comp. glitching\pop ups


Recommended Posts

Howdy and welcome to BestTechie !!!  

My name is flashh4 (Chuck) and i will be assisting you with the cleaning of your computer.

Run these 1 at a time & post each log as you get it ! Work them as your time permits you to !!

If you don't understand something, please don't hesitate to ask for clarification before proceeding !!! You can PM me if you need to !!

Perform all actions in the order given.

Please stay with us until we give you the "All Clean Speech"! Just because the problem has stopped it may still need some clean-up !  

Do Not Remove anything or run any tools/programs until advised to do so !


Please note that all instructions given are customized for this computer only, the tools used may cause damage if used on a computer with different infections.  

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.  

===================================


AdwCleaner
       
Please download  http/toolslib.net/downloads/viewdownload/cleaner/  by Xplode onto your desktop.
Double click on AdwCleaner.exe to run the tool again.
       Windows XP : Double click on the icon to run it.

       Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

    *Click on the Scan button.
    *AdwCleaner will begin to scan your computer like it did before.
    *After the scan has finished .......
    
    This time, click on the "Clean" button.
    
    *Press OK when asked to close all programs and follow the onscreen prompts.
    *Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    *After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    *Copy and paste the contents of that logfile in your next reply.
    *A copy of that logfile will also be saved in the C:\AdwCleaner folder.


NEXT


    Please download http://thisdax.org/downloads/ Removal Tool and save to your desk top.

    Shut down your protection software now to avoid potential conflicts.

    * Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    * The tool will open and start scanning your system.
    * Please be patient as this can take a while to complete depending on your system's specifications.
    * On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    * Post the contents of JRT.txt into your next reply !

Re-Boot your computer now !!


NEXT


    Download the free version Malwarebytes' Anti-Malware (save it to your desktop).  >>> htt/www.malwarebytes.org/antimalware/
     
      * Windows XP : Double click on the icon to run it.
      *  Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
      
* On the Dashboard click on Update Now
* Go to the Setting Tab
* Under Setting go to Detection and Protection
* Under PUP and PUM make sure both are set to show Treat Detections as Malware
* Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
* Then on the Dashboard click on Scan
* Make sure to select THREAT SCAN
* Then click on Scan

When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes
 

 

So to sum things up i need these logs:

1. AdwCleaner log

2. JRT logs (junkware)

3. Malwarebytes log

Thanks

Chuck

Link to post
Share on other sites

adware

# AdwCleaner v6.047 - Logfile created 01/06/2017 at 16:06:57
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-31.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Mike & Jolene - GRAUFAMILY
# Running from : C:\Users\Mike & Jolene\Downloads\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
 
***** [ Services ] *****
 
***** [ Folders ] *****
 
***** [ Files ] *****
[-] File deleted: C:\Users\Mike & Jolene\AppData\Roaming\Microsoft\Windows\Start Menu\Facebook.lnk
[-] File deleted: C:\Users\Mike & Jolene\AppData\Roaming\Microsoft\Windows\Start Menu\Youtube.lnk

***** [ DLL ] *****
 
***** [ WMI ] *****
 
***** [ Shortcuts ] *****
 
***** [ Scheduled Tasks ] *****
 
***** [ Registry ] *****
[-] Data restored: HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\safesear.ch
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.safesear.ch
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\safesear.ch
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.safesear.ch
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\safesear.ch
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.safesear.ch
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\safesear.ch
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.safesear.ch

***** [ Web browsers ] *****
 
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [4561 Bytes] - [15/01/2017 12:50:17]
C:\AdwCleaner\AdwCleaner[C2].txt - [3095 Bytes] - [01/06/2017 16:06:57]
C:\AdwCleaner\AdwCleaner[S0].txt - [4162 Bytes] - [15/01/2017 12:45:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [3635 Bytes] - [01/06/2017 16:06:40]
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3314 Bytes] ##########
Link to post
Share on other sites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64
Ran by Mike & Jolene (Administrator) on Thu 06/01/2017 at 16:14:51.27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

File System: 1
Successfully deleted: C:\Users\Mike & Jolene\AppData\Roaming\Microsoft\Windows\Start Menu\search.lnk (Shortcut)
 
Registry: 0
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 06/01/2017 at 16:19:55.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Link to post
Share on other sites
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 6/1/17
Scan Time: 4:22 PM
Log File:
Administrator: Yes
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.139
Update Package Version: 1.0.2068
License: Free
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: GRAUFAMILY\Mike & Jolene
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 406158
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 5 min, 37 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)

(end)
Link to post
Share on other sites

Thanks for the logs jolene, please download this program for me & post the log(s) !

Download OldTimer to your desk top ! 
Links: http://oldtimer.geekstogo.com/OTL.com http://oldtimer.geekstogo.com/OTL.scr  
 
If you already have a copy of OTL delete it and use this version.  (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). 

* Double click OTL.exe to launch the program.
* Check the following. 

o Scan all users.
o Standard Output. o Lop check.
o Purity check. oExtra Registry > Use SafeList  

* Under Extra Registry section, select Use SafeList
* Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
* When finished it will produce two logs. 

o OTL.txt (open on your desktop).
o Extras.txt (minimised in your taskbar) The Extras.txt file will only appear the very first time you run OTL. 

 

Thanks 

Chuck

Link to post
Share on other sites
OTL logfile created on: 6/2/2017 6:26:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mike & Jolene\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.98 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.79% Memory free
4.67 Gb Paging File | 2.79 Gb Available in Paging File | 59.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1396.73 Gb Total Space | 1119.11 Gb Free Space | 80.12% Space Free | Partition Type: NTFS
Drive D: | 655.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: GRAUFAMILY | User Name: Mike & Jolene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2017/06/02 18:25:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mike & Jolene\Downloads\OTL (1).com
PRC - [2017/06/01 13:50:22 | 003,042,592 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2017/05/09 17:42:26 | 003,146,704 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
PRC - [2017/05/09 17:40:18 | 004,470,736 | ---- | M] (Malwarebytes) -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
PRC - [2017/04/11 18:29:17 | 001,518,808 | ---- | M] (Microsoft Corporation) -- C:\Users\Mike & Jolene\AppData\Local\Microsoft\OneDrive\OneDrive.exe
PRC - [2017/03/02 09:56:04 | 000,014,768 | ---- | M] (The CefSharp Authors) -- C:\Users\Mike & Jolene\AppData\Local\Facebook\Games\Facebook Gameroom Browser.exe
PRC - [2017/03/02 09:56:02 | 000,385,456 | ---- | M] (Facebook) -- C:\Users\Mike & Jolene\AppData\Local\Facebook\Games\FacebookGameroom.exe
PRC - [2017/02/28 04:17:12 | 003,135,752 | ---- | M] (Wargaming.net) -- C:\Games\World_of_Tanks\WargamingGameUpdater.exe
PRC - [2016/12/29 07:06:31 | 000,458,176 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
PRC - [2016/12/29 06:44:48 | 001,286,080 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2017/05/25 11:55:27 | 012,992,512 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\e10224bb702b28e3fd0f55e2009d7448\System.Windows.Forms.ni.dll
MOD - [2017/05/25 11:55:19 | 001,626,112 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\d697906ab1398f3c359eb8102bc55a43\System.Drawing.ni.dll
MOD - [2017/05/25 11:55:16 | 007,882,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\c93c27a2837219668b8a45fb74f0ad34\System.Data.ni.dll
MOD - [2017/05/24 16:55:41 | 000,272,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\c8e6333b12f5ea1252b6d7800e7931de\System.Numerics.ni.dll
MOD - [2017/05/11 18:27:30 | 007,456,768 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a771d2428d6b5c8ca9ab6c393e26ee3c\System.Xml.ni.dll
MOD - [2017/05/11 18:27:30 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\60e047b813a4603cf5c02652c88a17a0\System.Xml.Linq.ni.dll
MOD - [2017/05/11 18:27:23 | 002,804,224 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\687dc34f436f621648d97bcec377f33c\System.Runtime.Serialization.ni.dll
MOD - [2017/05/11 18:27:20 | 000,978,432 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\3d80ae4a3a0aa7f6933fbe8c5922a473\System.Configuration.ni.dll
MOD - [2017/05/11 18:26:52 | 007,464,448 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\ef8d0d1ee6432515fff7f11d91eaf368\System.Core.ni.dll
MOD - [2017/05/11 18:26:47 | 010,268,160 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\603a3bab60d64169412e83e06d7bac68\System.ni.dll
MOD - [2017/04/27 15:38:57 | 019,611,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\a8ad9c1eb84ee05773b04b298573fa35\mscorlib.ni.dll
MOD - [2017/02/15 17:58:24 | 067,197,440 | ---- | M] () -- C:\Users\Mike & Jolene\AppData\Local\Facebook\Games\libcef.dll
MOD - [2017/02/15 17:58:24 | 001,886,208 | ---- | M] () -- C:\Users\Mike & Jolene\AppData\Local\Facebook\Games\libglesv2.dll
MOD - [2017/02/15 17:58:24 | 001,162,752 | ---- | M] () -- C:\Users\Mike & Jolene\AppData\Local\Facebook\Games\CefSharp.Core.dll
MOD - [2017/02/15 17:58:24 | 000,752,640 | ---- | M] () -- C:\Users\Mike & Jolene\AppData\Local\Facebook\Games\CefSharp.BrowserSubprocess.Core.dll
MOD - [2017/02/15 17:58:24 | 000,078,848 | ---- | M] () -- C:\Users\Mike & Jolene\AppData\Local\Facebook\Games\libegl.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2017/05/09 17:40:18 | 004,470,736 | ---- | M] (Malwarebytes) [Auto | Running] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:64bit: - [2017/04/27 18:52:48 | 000,347,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\NisSrv.exe -- (WdNisSvc)
SRV:64bit: - [2017/04/27 18:51:49 | 003,318,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2017/04/27 18:49:33 | 000,764,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV:64bit: - [2017/04/27 18:38:52 | 000,103,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2017/04/27 17:59:15 | 000,635,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FlightSettings.dll -- (wisvc)
SRV:64bit: - [2017/04/27 17:55:27 | 000,407,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV:64bit: - [2017/04/27 17:51:08 | 002,104,320 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2017/04/27 17:48:03 | 000,337,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2017/04/27 17:44:42 | 000,548,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc)
SRV:64bit: - [2017/04/27 17:43:45 | 000,560,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness)
SRV:64bit: - [2017/04/27 17:43:34 | 000,331,264 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc)
SRV:64bit: - [2017/04/27 17:43:31 | 001,184,256 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc)
SRV:64bit: - [2017/04/27 17:42:01 | 001,021,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager)
SRV:64bit: - [2017/04/27 17:41:36 | 000,650,752 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo)
SRV:64bit: - [2017/04/27 17:41:24 | 000,983,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc)
SRV:64bit: - [2017/04/27 17:40:14 | 000,770,560 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2017/04/27 17:37:57 | 001,984,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:64bit: - [2017/03/27 23:10:05 | 001,231,872 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc)
SRV:64bit: - [2017/03/18 10:35:45 | 002,278,400 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc)
SRV:64bit: - [2017/03/04 00:33:28 | 000,095,232 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate)
SRV:64bit: - [2017/03/04 00:29:39 | 000,082,944 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker)
SRV:64bit: - [2017/03/04 00:29:21 | 000,203,264 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc)
SRV:64bit: - [2017/03/04 00:28:56 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicvss)
SRV:64bit: - [2017/03/04 00:28:56 | 000,349,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicrdv)
SRV:64bit: - [2017/03/04 00:25:51 | 001,016,320 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager)
SRV:64bit: - [2017/03/04 00:24:38 | 001,025,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc)
SRV:64bit: - [2017/03/04 00:23:18 | 000,715,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2017/03/04 00:15:29 | 001,837,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc)
SRV:64bit: - [2017/03/04 00:12:58 | 000,805,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServer.dll -- (FrameServer)
SRV:64bit: - [2017/03/04 00:11:22 | 001,312,768 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService)
SRV:64bit: - [2017/03/04 00:07:14 | 001,512,448 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc)
SRV:64bit: - [2016/12/29 07:06:31 | 000,458,176 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -- (NVDisplay.ContainerLocalSystem)
SRV:64bit: - [2016/12/13 22:43:24 | 000,201,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum)
SRV:64bit: - [2016/11/11 03:20:50 | 000,339,456 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\cdpusersvc.dll -- (CDPUserSvc)
SRV:64bit: - [2016/11/11 03:19:59 | 000,411,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc)
SRV:64bit: - [2016/11/11 03:19:35 | 000,285,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc)
SRV:64bit: - [2016/11/11 03:05:32 | 004,136,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository)
SRV:64bit: - [2016/11/11 03:04:16 | 000,691,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2016/11/02 04:16:47 | 000,265,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc)
SRV:64bit: - [2016/10/22 11:47:14 | 000,447,488 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2016/10/22 11:46:41 | 000,781,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc)
SRV:64bit: - [2016/10/22 11:46:41 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RMapi.dll -- (RmSvc)
SRV:64bit: - [2016/10/22 11:46:26 | 000,417,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService)
SRV:64bit: - [2016/10/22 11:46:26 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager)
SRV:64bit: - [2016/10/22 11:46:03 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession)
SRV:64bit: - [2016/10/22 11:46:03 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2016/10/22 11:46:03 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2016/10/22 11:46:03 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2016/10/22 11:46:03 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2016/10/22 11:46:03 | 000,305,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface)
SRV:64bit: - [2016/10/22 11:46:02 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost)
SRV:64bit: - [2016/07/16 05:43:50 | 000,082,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2016/07/16 05:43:47 | 000,436,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService)
SRV:64bit: - [2016/07/16 05:43:18 | 000,167,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2016/07/16 05:42:42 | 000,088,576 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2016/07/16 05:42:39 | 000,161,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll -- (shpamsvc)
SRV:64bit: - [2016/07/16 05:42:38 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice)
SRV:64bit: - [2016/07/16 05:42:38 | 000,055,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2016/07/16 05:42:36 | 000,183,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dcpsvc.dll -- (DcpSvc)
SRV:64bit: - [2016/07/16 05:42:27 | 000,827,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2016/07/16 05:42:27 | 000,096,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2016/07/16 05:42:27 | 000,093,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (WpnUserService_429f1)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_429f1)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_429f1)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_429f1)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_429f1)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_429f1)
SRV:64bit: - [2016/07/16 05:42:27 | 000,044,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (CDPUserSvc_429f1)
SRV:64bit: - [2016/07/16 05:42:23 | 000,366,592 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc)
SRV:64bit: - [2016/07/16 05:42:20 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC)
SRV:64bit: - [2016/07/16 05:42:16 | 000,287,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService)
SRV:64bit: - [2016/07/16 05:42:16 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2016/07/16 05:42:16 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2016/07/16 05:42:13 | 000,590,848 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter)
SRV:64bit: - [2016/07/16 05:42:12 | 000,519,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2016/07/16 05:42:12 | 000,052,224 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService)
SRV:64bit: - [2016/07/16 05:42:09 | 000,574,976 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc)
SRV:64bit: - [2016/07/16 05:42:09 | 000,387,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2016/07/16 05:42:09 | 000,358,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2016/07/16 05:42:09 | 000,339,968 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService)
SRV:64bit: - [2016/07/16 05:42:09 | 000,234,496 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService)
SRV:64bit: - [2016/07/16 05:42:09 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc)
SRV:64bit: - [2016/07/16 05:42:09 | 000,177,664 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBrokerSvc)
SRV:64bit: - [2016/07/16 05:42:09 | 000,074,240 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\WpnUserService.dll -- (WpnUserService)
SRV:64bit: - [2016/07/16 05:42:09 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc)
SRV:64bit: - [2016/07/16 05:42:09 | 000,034,304 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker)
SRV:64bit: - [2016/07/16 05:42:07 | 001,159,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave)
SRV:64bit: - [2016/07/16 05:42:06 | 000,729,328 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC)
SRV:64bit: - [2016/07/16 05:42:06 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter)
SRV:64bit: - [2016/07/16 05:42:05 | 000,197,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2016/07/16 05:42:05 | 000,152,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc)
SRV:64bit: - [2016/07/16 05:42:05 | 000,140,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode)
SRV:64bit: - [2016/07/16 05:42:04 | 000,067,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hvhostsvc.dll -- (HvHost)
SRV:64bit: - [2016/07/16 05:41:50 | 000,321,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv)
SRV - [2017/06/01 13:50:24 | 001,607,968 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2017/04/27 18:51:49 | 003,318,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2017/04/27 18:13:28 | 000,298,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc)
SRV - [2017/04/27 17:30:59 | 000,483,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar)
SRV - [2017/03/09 01:16:16 | 000,300,128 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2017/03/04 00:16:20 | 000,968,704 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc)
SRV - [2017/01/15 13:14:48 | 001,465,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\BattlEye\BEService.exe -- (BEService)
SRV - [2016/11/11 01:05:12 | 003,370,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository)
SRV - [2016/10/22 11:46:02 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2017/06/02 17:43:19 | 000,252,832 | ---- | M] (Malwarebytes) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV:64bit: - [2017/04/27 18:55:36 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\scmbus.sys -- (scmbus)
DRV:64bit: - [2017/04/27 18:38:51 | 000,557,408 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2017/03/27 23:37:09 | 000,041,472 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2017/03/27 23:36:52 | 000,056,320 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2017/03/09 01:16:12 | 005,382,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2017/03/04 01:24:27 | 000,108,384 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc)
DRV:64bit: - [2017/03/04 01:15:25 | 000,063,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam)
DRV:64bit: - [2017/03/04 01:08:59 | 000,130,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci)
DRV:64bit: - [2017/03/04 00:34:51 | 000,258,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip)
DRV:64bit: - [2017/03/04 00:27:56 | 000,719,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi)
DRV:64bit: - [2017/01/04 16:21:02 | 014,199,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys -- (nvlddmkm)
DRV:64bit: - [2016/12/09 04:30:39 | 000,377,184 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2016/11/11 04:00:25 | 000,219,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2016/11/02 04:55:52 | 000,048,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iorate.sys -- (iorate)
DRV:64bit: - [2016/10/22 11:46:10 | 000,073,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hvservice.sys -- (hvservice)
DRV:64bit: - [2016/10/22 11:46:09 | 000,119,648 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcifs.sys -- (wcifs)
DRV:64bit: - [2016/10/22 11:46:02 | 000,279,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2016/10/22 11:46:02 | 000,118,112 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2016/10/22 11:46:02 | 000,081,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme)
DRV:64bit: - [2016/10/22 11:46:02 | 000,074,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci)
DRV:64bit: - [2016/10/22 11:46:02 | 000,064,352 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MegaSas2i.sys -- (megasas2i)
DRV:64bit: - [2016/10/22 11:46:02 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid)
DRV:64bit: - [2016/10/22 11:29:07 | 000,199,008 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\WINDOWS\SysNative\drivers\wof.sys -- (Wof)
DRV:64bit: - [2016/10/14 21:31:37 | 000,227,328 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache)
DRV:64bit: - [2016/09/10 07:21:43 | 000,118,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2016/09/05 06:47:12 | 000,165,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2016/09/05 06:47:06 | 000,131,712 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2016/08/27 00:30:44 | 000,240,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2016/07/16 08:27:23 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2016/07/16 08:27:05 | 000,029,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2016/07/16 05:44:01 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2016/07/16 05:43:06 | 000,123,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv)
DRV:64bit: - [2016/07/16 05:43:04 | 000,290,144 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2016/07/16 05:43:04 | 000,044,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2016/07/16 05:42:38 | 000,125,440 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2016/07/16 05:42:36 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2016/07/16 05:42:36 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2016/07/16 05:42:36 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applockerfltr.sys -- (applockerfltr)
DRV:64bit: - [2016/07/16 05:42:35 | 000,928,608 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\refsv1.sys -- (ReFSv1)
DRV:64bit: - [2016/07/16 05:42:28 | 000,107,032 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT)
DRV:64bit: - [2016/07/16 05:42:28 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv)
DRV:64bit: - [2016/07/16 05:42:27 | 000,263,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000)
DRV:64bit: - [2016/07/16 05:42:27 | 000,201,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2016/07/16 05:42:27 | 000,151,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2)
DRV:64bit: - [2016/07/16 05:42:27 | 000,108,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys -- (UcmTcpciCx0101)
DRV:64bit: - [2016/07/16 05:42:27 | 000,095,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101)
DRV:64bit: - [2016/07/16 05:42:27 | 000,079,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2016/07/16 05:42:27 | 000,078,336 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt)
DRV:64bit: - [2016/07/16 05:42:27 | 000,074,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2016/07/16 05:42:27 | 000,057,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000)
DRV:64bit: - [2016/07/16 05:42:27 | 000,053,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv)
DRV:64bit: - [2016/07/16 05:42:27 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IndirectKmd.sys -- (IndirectKmd)
DRV:64bit: - [2016/07/16 05:42:27 | 000,031,584 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2016/07/16 05:42:27 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2016/07/16 05:42:23 | 000,038,752 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist)
DRV:64bit: - [2016/07/16 05:42:22 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS)
DRV:64bit: - [2016/07/16 05:42:18 | 000,088,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2016/07/16 05:42:12 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2016/07/16 05:42:11 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus)
DRV:64bit: - [2016/07/16 05:42:09 | 000,168,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2016/07/16 05:42:09 | 000,156,000 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2016/07/16 05:42:09 | 000,070,144 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\registry.sys -- (clreg)
DRV:64bit: - [2016/07/16 05:42:09 | 000,066,560 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcnfs.sys -- (wcnfs)
DRV:64bit: - [2016/07/16 05:42:03 | 000,210,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000)
DRV:64bit: - [2016/07/16 05:42:03 | 000,126,816 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2016/07/16 05:42:03 | 000,090,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx)
DRV:64bit: - [2016/07/16 05:42:03 | 000,088,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt)
DRV:64bit: - [2016/07/16 05:42:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (tsusbflt)
DRV:64bit: - [2016/07/16 05:42:03 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx)
DRV:64bit: - [2016/07/16 05:42:03 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf)
DRV:64bit: - [2016/07/16 05:41:55 | 000,535,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2016/07/16 05:41:55 | 000,381,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2016/07/16 05:41:55 | 000,137,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys)
DRV:64bit: - [2016/07/16 05:41:55 | 000,096,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea)
DRV:64bit: - [2016/07/16 05:41:55 | 000,095,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2016/07/16 05:41:55 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi)
DRV:64bit: - [2016/07/16 05:41:55 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea)
DRV:64bit: - [2016/07/16 05:41:55 | 000,027,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys)
DRV:64bit: - [2016/07/16 05:41:55 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn)
DRV:64bit: - [2016/07/16 05:41:55 | 000,017,944 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy)
DRV:64bit: - [2016/07/16 05:41:54 | 000,176,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C)
DRV:64bit: - [2016/07/16 05:41:54 | 000,081,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c)
DRV:64bit: - [2016/07/16 05:41:54 | 000,064,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys -- (iaLPSS2i_GPIO2)
DRV:64bit: - [2016/07/16 05:41:54 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2016/07/16 05:41:54 | 000,050,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2016/07/16 05:41:54 | 000,050,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt)
DRV:64bit: - [2016/07/16 05:41:54 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter)
DRV:64bit: - [2016/07/16 05:41:54 | 000,034,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2016/07/16 05:41:54 | 000,033,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iagpio.sys -- (iagpio)
DRV:64bit: - [2016/07/16 05:41:54 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2016/07/16 05:41:54 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2016/07/16 05:41:53 | 002,104,160 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd)
DRV:64bit: - [2016/07/16 05:41:53 | 001,135,456 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2016/07/16 05:41:53 | 000,842,584 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2016/07/16 05:41:53 | 000,673,120 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV)
DRV:64bit: - [2016/07/16 05:41:53 | 000,526,176 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2016/07/16 05:41:53 | 000,346,976 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4sx64.sys -- (cht4iscsi)
DRV:64bit: - [2016/07/16 05:41:53 | 000,305,504 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2016/07/16 05:41:53 | 000,259,424 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2016/07/16 05:41:53 | 000,123,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\scmdisk0101.sys -- (scmdisk0101)
DRV:64bit: - [2016/07/16 05:41:53 | 000,121,344 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C63x64.sys -- (L1C)
DRV:64bit: - [2016/07/16 05:41:53 | 000,108,896 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2016/07/16 05:41:53 | 000,107,360 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2016/07/16 05:41:53 | 000,105,824 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2016/07/16 05:41:53 | 000,101,216 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2016/07/16 05:41:53 | 000,083,296 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2016/07/16 05:41:53 | 000,082,776 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2016/07/16 05:41:53 | 000,077,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2016/07/16 05:41:53 | 000,069,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2016/07/16 05:41:53 | 000,064,864 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2016/07/16 05:41:53 | 000,064,352 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2016/07/16 05:41:53 | 000,063,840 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2016/07/16 05:41:53 | 000,061,792 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2016/07/16 05:41:53 | 000,058,720 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2016/07/16 05:41:53 | 000,032,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs)
DRV:64bit: - [2016/07/16 05:41:53 | 000,032,096 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2016/07/16 05:41:53 | 000,031,072 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2016/07/16 05:41:53 | 000,028,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI)
DRV:64bit: - [2016/07/16 05:41:53 | 000,026,976 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2016/07/16 05:41:53 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiDev.sys -- (AcpiDev)
DRV:64bit: - [2016/07/16 05:41:53 | 000,016,224 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volume.sys -- (volume)
DRV:64bit: - [2016/07/16 05:41:53 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2016/07/16 05:41:53 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2016/07/16 05:41:53 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2016/07/16 05:41:53 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn.sys -- (bcmfn)
DRV:64bit: - [2016/07/16 05:41:52 | 003,418,976 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2016/07/16 05:41:52 | 000,533,856 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2016/07/16 05:41:52 | 000,048,152 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2016/07/16 05:41:52 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2016/07/16 05:41:50 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2016/07/16 05:41:50 | 000,065,536 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2016/07/16 05:41:50 | 000,064,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2016/07/16 05:41:50 | 000,043,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2016/07/16 05:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2016/07/16 05:41:50 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2016/07/16 05:41:50 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2016/07/16 05:41:50 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2016/07/16 05:41:50 | 000,013,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2016/07/16 05:41:50 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgid.sys -- (vmgid)
DRV:64bit: - [2015/12/15 13:32:14 | 000,460,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2015/08/25 17:14:18 | 000,040,464 | ---- | M] (Nuvoton Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nuviocir_x64.sys -- (nuviocir)
DRV:64bit: - [2010/12/29 18:55:46 | 000,370,152 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010/12/29 18:55:44 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/11 02:11:52 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/11/11 02:11:50 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/10/20 00:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV - [2017/01/04 16:21:02 | 014,199,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispiwu.inf_amd64_b67dc924fff8de6d\nvlddmkm.sys -- (nvlddmkm)
DRV - [2016/07/16 05:41:50 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys -- (CompositeBus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
 
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = www.google.com
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.5
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EC 5B 0F 8B 54 9B D2 01  [binary data]
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = CA 4B 57 92 54 9B D2 01  [binary data]
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = 01 00 00 00 33 00 00 00 D0 8A D8 64 3B 4A 98 86 F0 C0 C7 F1 0A 59 16 83 F7 7E F5 01 68 AF 1F 97 CD 70 33 FF DF 00 EC 87 F6 30 B2 CB D4 D4 26 C5 BC ED CC 41 70 E0 EE AE ED AF 67 02 00 00 00 0E 00 00 00 47 78 78 57 6E 46 53 4A 46 79 49 25 33 64  [binary data]
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Mike & Jolene\AppData\Local\Roblox\Versions\version-ffefd1c450cf4303\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher64: C:\Users\Mike & Jolene\AppData\Local\Roblox\Versions\version-ffefd1c450cf4303\\NPRobloxProxy64.dll ()
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mike & Jolene\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{jid1-vS7biDmom8YxhA@jetpack}: 61159272\extensions\{jid1-vS7biDmom8YxhA@jetpack}
 
 
O1 HOSTS File: ([2016/10/18 12:37:14 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Malwarebytes TrayApp] C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Malwarebytes)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WindowsDefender] C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000..\Run: [OneDrive] C:\Users\Mike & Jolene\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000..\Run: [World of Tanks] C:\Games\World_of_Tanks\WargamingGameUpdater.exe (Wargaming.net)
O4 - Startup: C:\Users\Mike & Jolene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk = C:\Users\Mike & Jolene\AppData\Local\Facebook\Games\FacebookGameroom.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\Software\Policies\Microsoft\Internet Explorer\Suggested Sites present
O7 - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6781f0db-4d22-4157-889c-8df3ebdd7c6a}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\mso-minsb.16 - No CLSID value found
O18:64bit: - Protocol\Handler\mso-minsb-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\WINDOWS\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/19 08:37:59 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{09c1f9d5-9554-11e6-893c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{09c1f9d5-9554-11e6-893c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Installer.exe -- [2008/02/19 08:37:59 | 001,172,376 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2017/06/01 15:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2017/06/01 15:40:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2017/05/26 07:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2017/05/11 16:07:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysNative\UNP
[2017/05/11 16:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\UNP
[2017/05/11 15:54:46 | 000,835,576 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2017/05/11 15:54:46 | 000,177,656 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2017/05/11 08:29:00 | 005,722,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\windows.storage.dll
[2017/05/11 08:29:00 | 003,106,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstsc.exe
[2017/05/11 08:29:00 | 000,846,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinTypes.dll
[2017/05/11 08:28:58 | 007,468,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mstscax.dll
[2017/05/11 08:28:58 | 006,665,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Protection.PlayReady.dll
[2017/05/11 08:28:58 | 000,783,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TSWorkspace.dll
[2017/05/11 08:28:58 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\unimdm.tsp
[2017/05/11 08:28:58 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ExSMime.dll
[2017/05/11 08:28:58 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\odbcconf.dll
[2017/05/11 08:28:57 | 005,685,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
[2017/05/11 08:28:57 | 000,589,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Sensors.dll
[2017/05/11 08:28:56 | 001,232,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Maps.dll
[2017/05/11 08:28:56 | 001,221,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
[2017/05/11 08:28:56 | 000,654,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MbaeApiPublic.dll
[2017/05/11 08:28:56 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Geolocation.dll
[2017/05/11 08:28:56 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WwaApi.dll
[2017/05/11 08:28:55 | 003,733,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\D3DCompiler_47.dll
[2017/05/11 08:28:55 | 002,994,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\win32kfull.sys
[2017/05/11 08:28:55 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Phone.dll
[2017/05/11 08:28:54 | 013,873,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2017/05/11 08:28:54 | 002,646,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CertEnroll.dll
[2017/05/11 08:28:53 | 004,023,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2017/05/11 08:28:53 | 001,851,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2017/05/11 08:28:53 | 001,360,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetsrc.dll
[2017/05/11 08:28:53 | 001,277,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll
[2017/05/11 08:28:53 | 001,202,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2017/05/11 08:28:53 | 000,981,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfnetcore.dll
[2017/05/11 08:28:53 | 000,641,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MCRecvSrc.dll
[2017/05/11 08:28:52 | 003,307,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MFMediaEngine.dll
[2017/05/11 08:28:52 | 001,247,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Globalization.dll
[2017/05/11 08:28:52 | 001,077,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Editing.dll
[2017/05/11 08:28:52 | 000,675,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.dll
[2017/05/11 08:28:52 | 000,598,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.dll
[2017/05/11 08:28:52 | 000,400,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PlayToManager.dll
[2017/05/11 08:28:52 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Radios.dll
[2017/05/11 08:28:52 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AuthBroker.dll
[2017/05/11 08:28:52 | 000,094,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
[2017/05/11 08:28:51 | 004,614,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.dll
[2017/05/11 08:28:51 | 001,013,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Web.Http.dll
[2017/05/11 08:28:51 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
[2017/05/11 08:28:51 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.dll
[2017/05/11 08:28:51 | 000,355,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\RTMediaFrame.dll
[2017/05/11 08:28:51 | 000,343,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PlayToDevice.dll
[2017/05/11 08:28:51 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CryptoWinRT.dll
[2017/05/11 08:28:51 | 000,248,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dlnashext.dll
[2017/05/11 08:28:51 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PlayToReceiver.dll
[2017/05/11 08:28:50 | 001,431,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
[2017/05/11 08:28:50 | 001,243,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.FaceAnalysis.dll
[2017/05/11 08:28:50 | 001,004,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Input.Inking.dll
[2017/05/11 08:28:50 | 000,895,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Streaming.dll
[2017/05/11 08:28:50 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\TokenBroker.dll
[2017/05/11 08:28:50 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Web.Core.dll
[2017/05/11 08:28:50 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.SmartCards.dll
[2017/05/11 08:28:50 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.LowLevel.dll
[2017/05/11 08:28:50 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Usb.dll
[2017/05/11 08:28:50 | 000,262,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Picker.dll
[2017/05/11 08:28:50 | 000,237,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SyncSettings.dll
[2017/05/11 08:28:50 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgentUserBroker.exe
[2017/05/11 08:28:50 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Security.Authentication.Identity.Provider.dll
[2017/05/11 08:28:50 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\InstallAgent.exe
[2017/05/11 08:28:50 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Scanners.dll
[2017/05/11 08:28:50 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
[2017/05/11 08:28:50 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dialclient.dll
[2017/05/11 08:28:50 | 000,116,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
[2017/05/11 08:28:50 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Core.dll
[2017/05/11 08:28:49 | 001,656,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Perception.dll
[2017/05/11 08:28:49 | 000,795,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MiracastReceiver.dll
[2017/05/11 08:28:49 | 000,653,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.AccountsControl.dll
[2017/05/11 08:28:49 | 000,557,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\StoreAgent.dll
[2017/05/11 08:28:49 | 000,498,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mbsmsapi.dll
[2017/05/11 08:28:49 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\efswrt.dll
[2017/05/11 08:28:49 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Wallet.dll
[2017/05/11 08:28:49 | 000,392,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Gaming.Input.dll
[2017/05/11 08:28:49 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Internal.Bluetooth.dll
[2017/05/11 08:28:49 | 000,315,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Gaming.XboxLive.Storage.dll
[2017/05/11 08:28:49 | 000,298,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Internal.Management.dll
[2017/05/11 08:28:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WinRtTracing.dll
[2017/05/11 08:28:49 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ErrorDetails.dll
[2017/05/11 08:28:49 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Lights.dll
[2017/05/11 08:28:49 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Devices.dll
[2017/05/11 08:28:48 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Speech.dll
[2017/05/11 08:28:48 | 000,901,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Bluetooth.dll
[2017/05/11 08:28:48 | 000,670,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.PointOfService.dll
[2017/05/11 08:28:48 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CoreMessaging.dll
[2017/05/11 08:28:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.WiFiDirect.dll
[2017/05/11 08:28:48 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Midi.dll
[2017/05/11 08:28:48 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.dll
[2017/05/11 08:28:48 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\deviceaccess.dll
[2017/05/11 08:28:48 | 000,263,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Storage.ApplicationData.dll
[2017/05/11 08:28:48 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.HumanInterfaceDevice.dll
[2017/05/11 08:28:48 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserMgrProxy.dll
[2017/05/11 08:28:48 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.WiFi.dll
[2017/05/11 08:28:48 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DisplayManager.dll
[2017/05/11 08:28:48 | 000,118,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppointmentActivation.dll
[2017/05/11 08:28:48 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDataTimeUtil.dll
[2017/05/11 08:28:47 | 001,255,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AzureSettingSyncProvider.dll
[2017/05/11 08:28:47 | 000,861,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LicenseManager.dll
[2017/05/11 08:28:47 | 000,819,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AppContracts.dll
[2017/05/11 08:28:47 | 000,747,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Media.Ocr.dll
[2017/05/11 08:28:47 | 000,713,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wpnapps.dll
[2017/05/11 08:28:47 | 000,566,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ShareHost.dll
[2017/05/11 08:28:47 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.AllJoyn.dll
[2017/05/11 08:28:47 | 000,238,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\AboveLockAppHost.dll
[2017/05/11 08:28:46 | 007,626,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2017/05/11 08:28:46 | 001,534,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.3D.dll
[2017/05/11 08:28:46 | 000,975,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinapi.appcore.dll
[2017/05/11 08:28:46 | 000,827,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.appcore.dll
[2017/05/11 08:28:46 | 000,500,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.Printing.dll
[2017/05/11 08:28:45 | 001,414,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\gdi32full.dll
[2017/05/11 08:28:44 | 002,749,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2017/05/11 08:28:43 | 004,312,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\explorer.exe
[2017/05/11 08:28:43 | 002,168,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2017/05/11 08:28:43 | 002,154,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\storagewmi.dll
[2017/05/11 08:28:42 | 001,993,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dwmcore.dll
[2017/05/11 08:28:42 | 001,987,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mssrch.dll
[2017/05/11 08:28:42 | 000,886,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\aadtb.dll
[2017/05/11 08:28:41 | 002,747,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rdpcore.dll
[2017/05/11 08:28:41 | 001,323,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_fs.dll
[2017/05/11 08:28:40 | 001,137,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_health.dll
[2017/05/11 08:28:40 | 000,601,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\NetSetupEngine.dll
[2017/05/11 08:28:40 | 000,284,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepsync.dll
[2017/05/11 08:28:39 | 000,781,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WWAHost.exe
[2017/05/11 08:28:39 | 000,719,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wsp_sr.dll
[2017/05/11 08:28:39 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LogonController.dll
[2017/05/11 08:28:38 | 000,764,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mprddm.dll
[2017/05/11 08:28:38 | 000,557,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\spaceport.sys
[2017/05/11 08:28:38 | 000,299,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
[2017/05/11 08:28:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.ApplicationModel.LockScreen.dll
[2017/05/11 08:28:37 | 000,798,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2017/05/11 08:28:37 | 000,546,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\uReFS.dll
[2017/05/11 08:28:37 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\apprepapi.dll
[2017/05/11 08:28:36 | 001,413,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\OpcServices.dll
[2017/05/11 08:28:36 | 000,493,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2017/05/11 08:28:36 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\updatepolicy.dll
[2017/05/11 08:28:35 | 001,631,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
[2017/05/11 08:28:35 | 001,228,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\usercpl.dll
[2017/05/11 08:28:35 | 000,857,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\EmailApis.dll
[2017/05/11 08:28:35 | 000,361,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tsmf.dll
[2017/05/11 08:28:35 | 000,352,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Devices.Enumeration.dll
[2017/05/11 08:28:34 | 000,965,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReAgent.dll
[2017/05/11 08:28:34 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CPFilters.dll
[2017/05/11 08:28:34 | 000,291,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\adsnt.dll
[2017/05/11 08:28:34 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\input.dll
[2017/05/11 08:28:34 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BluetoothApis.dll
[2017/05/11 08:28:34 | 000,088,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\scmbus.sys
[2017/05/11 08:28:33 | 000,525,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\PrintDialogs.dll
[2017/05/11 08:28:33 | 000,450,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastls.dll
[2017/05/11 08:28:33 | 000,318,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\LocationApi.dll
[2017/05/11 08:28:33 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\bthprops.cpl
[2017/05/11 08:28:33 | 000,203,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\credprovhost.dll
[2017/05/11 08:28:33 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\virtdisk.dll
[2017/05/11 08:28:32 | 001,755,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DeviceFlows.DataModel.dll
[2017/05/11 08:28:32 | 000,506,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\DevicePairing.dll
[2017/05/11 08:28:32 | 000,404,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\dsreg.dll
[2017/05/11 08:28:32 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\setupugc.exe
[2017/05/11 08:28:31 | 000,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\imapi2.dll
[2017/05/11 08:28:31 | 000,368,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\puiobj.dll
[2017/05/11 08:28:31 | 000,285,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.BlockedShutdown.dll
[2017/05/11 08:28:30 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastlsext.dll
[2017/05/11 08:28:30 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SensorsApi.dll
[2017/05/11 08:28:30 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\daxexec.dll
[2017/05/11 08:28:30 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ReInfo.dll
[2017/05/11 08:28:30 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Energy.dll
[2017/05/11 08:28:30 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\CameraCaptureUI.dll
[2017/05/11 08:28:29 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\vaultcli.dll
[2017/05/11 08:28:29 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\BthTelemetry.dll
[2017/05/11 08:28:27 | 004,596,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\xpsrchvw.exe
[2017/05/11 08:28:27 | 003,520,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\xpsrchvw.exe
[2017/05/11 08:28:27 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\unimdm.tsp
[2017/05/11 08:28:26 | 001,388,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Cred.dll
[2017/05/11 08:28:26 | 001,080,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Ocr.dll
[2017/05/11 08:28:26 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinRtTracing.dll
[2017/05/11 08:28:26 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Core.dll
[2017/05/11 08:28:25 | 002,424,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Perception.dll
[2017/05/11 08:28:25 | 000,963,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WebcamUi.dll
[2017/05/11 08:28:25 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WebcamUi.dll
[2017/05/11 08:28:25 | 000,561,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Wallet.dll
[2017/05/11 08:28:25 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Gaming.XboxLive.Storage.dll
[2017/05/11 08:28:25 | 000,358,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.dll
[2017/05/11 08:28:25 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WwaApi.dll
[2017/05/11 08:28:25 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssprxy.dll
[2017/05/11 08:28:24 | 002,538,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mssrch.dll
[2017/05/11 08:28:24 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Maps.dll
[2017/05/11 08:28:24 | 001,369,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Phone.dll
[2017/05/11 08:28:24 | 001,266,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Input.Inking.dll
[2017/05/11 08:28:24 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.dll
[2017/05/11 08:28:24 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wuuhext.dll
[2017/05/11 08:28:22 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usocore.dll
[2017/05/11 08:28:21 | 000,857,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WWAHost.exe
[2017/05/11 08:28:21 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MusNotification.exe
[2017/05/11 08:28:16 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\updatehandlers.dll
[2017/05/11 08:28:11 | 001,507,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.FaceAnalysis.dll
[2017/05/11 08:28:09 | 000,372,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXTaskFactory.dll
[2017/05/11 08:28:09 | 000,260,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgentUserBroker.exe
[2017/05/11 08:28:09 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.Identity.Provider.dll
[2017/05/11 08:28:08 | 001,988,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2017/05/11 08:28:08 | 001,908,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AzureSettingSyncProvider.dll
[2017/05/11 08:28:08 | 001,702,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfasfsrcsnk.dll
[2017/05/11 08:28:08 | 000,671,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mbsmsapi.dll
[2017/05/11 08:28:08 | 000,590,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\efswrt.dll
[2017/05/11 08:28:08 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Scanners.dll
[2017/05/11 08:28:08 | 000,211,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\InstallAgent.exe
[2017/05/11 08:28:07 | 003,778,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MFMediaEngine.dll
[2017/05/11 08:28:07 | 001,403,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Editing.dll
[2017/05/11 08:28:07 | 001,302,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2017/05/11 08:28:07 | 001,145,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\EmailApis.dll
[2017/05/11 08:28:07 | 001,072,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfnetcore.dll
[2017/05/11 08:28:07 | 000,748,544 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StoreAgent.dll
[2017/05/11 08:28:06 | 000,864,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpnapps.dll
[2017/05/11 08:28:06 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RTMediaFrame.dll
[2017/05/11 08:28:06 | 000,411,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SensorsApi.dll
[2017/05/11 08:28:05 | 006,288,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.dll
[2017/05/11 08:28:05 | 004,260,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2017/05/11 08:28:05 | 001,860,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.Store.dll
[2017/05/11 08:28:05 | 001,293,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LicenseManager.dll
[2017/05/11 08:28:04 | 002,213,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2017/05/11 08:28:04 | 000,092,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpudd.dll
[2017/05/11 08:28:03 | 001,131,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\localspl.dll
[2017/05/11 08:28:03 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AboveLockAppHost.dll
[2017/05/11 08:28:02 | 001,078,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Streaming.dll
[2017/05/11 08:28:02 | 000,774,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleaut32.dll
[2017/05/11 08:28:01 | 007,220,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\windows.storage.dll
[2017/05/11 08:28:01 | 000,611,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.Printing.dll
[2017/05/11 08:28:00 | 008,170,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Protection.PlayReady.dll
[2017/05/11 08:27:59 | 008,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstscax.dll
[2017/05/11 08:27:59 | 004,149,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcorets.dll
[2017/05/11 08:27:58 | 012,349,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\wmp.dll
[2017/05/11 08:27:58 | 002,390,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\smartscreen.exe
[2017/05/11 08:27:58 | 001,984,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\diagtrack.dll
[2017/05/11 08:27:57 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Audio.dll
[2017/05/11 08:27:57 | 000,846,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MbaeApiPublic.dll
[2017/05/11 08:27:57 | 000,765,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Sensors.dll
[2017/05/11 08:27:57 | 000,456,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\puiobj.dll
[2017/05/11 08:27:56 | 013,441,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmp.dll
[2017/05/11 08:27:56 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDataTimeUtil.dll
[2017/05/11 08:27:55 | 000,999,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TSWorkspace.dll
[2017/05/11 08:27:54 | 001,366,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wpncore.dll
[2017/05/11 08:27:54 | 000,847,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetSetupEngine.dll
[2017/05/11 08:27:53 | 001,359,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usercpl.dll
[2017/05/11 08:27:53 | 000,983,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ngcsvc.dll
[2017/05/11 08:27:53 | 000,794,928 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Shell.Broker.dll
[2017/05/11 08:27:53 | 000,596,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mf.dll
[2017/05/11 08:27:53 | 000,453,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\services.exe
[2017/05/11 08:27:53 | 000,387,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpps.dll
[2017/05/11 08:27:52 | 003,299,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mstsc.exe
[2017/05/11 08:27:52 | 000,860,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mprddm.dll
[2017/05/11 08:27:52 | 000,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NgcCtnrSvc.dll
[2017/05/11 08:27:51 | 003,134,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpcore.dll
[2017/05/11 08:27:51 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SpaceControl.dll
[2017/05/11 08:27:50 | 003,059,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msi.dll
[2017/05/11 08:27:50 | 000,443,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MMDevAPI.dll
[2017/05/11 08:27:50 | 000,408,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tsmf.dll
[2017/05/11 08:27:50 | 000,244,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfps.dll
[2017/05/11 08:27:49 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winspool.drv
[2017/05/11 08:27:46 | 000,583,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PrintDialogs.dll
[2017/05/11 08:27:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PrintDialogs3D.dll
[2017/05/11 08:27:35 | 000,579,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.UX.EapRequestHandler.dll
[2017/05/11 08:27:34 | 000,796,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fvewiz.dll
[2017/05/11 08:27:34 | 000,329,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\fvecpl.dll
[2017/05/11 08:27:34 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storewuauth.dll
[2017/05/11 08:27:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PrintWSDAHost.dll
[2017/05/11 08:27:33 | 001,184,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Unistore.dll
[2017/05/11 08:27:33 | 000,502,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastls.dll
[2017/05/11 08:27:33 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wksprt.exe
[2017/05/11 08:27:33 | 000,394,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpclip.exe
[2017/05/11 08:27:33 | 000,375,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastlsext.dll
[2017/05/11 08:27:32 | 000,360,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rdpencom.dll
[2017/05/11 08:27:31 | 018,365,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\edgehtml.dll
[2017/05/11 08:27:31 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2017/05/11 08:27:30 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mshtmled.dll
[2017/05/11 08:27:29 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2017/05/11 08:27:29 | 000,759,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2017/05/11 08:27:28 | 002,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2017/05/11 08:27:27 | 008,125,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Chakra.dll
[2017/05/11 08:27:27 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2017/05/11 08:27:27 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mshtmled.dll
[2017/05/11 08:27:26 | 001,513,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kbase.sys
[2017/05/11 08:27:26 | 000,402,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\dxgmms1.sys
[2017/05/11 08:27:26 | 000,276,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dxtrans.dll
[2017/05/11 08:27:25 | 001,637,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2017/05/11 08:27:25 | 000,467,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Geolocation.dll
[2017/05/11 08:27:25 | 000,328,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Storage.ApplicationData.dll
[2017/05/11 08:27:25 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\indexeddbserver.dll
[2017/05/11 08:27:25 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\odbcconf.dll
[2017/05/11 08:27:24 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\FlightSettings.dll
[2017/05/11 08:27:23 | 007,784,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ntoskrnl.exe
[2017/05/11 08:27:23 | 001,040,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NaturalLanguage6.dll
[2017/05/11 08:27:22 | 001,589,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdtctm.dll
[2017/05/11 08:27:22 | 001,277,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ole32.dll
[2017/05/11 08:27:22 | 000,937,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MCRecvSrc.dll
[2017/05/11 08:27:22 | 000,539,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToManager.dll
[2017/05/11 08:27:21 | 005,611,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2017/05/11 08:27:21 | 004,474,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\D3DCompiler_47.dll
[2017/05/11 08:27:21 | 001,738,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WindowsCodecs.dll
[2017/05/11 08:27:21 | 000,924,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.BackgroundTransfer.dll
[2017/05/11 08:27:20 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.Http.dll
[2017/05/11 08:27:20 | 001,157,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinapi.appcore.dll
[2017/05/11 08:27:20 | 000,913,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Networking.dll
[2017/05/11 08:27:20 | 000,875,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\TokenBroker.dll
[2017/05/11 08:27:20 | 000,774,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Web.dll
[2017/05/11 08:27:20 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadcloudap.dll
[2017/05/11 08:27:19 | 022,569,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\edgehtml.dll
[2017/05/11 08:27:19 | 000,431,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpAXHolder.dll
[2017/05/11 08:27:17 | 006,042,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakra.dll
[2017/05/11 08:27:17 | 000,311,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncSettings.dll
[2017/05/11 08:27:16 | 000,949,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.PointOfService.dll
[2017/05/11 08:27:16 | 000,650,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RDXService.dll
[2017/05/11 08:27:16 | 000,603,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ContentDeliveryManager.Utilities.dll
[2017/05/11 08:27:16 | 000,568,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.LowLevel.dll
[2017/05/11 08:27:16 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Bluetooth.dll
[2017/05/11 08:27:16 | 000,442,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToDevice.dll
[2017/05/11 08:27:16 | 000,437,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Usb.dll
[2017/05/11 08:27:16 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Picker.dll
[2017/05/11 08:27:16 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.HumanInterfaceDevice.dll
[2017/05/11 08:27:16 | 000,279,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\PlayToReceiver.dll
[2017/05/11 08:27:16 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DisplayManager.dll
[2017/05/11 08:27:16 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Lights.dll
[2017/05/11 08:27:16 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Printers.dll
[2017/05/11 08:27:15 | 017,198,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2017/05/11 08:27:15 | 002,208,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.Printing.3D.dll
[2017/05/11 08:27:15 | 001,275,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Bluetooth.dll
[2017/05/11 08:27:15 | 001,105,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MiracastReceiver.dll
[2017/05/11 08:27:15 | 000,912,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.SmartCards.dll
[2017/05/11 08:27:15 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Security.Authentication.Web.Core.dll
[2017/05/11 08:27:15 | 000,505,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.WiFiDirect.dll
[2017/05/11 08:27:13 | 004,744,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2017/05/11 08:27:12 | 001,121,280 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\aadtb.dll
[2017/05/11 08:27:12 | 000,945,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WpcWebFilter.dll
[2017/05/11 08:27:12 | 000,661,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\WpcWebFilter.dll
[2017/05/11 08:27:12 | 000,418,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.BlockedShutdown.dll
[2017/05/11 08:27:11 | 002,478,080 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DWrite.dll
[2017/05/11 08:27:10 | 002,286,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dwmcore.dll
[2017/05/11 08:27:10 | 002,104,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wlidsvc.dll
[2017/05/11 08:27:10 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LogonController.dll
[2017/05/11 08:27:08 | 002,084,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeviceFlows.DataModel.dll
[2017/05/11 08:27:08 | 000,691,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieproxy.dll
[2017/05/11 08:27:08 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieproxy.dll
[2017/05/11 08:27:08 | 000,241,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHost.dll
[2017/05/11 08:27:06 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Enumeration.dll
[2017/05/11 08:27:06 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\thumbcache.dll
[2017/05/11 08:27:06 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browserbroker.dll
[2017/05/11 08:27:05 | 001,631,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.Resources.dll
[2017/05/11 08:27:05 | 000,971,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.appcore.dll
[2017/05/11 08:27:05 | 000,026,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\browser_broker.exe
[2017/05/11 08:27:04 | 000,591,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2017/05/11 08:27:04 | 000,339,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ConhostV2.dll
[2017/05/11 08:27:03 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\tdc.ocx
[2017/05/11 08:27:03 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\tdc.ocx
[2017/05/11 08:27:02 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\credprovhost.dll
[2017/05/11 08:27:01 | 001,790,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationFramework.dll
[2017/05/11 08:27:01 | 000,822,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Chakradiag.dll
[2017/05/11 08:27:01 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\StructuredQuery.dll
[2017/05/11 08:27:01 | 000,187,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dialclient.dll
[2017/05/11 08:27:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iepeers.dll
[2017/05/11 08:27:01 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CameraCaptureUI.dll
[2017/05/11 08:27:00 | 000,635,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2017/05/11 08:27:00 | 000,410,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicesFlowBroker.dll
[2017/05/11 08:27:00 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\shutdownux.dll
[2017/05/11 08:27:00 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\catsrvps.dll
[2017/05/11 08:26:59 | 000,692,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CellularAPI.dll
[2017/05/11 08:26:59 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Energy.dll
[2017/05/11 08:26:59 | 000,126,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iepeers.dll
[2017/05/11 08:26:55 | 000,775,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\GamePanel.exe
[2017/05/11 08:26:55 | 000,379,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepsync.dll
[2017/05/11 08:26:55 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\apprepapi.dll
[2017/05/11 08:26:54 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SharedStartModel.dll
[2017/05/11 08:26:53 | 002,914,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CertEnroll.dll
[2017/05/11 08:26:53 | 001,586,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Globalization.dll
[2017/05/11 08:26:53 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleacc.dll
[2017/05/11 08:26:53 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dlnashext.dll
[2017/05/11 08:26:53 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AuthBroker.dll
[2017/05/11 08:26:52 | 004,749,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_nt.dll
[2017/05/11 08:26:52 | 001,692,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppXDeploymentExtensions.onecore.dll
[2017/05/11 08:26:52 | 001,600,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\sppobjs.dll
[2017/05/11 08:26:52 | 000,268,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserMgrProxy.dll
[2017/05/11 08:26:51 | 007,216,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Data.Pdf.dll
[2017/05/11 08:26:51 | 003,613,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\win32kfull.sys
[2017/05/11 08:26:51 | 001,060,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppContracts.dll
[2017/05/11 08:26:50 | 009,131,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2017/05/11 08:26:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ShareHost.dll
[2017/05/11 08:26:50 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CryptoWinRT.dll
[2017/05/11 08:26:50 | 000,329,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\deviceaccess.dll
[2017/05/11 08:26:47 | 001,569,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\gdi32full.dll
[2017/05/11 08:26:47 | 000,460,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Midi.dll
[2017/05/11 08:26:47 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Family.SyncEngine.dll
[2017/05/11 08:26:47 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.WiFi.dll
[2017/05/11 08:26:47 | 000,186,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.Radios.dll
[2017/05/11 08:26:47 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ErrorDetails.dll
[2017/05/11 08:26:47 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Family.Client.dll
[2017/05/11 08:26:47 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDeviceRegistration.Ngc.dll
[2017/05/11 08:26:46 | 001,643,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Speech.dll
[2017/05/11 08:26:46 | 001,010,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\enterprisecsps.dll
[2017/05/11 08:26:46 | 000,896,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.AccountsControl.dll
[2017/05/11 08:26:46 | 000,651,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Devices.AllJoyn.dll
[2017/05/11 08:26:46 | 000,547,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Gaming.Input.dll
[2017/05/11 08:26:46 | 000,407,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Internal.Management.dll
[2017/05/11 08:26:46 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.ApplicationModel.LockScreen.dll
[2017/05/11 08:26:46 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UserDeviceRegistration.dll
[2017/05/11 08:26:46 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Media.Devices.dll
[2017/05/11 08:26:45 | 003,290,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mispace.dll
[2017/05/11 08:26:45 | 002,915,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2017/05/11 08:26:45 | 001,267,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinTypes.dll
[2017/05/11 08:26:45 | 000,764,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CoreMessaging.dll
[2017/05/11 08:26:44 | 004,674,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2017/05/11 08:26:44 | 002,861,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\storagewmi.dll
[2017/05/11 08:26:44 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\UIRibbonRes.dll
[2017/05/11 08:26:44 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\UIRibbonRes.dll
[2017/05/11 08:26:42 | 002,216,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OpcServices.dll
[2017/05/11 08:26:42 | 001,913,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsp_fs.dll
[2017/05/11 08:26:42 | 001,021,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\usermgr.dll
[2017/05/11 08:26:42 | 000,368,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\OneBackupHandler.dll
[2017/05/11 08:26:41 | 001,852,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\crypt32.dll
[2017/05/11 08:26:41 | 001,584,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsp_health.dll
[2017/05/11 08:26:41 | 001,490,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2017/05/11 08:26:41 | 000,946,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wsp_sr.dll
[2017/05/11 08:26:41 | 000,289,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DeveloperOptionsSettingsHandlers.dll
[2017/05/11 08:26:41 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winsrv.dll
[2017/05/11 08:26:41 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\updatepolicy.dll
[2017/05/11 08:26:40 | 002,510,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\NetworkMobileSettings.dll
[2017/05/11 08:26:40 | 000,947,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemSettings.Handlers.dll
[2017/05/11 08:26:40 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\uReFS.dll
[2017/05/11 08:26:40 | 000,410,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WinSetupUI.dll
[2017/05/11 08:26:39 | 000,578,400 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2017/05/11 08:26:38 | 000,881,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2017/05/11 08:26:38 | 000,828,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appwiz.cpl
[2017/05/11 08:26:38 | 000,700,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\kernel32.dll
[2017/05/11 08:26:38 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\resutils.dll
[2017/05/11 08:26:38 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\dafBth.dll
[2017/05/11 08:26:38 | 000,146,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CloudExperienceHostCommon.dll
[2017/05/11 08:26:38 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingsHandlers_ClosedCaptioning.dll
[2017/05/11 08:26:38 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepositoryClient.dll
[2017/05/11 08:26:37 | 000,770,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2017/05/11 08:26:36 | 001,817,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ResetEngine.dll
[2017/05/11 08:26:36 | 000,455,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\securekernel.exe
[2017/05/11 08:26:36 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SpaceAgent.exe
[2017/05/11 08:26:35 | 000,567,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\DevicePairing.dll
[2017/05/11 08:26:34 | 000,699,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wimgapi.dll
[2017/05/11 08:26:34 | 000,560,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AppReadiness.dll
[2017/05/11 08:26:34 | 000,526,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wimserv.exe
[2017/05/11 08:26:34 | 000,501,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\spwizeng.dll
[2017/05/11 08:26:34 | 000,322,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\input.dll
[2017/05/11 08:26:34 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\spaceman.exe
[2017/05/11 08:26:33 | 001,117,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ReAgent.dll
[2017/05/11 08:26:33 | 000,886,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\CPFilters.dll
[2017/05/11 08:26:33 | 000,337,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\AudioEndpointBuilder.dll
[2017/05/11 08:26:33 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\virtdisk.dll
[2017/05/11 08:26:32 | 001,476,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\RecoveryDrive.exe
[2017/05/11 08:26:32 | 000,673,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winlogon.exe
[2017/05/11 08:26:32 | 000,600,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\cryptui.dll
[2017/05/11 08:26:32 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bthprops.cpl
[2017/05/11 08:26:32 | 000,120,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BluetoothApis.dll
[2017/05/11 08:26:31 | 000,501,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\imapi2.dll
[2017/05/11 08:26:31 | 000,380,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\LocationApi.dll
[2017/05/11 08:26:31 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\adsnt.dll
[2017/05/11 08:26:31 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.AppDefaults.dll
[2017/05/11 08:26:31 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.System.Profile.RetailInfo.dll
[2017/05/11 08:26:31 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ConsentUX.dll
[2017/05/11 08:26:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.StateRepositoryBroker.dll
[2017/05/11 08:26:31 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\BthTelemetry.dll
[2017/05/11 08:26:31 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\appidcertstorecheck.exe
[2017/05/11 08:26:30 | 000,267,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vaultcli.dll
[2017/05/06 16:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2017/05/06 16:47:17 | 000,000,000 | ---D | C] -- C:\Intel
[2017/05/06 16:42:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2017/06/02 18:23:32 | 1710,723,072 | -HS- | M] () -- C:\hiberfil.sys
[2017/06/02 18:23:28 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2017/06/02 17:43:19 | 000,252,832 | ---- | M] (Malwarebytes) -- C:\WINDOWS\SysNative\drivers\MBAMSwissArmy.sys
[2017/06/02 17:42:03 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2017/06/02 16:15:23 | 464,286,789 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2017/06/01 16:21:36 | 000,001,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2017/05/31 11:09:14 | 000,077,376 | ---- | M] () -- C:\WINDOWS\SysNative\drivers\mbae64.sys
[2017/05/12 23:28:08 | 002,324,514 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2017/05/12 23:28:08 | 001,826,840 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2017/05/12 23:28:08 | 000,474,112 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2017/05/11 15:53:32 | 000,332,264 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2017/05/11 08:00:25 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\WSManMigrationPlugin.dll
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2017/06/01 20:27:02 | 464,286,789 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2017/05/12 15:18:18 | 000,001,256 | ---- | C] () -- C:\Users\Mike & Jolene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk
[2017/05/11 08:28:48 | 000,265,728 | ---- | C] () -- C:\WINDOWS\SysWow64\Windows.Perception.Stub.dll
[2017/05/11 08:28:47 | 002,048,488 | ---- | C] () -- C:\WINDOWS\SysWow64\CoreUIComponents.dll
[2017/05/11 08:28:08 | 000,418,304 | ---- | C] () -- C:\WINDOWS\SysNative\Windows.Perception.Stub.dll
[2017/05/11 08:27:21 | 002,681,200 | ---- | C] () -- C:\WINDOWS\SysNative\CoreUIComponents.dll
[2017/03/14 18:49:09 | 000,019,968 | ---- | C] () -- C:\WINDOWS\SysWow64\GamePanelExternalHook.dll
[2017/03/09 01:16:12 | 000,099,464 | ---- | C] () -- C:\WINDOWS\SysWow64\igdde32.dll
[2017/03/08 18:44:25 | 000,000,258 | RHS- | C] () -- C:\Users\Mike & Jolene\ntuser.pol
[2017/02/08 18:09:28 | 000,269,600 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkan-1.dll
[2017/02/08 18:09:28 | 000,110,880 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkaninfo.exe
[2017/01/04 16:18:10 | 035,231,160 | ---- | C] () -- C:\WINDOWS\SysWow64\nvcompiler.dll
[2016/10/22 10:12:58 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2016/09/09 12:25:58 | 000,269,600 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkan-1-1-0-26-0.dll
[2016/09/09 12:25:28 | 000,110,880 | ---- | C] () -- C:\WINDOWS\SysWow64\vulkaninfo-1-1-0-26-0.exe
[2016/07/16 05:47:57 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2016/07/16 05:47:57 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2016/07/16 05:43:04 | 000,055,296 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2016/07/16 05:42:55 | 000,167,640 | ---- | C] () -- C:\WINDOWS\SysWow64\chs_singlechar_pinyin.dat
[2016/07/16 05:42:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2016/07/16 05:42:49 | 000,304,640 | ---- | C] () -- C:\WINDOWS\SysWow64\HrtfApo.dll
[2016/07/16 05:42:48 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2016/07/16 05:42:43 | 000,002,307 | ---- | C] () -- C:\WINDOWS\SysWow64\WimBootCompress.ini
[2016/07/16 05:42:12 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2016/05/19 10:41:38 | 000,963,452 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2016/05/19 10:41:38 | 000,272,928 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
 
========== ZeroAccess Check ==========
 
[2017/01/15 14:27:01 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\windows.storage.dll -- [2017/04/27 18:40:18 | 007,220,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\windows.storage.dll -- [2017/04/27 18:46:03 | 005,722,320 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2016/07/16 05:42:31 | 000,977,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2016/07/16 05:42:56 | 000,779,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2016/07/16 05:42:31 | 000,518,656 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2017/01/15 11:58:32 | 000,000,000 | ---D | M] -- C:\Users\Mike & Jolene\AppData\Roaming\Battle.net
[2017/01/18 18:31:38 | 000,000,000 | ---D | M] -- C:\Users\Mike & Jolene\AppData\Roaming\Texthelp
[2017/06/02 17:56:04 | 000,000,000 | ---D | M] -- C:\Users\Mike & Jolene\AppData\Roaming\TS3Client
[2016/10/18 20:31:21 | 000,000,000 | ---D | M] -- C:\Users\Mike & Jolene\AppData\Roaming\Wargaming.net
 
========== Purity Check ==========
 
 
< End of report >
 
Link to post
Share on other sites

OTL Extras logfile created on: 6/2/2017 6:26:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mike & Jolene\Downloads
64bit- An unknown product  (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.14393.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.98 Gb Total Physical Memory | 2.42 Gb Available Physical Memory | 60.79% Memory free
4.67 Gb Paging File | 2.79 Gb Available in Paging File | 59.70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1396.73 Gb Total Space | 1119.11 Gb Free Space | 80.12% Space Free | Partition Type: NTFS
Drive D: | 655.56 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: GRAUFAMILY | User Name: Mike & Jolene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Powershell] -- powershell.exe -noexit -command Set-Location '%V' (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = D1 1F B3 1F 82 2C D2 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" =  [binary data]
"DontEnumerateCommonFilesUpgradeExe" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{75ED6AB9-E1DB-448A-B12E-B8F347491825}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02EED49A-C54A-4ED7-8406-105984F52E0F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\lync.exe |
"{07663136-A95E-4704-B3F7-1046DCDE7DCA}" = dir=in | name=@{microsoft.zunemusic_10.17042.14111.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{08160BFE-17B4-410A-B5F5-8EC3611F976C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa_be.exe |
"{091896ED-A30F-423B-915E-E41126C52472}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{0A2BBF18-6328-44FA-99CF-957750B8F255}" = dir=in | name=roblox |
"{0C691543-E6C4-478E-9EB8-AFEDAF459EDF}" = dir=out | name=netflix |
"{0C7E7F86-BFCB-49AC-95E3-4DFB220C388E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{0E61ABFD-8845-4595-A63F-D971BFC7B241}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\making history the calm and the storm\bin\makehist.exe |
"{11470D81-4480-4C1E-B3B4-6C2B490E42B6}" = dir=out | name=@{ad2f1837.hpscanandcapture_40.0.245.0_x64__v10z8vjag6ke6?ms-resource://ad2f1837.hpscanandcapture/resources/apptitle} |
"{11475C58-3147-41F9-AE6C-D101B28B94BC}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{1392E6F5-1CCC-4E01-8E10-61DD42EB0E0A}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{14972217-8906-408D-9066-0CCD866BE959}" = dir=in | name=@{microsoft.skypeapp_11.16.595.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{161A5EAC-86E2-4897-A12E-4A5477AA28E8}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{173242B4-D557-462A-832A-9A785337F9E3}" = dir=in | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{185BE3F4-EB3B-4A19-898B-3BB5D240DE8A}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{1D6D7894-DFAB-492B-9B41-E750E6F015BC}" = dir=out | app=c:\games\world_of_tanks\worldoftanks.exe |
"{1D8850F9-835A-4228-8D25-5927CF439D14}" = dir=in | name=xbox one smartglass |
"{216463C0-625F-4D52-B9F9-9A37C5C3D070}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergame.exe |
"{225109E0-A934-4390-BD21-739000294649}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{229C61FA-5C6E-4085-AD37-691974555709}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{23031421-CEE6-453F-B8D9-D3E3DF48CF28}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{249AE797-F0EE-486E-90A2-60247E361E80}" = dir=out | name=@{microsoft.xboxidentityprovider_11.19.19003.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxidentityprovider/resources/displayname} |
"{2561A6B6-6B59-4E4E-A54C-422544A7CF32}" = dir=out | name=@{microsoft.getstarted_5.9.1042.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{2A5B1442-8F6E-44AF-B3A3-933A0E773532}" = dir=in | name=@{microsoft.bingsports_4.20.1102.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{2B0C70E2-B397-465D-8803-91F4E0FA4D95}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{2BA97252-1157-4B25-B23B-91DD9AF010C0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergame.exe |
"{2CC6D99E-E83F-404A-874D-47E8E8471B2B}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{2DD265BE-DC8B-40D0-9DC3-2F094E0CFDC5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\acr\datacachepreprocessor.exe |
"{2E4E90A6-2238-4AF1-AC66-D999207634FF}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{3030EA50-1668-4893-BACA-A023E519143D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\ucmapi.exe |
"{317FCC4E-E779-4EDF-AEAF-864836FED0FF}" = dir=out | name=hp all-in-one printer remote |
"{31DC5DA6-422B-410F-ACAE-45C7DCD177B8}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{34337556-8EFD-44DF-91F5-A78B8B532F07}" = dir=out | name=@{microsoft.connectivitystore_1.1604.4.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.connectivitystore/mswifiresources/appstorename} |
"{34971CA1-F4CF-4862-BF65-7E8FC79E969C}" = dir=out | name=microsoft sticky notes |
"{34C8966E-5442-4637-98D6-11E8D52AA2D4}" = dir=out | name=@{microsoft.appconnector_1.3.3.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.appconnector/resources/connectorstubtitle} |
"{353C08BE-40A8-46C9-A3A7-0B069726D8ED}" = dir=in | name=@{microsoft.bingfinance_4.20.1102.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{36553214-9E7A-48A5-B24D-86541D087E6A}" = dir=out | name=xbox one smartglass |
"{37843F6F-2B80-411F-8E02-A2BD7D15A365}" = dir=out | name=@{microsoft.windows.cloudexperiencehost_10.0.14393.1066_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cloudexperiencehost/resources/appdescription} |
"{38D11FC0-4889-4E51-BEB2-A39DCFE90E95}" = dir=in | name=@{microsoft.zunevideo_10.17042.14211.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{3938D1F2-60AF-4D45-86D1-6D4C7785D60A}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{3C1D09A0-3675-4A3C-AFDA-B7905DB8D2EF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergame_be.exe |
"{3FF08B94-9CE7-4D09-92EE-6C3D53050CAA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\lync.exe |
"{42A4BEDC-8E74-4C86-BD56-C6AEBC046EE0}" = dir=out | name=@{microsoft.skypeapp_11.16.595.0_x64__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/skypevideo_productname} |
"{42AD01EA-0BBE-450C-8504-EA4DAC220CBE}" = dir=out | name=@{microsoft.bingfinance_4.20.1102.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/applicationtitlewithbranding} |
"{461CC14E-214D-4660-9028-4981291BB39B}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{4769DB55-EED9-4904-997D-F3D42F458E85}" = dir=out | name=@{microsoft.windows.shellexperiencehost_10.0.14393.1198_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.shellexperiencehost/resources/pkgdisplayname} |
"{4A75BBD9-788F-4360-BEE7-FF3D084B421B}" = dir=out | name=@{microsoft.bingnews_4.20.1102.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{4A9714EC-77A6-4EF5-8757-5B0A78F1FD48}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
"{4AAFA2C1-C756-4392-B7E0-576187B3A728}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{4AFEC5E7-C915-4544-A11B-CBA0F57D6AB2}" = dir=out | name=onenote |
"{4D70F68C-9732-45BF-80F3-9F2776E9C3B5}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{4D97F2C4-95F3-4D8E-868B-BC00302370BD}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{4DDC75A8-80EF-4C13-9CCB-A5B3548A852D}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{4ECEEE42-6789-4A1D-B994-9A5531D0A63D}" = dir=out | name=@{microsoft.microsoftofficehub_17.8225.5925.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{51F4BAD4-6BC1-473F-8582-3EDE7DA82083}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\making history the calm and the storm\bin\ed.exe |
"{5336010D-2781-48AC-A9F2-3C29801E6983}" = dir=in | name=microsoft sticky notes |
"{53ED9E9E-DFF8-4207-9717-2914B7570455}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{584E7CA6-B56A-44A2-81AA-C67904360C28}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{5891AA79-8A72-4B87-A216-02D080D86C0A}" = dir=in | name=@{microsoft.microsoftedge_38.14393.1066.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{5D331A8D-B401-40F8-8F97-525930612250}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{5DC9458E-B64D-46AA-AFD8-FE32EA332F19}" = dir=out | name=@{microsoft.zunemusic_10.17042.14111.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{5F48B7A3-54FC-4CE7-BC18-834758BA3A11}" = dir=out | name=@{microsoft.windowsfeedbackhub_1.1704.1361.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{601DC602-422A-41C1-88CA-CF2DCE82274D}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{61E2B59F-5376-4671-826C-98D47C60A12F}" = dir=out | name=@{microsoft.windowsphone_10.1609.2561.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphone/resources/appstorename} |
"{622B76FB-046C-4694-AA3E-92F965B7FFF7}" = dir=in | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{6399685F-3657-4895-940A-5F4C87F1B6AA}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{65455CBD-C15A-4DF7-BD77-264F3DAB0D78}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{68EC2178-E48E-4D92-BA77-AE78A707FA52}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{6BDA16F3-1387-4B42-BBF0-9DCB5AF61F55}" = dir=in | name=@{microsoft.windows.photos_17.425.10010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{6E3D0EFC-3CCF-415A-A974-32833489971C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
"{6EE511BF-2F65-4BFC-850D-CEB4AC63FD1A}" = dir=out | name=picsart - photo studio |
"{708730F5-81F3-431B-BF27-6E0A408FBEEB}" = dir=out | name=sway |
"{715857DB-8D63-470F-A680-DB7F117E04CB}" = dir=in | name=@{microsoft.bingweather_4.20.1102.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{7198B804-6CE3-4FD6-9FA1-76D04ED7894A}" = dir=out | name=@{microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{72DEAAC1-B0B7-4A9F-8FAA-A1EFC41EFD66}" = dir=in | name=@{microsoft.commsphone_1.10.15000.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.commsphone/resources/appstorename} |
"{74B754AF-C704-45FE-A91F-89F5664CED09}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa_be.exe |
"{75C73E2D-1311-4354-8176-E863061C564C}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{75C99263-2DB3-403B-8A62-8BB117B9D363}" = dir=out | name=minecraft: story mode - a telltale games series |
"{76F4B16D-4C8D-4AC6-934F-777BF8922C03}" = dir=in | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{7B459A2F-530B-4431-B828-8839F7F22E50}" = dir=out | name=@{microsoft.bingweather_4.20.1102.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/applicationtitlewithbranding} |
"{7BBFD83D-6E34-410B-9B72-94DCE9E03635}" = dir=out | app=c:\games\world_of_tanks\wotlauncher.exe |
"{8078DDA1-EB36-4569-95E9-B0B760005C62}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{84964F87-6E45-4648-B8D1-6E890C1AB850}" = dir=in | name=onenote |
"{85B43649-2F55-4980-9908-D8A184C9FAF8}" = dir=in | name=@{microsoft.bingnews_4.20.1102.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/applicationtitlewithbranding} |
"{88202F6D-6F3A-452F-8667-DDA6FEA4070F}" = dir=out | name=@{microsoft.microsoftedge_38.14393.1066.0_neutral__8wekyb3d8bbwe?ms-resource://microsoft.microsoftedge/resources/appname} |
"{88E56763-A667-46BA-B96C-CADAD34081F2}" = dir=in | name=@{gameloftsa.despicablememinionrush_4.1.1.6_x86__0pp20fcewvvtj?ms-resource://gameloftsa.despicablememinionrush/resources/appdisplayname} |
"{89CE4705-A830-4621-9B09-C3B9A3354C31}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{8AF54E25-706A-4D67-BA11-BC1D639087F6}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{8C877490-4DE7-466E-A474-E8260EF82D38}" = dir=out | name=store purchase app |
"{8E48A632-3050-49BD-8F50-E51371B46A15}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{8FBB0BF5-4E58-4ECF-A12E-F1AC7BA7C151}" = dir=in | name=@{microsoft.windowsstore_11703.1001.45.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{90AC451E-7CA9-47BA-BEC9-C1CC5A9B1812}" = dir=out | name=@{microsoft.messaging_3.19.1001.0_x86__8wekyb3d8bbwe?ms-resource://microsoft.messaging/resources/appstorename} |
"{917FC4AB-1A70-4A02-B170-45F3590CA65A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\root\office16\ucmapi.exe |
"{93145D55-7E2D-442F-AD4B-F0BC9651ACFF}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{936A7D92-7D1A-44B5-811B-45F0460B474E}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{988A4106-BDF9-444C-B82F-6D57A5E1658C}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{9A25D900-9036-498F-9C26-378EAE2D9EC5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{9AF79496-5ED7-4921-9B53-7C063338B161}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe |
"{9C5B7298-C24C-4B30-8CD1-51BB030E29E7}" = dir=in | name=@{microsoft.windowsfeedbackhub_1.1704.1361.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsfeedbackhub/resources/appstorename} |
"{9CEB73A3-34F4-405E-A9DA-09C2AA8158B0}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{9D1ECDCE-AFA7-45A9-816D-D6D07BD189E7}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{9FAA5CE8-C433-4099-8420-AF42CDB069F4}" = dir=out | name=@{microsoft.accountscontrol_10.0.14393.1198_neutral__cw5n1h2txyewy?ms-resource://microsoft.accountscontrol/resources/displayname} |
"{9FC050A1-CDEF-4B7F-AC6A-E29ECC9C83F9}" = dir=out | name=@{gameloftsa.despicablememinionrush_4.1.1.6_x86__0pp20fcewvvtj?ms-resource://gameloftsa.despicablememinionrush/resources/appdisplayname} |
"{A1BB9DFE-9C75-4719-947B-34D28BE2F88C}" = dir=out | name=xbox |
"{A1CCCCA8-3C6C-4A29-AF64-330D177255F3}" = dir=in | name=@{microsoft.microsoftofficehub_17.8225.5925.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftofficehub/officehubintl/appmanifest_getoffice_displayname} |
"{A3238153-CBAF-47FF-9EE7-87C28E7B8EBF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{A39E8B8C-C315-4058-9BDE-51779825A834}" = dir=out | name=minecraft: windows 10 edition |
"{A3A85ECC-DB88-46EB-85B8-FDA3846345FE}" = dir=out | name=twitter |
"{A4A8B8C9-B9FB-43D7-BA92-C735C3385798}" = dir=in | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{A59B3B78-4F4E-4B2B-BDE6-BFB67A54A7FA}" = dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"{A90BEC67-98AB-457D-BB2A-049F23D2937C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\baf\datacachepreprocessor.exe |
"{AB2BB8E9-4C2B-4928-B1D5-33ABE8C1CE4E}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{ACF68C93-6D2E-462A-BCF5-E88F98B64984}" = dir=in | name=xbox |
"{ADBF9D9C-713C-4109-BA96-1ECE8F741A05}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\acr\datacachepreprocessor.exe |
"{ADFC009B-05E3-489C-8E85-F31A61538E5B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\dlcsetup\pmc\datacachepreprocessor.exe |
"{AE0B600B-BF5C-4157-B19F-27A238481D82}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{AF5469B4-E442-4A43-827B-7543AB9FF92B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\bin\cef\cef.win7\steamwebhelper.exe |
"{B083F6D1-0FF5-46C9-952C-65BDE071C005}" = dir=in | name=@{microsoft.getstarted_5.9.1042.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.getstarted/resources/appstorename} |
"{B0A91A9E-5BDD-46D7-977F-3186876A9358}" = dir=out | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{B1D62AA2-E199-46B1-A1C4-2D46E4F6F75B}" = dir=out | name=windows_ie_ac_001 |
"{B33666FB-4C78-46F9-BF4C-9EF93C1DD549}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{B46DD6E9-8CEC-407B-B0A0-14ECAC359EF1}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{B4D10F00-D943-4805-AA44-55AAADDA612A}" = dir=out | name=@{microsoft.windows.contentdeliverymanager_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.contentdeliverymanager/resources/appdisplayname} |
"{BA8FAB71-7D1B-44BB-8A18-49C6EC9F03C3}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{BBB2355B-09E2-45E0-8357-217CACA7D782}" = dir=out | name=@{microsoft.lockapp_10.0.14393.0_neutral__cw5n1h2txyewy?ms-resource://microsoft.lockapp/resources/appdisplayname} |
"{BD43FF88-E546-4BE8-97BE-7BBAB6A28048}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{BD8F6A29-4F59-4D2A-A666-7A0CC7F21187}" = dir=out | name=@{microsoft.windows.parentalcontrols_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.parentalcontrols/resources/displayname} |
"{C015B387-4E4E-4C7A-A37B-DE086C8427AA}" = dir=in | name=netflix |
"{C1BF24BF-F94D-43D3-8F05-03180D8CBC36}" = dir=out | name=@{microsoft.windows.photos_17.425.10010.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windows.photos/resources/appstorename} |
"{C34AD373-04D1-4FED-A66E-1ADD742EDB66}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{C43E63EB-4810-4648-9842-3A5B7C3A9566}" = dir=in | name=sway |
"{C8DA3628-9510-4A2A-BA57-4D1A8D994EEC}" = dir=out | name=@{microsoft.windowsstore_11703.1001.45.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsstore/resources/storetitle} |
"{C9826A6D-5E6C-4280-895F-BE612EE228CA}" = dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"{CC0FD257-FFF6-42E0-B467-955E91451C3C}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{CC3D8A70-7030-400F-AE8C-914F9B07A3E0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{CE1E1F09-7D1A-4466-9B33-04420021C1E5}" = dir=out | name=@{microsoft.zunevideo_10.17042.14211.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{D1EBFA93-D2EC-4149-BE8A-02CFFD71DECE}" = dir=out | name=@{microsoft.windows.cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.cortana/resources/packagedisplayname} |
"{D25C31C4-B521-43A2-99FB-B18E76C1FC5C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ark\shootergame\binaries\win64\shootergame_be.exe |
"{D31A04A1-F9C5-42C7-A555-3E24D1B7CE78}" = dir=out | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{D57B24ED-810B-49EF-9EA6-AD241042A47F}" = dir=in | name=picsart - photo studio |
"{D5CC0D07-4BDD-4FEB-9ADA-0D4F090F7E6D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\making history the calm and the storm\bin\ed.exe |
"{D831A90B-AC04-4E2E-8752-2D10AC063203}" = dir=out | name=candy crush soda saga |
"{DC3ACE4C-FA01-4246-B7E7-B8F78A3F7B57}" = dir=out | name=roblox |
"{DC7E1E8E-7129-4959-8192-0ED8A8986E88}" = dir=out | name=@{microsoft.3dbuilder_14.1.1302.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.3dbuilder/resources/appstorename} |
"{DD27B6D9-AE05-41C4-BAC5-207F6B78BB9C}" = dir=in | name=minecraft: windows 10 edition |
"{DF9A60FF-44D6-490B-B441-B7F403C4A83B}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{E0B98B20-E702-4F36-B278-294361D03467}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{E11EC30B-3AE3-4EF7-B9A5-F5C9221A320A}" = dir=out | name=@{microsoft.aad.brokerplugin_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.aad.brokerplugin/resources/packagedisplayname} |
"{E228F00D-43EA-4AA5-965A-76B9ACFFCDE9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\making history the calm and the storm\bin\makehist.exe |
"{E32087F4-EC23-4869-BD30-0FCB445A4C34}" = dir=in | name=hp all-in-one printer remote |
"{E3A35270-960D-4B1A-93C6-4BF7E196C467}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{E792A4EE-1329-44E3-86A6-F4CD5B482B02}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.8218.40507.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/hxoutlookintl/appmanifest_outlookdesktop_displayname} |
"{E7FD7E2B-E770-4541-BDE7-5B8B1BE7345B}" = dir=out | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{E801941E-707A-4153-AED6-0D2A1F63A995}" = dir=out | name=microsoft solitaire collection |
"{E92CBD0B-7C81-42A4-972D-5AC42380D246}" = dir=in | name=@{microsoft.oneconnect_1.1607.6.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.oneconnect/oneconnect/appstorename} |
"{EBDDDF6C-8A4F-419A-83EF-A3466C3BF1B7}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{EC0F09C6-9EDD-45EF-AE96-1EB526B232DB}" = dir=in | name=@{windows.contactsupport_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://windows.contactsupport/resources/appdisplayname} |
"{F02C8D07-3950-4B30-8125-F62A694EE4D5}" = dir=out | name=@{microsoft.xboxgamecallableui_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.xboxgamecallableui/resources/pkgdisplayname} |
"{F3509A90-BA49-4245-9DC7-B04BF89A438D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"{F48CFDE7-AA13-48B5-96E1-1BC41ED1A53F}" = dir=out | name=@{microsoft.windows.apprep.chxapp_1000.14393.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.windows.apprep.chxapp/resources/displayname} |
"{F5711AA0-1870-4C1B-860A-8E86996C101E}" = dir=out | name=@{microsoft.people_10.2.831.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.people/resources/appstorename} |
"{F7601B49-90BF-4106-927B-484379BBF6FD}" = dir=in | name=@{microsoft.ppiprojection_10.0.14393.0_neutral_neutral_cw5n1h2txyewy?ms-resource://microsoft.ppiprojection/resources/productname} |
"{F82E32C8-E4D5-45B5-AC10-BD9AAB698297}" = dir=in | name=microsoft solitaire collection |
"{F8EDCFF8-A4EE-400E-B3BC-AE1C74007C96}" = dir=out | name=@{microsoft.bingsports_4.20.1102.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/applicationtitlewithbranding} |
"{FABE07BD-3AC2-40E0-ABB5-53AF51265BE6}" = dir=out | name=@{microsoft.windowsmaps_5.1705.1391.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsmaps/resources/appstorename} |
"{FB45F000-CDC0-4816-A44A-C41CBF94D8AD}" = dir=in | name=@{ad2f1837.hpscanandcapture_40.0.245.0_x64__v10z8vjag6ke6?ms-resource://ad2f1837.hpscanandcapture/resources/apptitle} |
"TCP Query User{2ECC96E9-17EE-4143-A9E8-7E8A1CD556D3}C:\program files (x86)\starcraft ii\versions\base48258\sc2_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base48258\sc2_x64.exe |
"TCP Query User{38F24F13-20AA-464E-B3F0-311ED086B874}C:\program files (x86)\diablo iii\x64\diablo iii64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\x64\diablo iii64.exe |
"TCP Query User{3998CDF9-7B58-4DFB-8BE0-CC4F3E7C4B4C}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe |
"TCP Query User{4DFA2D90-9089-4506-B584-011D06512233}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe |
"TCP Query User{61367F16-FE6D-4E26-87E2-3F3A02525239}C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe |
"TCP Query User{8B1DBEE9-AFA2-4D8A-8902-1C1C2890A2BC}C:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe |
"TCP Query User{D8800887-465F-41AB-937B-021F25BE1090}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{FDB87EAF-07F0-4A31-854B-FADF4B274C5E}C:\program files (x86)\starcraft ii\versions\base48645\sc2_x64.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base48645\sc2_x64.exe |
"UDP Query User{034A4CE8-D798-4881-B021-729DBB56F307}C:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of the storm\versions\base47479\heroesofthestorm_x64.exe |
"UDP Query User{048EC033-C4C9-4AD2-B2A2-5DE354A7D372}C:\program files (x86)\diablo iii\x64\diablo iii64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\x64\diablo iii64.exe |
"UDP Query User{6EF73A43-203D-492B-8237-D2FB2DD58C32}C:\program files (x86)\starcraft ii\versions\base48645\sc2_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base48645\sc2_x64.exe |
"UDP Query User{6F9A0BA7-97CF-4213-94BD-56933FCDF7BA}C:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of the storm\versions\base48297\heroesofthestorm_x64.exe |
"UDP Query User{7A79A0F6-FB63-4834-BD12-0BAEDA52A93D}C:\program files (x86)\starcraft ii\versions\base48258\sc2_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base48258\sc2_x64.exe |
"UDP Query User{940509A0-361F-4E07-82A7-4888792437F6}C:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of the storm\versions\base48548\heroesofthestorm_x64.exe |
"UDP Query User{95218947-4BE7-48AC-B2E0-496A9E165A3E}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{ED3CE37F-7DD3-49DF-A648-E4387A9EF49E}C:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of the storm\versions\base49278\heroesofthestorm_x64.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{293F2009-0145-450B-B4AA-063D43FB368C}" = Windows 10 Update and Privacy Settings
"{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1" = Malwarebytes version 3.1.2.1733
"{37B8F9C7-03FB-3253-8781-2517C99D7C00}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
"{90160000-008F-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Licensing Component
"{90160000-00DD-0000-1000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component 64-bit Registration
"{929FBD26-9020-399B-9A7A-751D61F0B942}" = Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
"{A1C31BA5-5438-3A07-9EEE-A5FB2D0FDE36}" = Microsoft Visual C++ 2015 x64 Minimum Runtime - 14.0.23506
"{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}" = Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
"{B0B194F8-E0CE-33FE-AA11-636428A4B73D}" = Microsoft Visual C++ 2015 x64 Additional Runtime - 14.0.23506
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 376.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 376.53
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainer" = NVIDIA Display Container
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVDisplayContainerLS" = NVIDIA Display Container LS
"{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
"CCleaner" = CCleaner
"O365ProPlusRetail - en-us" = Microsoft Office 365 ProPlus - en-us
"Steam App 105600" = Terraria
"Steam App 219540" = Arma 2: Operation Arrowhead Beta (Obsolete)
"Steam App 224580" = Arma 2: DayZ Mod
"Steam App 33910" = Arma 2
"Steam App 33930" = Arma 2: Operation Arrowhead
"Steam App 346110" = ARK: Survival Evolved
"Steam App 6250" = Making History: The Calm & The Storm
"Steam App 65700" = Arma 2: British Armed Forces
"Steam App 65720" = Arma 2: Private Military Company
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VulkanRT1.0.26.0" = Vulkan Run Time Libraries 1.0.26.0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{050d4fc8-5d48-4b8f-8972-47c82c46020f}" = Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
"{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}" = Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
"{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}" = Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506
"{7E155A45-DE1A-46E0-A6B2-10FE1D8501FC}" = Facebook Gameroom 1.3.1.3
"{90160000-008C-0000-0000-0000000FF1CE}" = Office 16 Click-to-Run Extensibility Component
"{90160000-008C-0409-0000-0000000FF1CE}" = Office 16 Click-to-Run Localization Component
"{B175520C-86A2-35A7-8619-86DC379688B9}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
"{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
"{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f65db027-aff3-4070-886a-0d87064aabb1}" = Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
"{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}" = Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
"Battle.net" = Battle.net
"Diablo III" = Diablo III
"Heroes of the Storm" = Heroes of the Storm
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"StarCraft II" = StarCraft II
"Steam" = Steam
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1363677038-3844321727-1082389403-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812na}_is1" = World of Tanks
"OneDriveSetup.exe" = Microsoft OneDrive
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/2/2017 2:32:29 PM | Computer Name = Graufamily | Source = Windows Search Service | ID = 3104
Description =
 
Error - 6/2/2017 2:32:29 PM | Computer Name = Graufamily | Source = Windows Search Service | ID = 3104
Description =
 
Error - 6/2/2017 2:32:29 PM | Computer Name = Graufamily | Source = Windows Search Service | ID = 3104
Description =
 
Error - 6/2/2017 2:32:29 PM | Computer Name = Graufamily | Source = Windows Search Service | ID = 3104
Description =
 
Error - 6/2/2017 2:32:29 PM | Computer Name = Graufamily | Source = Windows Search Service | ID = 3104
Description =
 
Error - 6/2/2017 2:32:29 PM | Computer Name = Graufamily | Source = Windows Search Service | ID = 3104
Description =
 
Error - 6/2/2017 2:32:29 PM | Computer Name = Graufamily | Source = Windows Search Service | ID = 3104
Description =
 
Error - 6/2/2017 2:32:58 PM | Computer Name = Graufamily | Source = Windows Search Service | ID = 3104
Description =
 
Error - 6/2/2017 2:32:58 PM | Computer Name = Graufamily | Source = Windows Search Service | ID = 3104
Description =
 
Error - 6/2/2017 2:32:58 PM | Computer Name = Graufamily | Source = Windows Search Service | ID = 3104
Description =
 
Error - 6/2/2017 2:32:58 PM | Computer Name = Graufamily | Source = Windows Search Service | ID = 3104
Description =
 
Error - 6/2/2017 2:32:58 PM | Computer Name = Graufamily | Source = Windows Search Service | ID = 3104
Description =
 
Error - 6/2/2017 5:34:37 PM | Computer Name = Graufamily | Source = SideBySide | ID = 16842787
Description = Activation context generation failed for "C:\Program Files (x86)\Microsoft
 Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program
 Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.  Component identity
 found in manifest does not match the identity of the component requested.  Reference
 is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".  Definition
 is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".  Please use
 sxstrace.exe for detailed diagnosis.
 
[ System Events ]
Error - 6/2/2017 2:35:51 PM | Computer Name = Graufamily | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
 
Error - 6/2/2017 5:31:05 PM | Computer Name = Graufamily | Source = MEIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.
 
Error - 6/2/2017 6:15:25 PM | Computer Name = Graufamily | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:07:05 PM on ?6/?2/?2017 was unexpected.
 
Error - 6/2/2017 6:15:57 PM | Computer Name = Graufamily | Source = BugCheck | ID = 1001
Description =
 
Error - 6/2/2017 7:42:14 PM | Computer Name = Graufamily | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:15:25 PM on ?6/?2/?2017 was unexpected.
 
Error - 6/2/2017 7:41:49 PM | Computer Name = Graufamily | Source = MEIx64 | ID = 458755
Description = Intel(R) Management Engine Interface driver has failed to perform
handshake with the Firmware.
 
Error - 6/2/2017 7:43:14 PM | Computer Name = Graufamily | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the ClickToRunSvc
 service to connect.
 
Error - 6/2/2017 7:43:14 PM | Computer Name = Graufamily | Source = Service Control Manager | ID = 7000
Description = The ClickToRunSvc service failed to start due to the following error:
   %%1053
 
Error - 6/2/2017 7:43:52 PM | Computer Name = Graufamily | Source = DCOM | ID = 10016
Description =
 
Error - 6/2/2017 7:56:20 PM | Computer Name = Graufamily | Source = Microsoft-Windows-Kernel-Power | ID = 137
Description =
 
 
< End of report >
 

Link to post
Share on other sites

Ok lets run an OTL fix that i typed for this machine only !!


We need to Run an OTL fix !!
Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

    * Double-click OTL.exe to start the program.
    * Copy and Paste the following code into the http://img.photobucket.com/albums/v317/flashh4/customFix.png[/IMG].  text box of the OTL tool/program ! Start with and include the colon plus  :OTL
Copy everthing in RED and Paste into the box in the OTL program !!
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1363677038-3844321727-1082389403-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O18:64bit: - Protocol\Handler\mso-minsb.16 - No CLSID value found
O18:64bit: - Protocol\Handler\mso-minsb-roaming.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf.16 - No CLSID value found
O18:64bit: - Protocol\Handler\osf-roaming.16 - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.


:Commands

[emptyjava]
[emptyflash]
[EMPTYTEMP]
[RESETHOSTS]
[CREATERESTOREPOINT]
[Reboot]


# Then click the Run Fix button at the top.
# Click http://img.photobucket.com/albums/v317/flashh4/btnOK.png[/IMG]
# Please post the contents of the fix log file back here if you are prompted to open the file. It can also be found at C:\_OTL\Moved Files as MMDDYYY_HHMMSS.log where MMDDYYY is date format and HHMMSS is time format.
Remember to enable your real time protection.

Post that log next !
Thanks
Chuck

Link to post
Share on other sites
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-21-1363677038-3844321727-1082389403-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1363677038-3844321727-1082389403-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\Prefixes\\gopher|:gopher:// /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-minsb.16\ deleted successfully.
File Protocol\Handler\mso-minsb.16 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\mso-minsb-roaming.16\ deleted successfully.
File Protocol\Handler\mso-minsb-roaming.16 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf.16\ deleted successfully.
File Protocol\Handler\osf.16 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf-roaming.16\ deleted successfully.
File Protocol\Handler\osf-roaming.16 - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Default.migrated
 
User: DefaultAppPool
 
User: Mike & Jolene
 
User: Public
 
User: TEMP
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Default.migrated
 
User: DefaultAppPool
 
User: Mike & Jolene
->Flash cache emptied: 728 bytes
 
User: Public
 
User: TEMP
 
Total Flash Files Cleaned = 0.00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default.migrated
 
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mike & Jolene
->Temp folder emptied: 18429084 bytes
->Temporary Internet Files folder emptied: 4069691 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: TEMP
->Temporary Internet Files folder emptied: 128 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2675134 bytes
RecycleBin emptied: 863 bytes
 
Total Files Cleaned = 24.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point
 
OTL by OldTimer - Version 3.2.69.0 log created on 06022017_195301
Files\Folders moved on Reboot...
C:\Users\Mike & Jolene\AppData\Local\Microsoft\Windows\INetCache\counters.dat moved successfully.
File move failed. C:\WINDOWS\temp\92F4A391-1B71-409B-BB5F-98609EDE11DE1a20.1d2dbe83d0f63b5\nisfull.vdm scheduled to be moved on reboot.
C:\WINDOWS\temp\GRAUFAMILY-20170602-1745.log moved successfully.
File\Folder C:\WINDOWS\temp\officeclicktorun.exe_streamserver(201706021745369D4).log not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Link to post
Share on other sites

Jolene this will remove the programs we used in the cleaning, if you have any left over please delete them !!

Clean up of Malware Removal Tools

Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

    Download Delfix to your desktop and double click it to start the program [url=http://api.viglink.com/api/click?format=go&jsonp=vglnk_jsonp_14102815956339&key=bf4adfcbb328b51c165afd7f95bfc060&libId=64704d6e-537a-4ac2-beea-64e5d35e3f5f&loc=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Ftopic%2F342065-very-slow-computer-aswmbr-rootkit-not-working%2Fpage-2&v=1&out=https%3A%2F%2Ftoolslib.net%2Fdownloads%2Fviewdownload%2F2-delfix%2F&ref=http%3A%2F%2Fwww.geekstogo.com%2Fforum%2Fforum%2F37-virus-spyware-malware-removal%2F&title=Very%20slow%20computer%2C%20aswMBR%20rootkit%20not%20working%20%5BClosed%5D%20-%20Page%202%20-%20Virus%2C%20Spyware%2C%20Malware%20Removal&txt=here]here[/url]             
    Ensure Remove disinfection tools is ticked
    Also tick:
    o Create registry backup
    o Purge system restore

    o Click Run
    The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.

=============================================

Congratulation you are clean !!! 

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

This is my standard "All Clean Speech." You may have some already installed, these are just recommendations !

Here are some tips to reduce the potential for spyware infection in the future:

Here are some tips to reduce the potential for spyware/malware infection in the future:
 
1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    From within Internet Explorer click on the Tools menu and then click onOptions.
    Click once on theSecurity tab
    Click once on the Internet icon so it becomes highlighted.
    Click once on the Custom Level button.
    Change the Download signed ActiveX controls to Prompt
    Change the Download unsigned ActiveX controls to Disable
    Change the Initialize and script ActiveX controls not marked as safe to Disable
    Change the Installation of desktop items to Prompt
    Change the Launching programs and files in an IFRAME to Prompt
    Change the Navigate sub-frames across different domains to Prompt
    When all these settings have been made, click on the OK button.
    If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.

2. FireFox  If you use Firefox, I recommend installing the following add-ons to help make your Firefox browser more secure.
[url=https://addons.mozilla.org/en-US/firefox/addon/noscript/]NoScript[/url][/color]

[url= https://adblockplus.org/en/firefox] adblock plus[/url]

 
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis.  With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
 
4. Firewall Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly.   **There are firewalls that could be downloaded and used but I would personally only recommend using one of the following below:
[url=http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html]Online Armor Free[/url]
[url=http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html]Agnitum Outpost Firewall Free [/url]
[url=http://personalfirewall.comodo.com/]Comodo Firewall Free [/url]
 
5. Make sure you keep your Windows OS current. And regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems.  Without these you are leaving the back door open.
 
6.[url=http://www.mywot.com/]WOT[/url](Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites.  WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
 
7. Finally, I strongly recommend that you read Miekiemoes' great advice [url= http://users.telenet.be/bluepatchy/miekiemoes/prevention.html] How to prevent malware[/url] .

 
Let me know how it's running in a few day please ?
Any problems ?
It may run a tad slow until a few normal re-boots, but according to all logs you are clean !!
I will leave this topic open for 5 days before locking it !!!
Thanks
Chuck
 

Link to post
Share on other sites
# DelFix v1.013 - Logfile created 04/06/2017 at 08:16:45
# Updated 17/04/2016 by Xplode
# Username : Mike & Jolene - GRAUFAMILY
# Operating System : Windows 10 Home  (64 bits)
~ Removing disinfection tools ...
Deleted : C:\_OTL
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #36 [Scheduled Checkpoint | 05/15/2017 21:21:28]
Deleted : RP #37 [Windows Update | 05/23/2017 21:39:20]
Deleted : RP #38 [Windows Update | 05/31/2017 01:59:30]
Deleted : RP #39 [JRT Pre-Junkware Removal | 06/01/2017 22:14:57]
New restore point created !
########## - EOF - ##########
Link to post
Share on other sites
Guest
This topic is now closed to further replies.