Inactive I believe I have a Kernal mode rootkit :(

Status
Not open for further replies.
Sonicy0uth

Sonicy0uth

Posts: 11   +0
Hello, how are you fellas doin?


I believe I have a nasty rootkit on my laptop.

I recently started experiencing lost admin permissions in my file explorer and a few of my accounts were compromised, my two part auth malfunctions, you name it.


I believe cause of the infection could possibly be one of the IT guys at a job I recently left after 3 years of being 2nd in command. He had a few brief periods of alone time with my personal laptop so who knows what was done.

If that's the case he's most likely using azure AD, Intune or whatever Microsoft provides for enterprise device management.

I did both a system refresh, and a complete reinstall of windows with no luck. Defender doesn't detect anything, but their malicious software removal tool does then crashes.


I downloaded the tool recommended in the before you post sticky thread. Here are my logs.

I really appreciate any assistance you guys can give me!

Thanks ahead of time

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2017
Ran by sam (administrator) on TAKETHISAZUREBU (04-12-2017 17:31:57)
Running from C:\Users\sam\Desktop
Loaded Profiles: sam (Available Profiles: sam)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-27] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-02] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{4bef2cda-b647-4294-ba67-d20ea3da0dfc}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-622049476-34633954-126455062-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-622049476-34633954-126455062-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/chrome/browser/desktop/index.html?hl=en&brand=OKWM&utm_source=en-google.com&utm_medium=material-callout&utm_campaign=IE-material-callout-smarter

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-29] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
S2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-29] (Intel Corporation)
S3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-29] (Intel Corporation)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84280 2016-05-16] (Intel Corporation)
S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-04] (Malwarebytes)
S3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7932160 2017-01-24] (Intel Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-09-03] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3127576 2016-07-14] (Realtek Semiconductor Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-07-27] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [42696 2015-07-27] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys AAB860A5E606B9621E130D8C29D3F305
C:\WINDOWS\System32\drivers\3ware.sys 4140B14929C555E9513D59A2EEB5C471
C:\WINDOWS\System32\drivers\ACPI.sys AC251B31370C1E00F577928260B8939F
C:\WINDOWS\System32\drivers\AcpiDev.sys 3E5E5DAE5CAEC0209C93D3AD8128D8A0
C:\WINDOWS\System32\Drivers\acpiex.sys F72D7CC7E7A97A09757313F3B4C7E17A
C:\WINDOWS\System32\drivers\acpipagr.sys F04B6F53FBDB2B6B0451AE53DE19F0C9
C:\WINDOWS\System32\drivers\acpipmi.sys C347A6095F3BE417D24F1E1349F4AF0F
C:\WINDOWS\System32\drivers\acpitime.sys 686BFFC47454DD2F58795C2EE891CA9F
C:\WINDOWS\System32\drivers\AcpiVpc.sys E13DE7CD2B62254DD4FF658B7798A37D
C:\WINDOWS\System32\drivers\ADP80XX.SYS FBDA59118E59B3722248C66BAD89CAA9
C:\WINDOWS\system32\drivers\afd.sys 5A6D591D56791BA63CE73FCAD60D89A1
C:\WINDOWS\System32\DRIVERS\ahcache.sys 1D914C996F2C3134E2344BB74F79BCF6
C:\WINDOWS\System32\drivers\amdk8.sys 9C39FBA94FFEF04561D13ED0D1B50DD0
C:\WINDOWS\System32\drivers\amdppm.sys 395D56FA2E22A10AE4774440D086F559
C:\WINDOWS\System32\drivers\amdsata.sys EB729A9ADCB9F9C406B533F95E2F67D4
C:\WINDOWS\System32\drivers\amdsbs.sys 3B5C5C696F33FE61F1922533B03B9316
C:\WINDOWS\System32\drivers\amdxata.sys A7D45A303FF8A9493C96C4B804051E6E
C:\WINDOWS\System32\drivers\appid.sys 2A5A93CAFF4320172897E9A366313962
C:\WINDOWS\System32\drivers\applockerfltr.sys EAF36A714E16A69B8B4ED7591CBA77B6
C:\WINDOWS\System32\drivers\arcsas.sys 6E456A94B9BD7F6B4758729BCEDE40C3
C:\WINDOWS\System32\drivers\asyncmac.sys 766F3A7E42AFCF74265FAC78987D1665
C:\WINDOWS\System32\drivers\atapi.sys 01733BEEE02E51F712330D5909BD701C
C:\WINDOWS\System32\drivers\bxvbda.sys 0914A5E66C0775CE11960452A6434FEC
C:\WINDOWS\System32\drivers\BasicDisplay.sys F8129321B1874D4386F7FEB754BC3380
C:\WINDOWS\System32\drivers\BasicRender.sys 21C85485F7675F74BC6212052033D553
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys ED03D2ACE378C9EB8BB957ABBD85B951
C:\WINDOWS\System32\DRIVERS\bowser.sys 2342B8619193B0D9FAC0D02C69DCE74A
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys AF57F0B0E284BE06860A7B701341324D
C:\WINDOWS\System32\drivers\BthEnum.sys CE5210E1DFD49B2F02507C30B9B26CB4
C:\WINDOWS\System32\drivers\bthhfenum.sys E1E55BA45510B2B0309E2C77ABEB1BFE
C:\WINDOWS\System32\drivers\BthHFHid.sys 336A9C0254A0178ED50281B6EDF5B836
C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 2175D891ABDC407699FFDBC4C3B131FA
C:\WINDOWS\System32\drivers\bthmodem.sys 5428242193611BF91DDBF4F58900A55A
C:\WINDOWS\System32\drivers\bthpan.sys D8044E77B06BAE2F8B5C48F3C7E1FF98
C:\WINDOWS\System32\drivers\BTHport.sys 27B7348B88DE2F93C4FB4D53EC469AB0
C:\WINDOWS\System32\drivers\BTHUSB.sys FA5CE6301192DD6ED4AA747B2C88FD42
C:\WINDOWS\System32\drivers\buttonconverter.sys FF4F46CEF5ED7FDE650CA1D73D9FB663
C:\WINDOWS\System32\drivers\CAD.sys 029434AC0A3935F9125ABBD08BF7C30B
C:\WINDOWS\System32\drivers\capimg.sys 307AE8BC9B45772DA02FB952A1D86C35
C:\WINDOWS\System32\DRIVERS\cdfs.sys B6E5AD7C83A5254DEE9D86023C0E5A81
C:\WINDOWS\System32\drivers\cdrom.sys ABE77AD954BC3D72F559CF0C381E50BC
C:\WINDOWS\System32\drivers\cht4sx64.sys 05EA22CFC40EDE05BF6E3BC782E5204C
C:\WINDOWS\System32\drivers\cht4vx64.sys 863E1C9F6750446DFB9EDCAEC3531367
C:\WINDOWS\System32\drivers\circlass.sys 3E416539352B007AD0610BF34AC15D31
C:\WINDOWS\System32\drivers\cldflt.sys 616E1ED94FA7F96D429D985FDB203D2E
C:\WINDOWS\System32\drivers\CLFS.sys AF0BF03C8574DD026FAF9A82A64C2D04
C:\WINDOWS\System32\drivers\registry.sys 5118CFC33BBB51C7E3ED441B7085AD26
C:\WINDOWS\System32\drivers\CmBatt.sys 232F3A3AC3A2FB32C5C46503A6517073
C:\WINDOWS\System32\Drivers\cng.sys 9CFEC4FA16A7E1D7C0E6B353CBDFD2F2
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys E1BFF774FF67CA951A5DFF0E104FB132
C:\WINDOWS\system32\drivers\CHDRT64.sys 6B51763B8504B45E010D1296E24A4CF3
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys DFDAEDB857BC18764F0D8ECDCC3C1499
C:\WINDOWS\System32\drivers\condrv.sys 04532711732BE9DBC364E88E4A9EC18A
C:\WINDOWS\System32\drivers\dam.sys F51953EC4B9AACD92A3B3CE66E05CEF4
C:\WINDOWS\System32\Drivers\dfsc.sys 185A4519B7764F4DEF714D890A7A9FD2
C:\WINDOWS\System32\drivers\disk.sys 1203EA16F36C5BEB2509FB7CC03DC178
C:\WINDOWS\System32\drivers\dmvsc.sys 038B8B76284BC291EC75B005BB3EB13F
C:\WINDOWS\System32\drivers\dptf_cpu.sys 4DD17AA07FA0A75E79B47E5B7F18964D
C:\WINDOWS\System32\drivers\drmkaud.sys 3D934A1C02EB6979CF45C70A71F580EC
C:\WINDOWS\System32\drivers\dxgkrnl.sys EB3658BA2508A482782BC5402655206E
C:\WINDOWS\System32\drivers\evbda.sys D64CD3AE93125EDA383190C2AF607E70
C:\WINDOWS\System32\drivers\EhStorClass.sys FFBB37982E6D24AEC7A2E5459098EAC9
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys ABF38D02E01D6ED87AE1DF65FC5DF62D
C:\WINDOWS\System32\drivers\errdev.sys B9A59B4AD516E38C39FA416398B96CCB
C:\WINDOWS\system32\DRIVERS\esif_lf.sys A63C10A6A6B09FED00046DDD313C2CC1
C:\Windows\System32\Drivers\exfat.sys 9C4D88E8614487AD85A6F18A71A7298F
C:\Windows\System32\Drivers\fastfat.sys C61014A176ECAAF97589E6FC979CE786
C:\WINDOWS\System32\drivers\fdc.sys 853081957BA148F38FD8DE4390CFCF4A
C:\WINDOWS\System32\drivers\filecrypt.sys 27E764D6460504B7271AFECE7A59FB76
C:\WINDOWS\System32\drivers\fileinfo.sys 3D6087F51110F3CC0DA89385354F8C5E
C:\WINDOWS\System32\drivers\filetrace.sys 057E95E53C38260C4EF49B3A077770CD
C:\WINDOWS\System32\drivers\flpydisk.sys 90B2983D8495C26345A1DC5F0C3BB07B
C:\WINDOWS\System32\drivers\fltmgr.sys A84261F75F490E45CFEDBA77EFE4F67E
C:\WINDOWS\System32\drivers\FsDepends.sys D2814848206DFC18EB8D3D069FAE703E
C:\Windows\System32\Drivers\Fs_Rec.sys AE7EDF845F41ACA3B74567C3CE20E987
C:\WINDOWS\System32\DRIVERS\fvevol.sys BC98224B00A582B0B7A6644900669175
C:\WINDOWS\System32\drivers\vmgencounter.sys 4616F61E24B3AEA6E0E4EA7D69531EF4
C:\WINDOWS\System32\drivers\genericusbfn.sys 23174BB6937459B924BB8EF667FB28EF
C:\WINDOWS\System32\Drivers\msgpioclx.sys 4B11CFBE1D9B73A9D865F6AB26F800BA
C:\WINDOWS\System32\drivers\gpuenergydrv.sys 3FC3FCF557D0BE3D724EA10642E1F6FF
C:\WINDOWS\System32\drivers\HDAudBus.sys 02B9639D9997E95CDF2F4C4F3BDCC73D
C:\WINDOWS\System32\drivers\HidBatt.sys 9F90819E301C70A3A042FC05D3E41B5F
C:\WINDOWS\System32\drivers\hidbth.sys 1FE8E2676CD512181F84B27EE86CE29C
C:\WINDOWS\System32\drivers\hidi2c.sys 55DAF856F9633DD2519BA4E942870F02
C:\WINDOWS\System32\drivers\hidinterrupt.sys E34216A190D9BF8EAA666F6903BCD0EF
C:\WINDOWS\System32\drivers\hidir.sys 852DBB5185996AD8C73872A43A453729
C:\WINDOWS\System32\drivers\hidusb.sys C1A608120DE0DF52E51B8BAF86AF19F9
C:\WINDOWS\System32\drivers\HpSAMD.sys 8ADD9CA3E0F18CEA11EA6FAED794A228
C:\WINDOWS\System32\drivers\HTTP.sys BB1AE72906564A6E81B79D73A05AE21F
C:\WINDOWS\System32\drivers\hvservice.sys F60F8390B635156593F7493AE898AFB0
C:\WINDOWS\System32\drivers\hwpolicy.sys 563F5FC3B46A70A91AB6C8822AC8BF25
C:\WINDOWS\System32\drivers\hyperkbd.sys C082249BC3E972C8A132D9EC6AD9EAD5
C:\WINDOWS\System32\drivers\i8042prt.sys C6C8315E3262FAE460529C6DA2951682
C:\WINDOWS\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\WINDOWS\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 42962355A7911407026E920E7252E3E5
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys BD47B2FEABFA48C6224D43EE9EA9BC06
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 2184CB3A65888F446FCD6DBA9F073F4C
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 4126F8DA08CE7924A3AE6F7235F85D5F
C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys 9FC5FEF534F277D1FD583CC5F8B5856B
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorA.sys 6C9A376345D77BDAD957D83B57FD3D73
C:\WINDOWS\System32\drivers\iaStorAV.sys D820075D3395BED28FC57AEF8FBA666F
C:\WINDOWS\System32\drivers\iaStorV.sys A243E0CE8644378C9A9D015ABC3EDA27
C:\WINDOWS\System32\drivers\ibbus.sys E16E4FC9F250E48CB2CAD93E59D010E2
C:\WINDOWS\system32\DRIVERS\ibtusb.sys 18F7B1E3C5DE1CC8B3D2BBF90F7350EF
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_12cbd645391cbdcb\igdkmd64.sys 4714DD533E71DD429CAB014ABB3989F3
C:\WINDOWS\System32\drivers\IndirectKmd.sys 0E33BC018502E7FDE77C343055D9C626
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys E4E42ADB9B710CAA2801F5AA3705A8CC
C:\WINDOWS\System32\drivers\intelide.sys 4B7F8A1AAC7172DB6918A0E10E1D78A3
C:\WINDOWS\System32\drivers\intelpep.sys 0A3DBE89C965FFB7C0D0E38834E77B90
C:\WINDOWS\System32\drivers\intelppm.sys 64EC687A811DC4F69DF3816F073352AA
C:\WINDOWS\System32\drivers\iorate.sys 549C278119FF539C3B219C55B98B0E87
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys A0F9F2E87F0C751FE164D90EB44A9B63
C:\WINDOWS\System32\drivers\IPMIDrv.sys 656DDB34996A96539BA6E2843B5F2A77
C:\WINDOWS\System32\drivers\ipnat.sys DCC05E5EAA580C97F13B434FAFACED85
C:\WINDOWS\system32\drivers\irda.sys 9035C10C7EB8CF7C87CEA82A62EBB43A
C:\WINDOWS\System32\drivers\irenum.sys E7FD479E3298F3C8852A0D2F092BDB35
C:\WINDOWS\System32\drivers\isapnp.sys 7FE3B3A30FA20F27AF7022A01C2266BA
C:\WINDOWS\System32\drivers\msiscsi.sys 618707F3F742BF67AB578808171F60EB
C:\WINDOWS\System32\drivers\kbdclass.sys D36B404BF979297C6572AEF98B2594F2
C:\WINDOWS\System32\drivers\kbdhid.sys 7E2036A846789D6D6A2EE21915017EE1
C:\WINDOWS\System32\drivers\kdnic.sys 4C054B8E901F41F5743DADE8A29FF256
C:\WINDOWS\System32\Drivers\ksecdd.sys 2B9F287EF4AAB936D1B92DCE46626631
C:\WINDOWS\System32\Drivers\ksecpkg.sys 6629CAA1F157088B9EDD1EAD24C6D753
C:\WINDOWS\system32\drivers\ksthunk.sys 9778205F28DC4F2EFFCC146647FE5CF0
C:\WINDOWS\System32\drivers\lltdio.sys FC37745959DFA4871759E4DCC836227A
C:\WINDOWS\System32\drivers\lsi_sas.sys 16C9D4D822CCA795A72DC88B25A577CC
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 920F0CFCED5F28A31B79F1C470649D11
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 0FE63316F1C70A0F759A449FAC64C24B
C:\WINDOWS\System32\drivers\lsi_sss.sys 80E82C46B27A923A3744531069B63857
C:\WINDOWS\system32\drivers\luafv.sys 9E84499B0535E3F5452730B9BD033A54
C:\WINDOWS\System32\drivers\mausbhost.sys C3EED732789052C98A2613A7E1C37CDA
C:\WINDOWS\System32\drivers\mausbip.sys 4DCE65116A28488593FF5A6A18B03DB0
C:\WINDOWS\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\WINDOWS\System32\drivers\megasas.sys 0609BF877A2F4DEECC62EEE220AB6242
C:\WINDOWS\System32\drivers\MegaSas2i.sys EEC64C8D498D121607C7615FDFBEE4D0
C:\WINDOWS\System32\drivers\megasr.sys 2B7D3B206833D769218A1F4BE2D73B97
C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys 1039E2C190060B1A51289B47493DA456
C:\WINDOWS\System32\drivers\mlx4_bus.sys 89257B8D3826B5629CF7F73F97DA44F9
C:\WINDOWS\system32\drivers\mmcss.sys 9AE3C0CC0865B1618A3C97744A6A9E9B
C:\WINDOWS\System32\drivers\modem.sys 0CD29540C32C2E2E0E3D7E9832752AF3
C:\WINDOWS\System32\drivers\monitor.sys 534477FCAFDFCA6B841BFA06BD26BCC5
C:\WINDOWS\System32\drivers\mouclass.sys F5D4E18A70BA069D479154442CDEB60D
C:\WINDOWS\System32\drivers\mouhid.sys 5C09868963B0C076AC3BC7759A46B7B1
C:\WINDOWS\System32\drivers\mountmgr.sys 8BF7039787036529B98E50AE86A0E46B
C:\WINDOWS\System32\drivers\mpsdrv.sys AD118EC95E9EF4D5223D681D8F183567
C:\WINDOWS\system32\drivers\mrxdav.sys D14C297933C82B8CB0B5CBBA4DDC830B
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys F2AD1B72C5A6475FB5FF332E1980DF88
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 3E76F1B33FDB39C524086CA6774CA2C6
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 7EFDF47AA174D8CD8F6BAB40CC5D6D51
C:\WINDOWS\System32\drivers\bridge.sys 44A8A52763381E5DCAE122330191493C
C:\Windows\System32\Drivers\Msfs.sys 92C00BD9616F353CA59A755C33269757
C:\WINDOWS\System32\drivers\msgpiowin32.sys F27EC8F7A0A779276E5DA2E70C2B01EE
C:\WINDOWS\System32\drivers\mshidkmdf.sys CBA955A54C9446CAAD28C76789D3B071
C:\WINDOWS\System32\drivers\mshidumdf.sys E8E568EF60677E4534F387C53EE1B35F
C:\WINDOWS\System32\drivers\msisadrv.sys 16376B7B0730C04DD1A2C0CC8E09E420
C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys C2939119A17E52D74191EFC1E4CDEE09
C:\WINDOWS\System32\drivers\mslldp.sys E40B960078A15D4901265D32E071C42D
C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys B4860AB91DC4E73936F0FF504D6B4B07
C:\WINDOWS\system32\DRIVERS\MSPQM.sys 8EDC45C3F7F64A51C98B59E24648F74B
C:\Windows\System32\Drivers\MsRPC.sys 7DA5FAC2A49D30CA5B7B96B8B26281AC
C:\WINDOWS\System32\drivers\mssmbios.sys 7E3365C8BC83DCE88D6226BB5C7170C4
C:\WINDOWS\system32\DRIVERS\MSTEE.sys 09D51564E49181E9928910D6B91C920E
C:\WINDOWS\System32\drivers\MTConfig.sys 793AE56A3946EAD5F906C28D294FEFE6
C:\WINDOWS\System32\Drivers\mup.sys E35F51C7474A26680627477462715206
C:\WINDOWS\System32\drivers\mvumis.sys 74BD1149BF50F1E24934042A3BD17C90
C:\WINDOWS\System32\DRIVERS\nwifi.sys 83397BCE9D176B74E80975647A295748
C:\WINDOWS\System32\drivers\ndfltr.sys 0FFE8AF1B94C5FD54E6ACC6DAE990D31
C:\WINDOWS\System32\drivers\ndis.sys BC6EB2110C8462FF20E74B2E2A31917E
C:\WINDOWS\System32\drivers\ndiscap.sys 4EA73CFDEE4A628D387D95464A131F29
C:\WINDOWS\System32\drivers\NdisImPlatform.sys EB127689AF6F24091AB73538A556257F
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 73B4C72FB6170A08C64BDA92DE93ECF7
C:\WINDOWS\System32\drivers\ndisuio.sys 6704F27EB15A5B30AA7FA5A4F4D1FD47
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys FE87CCAA89433FC306A80F15E848F4B2
C:\WINDOWS\System32\drivers\ndiswan.sys 94517BC9F29A1B73D377F1BF1C3DCA34
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94517BC9F29A1B73D377F1BF1C3DCA34
C:\WINDOWS\System32\DRIVERS\NDProxy.sys AC6AC99075732F5C29DB0004DD5B1AC6
C:\WINDOWS\System32\drivers\Ndu.sys 9AC090451D92E6081EB89CDA83D74189
C:\WINDOWS\System32\drivers\NetAdapterCx.sys A115DDB2C7805C41EEC9A5276FF5764E
C:\WINDOWS\System32\drivers\netbios.sys F420B6CAB5151A38E4DBBFFB500C11DA
C:\WINDOWS\System32\DRIVERS\netbt.sys BAD3C424788BC071C3EC82CFCDA954D2
C:\WINDOWS\System32\drivers\netvsc.sys 8C03F2F5A9E93AEB08B3AEE51552394A
C:\WINDOWS\system32\DRIVERS\Netwtw04.sys A878A444B442606F3669D78D1E58A4FC
C:\Windows\System32\Drivers\Npfs.sys 6D8F6A9C53CFB0C49E8251A442B7283F
C:\WINDOWS\System32\drivers\npsvctrig.sys BABF7E1757D6908941C9F9CBD66A5EF0
C:\WINDOWS\System32\drivers\nsiproxy.sys 244C3E541E741C9D8F67E05D9D9AFBE7
C:\Windows\System32\Drivers\NTFS.sys 4FB781DF7C0ED6B989F465A7886583F1
C:\Windows\System32\Drivers\Null.sys 4FFB2D5655D10700D5B8E205C4DB86BD
C:\WINDOWS\System32\drivers\nvdimmn.sys 99EB6376EC2C03CE5F668577651E3454
C:\WINDOWS\System32\drivers\nvraid.sys 3DB2E9E207358BFBD09B77B5119ECA5B
C:\WINDOWS\System32\drivers\nvstor.sys 4C04BFBD4DB2EECCC47F5FA39D65BB6E
C:\WINDOWS\System32\drivers\parport.sys 2CC6C325B271C7CA60F374F8F868CB45
C:\WINDOWS\System32\drivers\partmgr.sys ABE0711474C0518FD914F62AB4FB83E8
C:\WINDOWS\System32\drivers\pci.sys C5B74C6D87E77BC64DEBD1BF57DEB375
C:\WINDOWS\System32\drivers\pciide.sys CFB85CB7A6F6926EA0EB96EDFB3C8A91
C:\WINDOWS\System32\drivers\pcmcia.sys 13B7D84B397A90E82682C47A15C3A98D
C:\WINDOWS\System32\drivers\pcw.sys 76EA512FD9D4673CF7A57775EE8922E2
C:\WINDOWS\System32\drivers\pdc.sys 10E48E45A03A7F4C2B7C11738BE87816
C:\WINDOWS\System32\drivers\peauth.sys 4F190BA3C9BD2F0277BCBF480F396091
C:\WINDOWS\System32\drivers\percsas2i.sys FE52FF97A094609429FEF098EDC6FB08
C:\WINDOWS\System32\drivers\percsas3i.sys FCA143274792F12383C35902E801E83A
C:\WINDOWS\System32\drivers\pmem.sys 414CA4DCC31D795882B25ADC1DACE779
C:\WINDOWS\System32\drivers\raspptp.sys D292D7FADCEE481CC64A9DE8FE9C3347
C:\WINDOWS\System32\drivers\processr.sys D57CF871B3977731A91FE9611A54C7C1
C:\WINDOWS\System32\drivers\pacer.sys B60431D2A046AD97F8427F6E568370F5
C:\WINDOWS\system32\drivers\qwavedrv.sys A2B0F46FBA2521E7E732BDBDB1238515
C:\WINDOWS\System32\DRIVERS\rasacd.sys EA9EB06EFC325CD2ACF5DF2F26A4894E
C:\WINDOWS\System32\drivers\AgileVpn.sys 4E9379389D0A851DD19D130C8FAEFBD0
C:\WINDOWS\System32\drivers\rasl2tp.sys 5279EC98F6218D29EADDFECCC0D80E9A
C:\WINDOWS\System32\DRIVERS\raspppoe.sys D7FF75ED7A48FD60A573C9E959CF4DB5
C:\WINDOWS\System32\drivers\rassstp.sys 6A4E45A7F17FA0B4B1B48C550E311944
C:\WINDOWS\System32\DRIVERS\rdbss.sys F2C575A9657F7B2E027C6CE7BC8F1A2D
C:\WINDOWS\System32\drivers\rdpbus.sys 9414B22E093243636D362BF8C8C12A67
C:\WINDOWS\System32\drivers\rdpdr.sys 53A01D3FDB701AC5D9DDE4140227E3D9
C:\WINDOWS\System32\drivers\rdpvideominiport.sys DF32ED51DC0C3F6F3B1C4CEF71B8B426
C:\WINDOWS\System32\drivers\rdyboost.sys 2369A5B651308E0C3458143976E9B03B
C:\Windows\System32\Drivers\ReFS.sys 3581FB9529035F8EC6DB681664CA70B1
C:\Windows\System32\Drivers\ReFSv1.sys 79E1ADE19D8B7C56EF29D098EAF57AD0
C:\WINDOWS\System32\drivers\rfcomm.sys 9179005CD2702635CF12DB5E0A9D1B0E
C:\WINDOWS\System32\drivers\rspndr.sys E87EECED9287C275B6CF30EB598B1D77
C:\WINDOWS\system32\Drivers\RtsUer.sys 9114099024DC6B97C10F460ED198D13F
C:\WINDOWS\system32\DRIVERS\rtsuvc.sys 070D1D3C910A0BEF91DC0A8E8EFF921D
C:\WINDOWS\System32\drivers\vms3cap.sys 6308366D3CDEA5F427CFF4BCF0081B4E
C:\WINDOWS\System32\drivers\sbp2port.sys 33B2DC5C2F19DA89F862484E23D9833D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 5CFEEFCC6FAD1FD09ACCFBD652DDD85B
C:\WINDOWS\System32\drivers\scmbus.sys 5C8620FAC0E3C1658C8EF7AD7BB7EA5F
C:\WINDOWS\System32\drivers\sdbus.sys 134FB9DCA9244455917D80D33CA31ACA
C:\WINDOWS\System32\drivers\SDFRd.sys 464B615872981015AC4FEEBDEA83A063
C:\WINDOWS\System32\drivers\sdstor.sys 6BC219F1D9CDE08CEB9084ADB41FBA01
C:\WINDOWS\System32\drivers\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\System32\drivers\ser2pl64.sys 2B487E44AAC4B1360E52BC1618B9EFD1
C:\WINDOWS\System32\drivers\SerCx.sys 585329F62195A4B7AAD0A95F6EC89751
C:\WINDOWS\System32\drivers\SerCx2.sys C8F4FDA8B3D039D7947344614FF5BFB2
C:\WINDOWS\System32\drivers\serenum.sys E5B450E4E0DC1591254BF9CCF6C57B40
C:\WINDOWS\System32\drivers\serial.sys 628D8DD136F92316BFEB58FA005338B7
C:\WINDOWS\System32\drivers\sermouse.sys E5BA0B7353ADC5C95AB466D2E4DC89B1
C:\WINDOWS\System32\drivers\sfloppy.sys 15CFCC4692DA8887B977CE5FC5181084
C:\WINDOWS\System32\drivers\SiSRaid2.sys 2339F6B45E1D863B1D327F3AFD75A675
C:\WINDOWS\System32\drivers\sisraid4.sys F520D50AD7266ED31D25DF4C8EA6BC2D
C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys 4E2924B293472A1B1AD7943BF7916237
C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys 73FE7A9F7EEC656A33A69B4CDADCB1D8
C:\WINDOWS\System32\drivers\spaceport.sys 2334ED0B61CAE7E7B1B454674206CDAC
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys F3F0B8CAC1F3E6C3382EAFCE762475AD
C:\WINDOWS\System32\drivers\SpbCx.sys 83E82B0E292DCDE4C75B9241BF0FB300
C:\WINDOWS\System32\DRIVERS\srv.sys 897A3A77543369BC4D97EB71A40E6111
C:\WINDOWS\System32\DRIVERS\srv2.sys F729DC11C591228D474C0F4D6BC1F0F4
C:\WINDOWS\System32\DRIVERS\srvnet.sys 62E6CF587C037E99F7450F5BAAF0CB87
C:\WINDOWS\System32\drivers\stexstor.sys D40C589F80EB1C511263D0547C0259AE
C:\WINDOWS\System32\drivers\storahci.sys 576A818562069B1E091CC719C143AED2
C:\WINDOWS\System32\drivers\vmstorfl.sys E5F703788DFA05411F1469E96838F438
C:\WINDOWS\System32\drivers\stornvme.sys 330A69A4DEB51569777451FE0FE14080
C:\WINDOWS\System32\drivers\storqosflt.sys 3A62FF78619258E6126C5C4B4CC82C8E
C:\WINDOWS\System32\drivers\storufs.sys C6097966F8EA3B288070CDF7C3C8C3E8
C:\WINDOWS\System32\drivers\storvsc.sys 3DC3B17E92DA02E36B4138733DF6C1AC
C:\WINDOWS\System32\drivers\swenum.sys 2BC4D0EBC2467FE90302AE0AFAF23768
C:\WINDOWS\System32\drivers\Synth3dVsc.sys 572F81CF08972D53BAFFC2A110A2A586
C:\WINDOWS\System32\drivers\SynTP.sys D0EE832EB9249016A494805BCE187868
C:\WINDOWS\System32\drivers\tcpip.sys 9360DA9E370C1E1483967351C0CB7245
C:\WINDOWS\System32\drivers\tcpip.sys 9360DA9E370C1E1483967351C0CB7245
C:\WINDOWS\System32\drivers\tcpipreg.sys 1C35A5C62D110346379C55E39A3D547C
C:\WINDOWS\system32\DRIVERS\tdx.sys D74756DD1518D28A09CDA99696273FA4
C:\WINDOWS\System32\drivers\terminpt.sys 96A35CDBA661D41C5A3914257CA1D200
C:\WINDOWS\System32\drivers\tpm.sys F76A92975340DAA99939DA297D677EA8
C:\WINDOWS\System32\drivers\tsusbflt.sys 9856BCCD1CD5DE4D17E8DBBA7CEFC688
C:\WINDOWS\System32\drivers\TsUsbGD.sys 837AD2B941E721BCCEB7EF137E2DEE18
C:\WINDOWS\System32\drivers\tunnel.sys B3142C6118703E98EB0510CF7B43D0F2
C:\WINDOWS\System32\drivers\uaspstor.sys B4C846ABD462558D45CA578C855759C3
C:\WINDOWS\System32\Drivers\UcmCx.sys 7B2B767C4DB23F87C698C139BEBEA400
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 8BB64E04CD97AD8C68543181D93E2AFC
C:\WINDOWS\System32\drivers\UcmUcsi.sys F083A400FB9CB8ADD1783848CB1C76F0
C:\WINDOWS\System32\drivers\ucx01000.sys 5D4EAF3D0911338CB8FDB088386D6DCA
C:\WINDOWS\System32\drivers\udecx.sys 384E1F0D84B465820416338E52FE7C2B
C:\WINDOWS\System32\DRIVERS\udfs.sys C82BE75239D412057C9E3DB1785680C6
C:\WINDOWS\System32\drivers\UEFI.sys CCDF6EFF952BF3BF34DC17600F479397
C:\WINDOWS\System32\drivers\ufx01000.sys 00BEF71C45FD6B06E7525E7B31EFA88C
C:\WINDOWS\System32\drivers\UfxChipidea.sys 9450AB15C30CF7D1F23C8A42E778C3A2
C:\WINDOWS\System32\drivers\ufxsynopsys.sys CEE12C7A689BDF448715024A7E0EB9C3
C:\WINDOWS\System32\drivers\umbus.sys F39ED750EDF5948FA8CD99D1F4EC9372
C:\WINDOWS\System32\drivers\umpass.sys 55984D4E64C2F8E4223542CBCC15EDEB
C:\WINDOWS\System32\drivers\urschipidea.sys 4D23214CB8B1C36B82061280EB8FDAB3
C:\WINDOWS\System32\drivers\urscx01000.sys 4329D880DB96B504F0DDC991A7374CCD
C:\WINDOWS\System32\drivers\urssynopsys.sys 93FAD0AC5879F274FA248A49E3F3EA33
C:\WINDOWS\System32\drivers\usbccgp.sys D3FE21B96DDFE97F50E8563FCF21C546
C:\WINDOWS\System32\drivers\usbcir.sys ECE3AD18B4C22ED0C4AB1A2AD9AC32C8
C:\WINDOWS\System32\drivers\usbehci.sys F8BCB536866474C6D8008F4C69B778A1
C:\WINDOWS\System32\drivers\usbhub.sys E9039631072644E0EF5488885F3925F9
C:\WINDOWS\System32\drivers\UsbHub3.sys 62F77D1A95EC9CCF40648695FA910729
C:\WINDOWS\System32\drivers\usbohci.sys BE6ED98FD0D3FE5FB11762AD7CCD6C96
C:\WINDOWS\System32\drivers\usbprint.sys CEE43CD5357DB8786CE6E2C430841AE4
C:\WINDOWS\System32\drivers\usbscan.sys 96B48485A7CC2C0A63C196A16403C5F3
C:\WINDOWS\System32\drivers\usbser.sys 8E6AE06A1CA4055340A49D73C9E0C21B
C:\WINDOWS\System32\drivers\USBSTOR.SYS 67E26F56CF7EACCBD9C9F75343A3D7C2
C:\WINDOWS\System32\drivers\usbuhci.sys 7BA802C9F73A84B75BB22538ADA495BE
C:\WINDOWS\System32\drivers\USBXHCI.SYS 50E70B3A95138AA4A30B095270EE0DE6
C:\WINDOWS\System32\drivers\vdrvroot.sys C1EC9211C7759D2487FD30934AA3EE96
C:\WINDOWS\System32\drivers\VerifierExt.sys C83F3BC00651448DB127D497CF955089
C:\WINDOWS\System32\drivers\vhdmp.sys 0E12F5F6B1C813D17AFDA197C4394423
C:\WINDOWS\System32\drivers\vhf.sys 1AD096A5C00E522398D0092D875A8CB6
C:\WINDOWS\System32\drivers\vmbus.sys EE9A22CFD9AEDD7B52F98B0272494609
C:\WINDOWS\System32\drivers\VMBusHID.sys BFBD0895926FD98A03AD6BB845B569B7
C:\WINDOWS\System32\drivers\vmgid.sys C123C97D351C56C75FE5335AB18255EE
C:\WINDOWS\System32\drivers\volmgr.sys 0AB9C264F13E2A070A8CF10EDD099ED2
C:\WINDOWS\System32\drivers\volmgrx.sys 6EE608257C1137A25B402EF8FC77E83A
C:\WINDOWS\System32\drivers\volsnap.sys E3429DBBEA3965BB96E24B16EF4A2551
C:\WINDOWS\System32\drivers\volume.sys 86E790B503C771E674C7DF8FFCBFEFDB
C:\WINDOWS\System32\drivers\vpci.sys B25589A0892E6DF8CC07E5CB48BFC954
C:\WINDOWS\System32\drivers\vsmraid.sys AA4466A47D2CA7ECE3DCF5256017DCC3
C:\WINDOWS\System32\drivers\vstxraid.sys 98BB6C9AD39D8F2E883093F28282FAEC
C:\WINDOWS\System32\drivers\vwifibus.sys B47026E109828102266CBE2F5F9AD113
C:\WINDOWS\System32\drivers\vwififlt.sys 799ECD541A9B2764B36A22A095885365
C:\WINDOWS\System32\drivers\vwifimp.sys 82CA088A33517D1C8571D6850CC13D7E
C:\WINDOWS\System32\drivers\wacompen.sys F0F477541F7AF67CC05DA1CF4921A500
C:\WINDOWS\System32\DRIVERS\wanarp.sys FDD16EF9177A8A2EF08A7FA3D3EFAA13
C:\WINDOWS\System32\DRIVERS\wanarp.sys FDD16EF9177A8A2EF08A7FA3D3EFAA13
C:\WINDOWS\system32\drivers\wcifs.sys 923200B78F5284D674A3712204D0FEFA
C:\WINDOWS\system32\drivers\wcnfs.sys 1737BEF60CA384423CE4B32AF1C2BFFC
C:\WINDOWS\System32\drivers\WdBoot.sys 38130C1C5FE0E08820EE57E1B087B659
C:\WINDOWS\System32\drivers\wdcsam64.sys A556768CC1FA4F36022BEE2F0EDE2566
C:\WINDOWS\System32\drivers\Wdf01000.sys 0C6CBF3490EE5F0D62B5820568CA30B8
C:\WINDOWS\System32\drivers\WdFilter.sys F7B6CB0F9ECD28848E2BDACEAB0D9204
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 08FC100471AC5DE65EBFA40A4258E055
C:\WINDOWS\System32\drivers\usb2ser.sys 8542EAE47D35CB658614C1813C7599A2
C:\WINDOWS\System32\Drivers\WdNisDrv.sys 82A4F22C884B4BAE8B531640859F9871
C:\WINDOWS\System32\drivers\wfplwfs.sys 3C8F0ABD00E197101DCF43FEF8FB0D76
C:\WINDOWS\System32\drivers\wimmount.sys 75014BF6510D4C6C69EEE5B7743A52AF
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys C8EBCFED8FD2CDF725E44AF93016621E
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys D318557F9D7CA3836104F0B8ECB1F32E
C:\WINDOWS\System32\drivers\winmad.sys 31DDF1D001336B2DCE7DF24E99EF1D04
C:\WINDOWS\System32\drivers\winnat.sys 2E1A614EFB0523E20860AE7978DDA0A4
C:\WINDOWS\System32\drivers\WinUSB.SYS 03858B18BB6DF6A400D9FC5153FD28A8
C:\WINDOWS\System32\drivers\winverbs.sys 0BF4A43CF1F3A4D50AFA4561C3B4628D
C:\WINDOWS\System32\drivers\wmiacpi.sys 0D6E1347A891607759340B1E55BA2A77
C:\Windows\System32\Drivers\Wof.sys 1AE1076034392218EE89D2744EC2A071
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 1FD80CBB192A20375F3664639DEB57B5
C:\WINDOWS\system32\drivers\ws2ifsl.sys DAF4451760B46CB383D287C4FAFFE97D
C:\WINDOWS\System32\drivers\WudfPf.sys 455609BF60DA3B57EEAB863DEFCCF14D
C:\WINDOWS\System32\drivers\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\System32\drivers\xboxgip.sys B10655A4C2EFDC25483D670EF52A4854
C:\WINDOWS\System32\drivers\xinputhid.sys 2E50A379A8E4F6C5D85E87C26C08D329
C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys DCF1C283860C3CAB0BF0A71528A0136C

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==
 
================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-04 17:31 - 2017-12-04 17:32 - 000031265 _____ C:\Users\sam\Desktop\FRST.txt
2017-12-04 17:31 - 2017-12-04 17:31 - 000000000 ____D C:\FRST
2017-12-04 17:17 - 2017-12-04 17:17 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-04 17:17 - 2017-12-04 17:17 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-04 17:17 - 2017-12-04 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-04 17:17 - 2017-12-04 17:17 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-04 17:17 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-04 17:16 - 2017-12-04 16:42 - 078346672 _____ (Malwarebytes ) C:\Users\sam\Desktop\mb3-setup-consumer-3.3.1.2183.exe
2017-12-04 17:16 - 2017-12-04 16:42 - 002392576 _____ (Farbar) C:\Users\sam\Desktop\FRST64.exe
2017-12-04 17:11 - 2017-12-04 17:11 - 000000017 _____ C:\Users\sam\AppData\Local\resmon.resmoncfg
2017-12-04 16:19 - 2017-12-04 16:19 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-04 15:55 - 2017-12-04 15:55 - 000056907 _____ C:\WINDOWS\system32\hh.txt
2017-12-04 15:17 - 2017-12-04 15:17 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\545191DE.sys
2017-12-04 14:57 - 2017-12-04 14:57 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7612C618.sys
2017-12-04 14:57 - 2017-12-04 14:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-04 14:54 - 2017-12-04 15:27 - 000000000 ____D C:\Users\sam\Desktop\mbar
2017-12-04 14:54 - 2017-12-04 15:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-04 14:54 - 2017-12-04 15:17 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-04 14:54 - 2017-12-04 14:53 - 014178840 _____ (Malwarebytes Corp.) C:\Users\sam\Desktop\mbar-1.10.3.1001.exe
2017-12-04 14:15 - 2017-12-04 16:18 - 067633152 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-12-04 14:13 - 2017-12-04 14:13 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-12-04 12:58 - 2017-12-04 12:56 - 134171920 _____ (Microsoft Corporation) C:\Users\sam\Desktop\msert (1).exe
2017-12-04 12:55 - 2017-12-04 12:54 - 000000000 _____ C:\Users\sam\Desktop\msert.exe
2017-12-04 12:51 - 2017-12-04 12:51 - 000003652 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-12-01 12:27 - 2017-12-01 12:27 - 000000744 _____ C:\Users\sam\Desktop\Pictures - Shortcut.lnk
2017-11-29 05:38 - 2017-11-29 05:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2017-11-29 05:37 - 2017-12-04 17:31 - 002147380 _____ C:\WINDOWS\ntbtlog.txt
2017-11-29 05:37 - 2017-11-29 05:37 - 000000000 ____D C:\ProgramData\Dolby
2017-11-29 05:37 - 2017-11-29 05:37 - 000000000 ____D C:\Program Files\Realtek
2017-11-29 05:37 - 2017-11-29 05:37 - 000000000 ____D C:\Program Files\CONEXANT
2017-11-29 05:37 - 2015-12-08 16:44 - 000003304 _____ C:\WINDOWS\system32\Drivers\SamSfPa.dat
2017-11-29 05:37 - 2014-12-09 20:11 - 000423128 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
2017-11-29 05:15 - 2017-11-29 05:15 - 756508803 _____ C:\WINDOWS\MEMORY.DMP
2017-11-29 05:15 - 2017-11-29 05:15 - 000752388 _____ C:\WINDOWS\Minidump\112917-5765-01.dmp
2017-11-29 05:15 - 2017-11-29 05:15 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-29 04:03 - 2017-11-29 04:04 - 510536565 _____ C:\Users\sam\Desktop\Recovered data 11-22 23_51_44.zip
2017-11-29 03:10 - 2017-11-29 04:05 - 000331215 _____ C:\WINDOWS\system32\DevModeRunAsUserConfig0.msc
2017-11-29 02:05 - 2017-11-29 02:05 - 000000000 ____D C:\Users\sam\Documents\Security
2017-11-29 00:19 - 2017-11-29 00:19 - 000023578 _____ C:\Users\sam\companion-script1.js
2017-11-28 23:26 - 2017-11-28 23:26 - 000000000 ____D C:\Users\sam\AppData\Local\Conexant
2017-11-28 21:56 - 2017-11-28 21:56 - 000054622 _____ C:\WINDOWS\system32\config\envinfo.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000023576 _____ C:\WINDOWS\system32\config\WinsockCatalog.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000004413 _____ C:\WINDOWS\system32\config\WcnInfo.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000001435 _____ C:\WINDOWS\system32\config\WindowsFirewallConfig.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000660 _____ C:\WINDOWS\system32\config\WindowsFirewallEffectiveRules.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000620 _____ C:\WINDOWS\system32\config\Neighbors.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000543 _____ C:\WINDOWS\system32\config\osinfo.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000372 _____ C:\WINDOWS\system32\config\Dns.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000371 _____ C:\WINDOWS\system32\config\wlaninfo.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000332 _____ C:\WINDOWS\system32\config\FileSharing.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000236 _____ C:\WINDOWS\system32\config\netiostate.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000000 _____ C:\WINDOWS\system32\config\adapterinfo.txt
2017-11-27 15:22 - 2017-12-04 16:17 - 000000000 ____D C:\WINDOWS\pss
2017-11-27 13:56 - 2017-11-27 13:56 - 000000000 ____D C:\Users\sam\AppData\Local\Microsoft_Corporation
2017-11-27 00:49 - 2017-11-27 00:49 - 000040839 _____ C:\Users\sam\Desktop\cmd.pdf
2017-11-27 00:49 - 2017-11-27 00:49 - 000000000 ____D C:\Users\sam\AppData\LocalLow\Temp
2017-11-26 23:10 - 2017-11-26 23:10 - 000000594 _____ C:\Users\sam\Desktop\cert.cer
2017-11-26 20:12 - 2017-11-26 20:12 - 000000000 ____D C:\Users\sam\AppData\Local\Apps\2.0
2017-11-26 16:18 - 2017-11-29 03:54 - 000000000 ____D C:\Users\sam\AppData\Local\CrashDumps
2017-11-24 10:51 - 2017-11-24 10:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2017-11-24 10:42 - 2017-12-04 15:29 - 000000000 ____D C:\Users\Public\Documents\MDMDiagnostics
2017-11-23 23:54 - 2017-12-04 17:04 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-23 23:54 - 2017-11-23 23:54 - 000000000 ____D C:\Users\sam\AppData\Local\Google
2017-11-23 02:43 - 2017-11-23 02:43 - 000000000 ____D C:\ProgramData\Blackmagic Design
2017-11-23 01:06 - 2017-09-06 23:41 - 041229430 _____ C:\Users\sam\Desktop\VID_20170906_234146.mp4
2017-11-23 01:05 - 2017-07-07 20:52 - 074296499 _____ C:\Users\sam\Desktop\VID_20170707_205248.mp4
2017-11-23 01:05 - 2017-07-04 12:26 - 056948478 _____ C:\Users\sam\Desktop\VID_20170704_152658.mp4
2017-11-23 00:55 - 2017-11-21 13:28 - 2953503933 _____ C:\Users\sam\Desktop\VID_20171121_103859~2.mp4
2017-11-23 00:52 - 2017-11-23 00:52 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-11-23 00:52 - 2017-11-23 00:52 - 000000000 ____D C:\Users\sam\AppData\Local\DBG
2017-11-22 23:51 - 2017-11-22 23:51 - 000000000 ____D C:\Users\sam\Desktop\Recovered data 11-22 23_51_44
2017-11-22 23:38 - 2017-11-24 00:05 - 000000028 _____ C:\WINDOWS\OutLog.txt
2017-11-22 23:31 - 2017-11-22 23:31 - 000000000 _____ C:\WINDOWS\BcdLog.txt
2017-11-22 22:02 - 2017-11-22 22:02 - 000000000 ____D C:\ProgramData\SystemAcCrux
2017-11-22 21:49 - 2017-11-22 21:49 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-11-22 16:29 - 2017-11-22 16:30 - 001129816 _____ (Google Inc.) C:\Users\sam\Desktop\ChromeSetupc.exe
2017-11-22 16:20 - 2017-11-22 16:20 - 000051501 _____ C:\Users\sam\Downloads\ChromeSetup.exe.qoijko5.partial
2017-11-22 04:31 - 2017-11-22 16:19 - 000051501 _____ C:\Users\sam\Desktop\ChromeSetup.exe.qoijko5.partial
2017-11-22 04:18 - 2017-11-22 04:18 - 000000000 ____D C:\Users\sam\AppData\Roaming\Macromedia
2017-11-22 03:50 - 2017-11-22 16:20 - 000039494 _____ C:\Users\sam\Downloads\ChromeSetup.exe.xpk4zbb.partial
2017-11-22 02:27 - 2017-11-22 02:37 - 000020094 _____ C:\Users\sam\Desktop\ChromeSetupc.exe.d6vj7ci.partial
2017-11-22 02:12 - 2017-11-22 02:22 - 000039494 _____ C:\Users\sam\Desktop\ChromeSetup.exe.xpk4zbb.partial
2017-11-22 02:12 - 2017-11-22 02:12 - 000000000 _____ C:\Users\sam\Desktop\ChromeSetup.exe
2017-11-21 22:41 - 2017-12-04 14:56 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FB6F0462-6B56-440D-90E1-E11432B25FC6}
2017-11-21 22:11 - 2017-11-21 22:13 - 000000000 ___HD C:\$WINDOWS.~BT
2017-11-21 17:06 - 2017-11-21 17:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-21 17:06 - 2017-11-21 17:06 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-21 17:05 - 2017-11-21 17:05 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-21 17:04 - 2017-11-21 17:04 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-11-21 16:06 - 2017-11-21 16:06 - 000000000 ____D C:\Users\sam\AppData\Local\__SHARED
2017-11-21 14:37 - 2017-11-21 13:50 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-21 13:48 - 2017-11-21 13:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-622049476-34633954-126455062-1001
2017-11-21 13:29 - 2017-11-21 15:11 - 000000000 ____D C:\Users\sam\AppData\Local\MicrosoftEdge
2017-11-21 04:29 - 2017-11-21 04:29 - 000000000 ____D C:\Users\sam\AppData\Local\Publishers
2017-11-21 04:25 - 2017-11-21 04:25 - 000000000 ____D C:\ProgramData\USOShared
2017-11-21 04:24 - 2017-11-26 20:09 - 000000000 ___RD C:\Users\sam\OneDrive
2017-11-21 04:24 - 2017-11-21 04:24 - 000000000 ____D C:\Users\sam\AppData\Local\Comms
2017-11-21 04:23 - 2017-11-21 04:23 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-21 04:22 - 2017-12-04 15:37 - 000000000 __SHD C:\Users\sam\IntelGraphicsProfiles
2017-11-21 04:22 - 2017-12-04 13:11 - 000000000 ____D C:\Users\sam\AppData\Local\Packages
2017-11-21 04:22 - 2017-11-21 21:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-21 04:22 - 2017-11-21 04:22 - 000000000 ____D C:\Users\sam\AppData\Roaming\Adobe
2017-11-21 04:22 - 2017-11-21 04:22 - 000000000 ____D C:\Users\sam\AppData\Local\VirtualStore
2017-11-21 04:22 - 2017-11-21 04:22 - 000000000 ____D C:\Users\sam\AppData\Local\TileDataLayer
2017-11-21 04:22 - 2017-11-21 04:22 - 000000000 ____D C:\Users\sam\AppData\Local\ConnectedDevicesPlatform
2017-11-21 04:21 - 2017-12-01 16:10 - 000000000 ____D C:\Users\sam
2017-11-21 04:21 - 2017-11-21 04:21 - 000000020 ___SH C:\Users\sam\ntuser.ini
2017-11-21 04:17 - 2017-03-18 13:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-11-21 04:16 - 2017-12-04 16:23 - 001231088 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-21 04:15 - 2017-11-21 04:15 - 000000000 _SHDL C:\Users\Default User
2017-11-21 04:15 - 2017-11-21 04:15 - 000000000 _SHDL C:\Users\All Users
2017-11-21 04:15 - 2017-11-21 04:15 - 000000000 _SHDL C:\Documents and Settings
2017-11-21 04:12 - 2017-11-21 04:12 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-11-21 04:12 - 2017-11-21 04:12 - 000000000 ____D C:\WINDOWS\UCI
2017-11-21 04:11 - 2017-11-29 05:37 - 001705080 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\RebootPrompt.exe
2017-11-21 04:11 - 2017-11-29 05:02 - 000000000 ____D C:\ProgramData\Conexant
2017-11-21 04:11 - 2017-11-21 17:04 - 000000000 ____D C:\Intel
2017-11-21 04:11 - 2017-11-21 04:11 - 000000102 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____D C:\ProgramData\UIU
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____D C:\Program Files\Intel
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____D C:\Program Files (x86)\Intel
2017-11-21 04:11 - 2017-04-28 03:38 - 000113640 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-11-21 04:11 - 2017-04-28 03:38 - 000104424 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-11-21 04:11 - 2015-09-16 16:10 - 000225624 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
2017-11-21 04:10 - 2017-12-04 16:41 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-21 04:10 - 2017-12-04 16:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-21 04:10 - 2017-12-04 15:37 - 000217640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-21 04:10 - 2017-11-21 04:10 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-11-21 03:54 - 2017-11-21 03:54 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-11-21 03:54 - 2017-11-21 03:54 - 000000000 ____D C:\WINDOWS\InfusedApps
2017-11-21 03:54 - 2017-11-21 03:54 - 000000000 ____D C:\Windows.old
2017-11-21 03:53 - 2017-11-21 03:53 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-11-21 03:53 - 2017-11-21 03:53 - 000000000 ____D C:\WINDOWS\Setup
2017-11-21 03:53 - 2017-11-21 03:53 - 000000000 ____D C:\Program Files\Synaptics
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\0409
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\OCR
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\DigitalLocker
2017-11-21 03:51 - 2017-11-04 18:40 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-21 03:51 - 2017-11-04 18:40 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-21 03:49 - 2017-12-04 17:04 - 000000000 ___RD C:\Program Files (x86)
2017-11-21 03:49 - 2017-12-04 13:11 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-21 03:49 - 2017-12-04 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-21 03:49 - 2017-12-04 12:31 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-21 03:49 - 2017-11-29 05:37 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-11-21 03:49 - 2017-11-24 11:02 - 000000000 ____D C:\WINDOWS\rescache
2017-11-21 03:49 - 2017-11-23 04:32 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\setup
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\Program Files\Windows Defender
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-11-21 03:49 - 2017-11-21 21:43 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-11-21 03:49 - 2017-11-21 21:43 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-11-21 03:49 - 2017-11-21 21:43 - 000000460 _____ C:\Users\sam\Desktop\install.ins
2017-11-21 03:49 - 2017-11-21 14:21 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-21 03:49 - 2017-11-21 04:25 - 000000000 ____D C:\ProgramData\USOPrivate
2017-11-21 03:49 - 2017-11-21 04:17 - 000000000 ____D C:\WINDOWS\system32\spool
2017-11-21 03:49 - 2017-11-21 04:17 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-11-21 03:49 - 2017-11-21 04:15 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-21 03:49 - 2017-11-21 04:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-21 03:49 - 2017-11-21 04:13 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-11-21 03:49 - 2017-11-21 04:13 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-11-21 03:49 - 2017-11-21 04:13 - 000000000 ____D C:\WINDOWS\HoloShell
2017-11-21 03:49 - 2017-11-21 04:12 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-11-21 03:49 - 2017-11-21 04:10 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2017-11-21 03:49 - 2017-11-21 03:54 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SystemApps
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\Com
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\IME
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\Help
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\Program Files\Common Files\System
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 __RSD C:\WINDOWS\Media
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___SD C:\WINDOWS\system32\Nui
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Web
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Vss
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\tracing
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\TAPI
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SystemResources
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\winevt
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\ras
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\IME
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\ias
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\downlevel
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\DDFs
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\System
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SKB
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\security
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\schemas
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SchCache
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Resources
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Registration
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\PLA
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Performance
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\L2Schemas
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\InputMethod
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Globalization
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Cursors
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Branding
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\addins
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files\Windows Security
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files\Windows NT
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files\Common Files\Services
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files (x86)\Windows NT
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-11-21 03:49 - 2017-11-21 03:48 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-11-21 03:49 - 2017-11-21 03:48 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2017-11-21 03:49 - 2017-11-21 03:48 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-11-21 03:49 - 2017-11-21 03:48 - 000015940 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-11-21 03:49 - 2017-11-21 03:48 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-11-21 03:49 - 2017-11-21 03:48 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-11-21 03:49 - 2017-11-21 03:48 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-11-21 03:49 - 2017-11-21 03:48 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-11-21 03:49 - 2017-11-21 03:48 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-11-21 03:49 - 2017-11-21 03:48 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-11-21 03:49 - 2017-11-21 03:48 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-11-21 03:49 - 2017-11-21 03:48 - 000000219 _____ C:\WINDOWS\system.ini
2017-11-21 03:49 - 2017-11-21 03:48 - 000000092 _____ C:\WINDOWS\win.ini
2017-11-21 03:48 - 2017-11-29 05:37 - 000000000 ____D C:\WINDOWS\INF
2017-11-21 03:46 - 2017-12-04 16:18 - 041156608 _____ C:\WINDOWS\system32\config\SYSTEM
2017-11-21 03:46 - 2017-12-04 16:18 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-11-21 03:46 - 2017-12-04 16:18 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2017-11-21 03:46 - 2017-12-04 16:18 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2017-11-21 03:46 - 2017-12-04 14:13 - 000032768 _____ C:\WINDOWS\system32\config\SAM
2017-11-21 03:46 - 2017-11-29 05:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-21 03:46 - 2017-11-21 22:13 - 000000000 ____D C:\WINDOWS\Panther
2017-11-21 03:46 - 2017-11-21 04:10 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-21 03:46 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\servicing
2017-11-21 03:46 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\SMI
2017-11-21 02:44 - 2017-11-21 03:54 - 000000000 ___HD C:\$SysReset
 
\WINDOWS\system32\srpapi.dll
2017-09-12 16:10 - 2017-09-04 21:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 16:10 - 2017-09-04 21:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 16:10 - 2017-09-04 21:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 16:10 - 2017-09-04 21:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 16:10 - 2017-09-04 21:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 16:10 - 2017-09-04 21:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 16:10 - 2017-09-04 21:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 16:09 - 2017-09-04 22:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 16:09 - 2017-09-04 22:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 16:09 - 2017-09-04 21:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 16:09 - 2017-09-04 21:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-12 16:09 - 2017-09-04 21:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 16:09 - 2017-09-04 21:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-08 01:30 - 2017-07-06 23:15 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2017-09-08 01:30 - 2017-07-06 23:03 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2017-09-08 01:30 - 2017-06-19 21:35 - 005141504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2017-09-08 01:30 - 2017-04-18 23:07 - 002617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-09-08 01:30 - 2017-04-18 22:30 - 002102272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2017-09-07 16:12 - 2017-03-17 22:48 - 000094720 ____N (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2017-09-07 16:12 - 2017-03-17 22:08 - 017777152 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2017-09-07 16:12 - 2017-03-17 22:05 - 000094720 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2017-09-07 16:12 - 2017-03-17 22:02 - 000393216 ____N (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2017-09-07 16:12 - 2017-03-17 21:59 - 000091136 ____N (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2017-09-07 16:12 - 2017-03-17 21:59 - 000079872 ____N (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
 
WINDOWS\system32\DxToolsReportGenerator.dll
2017-09-07 16:12 - 2017-03-17 22:08 - 017777152 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2017-09-07 16:12 - 2017-03-17 22:05 - 000094720 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2017-09-07 16:12 - 2017-03-17 22:02 - 000393216 ____N (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2017-09-07 16:12 - 2017-03-17 21:59 - 000091136 ____N (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2017-09-07 16:12 - 2017-03-17 21:59 - 000079872 ____N (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2017-09-07 16:12 - 2017-03-17 21:57 - 000059392 ____N (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2017-09-07 16:12 - 2017-03-17 21:53 - 000334848 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2017-09-07 16:12 - 2017-03-17 21:52 - 004897280 ____N (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2017-09-07 16:12 - 2017-03-17 21:49 - 001309184 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2017-09-07 16:12 - 2017-03-17 21:48 - 013785600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2017-09-07 16:12 - 2017-03-17 21:47 - 006806016 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2017-09-07 16:12 - 2017-03-17 21:46 - 000370176 ____N (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2017-09-07 16:12 - 2017-03-17 21:44 - 001977344 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2017-09-07 16:12 - 2017-03-17 21:44 - 001174528 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2017-09-07 16:12 - 2017-03-17 21:44 - 000283648 ____N (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2017-09-07 16:12 - 2017-03-17 21:44 - 000163328 ____N (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2017-09-07 16:12 - 2017-03-17 21:43 - 000189952 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2017-09-07 16:12 - 2017-03-17 21:43 - 000176128 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2017-09-07 16:12 - 2017-03-17 21:43 - 000061952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2017-09-07 16:12 - 2017-03-17 21:43 - 000041984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2017-09-07 16:12 - 2017-03-17 21:41 - 000058880 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2017-09-07 16:12 - 2017-03-17 21:39 - 000236544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2017-09-07 16:12 - 2017-03-17 21:38 - 000348672 ____N (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2017-09-07 16:12 - 2017-03-17 21:35 - 001060864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2017-09-07 16:12 - 2017-03-17 21:33 - 003648000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2017-09-07 16:12 - 2017-03-17 21:30 - 001480704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2017-09-07 16:12 - 2017-03-17 21:30 - 000926208 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2017-09-07 16:12 - 2017-03-17 21:30 - 000220160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2017-09-07 16:12 - 2017-03-17 21:30 - 000123904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2017-09-07 16:12 - 2017-03-17 21:29 - 000145408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2017-09-07 16:12 - 2017-03-17 21:29 - 000121344 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2017-09-07 16:12 - 2017-03-17 21:25 - 000269824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-18 05:12 - 2017-08-08 13:22 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-11-18 05:12 - 2017-03-18 13:56 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2017-11-18 05:12 - 2017-03-18 13:56 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2017-11-18 05:12 - 2017-03-18 13:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2017-11-18 05:12 - 2017-03-18 13:56 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersRes.dll
2017-11-18 05:11 - 2017-03-18 13:56 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2017-11-18 05:11 - 2017-03-18 13:56 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2017-11-18 05:11 - 2017-03-18 13:56 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WorkFoldersRes.dll

==================== Files in the root of some directories =======

2017-11-29 00:19 - 2017-11-29 00:19 - 000023578 _____ () C:\Users\sam\companion-script1.js
2017-12-04 17:11 - 2017-12-04 17:11 - 000000017 _____ () C:\Users\sam\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-11-29 05:02 - 2015-11-11 21:19 - 004813656 ____N (Conexant Systems, Inc.) C:\Users\sam\AppData\Local\Temp\KUIU.EXE
2017-11-29 05:01 - 2017-04-27 03:14 - 004832128 _____ (Conexant Systems, Inc.) C:\Users\sam\AppData\Local\Temp\UCI64A154.DLL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


safeboot: Minimal => The system is configured to boot to Safe Mode <==== ATTENTION

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{2e74b717-9ff0-11e5-9708-806e6f6e6963}
{2e74b718-9ff0-11e5-9708-806e6f6e6963}
{2e74b719-9ff0-11e5-9708-806e6f6e6963}
{2e74b71a-9ff0-11e5-9708-806e6f6e6963}
timeout 2

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {ebc1df1c-2769-11e6-b9c2-cad8a79c5675}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0

Firmware Application (101fffff)
-------------------------------
identifier {2e74b714-9ff0-11e5-9708-806e6f6e6963}
description Setup

Firmware Application (101fffff)
-------------------------------
identifier {2e74b715-9ff0-11e5-9708-806e6f6e6963}
description Boot Menu

Firmware Application (101fffff)
-------------------------------
identifier {2e74b716-9ff0-11e5-9708-806e6f6e6963}
description Diagnostic Splash

Firmware Application (101fffff)
-------------------------------
identifier {2e74b717-9ff0-11e5-9708-806e6f6e6963}
description ATA HDD: LITEON CV1-DB256

Firmware Application (101fffff)
-------------------------------
identifier {2e74b718-9ff0-11e5-9708-806e6f6e6963}
description USB FDD:

Firmware Application (101fffff)
-------------------------------
identifier {2e74b719-9ff0-11e5-9708-806e6f6e6963}
description USB CD:

Firmware Application (101fffff)
-------------------------------
identifier {2e74b71a-9ff0-11e5-9708-806e6f6e6963}
description USB HDD:

Firmware Application (101fffff)
-------------------------------
identifier {ebc1df18-2769-11e6-b9c2-cad8a79c5675}
device partition=\Device\HarddiskVolume5
path \EFI\Microsoft\Boot\lrsBootMgr.efi
description Lenovo Recovery System

Windows Boot Loader
-------------------
identifier {ebc1df14-2769-11e6-b9c2-cad8a79c5675}
device ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{ebc1df15-2769-11e6-b9c2-cad8a79c5675}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{ebc1df15-2769-11e6-b9c2-cad8a79c5675}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {ebc1df14-2769-11e6-b9c2-cad8a79c5675}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {ebc1df1c-2769-11e6-b9c2-cad8a79c5675}
nx OptIn
safeboot Minimal
bootmenupolicy Standard
bootlog Yes
sos Yes

Resume from Hibernate
---------------------
identifier {ebc1df1c-2769-11e6-b9c2-cad8a79c5675}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {ebc1df14-2769-11e6-b9c2-cad8a79c5675}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ebc1df15-2769-11e6-b9c2-cad8a79c5675}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume3
ramdisksdipath \Recovery\WindowsRE\boot.sdi


LastRegBack: 2017-11-21 04:10

==================== End of FRST.txt ============================
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

Any particular reason why the scan was run from Safe Mode?
If there is no reason I'd like to see logs from normal mode.
BTW, FRST produces two logs not one.
 
I ran it in safe mode because it was running slow, but I'll run it in normal and post both in a few.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16-11-2017
Ran by sam (administrator) on TAKETHISAZUREBU (04-12-2017 19:21:07)
Running from C:\Users\sam\Desktop
Loaded Profiles: sam (Available Profiles: sam)
Platform: Windows 10 Home Version 1703 15063.726 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_12cbd645391cbdcb\igfxCUIService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel Corporation) C:\Windows\syswow64\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Conexant Systems, Inc.) C:\Windows\syswow64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_12cbd645391cbdcb\igfxEM.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Microsoft Corporation) C:\Windows\System32\CastSrv.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-27] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [916184 2014-07-02] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{4bef2cda-b647-4294-ba67-d20ea3da0dfc}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-622049476-34633954-126455062-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-622049476-34633954-126455062-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/chrome/browser/desktop/index.html?hl=en&brand=OKWM&utm_source=en-google.com&utm_medium=material-callout&utm_campaign=IE-material-callout-smarter

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-29] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-19] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-29] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-29] (Intel Corporation)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [84280 2016-05-16] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-12-04] (Malwarebytes)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [7932160 2017-01-24] (Intel Corporation)
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-09-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3127576 2016-07-14] (Realtek Semiconductor Corp.)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [42184 2015-07-27] (Synaptics Incorporated)
S3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [42696 2015-07-27] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\System32\drivers\usb2ser.sys [151184 2016-07-15] (MBB)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys AAB860A5E606B9621E130D8C29D3F305
C:\WINDOWS\System32\drivers\3ware.sys 4140B14929C555E9513D59A2EEB5C471
C:\WINDOWS\System32\drivers\ACPI.sys AC251B31370C1E00F577928260B8939F
C:\WINDOWS\System32\drivers\AcpiDev.sys 3E5E5DAE5CAEC0209C93D3AD8128D8A0
C:\WINDOWS\System32\Drivers\acpiex.sys F72D7CC7E7A97A09757313F3B4C7E17A
C:\WINDOWS\System32\drivers\acpipagr.sys F04B6F53FBDB2B6B0451AE53DE19F0C9
C:\WINDOWS\System32\drivers\acpipmi.sys C347A6095F3BE417D24F1E1349F4AF0F
C:\WINDOWS\System32\drivers\acpitime.sys 686BFFC47454DD2F58795C2EE891CA9F
C:\WINDOWS\System32\drivers\AcpiVpc.sys E13DE7CD2B62254DD4FF658B7798A37D
C:\WINDOWS\System32\drivers\ADP80XX.SYS FBDA59118E59B3722248C66BAD89CAA9
C:\WINDOWS\system32\drivers\afd.sys 5A6D591D56791BA63CE73FCAD60D89A1
C:\WINDOWS\System32\DRIVERS\ahcache.sys 1D914C996F2C3134E2344BB74F79BCF6
C:\WINDOWS\System32\drivers\amdk8.sys 9C39FBA94FFEF04561D13ED0D1B50DD0
C:\WINDOWS\System32\drivers\amdppm.sys 395D56FA2E22A10AE4774440D086F559
C:\WINDOWS\System32\drivers\amdsata.sys EB729A9ADCB9F9C406B533F95E2F67D4
C:\WINDOWS\System32\drivers\amdsbs.sys 3B5C5C696F33FE61F1922533B03B9316
C:\WINDOWS\System32\drivers\amdxata.sys A7D45A303FF8A9493C96C4B804051E6E
C:\WINDOWS\System32\drivers\appid.sys 2A5A93CAFF4320172897E9A366313962
C:\WINDOWS\System32\drivers\applockerfltr.sys EAF36A714E16A69B8B4ED7591CBA77B6
C:\WINDOWS\System32\drivers\arcsas.sys 6E456A94B9BD7F6B4758729BCEDE40C3
C:\WINDOWS\System32\drivers\asyncmac.sys 766F3A7E42AFCF74265FAC78987D1665
C:\WINDOWS\System32\drivers\atapi.sys 01733BEEE02E51F712330D5909BD701C
C:\WINDOWS\System32\drivers\bxvbda.sys 0914A5E66C0775CE11960452A6434FEC
C:\WINDOWS\System32\drivers\BasicDisplay.sys F8129321B1874D4386F7FEB754BC3380
C:\WINDOWS\System32\drivers\BasicRender.sys 21C85485F7675F74BC6212052033D553
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys ED03D2ACE378C9EB8BB957ABBD85B951
C:\WINDOWS\System32\DRIVERS\bowser.sys 2342B8619193B0D9FAC0D02C69DCE74A
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys AF57F0B0E284BE06860A7B701341324D
C:\WINDOWS\System32\drivers\BthEnum.sys CE5210E1DFD49B2F02507C30B9B26CB4
C:\WINDOWS\System32\drivers\bthhfenum.sys E1E55BA45510B2B0309E2C77ABEB1BFE
C:\WINDOWS\System32\drivers\BthHFHid.sys 336A9C0254A0178ED50281B6EDF5B836
C:\WINDOWS\System32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 2175D891ABDC407699FFDBC4C3B131FA
C:\WINDOWS\System32\drivers\bthmodem.sys 5428242193611BF91DDBF4F58900A55A
C:\WINDOWS\System32\drivers\bthpan.sys D8044E77B06BAE2F8B5C48F3C7E1FF98
C:\WINDOWS\System32\drivers\BTHport.sys 27B7348B88DE2F93C4FB4D53EC469AB0
C:\WINDOWS\System32\drivers\BTHUSB.sys FA5CE6301192DD6ED4AA747B2C88FD42
C:\WINDOWS\System32\drivers\buttonconverter.sys FF4F46CEF5ED7FDE650CA1D73D9FB663
C:\WINDOWS\System32\drivers\CAD.sys 029434AC0A3935F9125ABBD08BF7C30B
C:\WINDOWS\System32\drivers\capimg.sys 307AE8BC9B45772DA02FB952A1D86C35
C:\WINDOWS\System32\DRIVERS\cdfs.sys B6E5AD7C83A5254DEE9D86023C0E5A81
C:\WINDOWS\System32\drivers\cdrom.sys ABE77AD954BC3D72F559CF0C381E50BC
C:\WINDOWS\System32\drivers\cht4sx64.sys 05EA22CFC40EDE05BF6E3BC782E5204C
C:\WINDOWS\System32\drivers\cht4vx64.sys 863E1C9F6750446DFB9EDCAEC3531367
C:\WINDOWS\System32\drivers\circlass.sys 3E416539352B007AD0610BF34AC15D31
C:\WINDOWS\System32\drivers\cldflt.sys 616E1ED94FA7F96D429D985FDB203D2E
C:\WINDOWS\System32\drivers\CLFS.sys AF0BF03C8574DD026FAF9A82A64C2D04
C:\WINDOWS\System32\drivers\registry.sys 5118CFC33BBB51C7E3ED441B7085AD26
C:\WINDOWS\System32\drivers\CmBatt.sys 232F3A3AC3A2FB32C5C46503A6517073
C:\WINDOWS\System32\Drivers\cng.sys 9CFEC4FA16A7E1D7C0E6B353CBDFD2F2
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys E1BFF774FF67CA951A5DFF0E104FB132
C:\WINDOWS\system32\drivers\CHDRT64.sys 6B51763B8504B45E010D1296E24A4CF3
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys DFDAEDB857BC18764F0D8ECDCC3C1499
C:\WINDOWS\System32\drivers\condrv.sys 04532711732BE9DBC364E88E4A9EC18A
C:\WINDOWS\System32\drivers\dam.sys F51953EC4B9AACD92A3B3CE66E05CEF4
C:\WINDOWS\System32\Drivers\dfsc.sys 185A4519B7764F4DEF714D890A7A9FD2
C:\WINDOWS\System32\drivers\disk.sys 1203EA16F36C5BEB2509FB7CC03DC178
C:\WINDOWS\System32\drivers\dmvsc.sys 038B8B76284BC291EC75B005BB3EB13F
C:\WINDOWS\System32\drivers\dptf_cpu.sys 4DD17AA07FA0A75E79B47E5B7F18964D
C:\WINDOWS\System32\drivers\drmkaud.sys 3D934A1C02EB6979CF45C70A71F580EC
C:\WINDOWS\System32\drivers\dxgkrnl.sys EB3658BA2508A482782BC5402655206E
C:\WINDOWS\System32\drivers\evbda.sys D64CD3AE93125EDA383190C2AF607E70
C:\WINDOWS\System32\drivers\EhStorClass.sys FFBB37982E6D24AEC7A2E5459098EAC9
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys ABF38D02E01D6ED87AE1DF65FC5DF62D
C:\WINDOWS\System32\drivers\errdev.sys B9A59B4AD516E38C39FA416398B96CCB
C:\WINDOWS\system32\DRIVERS\esif_lf.sys A63C10A6A6B09FED00046DDD313C2CC1
C:\Windows\System32\Drivers\exfat.sys 9C4D88E8614487AD85A6F18A71A7298F
C:\Windows\System32\Drivers\fastfat.sys C61014A176ECAAF97589E6FC979CE786
C:\WINDOWS\System32\drivers\fdc.sys 853081957BA148F38FD8DE4390CFCF4A
C:\WINDOWS\System32\drivers\filecrypt.sys 27E764D6460504B7271AFECE7A59FB76
C:\WINDOWS\System32\drivers\fileinfo.sys 3D6087F51110F3CC0DA89385354F8C5E
C:\WINDOWS\System32\drivers\filetrace.sys 057E95E53C38260C4EF49B3A077770CD
C:\WINDOWS\System32\drivers\flpydisk.sys 90B2983D8495C26345A1DC5F0C3BB07B
C:\WINDOWS\System32\drivers\fltmgr.sys A84261F75F490E45CFEDBA77EFE4F67E
C:\WINDOWS\System32\drivers\FsDepends.sys D2814848206DFC18EB8D3D069FAE703E
C:\Windows\System32\Drivers\Fs_Rec.sys AE7EDF845F41ACA3B74567C3CE20E987
C:\WINDOWS\System32\DRIVERS\fvevol.sys BC98224B00A582B0B7A6644900669175
C:\WINDOWS\System32\drivers\vmgencounter.sys 4616F61E24B3AEA6E0E4EA7D69531EF4
C:\WINDOWS\System32\drivers\genericusbfn.sys 23174BB6937459B924BB8EF667FB28EF
C:\WINDOWS\System32\Drivers\msgpioclx.sys 4B11CFBE1D9B73A9D865F6AB26F800BA
C:\WINDOWS\System32\drivers\gpuenergydrv.sys 3FC3FCF557D0BE3D724EA10642E1F6FF
C:\WINDOWS\System32\drivers\HDAudBus.sys 02B9639D9997E95CDF2F4C4F3BDCC73D
C:\WINDOWS\System32\drivers\HidBatt.sys 9F90819E301C70A3A042FC05D3E41B5F
C:\WINDOWS\System32\drivers\hidbth.sys 1FE8E2676CD512181F84B27EE86CE29C
C:\WINDOWS\System32\drivers\hidi2c.sys 55DAF856F9633DD2519BA4E942870F02
C:\WINDOWS\System32\drivers\hidinterrupt.sys E34216A190D9BF8EAA666F6903BCD0EF
C:\WINDOWS\System32\drivers\hidir.sys 852DBB5185996AD8C73872A43A453729
C:\WINDOWS\System32\drivers\hidusb.sys C1A608120DE0DF52E51B8BAF86AF19F9
C:\WINDOWS\System32\drivers\HpSAMD.sys 8ADD9CA3E0F18CEA11EA6FAED794A228
C:\WINDOWS\System32\drivers\HTTP.sys BB1AE72906564A6E81B79D73A05AE21F
C:\WINDOWS\System32\drivers\hvservice.sys F60F8390B635156593F7493AE898AFB0
C:\WINDOWS\System32\drivers\hwpolicy.sys 563F5FC3B46A70A91AB6C8822AC8BF25
C:\WINDOWS\System32\drivers\hyperkbd.sys C082249BC3E972C8A132D9EC6AD9EAD5
C:\WINDOWS\System32\drivers\i8042prt.sys C6C8315E3262FAE460529C6DA2951682
C:\WINDOWS\System32\drivers\iagpio.sys C6B8743B213F06AA60943D8366FE968F
C:\WINDOWS\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 42962355A7911407026E920E7252E3E5
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys BD47B2FEABFA48C6224D43EE9EA9BC06
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 2184CB3A65888F446FCD6DBA9F073F4C
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 4126F8DA08CE7924A3AE6F7235F85D5F
C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys 9FC5FEF534F277D1FD583CC5F8B5856B
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorA.sys 6C9A376345D77BDAD957D83B57FD3D73
C:\WINDOWS\System32\drivers\iaStorAV.sys D820075D3395BED28FC57AEF8FBA666F
C:\WINDOWS\System32\drivers\iaStorV.sys A243E0CE8644378C9A9D015ABC3EDA27
C:\WINDOWS\System32\drivers\ibbus.sys E16E4FC9F250E48CB2CAD93E59D010E2
C:\WINDOWS\system32\DRIVERS\ibtusb.sys 18F7B1E3C5DE1CC8B3D2BBF90F7350EF
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_12cbd645391cbdcb\igdkmd64.sys 4714DD533E71DD429CAB014ABB3989F3
C:\WINDOWS\System32\drivers\IndirectKmd.sys 0E33BC018502E7FDE77C343055D9C626
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys E4E42ADB9B710CAA2801F5AA3705A8CC
C:\WINDOWS\System32\drivers\intelide.sys 4B7F8A1AAC7172DB6918A0E10E1D78A3
C:\WINDOWS\System32\drivers\intelpep.sys 0A3DBE89C965FFB7C0D0E38834E77B90
C:\WINDOWS\System32\drivers\intelppm.sys 64EC687A811DC4F69DF3816F073352AA
C:\WINDOWS\System32\drivers\iorate.sys 549C278119FF539C3B219C55B98B0E87
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys A0F9F2E87F0C751FE164D90EB44A9B63
C:\WINDOWS\System32\drivers\IPMIDrv.sys 656DDB34996A96539BA6E2843B5F2A77
C:\WINDOWS\System32\drivers\ipnat.sys DCC05E5EAA580C97F13B434FAFACED85
C:\WINDOWS\system32\drivers\irda.sys 9035C10C7EB8CF7C87CEA82A62EBB43A
C:\WINDOWS\System32\drivers\irenum.sys E7FD479E3298F3C8852A0D2F092BDB35
C:\WINDOWS\System32\drivers\isapnp.sys 7FE3B3A30FA20F27AF7022A01C2266BA
C:\WINDOWS\System32\drivers\msiscsi.sys 618707F3F742BF67AB578808171F60EB
C:\WINDOWS\System32\drivers\kbdclass.sys D36B404BF979297C6572AEF98B2594F2
C:\WINDOWS\System32\drivers\kbdhid.sys 7E2036A846789D6D6A2EE21915017EE1
C:\WINDOWS\System32\drivers\kdnic.sys 4C054B8E901F41F5743DADE8A29FF256
C:\WINDOWS\System32\Drivers\ksecdd.sys 2B9F287EF4AAB936D1B92DCE46626631
C:\WINDOWS\System32\Drivers\ksecpkg.sys 6629CAA1F157088B9EDD1EAD24C6D753
C:\WINDOWS\system32\drivers\ksthunk.sys 9778205F28DC4F2EFFCC146647FE5CF0
C:\WINDOWS\System32\drivers\lltdio.sys FC37745959DFA4871759E4DCC836227A
C:\WINDOWS\System32\drivers\lsi_sas.sys 16C9D4D822CCA795A72DC88B25A577CC
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 920F0CFCED5F28A31B79F1C470649D11
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 0FE63316F1C70A0F759A449FAC64C24B
C:\WINDOWS\System32\drivers\lsi_sss.sys 80E82C46B27A923A3744531069B63857
C:\WINDOWS\system32\drivers\luafv.sys 9E84499B0535E3F5452730B9BD033A54
C:\WINDOWS\System32\drivers\mausbhost.sys C3EED732789052C98A2613A7E1C37CDA
C:\WINDOWS\System32\drivers\mausbip.sys 4DCE65116A28488593FF5A6A18B03DB0
C:\WINDOWS\System32\Drivers\mbamswissarmy.sys B047B9CE5A0D800E6D713B43D0405221
C:\WINDOWS\System32\drivers\megasas.sys 0609BF877A2F4DEECC62EEE220AB6242
C:\WINDOWS\System32\drivers\MegaSas2i.sys EEC64C8D498D121607C7615FDFBEE4D0
C:\WINDOWS\System32\drivers\megasr.sys 2B7D3B206833D769218A1F4BE2D73B97
C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys 1039E2C190060B1A51289B47493DA456
C:\WINDOWS\System32\drivers\mlx4_bus.sys 89257B8D3826B5629CF7F73F97DA44F9
C:\WINDOWS\system32\drivers\mmcss.sys 9AE3C0CC0865B1618A3C97744A6A9E9B
C:\WINDOWS\System32\drivers\modem.sys 0CD29540C32C2E2E0E3D7E9832752AF3
C:\WINDOWS\System32\drivers\monitor.sys 534477FCAFDFCA6B841BFA06BD26BCC5
C:\WINDOWS\System32\drivers\mouclass.sys F5D4E18A70BA069D479154442CDEB60D
C:\WINDOWS\System32\drivers\mouhid.sys 5C09868963B0C076AC3BC7759A46B7B1
C:\WINDOWS\System32\drivers\mountmgr.sys 8BF7039787036529B98E50AE86A0E46B
C:\WINDOWS\System32\drivers\mpsdrv.sys AD118EC95E9EF4D5223D681D8F183567
C:\WINDOWS\system32\drivers\mrxdav.sys D14C297933C82B8CB0B5CBBA4DDC830B
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys F2AD1B72C5A6475FB5FF332E1980DF88
C:\WINDOWS\System32\DRIVERS\mrxsmb10.sys 3E76F1B33FDB39C524086CA6774CA2C6
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 7EFDF47AA174D8CD8F6BAB40CC5D6D51
C:\WINDOWS\System32\drivers\bridge.sys 44A8A52763381E5DCAE122330191493C
C:\Windows\System32\Drivers\Msfs.sys 92C00BD9616F353CA59A755C33269757
C:\WINDOWS\System32\drivers\msgpiowin32.sys F27EC8F7A0A779276E5DA2E70C2B01EE
C:\WINDOWS\System32\drivers\mshidkmdf.sys CBA955A54C9446CAAD28C76789D3B071
C:\WINDOWS\System32\drivers\mshidumdf.sys E8E568EF60677E4534F387C53EE1B35F
C:\WINDOWS\System32\drivers\msisadrv.sys 16376B7B0730C04DD1A2C0CC8E09E420
C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys C2939119A17E52D74191EFC1E4CDEE09
C:\WINDOWS\System32\drivers\mslldp.sys E40B960078A15D4901265D32E071C42D
C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys B4860AB91DC4E73936F0FF504D6B4B07
C:\WINDOWS\system32\DRIVERS\MSPQM.sys 8EDC45C3F7F64A51C98B59E24648F74B
C:\Windows\System32\Drivers\MsRPC.sys 7DA5FAC2A49D30CA5B7B96B8B26281AC
C:\WINDOWS\System32\drivers\mssmbios.sys 7E3365C8BC83DCE88D6226BB5C7170C4
C:\WINDOWS\system32\DRIVERS\MSTEE.sys 09D51564E49181E9928910D6B91C920E
C:\WINDOWS\System32\drivers\MTConfig.sys 793AE56A3946EAD5F906C28D294FEFE6
C:\WINDOWS\System32\Drivers\mup.sys E35F51C7474A26680627477462715206
C:\WINDOWS\System32\drivers\mvumis.sys 74BD1149BF50F1E24934042A3BD17C90
C:\WINDOWS\System32\DRIVERS\nwifi.sys 83397BCE9D176B74E80975647A295748
C:\WINDOWS\System32\drivers\ndfltr.sys 0FFE8AF1B94C5FD54E6ACC6DAE990D31
C:\WINDOWS\System32\drivers\ndis.sys BC6EB2110C8462FF20E74B2E2A31917E
C:\WINDOWS\System32\drivers\ndiscap.sys 4EA73CFDEE4A628D387D95464A131F29
C:\WINDOWS\System32\drivers\NdisImPlatform.sys EB127689AF6F24091AB73538A556257F
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 73B4C72FB6170A08C64BDA92DE93ECF7
C:\WINDOWS\System32\drivers\ndisuio.sys 6704F27EB15A5B30AA7FA5A4F4D1FD47
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys FE87CCAA89433FC306A80F15E848F4B2
C:\WINDOWS\System32\drivers\ndiswan.sys 94517BC9F29A1B73D377F1BF1C3DCA34
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 94517BC9F29A1B73D377F1BF1C3DCA34
C:\WINDOWS\System32\DRIVERS\NDProxy.sys AC6AC99075732F5C29DB0004DD5B1AC6
C:\WINDOWS\System32\drivers\Ndu.sys 9AC090451D92E6081EB89CDA83D74189
C:\WINDOWS\System32\drivers\NetAdapterCx.sys A115DDB2C7805C41EEC9A5276FF5764E
C:\WINDOWS\System32\drivers\netbios.sys F420B6CAB5151A38E4DBBFFB500C11DA
C:\WINDOWS\System32\DRIVERS\netbt.sys BAD3C424788BC071C3EC82CFCDA954D2
C:\WINDOWS\System32\drivers\netvsc.sys 8C03F2F5A9E93AEB08B3AEE51552394A
C:\WINDOWS\system32\DRIVERS\Netwtw04.sys A878A444B442606F3669D78D1E58A4FC
C:\Windows\System32\Drivers\Npfs.sys 6D8F6A9C53CFB0C49E8251A442B7283F
C:\WINDOWS\System32\drivers\npsvctrig.sys BABF7E1757D6908941C9F9CBD66A5EF0
C:\WINDOWS\System32\drivers\nsiproxy.sys 244C3E541E741C9D8F67E05D9D9AFBE7
C:\Windows\System32\Drivers\NTFS.sys 4FB781DF7C0ED6B989F465A7886583F1
C:\Windows\System32\Drivers\Null.sys 4FFB2D5655D10700D5B8E205C4DB86BD
C:\WINDOWS\System32\drivers\nvdimmn.sys 99EB6376EC2C03CE5F668577651E3454
C:\WINDOWS\System32\drivers\nvraid.sys 3DB2E9E207358BFBD09B77B5119ECA5B
C:\WINDOWS\System32\drivers\nvstor.sys 4C04BFBD4DB2EECCC47F5FA39D65BB6E
C:\WINDOWS\System32\drivers\parport.sys 2CC6C325B271C7CA60F374F8F868CB45
C:\WINDOWS\System32\drivers\partmgr.sys ABE0711474C0518FD914F62AB4FB83E8
C:\WINDOWS\System32\drivers\pci.sys C5B74C6D87E77BC64DEBD1BF57DEB375
C:\WINDOWS\System32\drivers\pciide.sys CFB85CB7A6F6926EA0EB96EDFB3C8A91
C:\WINDOWS\System32\drivers\pcmcia.sys 13B7D84B397A90E82682C47A15C3A98D
C:\WINDOWS\System32\drivers\pcw.sys 76EA512FD9D4673CF7A57775EE8922E2
C:\WINDOWS\System32\drivers\pdc.sys 10E48E45A03A7F4C2B7C11738BE87816
C:\WINDOWS\System32\drivers\peauth.sys 4F190BA3C9BD2F0277BCBF480F396091
C:\WINDOWS\System32\drivers\percsas2i.sys FE52FF97A094609429FEF098EDC6FB08
C:\WINDOWS\System32\drivers\percsas3i.sys FCA143274792F12383C35902E801E83A
C:\WINDOWS\System32\drivers\pmem.sys 414CA4DCC31D795882B25ADC1DACE779
C:\WINDOWS\System32\drivers\raspptp.sys D292D7FADCEE481CC64A9DE8FE9C3347
C:\WINDOWS\System32\drivers\processr.sys D57CF871B3977731A91FE9611A54C7C1
C:\WINDOWS\System32\drivers\pacer.sys B60431D2A046AD97F8427F6E568370F5
C:\WINDOWS\system32\drivers\qwavedrv.sys A2B0F46FBA2521E7E732BDBDB1238515
C:\WINDOWS\System32\DRIVERS\rasacd.sys EA9EB06EFC325CD2ACF5DF2F26A4894E
C:\WINDOWS\System32\drivers\AgileVpn.sys 4E9379389D0A851DD19D130C8FAEFBD0
C:\WINDOWS\System32\drivers\rasl2tp.sys 5279EC98F6218D29EADDFECCC0D80E9A
C:\WINDOWS\System32\DRIVERS\raspppoe.sys D7FF75ED7A48FD60A573C9E959CF4DB5
C:\WINDOWS\System32\drivers\rassstp.sys 6A4E45A7F17FA0B4B1B48C550E311944
C:\WINDOWS\System32\DRIVERS\rdbss.sys F2C575A9657F7B2E027C6CE7BC8F1A2D
C:\WINDOWS\System32\drivers\rdpbus.sys 9414B22E093243636D362BF8C8C12A67
C:\WINDOWS\System32\drivers\rdpdr.sys 53A01D3FDB701AC5D9DDE4140227E3D9
C:\WINDOWS\System32\drivers\rdpvideominiport.sys DF32ED51DC0C3F6F3B1C4CEF71B8B426
C:\WINDOWS\System32\drivers\rdyboost.sys 2369A5B651308E0C3458143976E9B03B
C:\Windows\System32\Drivers\ReFS.sys 3581FB9529035F8EC6DB681664CA70B1
C:\Windows\System32\Drivers\ReFSv1.sys 79E1ADE19D8B7C56EF29D098EAF57AD0
C:\WINDOWS\System32\drivers\rfcomm.sys 9179005CD2702635CF12DB5E0A9D1B0E
C:\WINDOWS\System32\drivers\rspndr.sys E87EECED9287C275B6CF30EB598B1D77
C:\WINDOWS\system32\Drivers\RtsUer.sys 9114099024DC6B97C10F460ED198D13F
C:\WINDOWS\system32\DRIVERS\rtsuvc.sys 070D1D3C910A0BEF91DC0A8E8EFF921D
C:\WINDOWS\System32\drivers\vms3cap.sys 6308366D3CDEA5F427CFF4BCF0081B4E
C:\WINDOWS\System32\drivers\sbp2port.sys 33B2DC5C2F19DA89F862484E23D9833D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 5CFEEFCC6FAD1FD09ACCFBD652DDD85B
C:\WINDOWS\System32\drivers\scmbus.sys 5C8620FAC0E3C1658C8EF7AD7BB7EA5F
C:\WINDOWS\System32\drivers\sdbus.sys 134FB9DCA9244455917D80D33CA31ACA
C:\WINDOWS\System32\drivers\SDFRd.sys 464B615872981015AC4FEEBDEA83A063
C:\WINDOWS\System32\drivers\sdstor.sys 6BC219F1D9CDE08CEB9084ADB41FBA01
C:\WINDOWS\System32\drivers\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\System32\drivers\ser2pl64.sys 2B487E44AAC4B1360E52BC1618B9EFD1
C:\WINDOWS\System32\drivers\SerCx.sys 585329F62195A4B7AAD0A95F6EC89751
C:\WINDOWS\System32\drivers\SerCx2.sys C8F4FDA8B3D039D7947344614FF5BFB2
C:\WINDOWS\System32\drivers\serenum.sys E5B450E4E0DC1591254BF9CCF6C57B40
C:\WINDOWS\System32\drivers\serial.sys 628D8DD136F92316BFEB58FA005338B7
C:\WINDOWS\System32\drivers\sermouse.sys E5BA0B7353ADC5C95AB466D2E4DC89B1
C:\WINDOWS\System32\drivers\sfloppy.sys 15CFCC4692DA8887B977CE5FC5181084
C:\WINDOWS\System32\drivers\SiSRaid2.sys 2339F6B45E1D863B1D327F3AFD75A675
C:\WINDOWS\System32\drivers\sisraid4.sys F520D50AD7266ED31D25DF4C8EA6BC2D
C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys 4E2924B293472A1B1AD7943BF7916237
C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys 73FE7A9F7EEC656A33A69B4CDADCB1D8
C:\WINDOWS\System32\drivers\spaceport.sys 2334ED0B61CAE7E7B1B454674206CDAC
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys F3F0B8CAC1F3E6C3382EAFCE762475AD
C:\WINDOWS\System32\drivers\SpbCx.sys 83E82B0E292DCDE4C75B9241BF0FB300
C:\WINDOWS\System32\DRIVERS\srv.sys 897A3A77543369BC4D97EB71A40E6111
C:\WINDOWS\System32\DRIVERS\srv2.sys F729DC11C591228D474C0F4D6BC1F0F4
C:\WINDOWS\System32\DRIVERS\srvnet.sys 62E6CF587C037E99F7450F5BAAF0CB87
C:\WINDOWS\System32\drivers\stexstor.sys D40C589F80EB1C511263D0547C0259AE
C:\WINDOWS\System32\drivers\storahci.sys 576A818562069B1E091CC719C143AED2
C:\WINDOWS\System32\drivers\vmstorfl.sys E5F703788DFA05411F1469E96838F438
C:\WINDOWS\System32\drivers\stornvme.sys 330A69A4DEB51569777451FE0FE14080
C:\WINDOWS\System32\drivers\storqosflt.sys 3A62FF78619258E6126C5C4B4CC82C8E
C:\WINDOWS\System32\drivers\storufs.sys C6097966F8EA3B288070CDF7C3C8C3E8
C:\WINDOWS\System32\drivers\storvsc.sys 3DC3B17E92DA02E36B4138733DF6C1AC
C:\WINDOWS\System32\drivers\swenum.sys 2BC4D0EBC2467FE90302AE0AFAF23768
C:\WINDOWS\System32\drivers\Synth3dVsc.sys 572F81CF08972D53BAFFC2A110A2A586
C:\WINDOWS\System32\drivers\SynTP.sys D0EE832EB9249016A494805BCE187868
C:\WINDOWS\System32\drivers\tcpip.sys 9360DA9E370C1E1483967351C0CB7245
C:\WINDOWS\System32\drivers\tcpip.sys 9360DA9E370C1E1483967351C0CB7245
C:\WINDOWS\System32\drivers\tcpipreg.sys 1C35A5C62D110346379C55E39A3D547C
C:\WINDOWS\system32\DRIVERS\tdx.sys D74756DD1518D28A09CDA99696273FA4
C:\WINDOWS\System32\drivers\terminpt.sys 96A35CDBA661D41C5A3914257CA1D200
C:\WINDOWS\System32\drivers\tpm.sys F76A92975340DAA99939DA297D677EA8
C:\WINDOWS\System32\drivers\tsusbflt.sys 9856BCCD1CD5DE4D17E8DBBA7CEFC688
C:\WINDOWS\System32\drivers\TsUsbGD.sys 837AD2B941E721BCCEB7EF137E2DEE18
C:\WINDOWS\System32\drivers\tunnel.sys B3142C6118703E98EB0510CF7B43D0F2
C:\WINDOWS\System32\drivers\uaspstor.sys B4C846ABD462558D45CA578C855759C3
C:\WINDOWS\System32\Drivers\UcmCx.sys 7B2B767C4DB23F87C698C139BEBEA400
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 8BB64E04CD97AD8C68543181D93E2AFC
C:\WINDOWS\System32\drivers\UcmUcsi.sys F083A400FB9CB8ADD1783848CB1C76F0
C:\WINDOWS\System32\drivers\ucx01000.sys 5D4EAF3D0911338CB8FDB088386D6DCA
C:\WINDOWS\System32\drivers\udecx.sys 384E1F0D84B465820416338E52FE7C2B
C:\WINDOWS\System32\DRIVERS\udfs.sys C82BE75239D412057C9E3DB1785680C6
C:\WINDOWS\System32\drivers\UEFI.sys CCDF6EFF952BF3BF34DC17600F479397
C:\WINDOWS\System32\drivers\ufx01000.sys 00BEF71C45FD6B06E7525E7B31EFA88C
C:\WINDOWS\System32\drivers\UfxChipidea.sys 9450AB15C30CF7D1F23C8A42E778C3A2
C:\WINDOWS\System32\drivers\ufxsynopsys.sys CEE12C7A689BDF448715024A7E0EB9C3
C:\WINDOWS\System32\drivers\umbus.sys F39ED750EDF5948FA8CD99D1F4EC9372
C:\WINDOWS\System32\drivers\umpass.sys 55984D4E64C2F8E4223542CBCC15EDEB
C:\WINDOWS\System32\drivers\urschipidea.sys 4D23214CB8B1C36B82061280EB8FDAB3
C:\WINDOWS\System32\drivers\urscx01000.sys 4329D880DB96B504F0DDC991A7374CCD
C:\WINDOWS\System32\drivers\urssynopsys.sys 93FAD0AC5879F274FA248A49E3F3EA33
C:\WINDOWS\System32\drivers\usbccgp.sys D3FE21B96DDFE97F50E8563FCF21C546
C:\WINDOWS\System32\drivers\usbcir.sys ECE3AD18B4C22ED0C4AB1A2AD9AC32C8
C:\WINDOWS\System32\drivers\usbehci.sys F8BCB536866474C6D8008F4C69B778A1
C:\WINDOWS\System32\drivers\usbhub.sys E9039631072644E0EF5488885F3925F9
C:\WINDOWS\System32\drivers\UsbHub3.sys 62F77D1A95EC9CCF40648695FA910729
C:\WINDOWS\System32\drivers\usbohci.sys BE6ED98FD0D3FE5FB11762AD7CCD6C96
C:\WINDOWS\System32\drivers\usbprint.sys CEE43CD5357DB8786CE6E2C430841AE4
C:\WINDOWS\System32\drivers\usbscan.sys 96B48485A7CC2C0A63C196A16403C5F3
C:\WINDOWS\System32\drivers\usbser.sys 8E6AE06A1CA4055340A49D73C9E0C21B
C:\WINDOWS\System32\drivers\USBSTOR.SYS 67E26F56CF7EACCBD9C9F75343A3D7C2
C:\WINDOWS\System32\drivers\usbuhci.sys 7BA802C9F73A84B75BB22538ADA495BE
C:\WINDOWS\System32\drivers\USBXHCI.SYS 50E70B3A95138AA4A30B095270EE0DE6
C:\WINDOWS\System32\drivers\vdrvroot.sys C1EC9211C7759D2487FD30934AA3EE96
C:\WINDOWS\System32\drivers\VerifierExt.sys C83F3BC00651448DB127D497CF955089
C:\WINDOWS\System32\drivers\vhdmp.sys 0E12F5F6B1C813D17AFDA197C4394423
C:\WINDOWS\System32\drivers\vhf.sys 1AD096A5C00E522398D0092D875A8CB6
C:\WINDOWS\System32\drivers\vmbus.sys EE9A22CFD9AEDD7B52F98B0272494609
C:\WINDOWS\System32\drivers\VMBusHID.sys BFBD0895926FD98A03AD6BB845B569B7
C:\WINDOWS\System32\drivers\vmgid.sys C123C97D351C56C75FE5335AB18255EE
C:\WINDOWS\System32\drivers\volmgr.sys 0AB9C264F13E2A070A8CF10EDD099ED2
C:\WINDOWS\System32\drivers\volmgrx.sys 6EE608257C1137A25B402EF8FC77E83A
C:\WINDOWS\System32\drivers\volsnap.sys E3429DBBEA3965BB96E24B16EF4A2551
C:\WINDOWS\System32\drivers\volume.sys 86E790B503C771E674C7DF8FFCBFEFDB
C:\WINDOWS\System32\drivers\vpci.sys B25589A0892E6DF8CC07E5CB48BFC954
C:\WINDOWS\System32\drivers\vsmraid.sys AA4466A47D2CA7ECE3DCF5256017DCC3
C:\WINDOWS\System32\drivers\vstxraid.sys 98BB6C9AD39D8F2E883093F28282FAEC
C:\WINDOWS\System32\drivers\vwifibus.sys B47026E109828102266CBE2F5F9AD113
C:\WINDOWS\System32\drivers\vwififlt.sys 799ECD541A9B2764B36A22A095885365
C:\WINDOWS\System32\drivers\vwifimp.sys 82CA088A33517D1C8571D6850CC13D7E
C:\WINDOWS\System32\drivers\wacompen.sys F0F477541F7AF67CC05DA1CF4921A500
C:\WINDOWS\System32\DRIVERS\wanarp.sys FDD16EF9177A8A2EF08A7FA3D3EFAA13
C:\WINDOWS\System32\DRIVERS\wanarp.sys FDD16EF9177A8A2EF08A7FA3D3EFAA13
C:\WINDOWS\system32\drivers\wcifs.sys 923200B78F5284D674A3712204D0FEFA
C:\WINDOWS\system32\drivers\wcnfs.sys 1737BEF60CA384423CE4B32AF1C2BFFC
C:\WINDOWS\System32\drivers\WdBoot.sys 38130C1C5FE0E08820EE57E1B087B659
C:\WINDOWS\System32\drivers\wdcsam64.sys A556768CC1FA4F36022BEE2F0EDE2566
C:\WINDOWS\System32\drivers\Wdf01000.sys 0C6CBF3490EE5F0D62B5820568CA30B8
C:\WINDOWS\System32\drivers\WdFilter.sys F7B6CB0F9ECD28848E2BDACEAB0D9204
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 08FC100471AC5DE65EBFA40A4258E055
C:\WINDOWS\System32\drivers\usb2ser.sys 8542EAE47D35CB658614C1813C7599A2
C:\WINDOWS\System32\Drivers\WdNisDrv.sys 82A4F22C884B4BAE8B531640859F9871
C:\WINDOWS\System32\drivers\wfplwfs.sys 3C8F0ABD00E197101DCF43FEF8FB0D76
C:\WINDOWS\System32\drivers\wimmount.sys 75014BF6510D4C6C69EEE5B7743A52AF
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys C8EBCFED8FD2CDF725E44AF93016621E
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys D318557F9D7CA3836104F0B8ECB1F32E
C:\WINDOWS\System32\drivers\winmad.sys 31DDF1D001336B2DCE7DF24E99EF1D04
C:\WINDOWS\System32\drivers\winnat.sys 2E1A614EFB0523E20860AE7978DDA0A4
C:\WINDOWS\System32\drivers\WinUSB.SYS 03858B18BB6DF6A400D9FC5153FD28A8
C:\WINDOWS\System32\drivers\winverbs.sys 0BF4A43CF1F3A4D50AFA4561C3B4628D
C:\WINDOWS\System32\drivers\wmiacpi.sys 0D6E1347A891607759340B1E55BA2A77
C:\Windows\System32\Drivers\Wof.sys 1AE1076034392218EE89D2744EC2A071
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 1FD80CBB192A20375F3664639DEB57B5
C:\WINDOWS\system32\drivers\ws2ifsl.sys DAF4451760B46CB383D287C4FAFFE97D
C:\WINDOWS\System32\drivers\WudfPf.sys 455609BF60DA3B57EEAB863DEFCCF14D
C:\WINDOWS\System32\drivers\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys 5068DAA8F67A62E964C9C9F88B159EA9
C:\WINDOWS\System32\drivers\xboxgip.sys B10655A4C2EFDC25483D670EF52A4854
C:\WINDOWS\System32\drivers\xinputhid.sys 2E50A379A8E4F6C5D85E87C26C08D329
C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys DCF1C283860C3CAB0BF0A71528A0136C

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-12-04 19:21 - 2017-12-04 19:21 - 000032036 _____ C:\Users\sam\Desktop\FRST.txt
2017-12-04 19:18 - 2017-12-04 19:18 - 000000000 ____D C:\Users\sam\Desktop\fubar
2017-12-04 17:31 - 2017-12-04 19:21 - 000000000 ____D C:\FRST
2017-12-04 17:17 - 2017-12-04 19:17 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2017-12-04 17:17 - 2017-12-04 17:17 - 000001919 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-12-04 17:17 - 2017-12-04 17:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-12-04 17:17 - 2017-12-04 17:17 - 000000000 ____D C:\Program Files\Malwarebytes
2017-12-04 17:17 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-12-04 17:16 - 2017-12-04 16:42 - 078346672 _____ (Malwarebytes ) C:\Users\sam\Desktop\mb3-setup-consumer-3.3.1.2183.exe
2017-12-04 17:16 - 2017-12-04 16:42 - 002392576 _____ (Farbar) C:\Users\sam\Desktop\FRST64.exe
2017-12-04 17:11 - 2017-12-04 17:11 - 000000017 _____ C:\Users\sam\AppData\Local\resmon.resmoncfg
2017-12-04 16:19 - 2017-12-04 18:51 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-12-04 15:55 - 2017-12-04 15:55 - 000056907 _____ C:\WINDOWS\system32\hh.txt
2017-12-04 15:17 - 2017-12-04 15:17 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\545191DE.sys
2017-12-04 14:57 - 2017-12-04 14:57 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7612C618.sys
2017-12-04 14:57 - 2017-12-04 14:57 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-12-04 14:54 - 2017-12-04 15:27 - 000000000 ____D C:\Users\sam\Desktop\mbar
2017-12-04 14:54 - 2017-12-04 15:27 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-12-04 14:54 - 2017-12-04 15:17 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-12-04 14:54 - 2017-12-04 14:53 - 014178840 _____ (Malwarebytes Corp.) C:\Users\sam\Desktop\mbar-1.10.3.1001.exe
2017-12-04 14:15 - 2017-12-04 19:16 - 067633152 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-12-04 14:13 - 2017-12-04 14:13 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-12-04 12:58 - 2017-12-04 12:56 - 134171920 _____ (Microsoft Corporation) C:\Users\sam\Desktop\msert (1).exe
2017-12-04 12:55 - 2017-12-04 12:54 - 000000000 _____ C:\Users\sam\Desktop\msert.exe
2017-12-04 12:51 - 2017-12-04 12:51 - 000003652 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-12-01 12:27 - 2017-12-01 12:27 - 000000744 _____ C:\Users\sam\Desktop\Pictures - Shortcut.lnk
2017-11-29 05:38 - 2017-11-29 05:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant
2017-11-29 05:37 - 2017-12-04 19:16 - 002378210 _____ C:\WINDOWS\ntbtlog.txt
2017-11-29 05:37 - 2017-11-29 05:37 - 000000000 ____D C:\ProgramData\Dolby2017-11-29 05:37 - 2017-11-29 05:37 - 000000000 ____D C:\Program Files\Realtek
2017-11-29 05:37 - 2017-11-29 05:37 - 000000000 ____D C:\Program Files\CONEXANT
2017-11-29 05:37 - 2015-12-08 16:44 - 000003304 _____ C:\WINDOWS\system32\Drivers\SamSfPa.dat
2017-11-29 05:37 - 2014-12-09 20:11 - 000423128 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe
2017-11-29 05:15 - 2017-11-29 05:15 - 756508803 _____ C:\WINDOWS\MEMORY.DMP
2017-11-29 05:15 - 2017-11-29 05:15 - 000752388 _____ C:\WINDOWS\Minidump\112917-5765-01.dmp
2017-11-29 05:15 - 2017-11-29 05:15 - 000000000 ____D C:\WINDOWS\Minidump
2017-11-29 04:03 - 2017-11-29 04:04 - 510536565 _____ C:\Users\sam\Desktop\Recovered data 11-22 23_51_44.zip
2017-11-29 03:10 - 2017-11-29 04:05 - 000331215 _____ C:\WINDOWS\system32\DevModeRunAsUserConfig0.msc
2017-11-29 02:05 - 2017-11-29 02:05 - 000000000 ____D C:\Users\sam\Documents\Security
2017-11-29 00:19 - 2017-11-29 00:19 - 000023578 _____ C:\Users\sam\companion-script1.js
2017-11-28 23:26 - 2017-11-28 23:26 - 000000000 ____D C:\Users\sam\AppData\Local\Conexant
2017-11-28 21:56 - 2017-11-28 21:56 - 000054622 _____ C:\WINDOWS\system32\config\envinfo.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000023576 _____ C:\WINDOWS\system32\config\WinsockCatalog.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000004413 _____ C:\WINDOWS\system32\config\WcnInfo.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000001435 _____ C:\WINDOWS\system32\config\WindowsFirewallConfig.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000660 _____ C:\WINDOWS\system32\config\WindowsFirewallEffectiveRules.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000620 _____ C:\WINDOWS\system32\config\Neighbors.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000543 _____ C:\WINDOWS\system32\config\osinfo.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000372 _____ C:\WINDOWS\system32\config\Dns.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000371 _____ C:\WINDOWS\system32\config\wlaninfo.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000332 _____ C:\WINDOWS\system32\config\FileSharing.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000236 _____ C:\WINDOWS\system32\config\netiostate.txt
2017-11-28 21:56 - 2017-11-28 21:56 - 000000000 _____ C:\WINDOWS\system32\config\adapterinfo.txt
2017-11-27 15:22 - 2017-12-04 19:16 - 000000000 ____D C:\WINDOWS\pss
2017-11-27 13:56 - 2017-11-27 13:56 - 000000000 ____D C:\Users\sam\AppData\Local\Microsoft_Corporation
2017-11-27 00:49 - 2017-11-27 00:49 - 000040839 _____ C:\Users\sam\Desktop\cmd.pdf
2017-11-27 00:49 - 2017-11-27 00:49 - 000000000 ____D C:\Users\sam\AppData\LocalLow\Temp
2017-11-26 23:10 - 2017-11-26 23:10 - 000000594 _____ C:\Users\sam\Desktop\cert.cer
2017-11-26 20:12 - 2017-11-26 20:12 - 000000000 ____D C:\Users\sam\AppData\Local\Apps\2.0
2017-11-26 16:18 - 2017-11-29 03:54 - 000000000 ____D C:\Users\sam\AppData\Local\CrashDumps
2017-11-24 10:51 - 2017-11-24 10:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2017-11-24 10:42 - 2017-12-04 15:29 - 000000000 ____D C:\Users\Public\Documents\MDMDiagnostics
2017-11-23 23:54 - 2017-12-04 17:04 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-23 23:54 - 2017-11-23 23:54 - 000000000 ____D C:\Users\sam\AppData\Local\Google
2017-11-23 02:43 - 2017-11-23 02:43 - 000000000 ____D C:\ProgramData\Blackmagic Design
2017-11-23 01:06 - 2017-09-06 23:41 - 041229430 _____ C:\Users\sam\Desktop\VID_20170906_234146.mp4
2017-11-23 01:05 - 2017-07-07 20:52 - 074296499 _____ C:\Users\sam\Desktop\VID_20170707_205248.mp4
2017-11-23 01:05 - 2017-07-04 12:26 - 056948478 _____ C:\Users\sam\Desktop\VID_20170704_152658.mp4
2017-11-23 00:55 - 2017-11-21 13:28 - 2953503933 _____ C:\Users\sam\Desktop\VID_20171121_103859~2.mp4
2017-11-23 00:52 - 2017-11-23 00:52 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-11-23 00:52 - 2017-11-23 00:52 - 000000000 ____D C:\Users\sam\AppData\Local\DBG
2017-11-22 23:51 - 2017-11-22 23:51 - 000000000 ____D C:\Users\sam\Desktop\Recovered data 11-22 23_51_44
2017-11-22 23:38 - 2017-11-24 00:05 - 000000028 _____ C:\WINDOWS\OutLog.txt
2017-11-22 23:31 - 2017-11-22 23:31 - 000000000 _____ C:\WINDOWS\BcdLog.txt
2017-11-22 22:02 - 2017-11-22 22:02 - 000000000 ____D C:\ProgramData\SystemAcCrux
2017-11-22 21:49 - 2017-11-22 21:49 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-11-22 16:29 - 2017-11-22 16:30 - 001129816 _____ (Google Inc.) C:\Users\sam\Desktop\ChromeSetupc.exe
2017-11-22 16:20 - 2017-11-22 16:20 - 000051501 _____ C:\Users\sam\Downloads\ChromeSetup.exe.qoijko5.partial
2017-11-22 04:31 - 2017-11-22 16:19 - 000051501 _____ C:\Users\sam\Desktop\ChromeSetup.exe.qoijko5.partial
2017-11-22 04:18 - 2017-11-22 04:18 - 000000000 ____D C:\Users\sam\AppData\Roaming\Macromedia
2017-11-22 03:50 - 2017-11-22 16:20 - 000039494 _____ C:\Users\sam\Downloads\ChromeSetup.exe.xpk4zbb.partial
2017-11-22 02:27 - 2017-11-22 02:37 - 000020094 _____ C:\Users\sam\Desktop\ChromeSetupc.exe.d6vj7ci.partial
2017-11-22 02:12 - 2017-11-22 02:22 - 000039494 _____ C:\Users\sam\Desktop\ChromeSetup.exe.xpk4zbb.partial
2017-11-22 02:12 - 2017-11-22 02:12 - 000000000 _____ C:\Users\sam\Desktop\ChromeSetup.exe
2017-11-21 22:41 - 2017-12-04 14:56 - 000004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FB6F0462-6B56-440D-90E1-E11432B25FC6}
2017-11-21 22:11 - 2017-11-21 22:13 - 000000000 ___HD C:\$WINDOWS.~BT
2017-11-21 17:06 - 2017-11-21 17:09 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-11-21 17:06 - 2017-11-21 17:06 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2017-11-21 17:05 - 2017-11-21 17:05 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-11-21 17:04 - 2017-11-21 17:04 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-11-21 16:06 - 2017-11-21 16:06 - 000000000 ____D C:\Users\sam\AppData\Local\__SHARED
2017-11-21 14:37 - 2017-11-21 13:50 - 000545440 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-11-21 13:48 - 2017-11-21 13:48 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-622049476-34633954-126455062-1001
2017-11-21 13:29 - 2017-11-21 15:11 - 000000000 ____D C:\Users\sam\AppData\Local\MicrosoftEdge
2017-11-21 04:29 - 2017-11-21 04:29 - 000000000 ____D C:\Users\sam\AppData\Local\Publishers
2017-11-21 04:25 - 2017-11-21 04:25 - 000000000 ____D C:\ProgramData\USOShared
2017-11-21 04:24 - 2017-11-26 20:09 - 000000000 ___RD C:\Users\sam\OneDrive
2017-11-21 04:24 - 2017-11-21 04:24 - 000000000 ____D C:\Users\sam\AppData\Local\Comms
2017-11-21 04:23 - 2017-11-21 04:23 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-21 04:22 - 2017-12-04 19:17 - 000000000 __SHD C:\Users\sam\IntelGraphicsProfiles
2017-11-21 04:22 - 2017-12-04 13:11 - 000000000 ____D C:\Users\sam\AppData\Local\Packages
2017-11-21 04:22 - 2017-11-21 21:46 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-11-21 04:22 - 2017-11-21 04:22 - 000000000 ____D C:\Users\sam\AppData\Roaming\Adobe
2017-11-21 04:22 - 2017-11-21 04:22 - 000000000 ____D C:\Users\sam\AppData\Local\VirtualStore
2017-11-21 04:22 - 2017-11-21 04:22 - 000000000 ____D C:\Users\sam\AppData\Local\TileDataLayer
2017-11-21 04:22 - 2017-11-21 04:22 - 000000000 ____D C:\Users\sam\AppData\Local\ConnectedDevicesPlatform
2017-11-21 04:21 - 2017-12-04 19:16 - 000000000 ____D C:\Users\sam
2017-11-21 04:21 - 2017-11-21 04:21 - 000000020 ___SH C:\Users\sam\ntuser.ini
2017-11-21 04:17 - 2017-03-18 13:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-11-21 04:16 - 2017-12-04 18:55 - 001249138 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-11-21 04:15 - 2017-11-21 04:15 - 000000000 _SHDL C:\Users\Default User
2017-11-21 04:15 - 2017-11-21 04:15 - 000000000 _SHDL C:\Users\All Users
2017-11-21 04:15 - 2017-11-21 04:15 - 000000000 _SHDL C:\Documents and Settings
2017-11-21 04:12 - 2017-11-21 04:12 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2017-11-21 04:12 - 2017-11-21 04:12 - 000000000 ____D C:\WINDOWS\UCI
2017-11-21 04:11 - 2017-11-29 05:37 - 001705080 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\RebootPrompt.exe
2017-11-21 04:11 - 2017-11-29 05:02 - 000000000 ____D C:\ProgramData\Conexant
2017-11-21 04:11 - 2017-11-21 17:04 - 000000000 ____D C:\Intel
2017-11-21 04:11 - 2017-11-21 04:11 - 000000102 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____D C:\ProgramData\UIU
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____D C:\Program Files\Intel
2017-11-21 04:11 - 2017-11-21 04:11 - 000000000 ____D C:\Program Files (x86)\Intel
2017-11-21 04:11 - 2017-04-28 03:38 - 000113640 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-11-21 04:11 - 2017-04-28 03:38 - 000104424 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-11-21 04:11 - 2015-09-16 16:10 - 000225624 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe
2017-11-21 04:10 - 2017-12-04 19:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-11-21 04:10 - 2017-12-04 19:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-11-21 04:10 - 2017-12-04 18:51 - 000217640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-11-21 04:10 - 2017-11-21 04:10 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-11-21 03:54 - 2017-11-21 03:54 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-11-21 03:54 - 2017-11-21 03:54 - 000000000 ____D C:\WINDOWS\InfusedApps
2017-11-21 03:54 - 2017-11-21 03:54 - 000000000 ____D C:\Windows.old
2017-11-21 03:53 - 2017-11-21 03:53 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-11-21 03:53 - 2017-11-21 03:53 - 000000000 ____D C:\WINDOWS\Setup
2017-11-21 03:53 - 2017-11-21 03:53 - 000000000 ____D C:\Program Files\Synaptics
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\winrm
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\WCN
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\slmgr
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\0409
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\OCR
2017-11-21 03:52 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\DigitalLocker
2017-11-21 03:51 - 2017-11-04 18:40 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-11-21 03:51 - 2017-11-04 18:40 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-11-21 03:49 - 2017-12-04 17:04 - 000000000 ___RD C:\Program Files (x86)
2017-11-21 03:49 - 2017-12-04 13:11 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-11-21 03:49 - 2017-12-04 13:10 - 000000000 ___HD C:\Program Files\WindowsApps
2017-11-21 03:49 - 2017-12-04 12:31 - 000000000 ____D C:\WINDOWS\appcompat
2017-11-21 03:49 - 2017-11-29 05:37 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2017-11-21 03:49 - 2017-11-24 11:02 - 000000000 ____D C:\WINDOWS\rescache
2017-11-21 03:49 - 2017-11-23 04:32 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\setup
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\Dism
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\WINDOWS\Provisioning
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\Program Files\Windows Defender
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
 
2017-11-21 03:49 - 2017-11-21 21:44 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-11-21 03:49 - 2017-11-21 21:43 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2017-11-21 03:49 - 2017-11-21 21:43 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2017-11-21 03:49 - 2017-11-21 21:43 - 000000460 _____ C:\Users\sam\Desktop\install.ins
2017-11-21 03:49 - 2017-11-21 14:21 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-11-21 03:49 - 2017-11-21 04:25 - 000000000 ____D C:\ProgramData\USOPrivate
2017-11-21 03:49 - 2017-11-21 04:17 - 000000000 ____D C:\WINDOWS\system32\spool
2017-11-21 03:49 - 2017-11-21 04:17 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2017-11-21 03:49 - 2017-11-21 04:15 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-21 03:49 - 2017-11-21 04:14 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-11-21 03:49 - 2017-11-21 04:13 - 000000000 ___RD C:\WINDOWS\PrintDialog
2017-11-21 03:49 - 2017-11-21 04:13 - 000000000 ___RD C:\WINDOWS\MiracastView
2017-11-21 03:49 - 2017-11-21 04:13 - 000000000 ____D C:\WINDOWS\HoloShell
2017-11-21 03:49 - 2017-11-21 04:12 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-11-21 03:49 - 2017-11-21 04:10 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2017-11-21 03:49 - 2017-11-21 03:54 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ___SD C:\WINDOWS\system32\dsc
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Com
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\SystemApps
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\MUI
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\system32\Com
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\IME
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\Help
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\Program Files\Common Files\System
2017-11-21 03:49 - 2017-11-21 03:52 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 __SHD C:\Program Files\Windows Sidebar
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 __RSD C:\WINDOWS\Media
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 __RHD C:\Users\Public\Libraries
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___SD C:\WINDOWS\system32\Nui
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Web
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Vss
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\tracing
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\TAPI
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SystemResources
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\winevt
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\ras
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\IME
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\icsxml
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\ias
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\Hydrogen
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\downlevel
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\DDFs
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\System
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SKB
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\security
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\schemas
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\SchCache
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Resources
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Registration
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\PLA
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Performance
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\ModemLogs
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\L2Schemas
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\InputMethod
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Globalization
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Cursors
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\Branding
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\bcastdvr
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\addins
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files\Windows Security
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files\Windows Portable Devices
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files\Windows NT
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files\Common Files\Services
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files (x86)\Windows NT
2017-11-21 03:49 - 2017-11-21 03:49 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-11-21 03:49 - 2017-11-21 03:48 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2017-11-21 03:49 - 2017-11-21 03:48 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2017-11-21 03:49 - 2017-11-21 03:48 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2017-11-21 03:49 - 2017-11-21 03:48 - 000015940 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2017-11-21 03:49 - 2017-11-21 03:48 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2017-11-21 03:49 - 2017-11-21 03:48 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2017-11-21 03:49 - 2017-11-21 03:48 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2017-11-21 03:49 - 2017-11-21 03:48 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2017-11-21 03:49 - 2017-11-21 03:48 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2017-11-21 03:49 - 2017-11-21 03:48 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2017-11-21 03:49 - 2017-11-21 03:48 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2017-11-21 03:49 - 2017-11-21 03:48 - 000000219 _____ C:\WINDOWS\system.ini
2017-11-21 03:49 - 2017-11-21 03:48 - 000000092 _____ C:\WINDOWS\win.ini
2017-11-21 03:48 - 2017-11-29 05:37 - 000000000 ____D C:\WINDOWS\INF
2017-11-21 03:46 - 2017-12-04 19:16 - 041156608 _____ C:\WINDOWS\system32\config\SYSTEM
2017-11-21 03:46 - 2017-12-04 19:16 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2017-11-21 03:46 - 2017-12-04 19:16 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2017-11-21 03:46 - 2017-12-04 19:16 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2017-11-21 03:46 - 2017-12-04 14:13 - 000032768 _____ C:\WINDOWS\system32\config\SAM
2017-11-21 03:46 - 2017-11-29 05:36 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-11-21 03:46 - 2017-11-21 22:13 - 000000000 ____D C:\WINDOWS\Panther
2017-11-21 03:46 - 2017-11-21 04:10 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-11-21 03:46 - 2017-11-21 03:52 - 000000000 ____D C:\WINDOWS\servicing
2017-11-21 03:46 - 2017-11-21 03:49 - 000000000 ____D C:\WINDOWS\system32\SMI
2017-11-21 02:44 - 2017-11-21 03:54 - 000000000 ___HD C:\$SysReset
2017-11-15 04:41 - 2017-11-01 22:21 - 001578904 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-11-15 04:41 - 2017-11-01 22:21 - 000678808 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-11-15 04:41 - 2017-11-01 22:21 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-11-15 04:41 - 2017-11-01 22:21 - 000379288 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-11-15 04:41 - 2017-11-01 22:21 - 000190360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-11-15 04:41 - 2017-11-01 22:21 - 000136088 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-11-15 04:41 - 2017-11-01 22:20 - 002032536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-11-15 04:41 - 2017-11-01 22:20 - 001144728 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-11-15 04:41 - 2017-11-01 22:20 - 001015704 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-11-15 04:41 - 2017-11-01 22:20 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-11-15 04:41 - 2017-11-01 22:20 - 000821656 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-11-15 04:41 - 2017-11-01 22:20 - 000613784 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-11-15 04:41 - 2017-11-01 22:20 - 000543640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-11-15 04:41 - 2017-11-01 22:20 - 000484248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-11-15 04:41 - 2017-11-01 22:20 - 000469568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-11-15 04:41 - 2017-11-01 22:20 - 000259992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-11-15 04:41 - 2017-11-01 22:20 - 000034712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-11-15 04:41 - 2017-11-01 22:16 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-11-15 04:41 - 2017-11-01 22:16 - 002398696 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-11-15 04:41 - 2017-11-01 22:16 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-11-15 04:41 - 2017-11-01 22:15 - 001239448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-11-15 04:41 - 2017-11-01 22:15 - 000503704 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-11-15 04:41 - 2017-11-01 22:14 - 000667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-11-15 04:41 - 2017-11-01 22:14 - 000067992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2017-11-15 04:41 - 2017-11-01 22:13 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-11-15 04:41 - 2017-11-01 22:13 - 002443672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-11-15 04:41 - 2017-11-01 22:13 - 001345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-11-15 04:41 - 2017-11-01 22:13 - 000546712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-11-15 04:41 - 2017-11-01 22:13 - 000212888 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-11-15 04:41 - 2017-11-01 22:13 - 000095640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2017-11-15 04:41 - 2017-11-01 22:12 - 000727336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-11-15 04:41 - 2017-11-01 22:12 - 000714648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-11-15 04:41 - 2017-11-01 22:12 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-11-15 04:41 - 2017-11-01 22:12 - 000643192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-11-15 04:41 - 2017-11-01 22:12 - 000430848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-11-15 04:41 - 2017-11-01 22:12 - 000412752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-11-15 04:41 - 2017-11-01 22:12 - 000319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-11-15 04:41 - 2017-11-01 22:12 - 000144248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-11-15 04:41 - 2017-11-01 22:12 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2017-11-15 04:41 - 2017-11-01 22:12 - 000026472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-11-15 04:41 - 2017-11-01 22:11 - 021353200 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-11-15 04:41 - 2017-11-01 22:10 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-11-15 04:41 - 2017-11-01 22:05 - 000871408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-11-15 04:41 - 2017-11-01 22:05 - 000187800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-11-15 04:41 - 2017-11-01 22:04 - 001292360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-11-15 04:41 - 2017-11-01 22:03 - 000223640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-11-15 04:41 - 2017-11-01 21:49 - 001838848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-11-15 04:41 - 2017-11-01 21:45 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-11-15 04:41 - 2017-11-01 21:45 - 000613136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-11-15 04:41 - 2017-11-01 21:45 - 000362144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-11-15 04:41 - 2017-11-01 21:45 - 000354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-11-15 04:41 - 2017-11-01 21:45 - 000283544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-11-15 04:41 - 2017-11-01 21:45 - 000172952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-11-15 04:41 - 2017-11-01 21:45 - 000133896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-11-15 04:41 - 2017-11-01 21:44 - 023680000 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-11-15 04:41 - 2017-11-01 21:44 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-11-15 04:41 - 2017-11-01 21:44 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-11-15 04:41 - 2017-11-01 21:43 - 020372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-11-15 04:41 - 2017-11-01 21:37 - 003668992 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-11-15 04:41 - 2017-11-01 21:37 - 001278976 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-11-15 04:41 - 2017-11-01 21:37 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-11-15 04:41 - 2017-11-01 21:37 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-11-15 04:41 - 2017-11-01 21:37 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-11-15 04:41 - 2017-11-01 21:36 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-11-15 04:41 - 2017-11-01 21:36 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-11-15 04:41 - 2017-11-01 21:35 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2017-11-15 04:41 - 2017-11-01 21:35 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-11-15 04:41 - 2017-11-01 21:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-11-15 04:41 - 2017-11-01 21:35 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2017-11-15 04:41 - 2017-11-01 21:35 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-11-15 04:41 - 2017-11-01 21:34 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-11-15 04:41 - 2017-11-01 21:34 - 000438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2017-11-15 04:41 - 2017-11-01 21:34 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-11-15 04:41 - 2017-11-01 21:34 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-11-15 04:41 - 2017-11-01 21:34 - 000138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageLiveTileTask.exe
2017-11-15 04:41 - 2017-11-01 21:34 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-11-15 04:41 - 2017-11-01 21:34 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-11-15 04:41 - 2017-11-01 21:34 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-11-15 04:41 - 2017-11-01 21:34 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-11-15 04:41 - 2017-11-01 21:33 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-11-15 04:41 - 2017-11-01 21:33 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataUsageHandlers.dll
2017-11-15 04:41 - 2017-11-01 21:33 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2017-11-15 04:41 - 2017-11-01 21:33 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-11-15 04:41 - 2017-11-01 21:33 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertPKICmdlet.dll
2017-11-15 04:41 - 2017-11-01 21:32 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-11-15 04:41 - 2017-11-01 21:32 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-11-15 04:41 - 2017-11-01 21:32 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Storage.dll
2017-11-15 04:41 - 2017-11-01 21:31 - 020512256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-11-15 04:41 - 2017-11-01 21:31 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-11-15 04:41 - 2017-11-01 21:31 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2017-11-15 04:41 - 2017-11-01 21:31 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2017-11-15 04:41 - 2017-11-01 21:30 - 013381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-11-15 04:41 - 2017-11-01 21:30 - 007339008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-11-15 04:41 - 2017-11-01 21:30 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-11-15 04:41 - 2017-11-01 21:30 - 000719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-11-15 04:41 - 2017-11-01 21:30 - 000635392 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-11-15 04:41 - 2017-11-01 21:30 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-11-15 04:41 - 2017-11-01 21:30 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-11-15 04:41 - 2017-11-01 21:30 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-11-15 04:41 - 2017-11-01 21:30 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-11-15 04:41 - 2017-11-01 21:30 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-11-15 04:41 - 2017-11-01 21:30 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-11-15 04:41 - 2017-11-01 21:30 - 000155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-11-15 04:41 - 2017-11-01 21:29 - 019338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-11-15 04:41 - 2017-11-01 21:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-11-15 04:41 - 2017-11-01 21:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-11-15 04:41 - 2017-11-01 21:29 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-11-15 04:41 - 2017-11-01 21:29 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-11-15 04:41 - 2017-11-01 21:29 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-11-15 04:41 - 2017-11-01 21:28 - 023684096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-11-15 04:41 - 2017-11-01 21:28 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-11-15 04:41 - 2017-11-01 21:28 - 000939008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-11-15 04:41 - 2017-11-01 21:28 - 000799744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-11-15 04:41 - 2017-11-01 21:28 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-11-15 04:41 - 2017-11-01 21:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-11-15 04:41 - 2017-11-01 21:27 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-11-15 04:41 - 2017-11-01 21:27 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-11-15 04:41 - 2017-11-01 21:27 - 000537600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-11-15 04:41 - 2017-11-01 21:27 - 000179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-11-15 04:41 - 2017-11-01 21:27 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-11-15 04:41 - 2017-11-01 21:27 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-11-15 04:41 - 2017-11-01 21:27 - 000049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertPKICmdlet.dll
2017-11-15 04:41 - 2017-11-01 21:26 - 008197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-11-15 04:41 - 2017-11-01 21:26 - 005963776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-11-15 04:41 - 2017-11-01 21:26 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-11-15 04:41 - 2017-11-01 21:26 - 003060224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-11-15 04:41 - 2017-11-01 21:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-11-15 04:41 - 2017-11-01 21:26 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-11-15 04:41 - 2017-11-01 21:26 - 001937408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-11-15 04:41 - 2017-11-01 21:26 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-11-15 04:41 - 2017-11-01 21:26 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2017-11-15 04:41 - 2017-11-01 21:26 - 000371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-11-15 04:41 - 2017-11-01 21:26 - 000068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 012227072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 011888128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 004727808 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 002052608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-11-15 04:41 - 2017-11-01 21:25 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 000877568 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 000364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-11-15 04:41 - 2017-11-01 21:25 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-11-15 04:41 - 2017-11-01 21:24 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-11-15 04:41 - 2017-11-01 21:24 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-11-15 04:41 - 2017-11-01 21:24 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-11-15 04:41 - 2017-11-01 21:24 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-11-15 04:41 - 2017-11-01 21:24 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-11-15 04:41 - 2017-11-01 21:24 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-11-15 04:41 - 2017-11-01 21:23 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-11-15 04:41 - 2017-11-01 21:23 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-11-15 04:41 - 2017-11-01 21:23 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-11-15 04:41 - 2017-11-01 21:23 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-11-15 04:41 - 2017-11-01 21:23 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-11-15 04:41 - 2017-11-01 21:23 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-11-15 04:41 - 2017-11-01 21:23 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-11-15 04:41 - 2017-11-01 21:22 - 006254080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-11-15 04:41 - 2017-11-01 21:22 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-11-15 04:41 - 2017-11-01 21:22 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-11-15 04:41 - 2017-11-01 21:22 - 001884160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2017-11-15 04:41 - 2017-11-01 21:22 - 001494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-11-15 04:41 - 2017-11-01 21:21 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-11-15 04:41 - 2017-11-01 21:21 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-11-15 04:41 - 2017-11-01 21:21 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-11-15 04:41 - 2017-11-01 21:21 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2017-11-15 04:41 - 2017-11-01 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-11-15 04:41 - 2017-10-25 00:40 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-11-15 04:41 - 2017-10-15 08:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-11-15 04:41 - 2017-10-15 08:03 - 006765728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-11-15 04:41 - 2017-10-15 08:01 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-11-15 04:41 - 2017-10-15 07:59 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-11-15 04:41 - 2017-10-15 07:57 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-11-15 04:41 - 2017-10-15 07:57 - 000409496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-11-15 04:41 - 2017-10-15 07:56 - 000872464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-11-15 04:41 - 2017-10-15 07:55 - 007910960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-11-15 04:41 - 2017-10-15 07:53 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-11-15 04:41 - 2017-10-15 07:53 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-11-15 04:41 - 2017-10-15 07:51 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-11-15 04:41 - 2017-10-15 07:49 - 000094616 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-11-15 04:41 - 2017-10-15 07:49 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-11-15 04:41 - 2017-10-15 07:46 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-11-15 04:41 - 2017-10-15 07:45 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-11-15 04:41 - 2017-10-15 07:45 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-11-15 04:41 - 2017-10-15 07:44 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-11-15 04:41 - 2017-10-15 07:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-11-15 04:41 - 2017-10-15 07:42 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-11-15 04:41 - 2017-10-15 07:42 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-11-15 04:41 - 2017-10-15 07:41 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-11-15 04:41 - 2017-10-15 07:41 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-11-15 04:41 - 2017-10-15 07:38 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-11-15 04:41 - 2017-10-15 07:15 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-11-15 04:41 - 2017-10-15 07:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll
2017-11-15 04:41 - 2017-10-15 07:13 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-11-15 04:41 - 2017-10-15 07:10 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-11-15 04:41 - 2017-10-15 07:09 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-11-15 04:41 - 2017-10-15 07:09 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-11-15 04:41 - 2017-10-15 07:08 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-11-15 04:41 - 2017-10-15 07:08 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-11-15 04:41 - 2017-10-15 07:07 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-11-15 04:41 - 2017-10-15 07:07 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-11-15 04:41 - 2017-10-15 07:05 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-11-15 04:41 - 2017-10-15 07:05 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-11-15 04:41 - 2017-10-15 07:04 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-11-15 04:41 - 2017-10-15 07:02 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-11-15 04:41 - 2017-10-15 07:00 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-10-10 11:51 - 2017-09-29 22:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-10-10 11:51 - 2017-09-29 22:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-10-10 11:51 - 2017-09-29 22:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-10-10 11:51 - 2017-09-29 22:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-10-10 11:51 - 2017-09-29 22:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-10-10 11:51 - 2017-09-29 22:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-10-10 11:51 - 2017-09-29 22:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2017-10-10 11:51 - 2017-09-29 22:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2017-10-10 11:51 - 2017-09-29 22:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2017-10-10 11:51 - 2017-09-29 22:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2017-10-10 11:51 - 2017-09-29 22:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2017-10-10 11:51 - 2017-09-29 22:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-10-10 11:51 - 2017-09-29 22:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-10-10 11:51 - 2017-09-29 22:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-10-10 11:51 - 2017-09-29 22:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-10-10 11:51 - 2017-09-29 22:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-10-10 11:51 - 2017-09-29 22:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-10-10 11:51 - 2017-09-29 22:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-10-10 11:51 - 2017-09-29 22:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-10-10 11:51 - 2017-09-29 22:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-10-10 11:51 - 2017-09-29 22:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-10-10 11:51 - 2017-09-29 22:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-10-10 11:51 - 2017-09-29 22:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-10-10 11:51 - 2017-09-29 22:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-10-10 11:51 - 2017-09-29 22:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-10-10 11:51 - 2017-09-29 22:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2017-10-10 11:51 - 2017-09-29 22:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2017-10-10 11:51 - 2017-09-29 22:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2017-10-10 11:51 - 2017-09-29 22:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-10-10 11:51 - 2017-09-29 22:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-10-10 11:51 - 2017-09-29 22:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-10-10 11:51 - 2017-09-29 22:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-10-10 11:51 - 2017-09-29 19:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-10-10 11:51 - 2017-09-29 19:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-10-10 11:51 - 2017-09-29 19:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-10-10 11:51 - 2017-09-29 19:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-10-10 11:51 - 2017-09-29 19:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-10-10 11:51 - 2017-09-29 19:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-10-10 11:51 - 2017-09-29 19:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2017-10-10 11:51 - 2017-09-29 19:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
 
2017-10-10 11:51 - 2017-09-29 19:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-10-10 11:51 - 2017-09-29 19:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-10-10 11:51 - 2017-09-29 19:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll
2017-10-10 11:51 - 2017-09-29 19:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-10-10 11:51 - 2017-09-29 19:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-10-10 11:51 - 2017-09-29 19:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-10-10 11:51 - 2017-09-29 19:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-10-10 11:51 - 2017-09-29 19:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-10-10 11:51 - 2017-09-29 19:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-10-10 11:51 - 2017-09-29 19:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-10-10 11:51 - 2017-09-29 19:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-10-10 11:51 - 2017-09-29 19:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-10-10 11:51 - 2017-09-29 19:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2017-10-10 11:51 - 2017-09-29 00:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-10-10 11:51 - 2017-09-29 00:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-10-10 11:51 - 2017-09-29 00:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-10-10 11:51 - 2017-09-29 00:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-10-10 11:51 - 2017-09-29 00:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll
2017-10-10 11:51 - 2017-09-29 00:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-10-10 11:51 - 2017-09-29 00:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll
2017-10-10 11:51 - 2017-09-29 00:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-10-10 11:51 - 2017-09-29 00:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-10-10 11:51 - 2017-09-29 00:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-10-10 11:51 - 2017-09-29 00:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll
2017-10-10 11:51 - 2017-09-29 00:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-10-10 11:51 - 2017-09-29 00:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2017-10-10 11:51 - 2017-09-29 00:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-10-10 11:51 - 2017-09-29 00:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-10-10 11:51 - 2017-09-29 00:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2017-10-10 11:51 - 2017-09-29 00:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-10-10 11:51 - 2017-09-29 00:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-10-10 11:51 - 2017-09-29 00:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-10-10 11:51 - 2017-09-29 00:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-10-10 11:51 - 2017-09-29 00:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-10-10 11:51 - 2017-09-29 00:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-10-10 11:51 - 2017-09-29 00:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-10-10 11:51 - 2017-09-29 00:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-10-10 11:51 - 2017-09-29 00:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-10-10 11:51 - 2017-09-29 00:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-10-10 11:51 - 2017-09-29 00:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-10-10 11:51 - 2017-09-29 00:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-10-10 11:51 - 2017-09-29 00:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-10-10 11:51 - 2017-09-29 00:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-10-10 11:51 - 2017-09-29 00:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2017-10-10 11:51 - 2017-09-29 00:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2017-10-10 11:51 - 2017-09-29 00:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-10-10 11:51 - 2017-09-29 00:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2017-10-10 11:51 - 2017-09-29 00:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-10-10 11:51 - 2017-09-29 00:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-10-10 11:51 - 2017-09-29 00:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2017-10-10 11:51 - 2017-09-29 00:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-10-10 11:51 - 2017-09-29 00:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-10-10 11:51 - 2017-09-29 00:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-10-10 11:51 - 2017-09-29 00:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-10-10 11:51 - 2017-09-29 00:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-10-10 11:51 - 2017-09-29 00:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-10-10 11:51 - 2017-09-29 00:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2017-10-10 11:51 - 2017-09-29 00:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2017-10-10 11:51 - 2017-09-29 00:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-10-10 11:51 - 2017-09-29 00:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-10-10 11:51 - 2017-09-29 00:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2017-10-10 11:51 - 2017-09-29 00:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe
2017-10-10 11:51 - 2017-09-29 00:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2017-10-10 11:51 - 2017-09-29 00:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-10-10 11:51 - 2017-09-29 00:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2017-10-10 11:51 - 2017-09-29 00:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-10-10 11:51 - 2017-09-29 00:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2017-10-10 11:51 - 2017-09-29 00:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-10-10 11:51 - 2017-09-29 00:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-10-10 11:51 - 2017-09-29 00:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2017-10-10 11:51 - 2017-09-29 00:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe
2017-10-10 11:51 - 2017-09-29 00:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll
2017-10-10 11:51 - 2017-09-29 00:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-10-10 11:51 - 2017-09-29 00:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2017-10-10 11:51 - 2017-09-29 00:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2017-10-10 11:51 - 2017-09-29 00:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-10-10 11:51 - 2017-09-29 00:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-10-10 11:51 - 2017-09-29 00:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-10-10 11:51 - 2017-09-29 00:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-10-10 11:51 - 2017-09-29 00:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-10-10 11:51 - 2017-09-29 00:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-10-10 11:51 - 2017-09-29 00:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-10-10 11:51 - 2017-09-29 00:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-10-10 11:51 - 2017-09-29 00:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-10-10 11:51 - 2017-09-29 00:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-10-10 11:51 - 2017-09-29 00:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-10-10 11:51 - 2017-09-29 00:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-10-10 11:51 - 2017-09-29 00:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-10-10 11:51 - 2017-09-29 00:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-10-10 11:51 - 2017-09-29 00:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-10-10 11:51 - 2017-09-29 00:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-10-10 11:51 - 2017-09-29 00:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-10-10 11:51 - 2017-09-29 00:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-10-10 11:51 - 2017-09-29 00:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-10-10 11:51 - 2017-09-29 00:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-10-10 11:51 - 2017-09-29 00:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-10-10 11:51 - 2017-09-29 00:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-10-10 11:51 - 2017-09-29 00:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-10-10 11:51 - 2017-09-29 00:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-10-10 11:51 - 2017-09-29 00:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-10-10 11:51 - 2017-09-29 00:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-10-10 11:51 - 2017-09-29 00:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-10-10 11:51 - 2017-09-29 00:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-10-10 11:51 - 2017-09-29 00:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-10-10 11:51 - 2017-09-29 00:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-10-10 11:51 - 2017-09-29 00:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll
2017-10-10 11:51 - 2017-09-29 00:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2017-10-10 11:51 - 2017-09-29 00:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2017-10-10 11:51 - 2017-09-29 00:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-10-10 11:51 - 2017-09-29 00:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-10-10 11:51 - 2017-09-29 00:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2017-10-10 11:51 - 2017-09-29 00:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-10-10 11:51 - 2017-09-29 00:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2017-10-10 11:51 - 2017-09-29 00:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll
2017-10-10 11:51 - 2017-09-29 00:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-10-10 11:51 - 2017-09-29 00:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-10-10 11:51 - 2017-09-29 00:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2017-10-10 11:51 - 2017-09-29 00:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2017-10-10 11:51 - 2017-09-29 00:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-10-10 11:51 - 2017-09-29 00:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-10-10 11:51 - 2017-09-29 00:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2017-10-10 11:51 - 2017-09-29 00:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-10-10 11:51 - 2017-09-29 00:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2017-10-10 11:51 - 2017-09-29 00:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2017-10-10 11:51 - 2017-09-29 00:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2017-10-10 11:51 - 2017-09-29 00:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2017-10-10 11:51 - 2017-09-29 00:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe
2017-10-10 11:51 - 2017-09-28 22:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-10-10 11:51 - 2017-09-28 22:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls
2017-10-10 11:51 - 2017-09-20 08:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-10-10 11:51 - 2017-09-20 08:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-09-28 00:08 - 2017-09-18 16:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-09-28 00:08 - 2017-09-18 16:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-09-28 00:08 - 2017-09-18 16:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-09-28 00:08 - 2017-09-18 16:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-09-28 00:08 - 2017-09-18 16:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-09-28 00:08 - 2017-09-18 16:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-09-28 00:08 - 2017-09-18 15:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2017-09-28 00:08 - 2017-09-18 15:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2017-09-28 00:08 - 2017-09-18 15:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2017-09-28 00:08 - 2017-09-18 15:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-09-28 00:08 - 2017-09-18 15:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2017-09-28 00:08 - 2017-09-18 15:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-09-12 16:18 - 2017-09-04 22:12 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2017-09-12 16:18 - 2017-09-04 21:53 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-09-12 16:18 - 2017-09-04 21:50 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2017-09-12 16:18 - 2017-09-04 21:45 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-09-12 16:18 - 2017-09-04 21:44 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-09-12 16:18 - 2017-09-04 21:43 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll
2017-09-12 16:18 - 2017-09-04 21:42 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2017-09-12 16:18 - 2017-09-04 21:41 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-09-12 16:18 - 2017-09-04 21:41 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2017-09-12 16:18 - 2017-09-04 21:41 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-09-12 16:18 - 2017-09-04 21:25 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-09-12 16:18 - 2017-09-04 21:25 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-09-12 16:18 - 2017-09-04 21:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-09-12 16:18 - 2017-09-04 21:21 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2017-09-12 16:18 - 2017-09-04 21:19 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll
2017-09-12 16:18 - 2017-09-04 21:19 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll2017-09-12 16:18 - 2017-09-04 21:19 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2017-09-12 16:18 - 2017-09-04 21:19 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-09-12 16:18 - 2017-09-04 21:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-09-12 16:18 - 2017-09-04 21:18 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2017-09-12 16:18 - 2017-09-04 21:18 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2017-09-12 16:18 - 2017-09-04 21:18 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-09-12 16:18 - 2017-09-04 21:18 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2017-09-12 16:18 - 2017-09-04 21:18 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll
2017-09-12 16:18 - 2017-09-04 21:17 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2017-09-12 16:18 - 2017-09-04 21:17 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-09-12 16:18 - 2017-09-04 21:17 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2017-09-12 16:18 - 2017-09-04 21:16 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-09-12 16:18 - 2017-09-04 21:16 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2017-09-12 16:18 - 2017-09-04 21:16 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2017-09-12 16:18 - 2017-09-04 21:15 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-09-12 16:18 - 2017-09-04 21:15 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-09-12 16:18 - 2017-09-04 21:15 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-09-12 16:18 - 2017-09-04 21:15 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2017-09-12 16:18 - 2017-09-04 21:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-09-12 16:18 - 2017-09-04 21:12 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-09-12 16:18 - 2017-09-04 21:11 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-09-12 16:18 - 2017-09-04 21:11 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-09-12 16:18 - 2017-09-04 21:11 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-09-12 16:18 - 2017-09-04 21:10 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-09-12 16:18 - 2017-09-04 21:06 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2017-09-12 16:18 - 2017-09-04 21:04 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-09-12 16:18 - 2017-09-04 21:04 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-09-12 16:17 - 2017-09-04 22:12 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-09-12 16:17 - 2017-09-04 21:45 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-09-12 16:17 - 2017-09-04 21:45 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe
2017-09-12 16:17 - 2017-09-04 21:42 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-09-12 16:17 - 2017-09-04 21:40 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-09-12 16:17 - 2017-09-04 21:21 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll
2017-09-12 16:17 - 2017-09-04 21:16 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-09-12 16:13 - 2017-09-04 21:28 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2017-09-12 16:13 - 2017-09-04 21:22 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2017-09-12 16:13 - 2017-09-04 21:21 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2017-09-12 16:13 - 2017-09-04 21:12 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-09-12 16:12 - 2017-09-04 22:31 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2017-09-12 16:12 - 2017-09-04 22:23 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2017-09-12 16:12 - 2017-09-04 22:18 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-09-12 16:12 - 2017-09-04 22:18 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-09-12 16:12 - 2017-09-04 22:16 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-09-12 16:12 - 2017-09-04 22:16 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll
2017-09-12 16:12 - 2017-09-04 22:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-09-12 16:12 - 2017-09-04 22:13 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-09-12 16:12 - 2017-09-04 22:11 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2017-09-12 16:12 - 2017-09-04 21:30 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-09-12 16:12 - 2017-09-04 21:30 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-09-12 16:12 - 2017-09-04 21:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-09-12 16:12 - 2017-09-04 21:27 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll
2017-09-12 16:12 - 2017-09-04 21:27 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll
2017-09-12 16:12 - 2017-09-04 21:27 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-09-12 16:12 - 2017-09-04 21:26 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2017-09-12 16:12 - 2017-09-04 21:26 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll
2017-09-12 16:12 - 2017-09-04 21:25 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2017-09-12 16:12 - 2017-09-04 21:24 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll
2017-09-12 16:12 - 2017-09-04 21:24 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2017-09-12 16:12 - 2017-09-04 21:24 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll
2017-09-12 16:12 - 2017-09-04 21:23 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2017-09-12 16:12 - 2017-09-04 21:23 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll
2017-09-12 16:12 - 2017-09-04 21:23 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2017-09-12 16:12 - 2017-09-04 21:22 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2017-09-12 16:12 - 2017-09-04 21:22 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2017-09-12 16:12 - 2017-09-04 21:22 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-09-12 16:12 - 2017-09-04 21:21 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-09-12 16:12 - 2017-09-04 21:21 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-09-12 16:12 - 2017-09-04 21:21 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2017-09-12 16:12 - 2017-09-04 21:21 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2017-09-12 16:12 - 2017-09-04 21:19 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-09-12 16:12 - 2017-09-04 21:19 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2017-09-12 16:12 - 2017-09-04 21:18 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-09-12 16:12 - 2017-09-04 21:18 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2017-09-12 16:12 - 2017-09-04 21:18 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-09-12 16:12 - 2017-09-04 21:18 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-09-12 16:12 - 2017-09-04 21:16 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-09-12 16:12 - 2017-09-04 21:15 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-09-12 16:12 - 2017-09-04 21:15 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-09-12 16:12 - 2017-09-04 21:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-09-12 16:12 - 2017-09-04 21:11 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-09-12 16:12 - 2017-09-04 21:09 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2017-09-12 16:12 - 2017-09-04 21:07 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-09-12 16:12 - 2017-08-31 22:55 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-09-12 16:11 - 2017-09-04 22:31 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-09-12 16:11 - 2017-09-04 22:26 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-09-12 16:11 - 2017-09-04 22:25 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2017-09-12 16:11 - 2017-09-04 22:24 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-09-12 16:11 - 2017-09-04 22:18 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-09-12 16:11 - 2017-09-04 22:18 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-09-12 16:11 - 2017-09-04 22:15 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2017-09-12 16:11 - 2017-09-04 22:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-09-12 16:11 - 2017-09-04 22:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2017-09-12 16:11 - 2017-09-04 22:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-09-12 16:11 - 2017-09-04 21:27 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll
2017-09-12 16:11 - 2017-09-04 21:26 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2017-09-12 16:11 - 2017-09-04 21:26 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-09-12 16:11 - 2017-09-04 21:26 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe
2017-09-12 16:11 - 2017-09-04 21:26 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2017-09-12 16:11 - 2017-09-04 21:24 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-09-12 16:11 - 2017-09-04 21:24 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll
2017-09-12 16:11 - 2017-09-04 21:24 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2017-09-12 16:11 - 2017-09-04 21:24 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2017-09-12 16:11 - 2017-09-04 21:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-09-12 16:11 - 2017-09-04 21:23 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2017-09-12 16:11 - 2017-09-04 21:23 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-09-12 16:11 - 2017-09-04 21:23 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2017-09-12 16:11 - 2017-09-04 21:22 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2017-09-12 16:11 - 2017-09-04 21:22 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-09-12 16:11 - 2017-09-04 21:22 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2017-09-12 16:11 - 2017-09-04 21:22 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2017-09-12 16:11 - 2017-09-04 21:21 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2017-09-12 16:11 - 2017-09-04 21:21 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-09-12 16:11 - 2017-09-04 21:20 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-09-12 16:11 - 2017-09-04 21:20 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2017-09-12 16:11 - 2017-09-04 21:19 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-09-12 16:11 - 2017-09-04 21:19 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2017-09-12 16:11 - 2017-09-04 21:18 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2017-09-12 16:11 - 2017-09-04 21:18 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-09-12 16:11 - 2017-09-04 21:17 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2017-09-12 16:11 - 2017-09-04 21:16 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2017-09-12 16:11 - 2017-09-04 21:15 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2017-09-12 16:11 - 2017-09-04 21:15 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-09-12 16:11 - 2017-09-04 21:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-09-12 16:11 - 2017-09-04 21:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-09-12 16:11 - 2017-09-04 21:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-09-12 16:11 - 2017-09-04 21:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-09-12 16:11 - 2017-09-04 21:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-09-12 16:11 - 2017-09-04 21:06 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-09-12 16:10 - 2017-09-04 22:20 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-09-12 16:10 - 2017-09-04 22:15 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-09-12 16:10 - 2017-09-04 22:13 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-09-12 16:10 - 2017-09-04 21:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2017-09-12 16:10 - 2017-09-04 21:24 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-09-12 16:10 - 2017-09-04 21:23 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-09-12 16:10 - 2017-09-04 21:20 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-09-12 16:10 - 2017-09-04 21:19 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-09-12 16:10 - 2017-09-04 21:18 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-09-12 16:10 - 2017-09-04 21:16 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-09-12 16:10 - 2017-09-04 21:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-09-12 16:09 - 2017-09-04 22:30 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-09-12 16:09 - 2017-09-04 22:21 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-09-12 16:09 - 2017-09-04 21:28 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2017-09-12 16:09 - 2017-09-04 21:26 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2017-09-12 16:09 - 2017-09-04 21:26 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2017-09-12 16:09 - 2017-09-04 21:10 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll
2017-09-08 01:30 - 2017-07-06 23:15 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2017-09-08 01:30 - 2017-07-06 23:03 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2017-09-08 01:30 - 2017-06-19 21:35 - 005141504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2017-09-08 01:30 - 2017-04-18 23:07 - 002617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2017-09-08 01:30 - 2017-04-18 22:30 - 002102272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2017-09-07 16:12 - 2017-03-17 22:48 - 000094720 ____N (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2017-09-07 16:12 - 2017-03-17 22:08 - 017777152 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2017-09-07 16:12 - 2017-03-17 22:05 - 000094720 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2017-09-07 16:12 - 2017-03-17 22:02 - 000393216 ____N (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2017-09-07 16:12 - 2017-03-17 21:59 - 000091136 ____N (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2017-09-07 16:12 - 2017-03-17 21:59 - 000079872 ____N (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2017-09-07 16:12 - 2017-03-17 21:57 - 000059392 ____N (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2017-09-07 16:12 - 2017-03-17 21:53 - 000334848 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2017-09-07 16:12 - 2017-03-17 21:52 - 004897280 ____N (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2017-09-07 16:12 - 2017-03-17 21:49 - 001309184 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2017-09-07 16:12 - 2017-03-17 21:48 - 013785600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2017-09-07 16:12 - 2017-03-17 21:47 - 006806016 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2017-09-07 16:12 - 2017-03-17 21:46 - 000370176 ____N (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2017-09-07 16:12 - 2017-03-17 21:44 - 001977344 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2017-09-07 16:12 - 2017-03-17 21:44 - 001174528 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2017-09-07 16:12 - 2017-03-17 21:44 - 000283648 ____N (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2017-09-07 16:12 - 2017-03-17 21:44 - 000163328 ____N (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2017-09-07 16:12 - 2017-03-17 21:43 - 000189952 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2017-09-07 16:12 - 2017-03-17 21:43 - 000176128 ____N (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2017-09-07 16:12 - 2017-03-17 21:43 - 000061952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2017-09-07 16:12 - 2017-03-17 21:43 - 000041984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2017-09-07 16:12 - 2017-03-17 21:41 - 000058880 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2017-09-07 16:12 - 2017-03-17 21:39 - 000236544 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2017-09-07 16:12 - 2017-03-17 21:38 - 000348672 ____N (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2017-09-07 16:12 - 2017-03-17 21:35 - 001060864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2017-09-07 16:12 - 2017-03-17 21:33 - 003648000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2017-09-07 16:12 - 2017-03-17 21:30 - 001480704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2017-09-07 16:12 - 2017-03-17 21:30 - 000926208 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2017-09-07 16:12 - 2017-03-17 21:30 - 000220160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2017-09-07 16:12 - 2017-03-17 21:30 - 000123904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2017-09-07 16:12 - 2017-03-17 21:29 - 000145408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2017-09-07 16:12 - 2017-03-17 21:29 - 000121344 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2017-09-07 16:12 - 2017-03-17 21:25 - 000269824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-11-18 05:12 - 2017-08-08 13:22 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-11-18 05:12 - 2017-03-18 13:56 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2017-11-18 05:12 - 2017-03-18 13:56 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2017-11-18 05:12 - 2017-03-18 13:56 - 000103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFolders.exe
2017-11-18 05:12 - 2017-03-18 13:56 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersRes.dll
2017-11-18 05:11 - 2017-03-18 13:56 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2017-11-18 05:11 - 2017-03-18 13:56 - 000066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
2017-11-18 05:11 - 2017-03-18 13:56 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WorkFoldersRes.dll

==================== Files in the root of some directories =======

2017-11-29 00:19 - 2017-11-29 00:19 - 000023578 _____ () C:\Users\sam\companion-script1.js
2017-12-04 17:11 - 2017-12-04 17:11 - 000000017 _____ () C:\Users\sam\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2017-11-29 05:02 - 2015-11-11 21:19 - 004813656 ____N (Conexant Systems, Inc.) C:\Users\sam\AppData\Local\Temp\KUIU.EXE
2017-11-29 05:01 - 2017-04-27 03:14 - 004832128 _____ (Conexant Systems, Inc.) C:\Users\sam\AppData\Local\Temp\UCI64A154.DLL

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{2e74b717-9ff0-11e5-9708-806e6f6e6963}
{2e74b718-9ff0-11e5-9708-806e6f6e6963}
{2e74b719-9ff0-11e5-9708-806e6f6e6963}
{2e74b71a-9ff0-11e5-9708-806e6f6e6963}
timeout 2

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {ebc1df1c-2769-11e6-b9c2-cad8a79c5675}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0

Firmware Application (101fffff)
-------------------------------
identifier {2e74b714-9ff0-11e5-9708-806e6f6e6963}
description Setup

Firmware Application (101fffff)
-------------------------------
identifier {2e74b715-9ff0-11e5-9708-806e6f6e6963}
description Boot Menu

Firmware Application (101fffff)
-------------------------------
identifier {2e74b716-9ff0-11e5-9708-806e6f6e6963}
description Diagnostic Splash

Firmware Application (101fffff)
-------------------------------
identifier {2e74b717-9ff0-11e5-9708-806e6f6e6963}
description ATA HDD: LITEON CV1-DB256

Firmware Application (101fffff)
-------------------------------
identifier {2e74b718-9ff0-11e5-9708-806e6f6e6963}
description USB FDD:

Firmware Application (101fffff)
-------------------------------
identifier {2e74b719-9ff0-11e5-9708-806e6f6e6963}
description USB CD:

Firmware Application (101fffff)
-------------------------------
identifier {2e74b71a-9ff0-11e5-9708-806e6f6e6963}
description USB HDD:

Firmware Application (101fffff)
-------------------------------
identifier {ebc1df18-2769-11e6-b9c2-cad8a79c5675}
device partition=\Device\HarddiskVolume5
path \EFI\Microsoft\Boot\lrsBootMgr.efi
description Lenovo Recovery System

Windows Boot Loader
-------------------
identifier {ebc1df14-2769-11e6-b9c2-cad8a79c5675}
device ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{ebc1df15-2769-11e6-b9c2-cad8a79c5675}
path \windows\system32\winload.efi
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{ebc1df15-2769-11e6-b9c2-cad8a79c5675}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \WINDOWS\system32\winload.efi
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {ebc1df14-2769-11e6-b9c2-cad8a79c5675}
displaymessageoverride Recovery
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \WINDOWS
resumeobject {ebc1df1c-2769-11e6-b9c2-cad8a79c5675}
nx OptIn
bootmenupolicy Standard

Resume from Hibernate
---------------------
identifier {ebc1df1c-2769-11e6-b9c2-cad8a79c5675}
device partition=C:
path \WINDOWS\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {ebc1df14-2769-11e6-b9c2-cad8a79c5675}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ebc1df15-2769-11e6-b9c2-cad8a79c5675}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume3
ramdisksdipath \Recovery\WindowsRE\boot.sdi


LastRegBack: 2017-11-21 04:10

==================== End of FRST.txt ============================
 
I don't see much there.

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit (MBAR) to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
 
I have the restore point created, I think it's worth noting that the protection on the disk was turned off.
The settings page closed shortly after creating and saving the restore because of a runtime error.

I downloaded the anti rootkit software, and extracted it, but when attempting to update the defenitions, it fails repeatedly.
The system then warned me that windows defender was turned off and out of date. It doesn't look like that's succeeded in updating since I did the reinstall On the 21st
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
redtarget.gif
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
redtarget.gif
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back