ProgramData\SupportAssist
2018-02-05 23:29 - 2018-02-05 23:29 - 000397672 _____ (Igor Pavlov) C:\Users\Philip\Downloads\supportassistlauncher.exe
2018-02-03 17:34 - 2018-02-03 17:34 - 000056126 _____ C:\Users\Philip\Documents\Solicitud_de_cita_previa_en_Atencion_Primaria..pdf
2018-02-01 20:46 - 2018-02-01 20:47 - 000000258 __RSH C:\ProgramData\ntuser.pol
2018-02-01 20:45 - 2018-02-01 20:45 - 004291320 _____ (BrightFort LLC ) C:\Users\Philip\Documents\spywareblastersetup55.exe
2018-01-31 22:28 - 2018-01-31 22:28 - 000000000 ____D C:\Users\Philip\AppData\Roaming\AVAST Software
2018-01-31 22:27 - 2018-01-31 22:27 - 000001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-01-31 22:27 - 2018-01-31 22:27 - 000001969 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-01-31 22:27 - 2018-01-31 22:27 - 000000000 ____D C:\Users\Philip\AppData\Local\CEF
2018-01-31 22:26 - 2018-02-22 17:39 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-01-31 22:26 - 2018-02-21 20:26 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-01-31 22:26 - 2018-01-31 22:26 - 000061304 _____ () C:\WINDOWS\SMSS-PFRO9eff.tmp
2018-01-31 22:26 - 2018-01-31 22:26 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-01-31 22:26 - 2018-01-31 22:26 - 000000000 ____D C:\Program Files\Common Files\Avast Software
2018-01-31 22:25 - 2018-02-21 20:25 - 000459952 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-01-31 22:25 - 2018-02-21 20:25 - 000379448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-01-31 22:25 - 2018-02-21 20:25 - 000205464 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-01-31 22:25 - 2018-02-21 20:25 - 000192944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-01-31 22:25 - 2018-02-21 20:25 - 000146648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-01-31 22:25 - 2018-02-21 20:25 - 000110328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-01-31 22:25 - 2018-02-21 20:25 - 000084368 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-01-31 22:25 - 2018-02-21 20:25 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-01-31 22:25 - 2018-02-21 20:24 - 001026696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-01-31 22:25 - 2018-02-21 20:24 - 000190440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-01-31 22:25 - 2018-01-31 22:23 - 000343768 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-01-31 22:25 - 2018-01-31 22:23 - 000321512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-01-31 22:25 - 2018-01-31 22:23 - 000199448 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-01-31 22:25 - 2018-01-31 22:23 - 000057696 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-01-31 22:24 - 2018-01-31 22:24 - 007172032 _____ (AVAST Software) C:\Users\Philip\Downloads\avast_free_antivirus_setup_online(1).exe
2018-01-31 22:18 - 2018-01-31 22:18 - 000000000 ____D C:\Program Files\AVAST Software
2018-01-31 22:17 - 2018-02-01 00:34 - 000000000 ____D C:\ProgramData\AVAST Software
2018-01-31 22:17 - 2018-01-31 22:17 - 007172032 _____ (AVAST Software) C:\Users\Philip\Downloads\avast_free_antivirus_setup_online.exe
2018-01-31 22:16 - 2017-09-28 19:05 - 006238208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000c.dll
2018-01-31 22:16 - 2017-09-28 19:02 - 002352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000c.dll
2018-01-31 22:16 - 2017-09-28 18:44 - 006238208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000c.dll
2018-01-31 22:16 - 2017-09-28 18:41 - 002264576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000c.dll
2018-01-28 03:56 - 2018-01-28 03:56 - 000000016 _____ C:\InjectIntoProcess crash
2018-01-24 09:32 - 2018-01-24 09:33 - 000000000 ____D C:\Users\Philip\Documents\Altea
2018-01-24 08:19 - 2018-01-24 08:19 - 000001065 _____ C:\Users\Public\Desktop\PDF-Viewer.lnk
2018-01-24 08:18 - 2018-01-24 08:18 - 000000000 ____D C:\Program Files\Tracker Software
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-02-22 20:19 - 2018-01-20 21:57 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-22 20:16 - 2017-06-22 20:56 - 000000000 ____D C:\Users\Philip\AppData\LocalLow\Mozilla
2018-02-22 18:04 - 2018-01-18 16:01 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-22 17:52 - 2018-01-16 11:43 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-22 17:52 - 2018-01-14 02:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-22 17:52 - 2018-01-14 02:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-22 17:49 - 2018-01-16 00:16 - 000004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5EDC0A66-DA2D-49CC-B047-FF3FAA62DE4E}
2018-02-22 17:46 - 2018-01-20 22:16 - 001027028 _____ C:\WINDOWS\system32\perfh00A.dat
2018-02-22 17:46 - 2018-01-20 22:16 - 000258024 _____ C:\WINDOWS\system32\perfc00A.dat
2018-02-22 17:46 - 2018-01-13 18:30 - 002198038 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-22 17:40 - 2018-01-13 18:22 - 000000000 ____D C:\Users\Adele
2018-02-22 17:40 - 2016-08-06 03:08 - 000000000 ___RD C:\Users\Philip\OneDrive
2018-02-22 17:39 - 2018-01-13 18:22 - 000000000 ____D C:\Users\Philip
2018-02-22 17:38 - 2018-01-13 18:29 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-22 17:38 - 2018-01-13 18:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-21 20:19 - 2018-01-14 02:28 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-02-21 19:08 - 2018-01-14 03:07 - 000000000 ____D C:\WINDOWS\Panther
2018-02-21 19:08 - 2018-01-14 02:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-21 19:08 - 2018-01-14 02:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-21 15:21 - 2018-01-18 00:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-02-21 09:30 - 2018-01-17 23:08 - 000000000 ____D C:\Users\Philip\AppData\Local\ElevatedDiagnostics
2018-02-21 09:18 - 2018-01-13 15:29 - 000000000 ___RD C:\Users\Philip\3D Objects
2018-02-21 09:18 - 2016-04-27 07:39 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-21 08:51 - 2018-01-13 18:10 - 000403936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-02-21 08:47 - 2018-01-14 02:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-02-21 08:47 - 2018-01-14 02:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-21 08:47 - 2018-01-14 02:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-21 08:47 - 2018-01-14 02:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-02-21 08:46 - 2018-01-14 02:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-02-20 18:53 - 2018-01-14 16:32 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-02-20 18:52 - 2018-01-14 16:32 - 000000000 ____D C:\Program Files (x86)\ArcSoft
2018-02-20 18:49 - 2018-01-15 19:55 - 000000000 ____D C:\Users\Philip\Documents\My Albums
2018-02-20 18:49 - 2018-01-15 19:55 - 000000000 ____D C:\Users\Philip\AppData\Roaming\ArcSoft
2018-02-20 15:47 - 2018-01-14 16:03 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-02-20 14:06 - 2018-01-15 19:09 - 000000000 ____D C:\Users\Philip\AppData\Roaming\Canon
2018-02-20 08:05 - 2018-01-13 19:09 - 000000000 ____D C:\Users\Philip\AppData\Local\Packages
2018-02-18 19:40 - 2018-01-14 02:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-02-18 14:38 - 2018-01-14 02:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-18 14:23 - 2018-01-14 13:47 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-18 14:19 - 2018-01-14 13:47 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-18 14:19 - 2018-01-14 13:45 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-18 13:30 - 2018-01-13 19:17 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2230651175-1392670207-592406347-1001
2018-02-18 13:30 - 2018-01-13 19:15 - 000002406 _____ C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-09 18:15 - 2018-01-13 19:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-09 18:15 - 2018-01-13 19:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-02-09 08:24 - 2018-01-13 19:25 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-07 23:43 - 2015-02-16 21:10 - 000000000 ___RD C:\Users\Philip\Dropbox
2018-02-07 22:02 - 2016-10-02 13:06 - 000000000 ____D C:\Windows10Upgrade
2018-02-06 03:49 - 2018-01-14 22:08 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-06 03:49 - 2018-01-14 22:08 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-01 20:54 - 2018-01-18 16:01 - 000000000 ____D C:\Users\Philip\AppData\Local\Google
2018-02-01 20:48 - 2018-01-14 13:50 - 000000000 ____D C:\ProgramData\TEMP
2018-02-01 20:48 - 2018-01-14 13:50 - 000000000 ____D C:\Program Files (x86)\SpywareBlaster
2018-02-01 20:46 - 2018-01-14 13:50 - 000001150 _____ C:\Users\Public\Desktop\SpywareBlaster.lnk
2018-02-01 20:46 - 2018-01-14 02:46 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-02-01 20:46 - 2018-01-14 02:46 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-02-01 20:46 - 2010-12-05 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2018-01-31 22:17 - 2018-01-14 02:54 - 000000000 ____D C:\WINDOWS\OCR
2018-01-31 22:14 - 2018-01-21 15:32 - 000000000 ____D C:\Users\Philip\AppData\Roaming\Wondershare
2018-01-31 22:14 - 2018-01-21 15:30 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-01-31 22:14 - 2013-12-14 14:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-01-27 19:54 - 2018-01-22 09:41 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-01-24 08:19 - 2011-10-04 20:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2018-01-24 07:50 - 2018-01-14 12:41 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-02-18 14:18
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.02.2018
Ran by Philip (22-02-2018 20:24:44)
Running from C:\Users\Philip\Desktop
Windows 10 Home Version 1709 16299.248 (X64) (2018-01-13 17:31:42)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Adele (S-1-5-21-2230651175-1392670207-592406347-1000 - Administrator - Enabled) => C:\Users\Adele
Administrator (S-1-5-21-2230651175-1392670207-592406347-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2230651175-1392670207-592406347-503 - Limited - Disabled)
Guest (S-1-5-21-2230651175-1392670207-592406347-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2230651175-1392670207-592406347-1118 - Limited - Enabled)
Philip (S-1-5-21-2230651175-1392670207-592406347-1001 - Administrator - Enabled) => C:\Users\Philip
WDAGUtilityAccount (S-1-5-21-2230651175-1392670207-592406347-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ArcSoft PhotoStudio 5 (HKLM-x32\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version: - )
Auslogics BoostSpeed 10 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 10.0.2.0 - Auslogics Labs Pty Ltd)
Auslogics Driver Updater (HKLM-x32\...\{23BB1B18-3537-48F7-BEF7-42BC65DBF993}_is1) (Version: 1.9.4.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.1.2326 - AVAST Software)
Belarc Advisor 8.6 (HKLM-x32\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG5500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5500_series) (Version: 1.01 - Canon Inc.)
Canon MG5500 series On-screen Manual (HKLM-x32\...\Canon MG5500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG5500 series User Registration (HKLM-x32\...\Canon MG5500 series User Registration) (Version: - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.40 - Piriform)
Malwarebytes version 3.3.1.2183 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.3.1.2183 - Malwarebytes)
Manual CanoScan 5000,5000F,8000F (HKLM-x32\...\{4C7E5204-EE48-4F10-BC65-04FA36713B6D}) (Version: - )
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.9001.2171 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 en-GB) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-GB)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.208.0 - Tracker Software Products Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8318 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.17.55 - Synaptics Incorporated)
Wondershare Helper Compact 2.5.2 (HKLM-x32\...\{5363CE84-5F09-48A1-8B6C-6BB590FFEDF2}_is1) (Version: 2.5.2 - Wondershare)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-21] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-21] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-21] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers4: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\WINDOWS\system32\igfxpph.dll [2012-11-26] (Intel Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-02-21] (AVAST Software)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-11-01] (Malwarebytes)
ContextMenuHandlers6: [RecuvaShellExt] -> {435E5DF5-2510-463C-B223-BDA47006D002} => C:\Program Files\Recuva\RecuvaShell64.dll [2016-06-06] (Piriform Ltd)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {10B5934C-6C9E-4678-A6A1-A74051825B96} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => rundll32.exe TaskSchedulerHelper.dll,RunTask "Main.exe" "/UseTray /Schedule"
Task: {38AEB124-1B86-4B7C-A7C3-955A08A095C0} - System32\Tasks\Auslogics\Driver Updater\Start Driver Updater оn Adele logon => C:\Program Files (x86)\Auslogics\Driver Updater\DriverUpdater.exe
Task: {51D6C6B3-4FFC-4938-8A18-72C504C4AC56} - System32\Tasks\Auslogics\BoostSpeed\Start BoostSpeed оn Adele logon => C:\Program Files (x86)\Auslogics\BoostSpeed\Main.exe
Task: {7800AB05-ACAC-4DB0-9E9C-955A08B372CB} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-08] (Microsoft Corporation)
Task: {8E3115F8-88CB-4D98-A07B-FBA4A07F0ED9} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-21] (Microsoft Corporation)
Task: {925990A1-6196-441B-8A80-5DC11B21BE1B} - System32\Tasks\Auslogics\Driver Updater\Scan => rundll32.exe TaskSchedulerHelper.dll,RunTask "DriverUpdater.exe" "-UseTray -Schedule"
Task: {B4FC1500-7E70-4437-9818-63D838A5090E} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-31] (AVAST Software)
Task: {C53976DF-A3DD-43DC-870D-902610FD4D8C} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-02-07] (Piriform Ltd)
Task: {D919FE9B-5E2A-441D-A319-D0868571E4B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-08] (Microsoft Corporation)
Task: {D9A7D6C1-84F7-4039-A11D-8417DD01098C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-02-21] (AVAST Software)
Task: {F8950729-2B63-46C0-B37A-EC41F6C7534A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-02-07] (Piriform Ltd)
Task: {FF554523-C319-45B4-A72A-8F24D535A6E3} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-21] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-10-26 09:48 - 2016-10-26 08:48 - 000031256 _____ () C:\WINDOWS\System32\us008lm.dll
2015-03-12 05:43 - 2015-03-12 04:43 - 000022528 _____ () C:\WINDOWS\System32\us013lm.dll
2018-01-14 16:18 - 2013-05-14 10:50 - 000140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2018-01-14 12:39 - 2017-11-29 09:11 - 002301384 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2012-11-26 22:54 - 2012-11-26 22:54 - 000094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2018-01-22 10:03 - 2018-01-22 10:03 - 000061920 _____ () C:\Program Files\CCleaner\branding.dll
2018-02-18 14:00 - 2018-02-10 05:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-18 14:00 - 2018-02-10 05:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-31 09:05 - 2018-01-31 09:06 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-31 09:05 - 2018-01-31 09:06 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-21 15:34 - 2016-10-08 16:48 - 001506304 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2018-01-21 15:34 - 2016-07-21 10:54 - 000137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2018-01-31 22:24 - 2018-01-31 22:24 - 067109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-02-21 20:25 - 2018-02-21 20:25 - 000287960 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-02-21 20:25 - 2018-02-21 20:25 - 000280280 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2018-02-21 20:24 - 2018-02-21 20:24 - 000275672 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\WINDOWS\system32\bcmihvsrv64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcmihvui64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcmwlcoi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hkcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\igfxpers.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxtray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtCRX64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SynCOM.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SynTPAPI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SynTPCo46-4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wdfcoinstaller01009.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EtmService.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RsCRIcon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SynCom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\BCMWL664.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cykbfltr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EtmDevDram.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EtmDevFan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EtmDevGen.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EtmDevMcp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EtmDevPch.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\EtmDrvMgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Impcd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RtsUer.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\SynTP.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\Adele\Downloads\2017-03-28 12.34.57.jpg:com.dropbox.attributes [386]
AlternateDataStreams: C:\Users\Adele\Documents\IMG_20170405_0001.jpg:$CmdZnID [26]
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 [125]
AlternateDataStreams: C:\Users\Philip\Downloads\DropboxInstaller.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Philip\Downloads\f4387407u8213.zip:$CmdTcID [64]
AlternateDataStreams: C:\Users\Philip\Downloads\f4387407u8213.zip:$CmdZnID [26]
AlternateDataStreams: C:\Users\Philip\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\Philip\Downloads\HPSupportSolutionsFramework-12.0.30.219.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\Philip\Downloads\Policy Wording June 2014.pdf:$CmdZnID [26]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2230651175-1392670207-592406347-1001\...\1001movie.com -> 1001movie.com
There are 6091 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-01-14 02:46 - 2018-01-14 02:41 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2230651175-1392670207-592406347-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{344025C1-86CB-4D1D-A418-F8E5837E0866}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C61CD5E7-D7F5-47EF-8A1A-D8D724E88978}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{9E57C45A-09F6-4D6B-AF91-217E1D88E19A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B5B08084-8800-4C84-8FEE-CB6E56B59885}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{4032D9E2-6700-424E-9B31-4791C9FE0C52}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3A141315-5BAD-4CF6-92E0-3B2DE8E3055F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E3AAD5B7-BD93-4744-B6F9-9CA9C438D9A7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6D19807A-813E-4FF5-9706-725E2E071105}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7A9FFD20-FC5A-45F5-8D72-11AD0317326B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{8F781717-0742-4A39-8077-41788ED4BD2A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{328ABDDE-0680-4CF1-AC4C-5C6D35883E7D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{51A925F2-4994-430A-874B-E8EEE091DE3C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.74.380.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
==================== Restore Points =========================
07-02-2018 07:56:05 Windows Update
18-02-2018 13:58:00 Windows Update
22-02-2018 18:35:42 Sys Restore
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/21/2018 08:23:24 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (02/21/2018 08:23:21 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (02/21/2018 07:02:05 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (02/21/2018 07:02:05 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (02/21/2018 07:02:02 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (02/18/2018 02:23:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (02/18/2018 01:30:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP)
Description: Package Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
Error: (02/18/2018 01:26:39 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
System errors:
=============
Error: (02/22/2018 06:34:53 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume OS.
The exact nature of the corruption is unknown. The file system structures need to be scanned online.
Error: (02/22/2018 05:43:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service did not respond on starting.
Error: (02/22/2018 05:39:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/22/2018 05:39:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/22/2018 05:39:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/22/2018 05:39:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (02/22/2018 05:38:48 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 20:45:28 on 21/02/2018 was unexpected.
Error: (02/21/2018 08:24:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Downloaded Maps Manager service did not respond on starting.
Windows Defender:
===================================
Date: 2018-01-31 22:17:35.409
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...49&enterprise=0
Name: Misleading:Win32/Lodi
ID: 240849
Severity: High
Category: Potentially Unwanted Software
Path: file:_C:\Users\Philip\Downloads\remorecover-windows.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files\Mozilla Firefox\firefox.exe
Signature Version: AV: 1.261.554.0, AS: 1.261.554.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-01-31 22:13:31.503
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...93&enterprise=0
Name: Misleading:Win32/Opitdeps
ID: 241193
Severity: High
Category: Potentially Unwanted Software
Path: file:_C:\Program Files\DIFX\8DAB22A276042539\dpinst64.exe;file:_C:\PROGRA~1\DIFX\8DAB22A276042539\dpinst64.exe;regkey:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FD83A9F80979BC060ED1AB97CA2602779778ACE8;uninstall:_HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\FD83A9F80979BC060ED1AB97CA2602779778ACE8
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.261.554.0, AS: 1.261.554.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-01-31 22:12:29.857
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...93&enterprise=0
Name: Misleading:Win32/Opitdeps
ID: 241193
Severity: High
Category: Potentially Unwanted Software
Path: file:_C:\Program Files\DIFX\8DAB22A276042539\dpinst64.exe;file:_C:\PROGRA~1\DIFX\8DAB22A276042539\dpinst64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.261.554.0, AS: 1.261.554.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-01-31 22:12:25.342
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...93&enterprise=0
Name: Misleading:Win32/Opitdeps
ID: 241193
Severity: High
Category: Potentially Unwanted Software
Path: file:_C:\PROGRA~1\DIFX\8DAB22A276042539\dpinst64.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.261.554.0, AS: 1.261.554.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-01-24 08:15:33.014
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft...61&enterprise=0
Name: Misleading:Win32/Sofolview
ID: 240761
Severity: High
Category: Potentially Unwanted Software
Path: file:_\\PHILIP-PC\Documents\Software Downloads\Setup_FileViewPro_2015.exe
Detection Origin: Network share
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\explorer.exe
Signature Version: AV: 1.261.183.0, AS: 1.261.183.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0
Date: 2018-01-31 09:10:00.973
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.554.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.
Date: 2018-01-31 09:10:00.973
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.
Date: 2018-01-31 09:10:00.180
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.554.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.
Date: 2018-01-31 09:10:00.178
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.554.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.
Date: 2018-01-31 09:10:00.178
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.554.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: The remote system is not available. For information about network troubleshooting, see Windows Help.
CodeIntegrity:
===================================
Date: 2018-01-27 18:06:14.837
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-01-27 18:05:52.190
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-01-27 18:05:28.939
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-01-27 18:05:28.027
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-01-27 18:05:06.106
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-01-27 18:05:05.731
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-01-27 18:05:04.963
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
Date: 2018-01-27 18:04:43.205
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core i3 CPU M 370 @ 2.40GHz
Percentage of memory in use: 72%
Total physical RAM: 3892.52 MB
Available physical RAM: 1083.88 MB
Total Virtual: 15668.52 MB
Available Virtual: 12618.25 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:343.05 GB) NTFS
\\?\Volume{a38be6f4-d471-11df-81c1-806e6f6e6963}\ (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.73 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 04FC0C68)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 2/22/18
Scan Time: 8:41 PM
Log File: 6f4d4986-1808-11e8-98c2-f04da251d90b.json
Administrator: Yes
-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.4056
License: Free
-System Information-
OS: Windows 10 (Build 16299.248)
CPU: x64
File System: NTFS
User: LAPTOP\Philip
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 323002
Threats Detected: 3
Threats Quarantined: 3
Time Elapsed: 4 min, 33 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 1
Adware.Norassie, HKU\S-1-5-21-2230651175-1392670207-592406347-1001\SOFTWARE\Norassie, Quarantined, [2725], [361347],1.0.4056
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 2
PUP.Optional.Amazon1Button, C:\USERS\PHILIP\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8O7G1QLK.DEFAULT\EXTENSIONS\[email protected], Quarantined, [837], [493346],1.0.4056
PUP.Optional.BundleInstaller, C:\USERS\PHILIP\DOCUMENTS\GOOGLEEARTHSETUP_0447516995.EXE, Quarantined, [18], [493446],1.0.4056
Physical Sector: 0
(No malicious items detected)
(end)
If I do have a malware problem I have no idea where it came from. I would be most grateful if you could advise me on what to do next.
I look forward to hearing from you.
Philip