Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-11-2017
Ran by SYSTEM on MININT-48DTP74 (08-11-2017 05:50:48)
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [DFEPApplication] => c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4165248 2017-03-10] (ESET)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
HKLM\...\RunOnce: [29F3BE79A831A7AE1E01] => C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installershell.exe [57180768 2017-11-03] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2016-01-21] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1230\G2AWinLogon_x64.dll (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\CAMAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\CAM_Latitude_ransom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\JeffS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7923880 2017-10-23] (Microsoft Corporation)
S2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279320 2011-08-24] (Dell Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [53376 2017-03-10] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1072320 2017-03-10] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [200832 2017-03-10] (ESET)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1230\G2AC_Service.exe [309712 2017-11-02] (Citrix Systems, Inc.)
S2 LTService; C:\Windows\LTSvc\LTSVC.exe [2368440 2017-09-29] (LabTech Software)
S2 LTSvcMon; C:\Windows\LTSvc\LTSvcMon.exe [277432 2017-09-29] (LabTech Software)
S2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
S2 ScreenConnect Client (65de14f11c8a4200); C:\Program Files (x86)\ScreenConnect Client (65de14f11c8a4200)\ScreenConnect.ClientService.exe [90256 2016-06-06] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
S2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 cpuz138; C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [27320 2017-11-01] (CPUID)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262600 2016-10-19] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [193032 2016-10-19] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [183576 2016-10-19] (ESET)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S4 warpview; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-08 05:50 - 2017-11-08 05:50 - 000000000 ____D C:\FRST
2017-11-06 10:21 - 2017-11-06 10:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-06 10:21 - 2017-11-06 10:21 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-06 09:41 - 2017-11-06 09:41 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Roxio Burn
2017-11-06 09:15 - 2017-11-06 14:15 - 000000000 ____D C:\Max
2017-11-06 04:53 - 2017-11-06 14:15 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\Downloads\bluescreenview-x64
2017-11-06 04:50 - 2017-11-06 04:50 - 000084917 _____ C:\Users\admin.CAMBUILDS.000\Downloads\bluescreenview-x64.zip
2017-11-03 12:22 - 2017-11-03 12:22 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\source
2017-11-03 12:21 - 2017-11-03 12:21 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\.IdentityService
2017-11-03 12:14 - 2017-11-03 12:23 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\Documents\Visual Studio 2017
2017-11-03 12:05 - 2017-11-03 12:11 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-11-03 12:05 - 2017-11-03 12:05 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-11-03 11:48 - 2017-11-07 01:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-11-03 11:48 - 2017-11-03 11:49 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Visual Studio Setup
2017-11-03 11:48 - 2017-11-03 11:48 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\vstelemetry
2017-11-03 11:48 - 2017-11-03 11:48 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\ServiceHub
2017-11-03 11:25 - 2017-11-03 11:26 - 065444688 _____ (Microsoft Corporation) C:\Users\admin.CAMBUILDS.000\Downloads\NDP46-KB3045557-x86-x64-AllOS-ENU.exe
2017-11-03 11:24 - 2017-11-03 11:24 - 001077176 _____ (Microsoft Corporation) C:\Users\admin.CAMBUILDS.000\Downloads\vs_community__1319136878.1509737043.exe
2017-11-03 11:20 - 2017-11-03 11:20 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Macromedia
2017-11-03 03:27 - 2017-11-03 03:28 - 000250596 _____ C:\Windows\ntbtlog.txt
2017-11-02 10:19 - 2017-11-02 10:19 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\Dell
2017-11-02 10:11 - 2017-11-02 10:11 - 067702176 _____ (Dell Inc.) C:\Users\admin.CAMBUILDS.000\Downloads\DRVR_WIN_R298100.EXE
2017-11-02 10:09 - 2017-11-02 10:09 - 006205768 _____ C:\Users\admin.CAMBUILDS.000\Downloads\Latitude_E6420_E6420ATG_A24 (1).exe
2017-11-02 10:08 - 2017-11-02 10:08 - 006205768 _____ C:\Users\admin.CAMBUILDS.000\Downloads\Latitude_E6420_E6420ATG_A24.exe
2017-11-02 10:07 - 2017-11-02 10:07 - 000015605 _____ C:\Users\admin.CAMBUILDS.000\Downloads\DellSystemDetectLauncher.Application
2017-11-02 10:07 - 2017-11-02 10:07 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\Deployment
2017-11-02 09:29 - 2017-11-02 09:29 - 000262144 _____ C:\Windows\Minidump\110217-21247-01.dmp
2017-11-02 09:05 - 2017-11-02 09:05 - 000262144 _____ C:\Windows\Minidump\110217-28126-01.dmp
2017-11-02 09:02 - 2017-11-02 10:07 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\Apps\2.0
2017-11-02 08:40 - 2017-11-02 08:40 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\ElevatedDiagnostics
2017-11-02 08:11 - 2012-02-29 22:46 - 000023408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2017-11-02 08:11 - 2012-02-29 22:38 - 000220672 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2017-11-02 08:11 - 2012-02-29 22:33 - 000081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2017-11-02 08:11 - 2012-02-29 22:28 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\wmi.dll
2017-11-02 08:11 - 2012-02-29 21:37 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-11-02 08:11 - 2012-02-29 21:33 - 000159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2017-11-02 08:11 - 2012-02-29 21:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2017-11-02 08:09 - 2017-04-27 14:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-11-02 08:09 - 2017-04-12 05:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_47.dll
2017-11-02 07:47 - 2013-10-11 18:30 - 000830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2017-11-02 07:47 - 2013-10-11 18:29 - 000859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2017-11-02 07:47 - 2013-10-11 18:29 - 000324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2017-11-02 07:47 - 2013-10-11 18:03 - 000656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2017-11-02 07:47 - 2013-10-11 18:01 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2017-11-02 07:35 - 2017-11-02 07:35 - 000262144 _____ C:\Windows\Minidump\110217-23337-01.dmp
2017-11-02 07:33 - 2017-11-07 01:48 - 000000000 ____D C:\ProgramData\FLEXnet
2017-11-02 07:33 - 2017-11-02 07:33 - 000001957 _____ C:\Users\Public\Desktop\On-Screen Takeoff 3.lnk
2017-11-02 07:32 - 2017-11-03 11:12 - 000000000 ____D C:\Program Files (x86)\On-Screen Takeoff 3
2017-11-02 07:32 - 2017-11-02 07:32 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\Downloaded Installations
2017-11-02 07:32 - 2017-11-02 07:32 - 000000000 ____D C:\Program Files (x86)\Crystal Decisions
2017-11-02 07:26 - 2017-11-02 07:26 - 108836200 _____ (On Center Software, Inc) C:\Users\admin.CAMBUILDS.000\Downloads\OST39321Setup.exe
2017-11-02 07:26 - 2017-11-02 07:26 - 000000000 ____D C:\Windows\System32\appmgmt
2017-11-02 07:24 - 2017-11-02 07:24 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\GoTo Opener
2017-11-02 07:15 - 2017-11-02 07:15 - 000262144 _____ C:\Windows\Minidump\110217-20638-01.dmp
2017-11-02 07:10 - 2017-11-07 01:48 - 000000000 ____D C:\users\admin.CAMBUILDS.000
2017-11-02 07:10 - 2017-11-02 10:06 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\Google
2017-11-02 07:10 - 2017-11-02 08:47 - 000000008 __RSH C:\Users\admin.CAMBUILDS.000\ntuser.pol
2017-11-02 07:10 - 2017-11-02 07:16 - 000000000 ___RD C:\Users\admin.CAMBUILDS.000\Virtual Machines
2017-11-02 07:10 - 2017-11-02 07:12 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Adobe
2017-11-02 07:10 - 2017-11-02 07:10 - 000132320 _____ C:\Users\admin.CAMBUILDS.000\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-02 07:10 - 2017-11-02 07:10 - 000000020 ___SH C:\Users\admin.CAMBUILDS.000\ntuser.ini
2017-11-02 07:10 - 2017-11-02 07:10 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Windows Small Business Server
2017-11-02 07:10 - 2017-11-02 07:10 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Roxio
2017-11-02 07:10 - 2017-11-02 07:10 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Creative
2017-11-02 07:10 - 2017-11-02 07:10 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\Adobe
2017-11-02 07:10 - 2010-11-20 23:16 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Media Center Programs
2017-11-02 07:08 - 2017-11-02 07:08 - 000262144 _____ C:\Windows\Minidump\110217-21153-01.dmp
2017-11-02 07:06 - 2017-11-02 07:06 - 000000000 ____D C:\Users\Chris\AppData\Local\GoToAssist Corporate
2017-11-02 07:06 - 2017-11-02 07:06 - 000000000 ____D C:\Users\Chris\AppData\Local\GoTo Opener
2017-11-02 07:06 - 2017-11-02 07:06 - 000000000 ____D C:\Program Files (x86)\Citrix
2017-11-02 06:52 - 2017-11-02 06:52 - 000262144 _____ C:\Windows\Minidump\110217-20560-01.dmp
2017-11-02 06:25 - 2017-11-02 06:25 - 000262144 _____ C:\Windows\Minidump\110217-18688-01.dmp
2017-11-02 06:18 - 2017-11-02 06:18 - 000262144 _____ C:\Windows\Minidump\110217-34944-01.dmp
2017-11-02 06:13 - 2017-11-02 06:13 - 000000000 ____D C:\92c353637f47183c8cc2b2
2017-11-02 06:06 - 2017-11-02 06:06 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0
2017-11-02 06:02 - 2016-04-08 22:58 - 001190912 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2017-11-02 06:02 - 2016-04-08 22:54 - 001011712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-11-02 05:57 - 2015-02-03 19:16 - 000392192 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2017-11-02 05:57 - 2015-02-03 18:54 - 000318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-11-02 05:36 - 2017-11-02 05:36 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Macromedia
2017-11-02 05:35 - 2017-11-02 05:35 - 000000000 ____D C:\OCS Documents
2017-11-02 05:32 - 2017-11-02 05:32 - 000000000 ____D C:\Users\Chris\AppData\Local\Downloaded Installations
2017-11-02 05:13 - 2017-11-07 01:48 - 000000000 ____D C:\users\Chris
2017-11-02 05:13 - 2017-11-02 05:36 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Adobe
2017-11-02 05:13 - 2017-11-02 05:13 - 000132320 _____ C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-02 05:13 - 2017-11-02 05:13 - 000000020 ___SH C:\Users\Chris\ntuser.ini
2017-11-02 05:13 - 2017-11-02 05:13 - 000000000 ___RD C:\Users\Chris\Virtual Machines
2017-11-02 05:13 - 2017-11-02 05:13 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Windows Small Business Server
2017-11-02 05:13 - 2017-11-02 05:13 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Roxio
2017-11-02 05:13 - 2017-11-02 05:13 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Creative
2017-11-02 05:13 - 2017-11-02 05:13 - 000000000 ____D C:\Users\Chris\AppData\Local\Google
2017-11-02 05:13 - 2017-11-02 05:13 - 000000000 ____D C:\Users\Chris\AppData\Local\Adobe
2017-11-02 05:13 - 2010-11-20 23:16 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Media Center Programs
2017-11-02 05:10 - 2017-11-02 05:10 - 000002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-02 05:10 - 2017-11-02 05:10 - 000000000 ____D C:\Users\JeffS\AppData\Local\Google
2017-11-02 05:09 - 2017-11-02 05:10 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-02 05:09 - 2017-11-02 05:09 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-02 05:09 - 2017-11-02 05:09 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-02 05:09 - 2017-11-02 05:09 - 000000000 ____D C:\Users\JeffS\AppData\Local\Deployment
2017-11-02 05:09 - 2017-11-02 05:09 - 000000000 ____D C:\Users\JeffS\AppData\Local\Apps\2.0
2017-11-02 04:59 - 2017-11-02 04:59 - 000003174 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3224453683-1470921515-3759671195-1171
2017-11-02 04:49 - 2017-11-02 05:26 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-01 08:49 - 2017-11-02 04:59 - 000000000 ___RD C:\Users\JeffS\OneDrive
2017-11-01 08:49 - 2017-11-01 08:49 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2017-11-01 08:48 - 2017-11-01 08:48 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Skype
2017-11-01 08:48 - 2017-11-01 08:48 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-01 08:46 - 2015-07-18 05:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-eventing-provider-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
2017-11-01 08:44 - 2017-11-01 08:44 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-11-01 08:43 - 2017-11-06 04:37 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-01 08:35 - 2017-11-07 01:48 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-11-01 08:31 - 2017-11-01 08:32 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-11-01 08:31 - 2017-11-01 08:31 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Macromedia
2017-11-01 08:31 - 2017-11-01 08:31 - 000000000 ____D C:\Users\JeffS\AppData\LocalLow\Adobe
2017-11-01 08:29 - 2017-11-01 08:32 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Adobe
2017-11-01 08:29 - 2017-11-01 08:31 - 000000000 ____D C:\Users\JeffS\AppData\Local\Adobe
2017-11-01 08:29 - 2017-11-01 08:29 - 000002046 _____ C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
2017-11-01 08:27 - 2017-11-01 08:32 - 000000000 ____D C:\ProgramData\Adobe
2017-11-01 08:27 - 2017-11-01 08:27 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-01 08:19 - 2016-02-04 17:19 - 000381440 _____ (Microsoft Corporation) C:\Windows\System32\mfds.dll
2017-11-01 08:19 - 2016-02-04 10:41 - 000296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2017-11-01 08:19 - 2015-11-11 10:53 - 001735680 _____ (Microsoft Corporation) C:\Windows\System32\comsvcs.dll
2017-11-01 08:19 - 2015-11-11 10:53 - 000525312 _____ (Microsoft Corporation) C:\Windows\System32\catsrvut.dll
2017-11-01 08:19 - 2015-11-11 10:39 - 001242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2017-11-01 08:19 - 2015-11-11 10:39 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2017-11-01 08:19 - 2015-10-13 08:41 - 000497664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2017-11-01 08:19 - 2015-10-13 08:40 - 000118272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2017-11-01 08:19 - 2013-07-12 02:41 - 000185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2017-11-01 08:19 - 2013-07-12 02:41 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2017-11-01 08:19 - 2013-07-02 20:05 - 000076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2017-11-01 08:19 - 2013-07-02 20:05 - 000032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2017-11-01 08:18 - 2015-12-15 14:28 - 017892352 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-11-01 08:18 - 2015-12-15 14:25 - 002350080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2017-11-01 08:18 - 2015-12-15 14:21 - 010938368 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-11-01 08:18 - 2015-12-15 14:20 - 001388032 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2017-11-01 08:18 - 2015-12-15 14:20 - 000448512 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2017-11-01 08:18 - 2015-12-15 14:19 - 002158080 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2017-11-01 08:18 - 2015-12-15 14:19 - 001392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 002382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2017-11-01 08:18 - 2015-12-15 14:18 - 001494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2017-11-01 08:18 - 2015-12-15 14:18 - 000816128 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000579584 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2017-11-01 08:18 - 2015-12-15 14:18 - 000096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000086016 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2017-11-01 08:18 - 2015-12-15 14:18 - 000011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2017-11-01 08:18 - 2015-12-15 13:50 - 001814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-01 08:18 - 2015-12-15 13:49 - 012388864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-01 08:18 - 2015-12-15 13:47 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-01 08:18 - 2015-12-15 13:46 - 009753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-01 08:18 - 2015-12-15 13:45 - 001140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-01 08:18 - 2015-12-15 13:45 - 001129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-01 08:18 - 2015-12-15 13:44 - 001804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-01 08:18 - 2015-12-15 13:44 - 001427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-01 08:18 - 2015-12-15 13:44 - 000718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-01 08:18 - 2015-12-15 13:44 - 000424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-01 08:18 - 2015-12-15 13:44 - 000231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2017-11-01 08:18 - 2015-12-15 13:44 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-01 08:18 - 2015-12-15 13:44 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 002382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-01 08:18 - 2015-12-15 13:43 - 000607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 000176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 000041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2017-11-01 08:18 - 2015-12-15 13:43 - 000010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2017-11-01 08:18 - 2015-07-30 10:06 - 001838080 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2017-11-01 08:18 - 2015-07-30 10:06 - 001550336 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2017-11-01 08:18 - 2015-07-30 10:06 - 001148416 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2017-11-01 08:18 - 2015-07-30 10:06 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2017-11-01 08:18 - 2015-07-30 10:06 - 000046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2017-11-01 08:18 - 2015-07-30 10:06 - 000041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2017-11-01 08:18 - 2015-07-30 10:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2017-11-01 08:18 - 2015-07-30 09:57 - 001171456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-11-01 08:18 - 2015-07-30 09:57 - 001081856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-11-01 08:18 - 2015-07-30 09:57 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-01 08:18 - 2015-07-30 09:57 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-01 08:18 - 2015-07-30 09:57 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-01 08:18 - 2015-07-30 09:55 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-01 08:18 - 2015-07-30 08:56 - 003208192 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-11-01 08:18 - 2015-07-30 08:52 - 000372736 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2017-11-01 08:18 - 2015-07-30 08:49 - 000299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-01 08:18 - 2015-07-09 09:57 - 000193536 _____ (Microsoft Corporation) C:\Windows\System32\notepad.exe
2017-11-01 08:18 - 2015-07-09 09:57 - 000193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2017-11-01 08:18 - 2015-07-09 09:42 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2017-11-01 08:18 - 2012-11-01 21:59 - 000478208 _____ (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2017-11-01 08:18 - 2012-11-01 21:11 - 000376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2017-11-01 08:17 - 2016-05-11 09:02 - 000483840 _____ (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2017-11-01 08:17 - 2016-05-11 09:02 - 000444928 _____ (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2017-11-01 08:17 - 2016-05-11 09:02 - 000327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2017-11-01 08:17 - 2016-05-11 09:02 - 000296448 _____ (Microsoft Corporation) C:\Windows\System32\ws2_32.dll
2017-11-01 08:17 - 2016-05-11 07:19 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-11-01 08:17 - 2016-05-11 07:19 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-11-01 08:17 - 2016-05-11 07:19 - 000231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2017-11-01 08:17 - 2016-05-11 07:19 - 000206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2017-11-01 08:17 - 2016-05-11 07:11 - 000025088 _____ (Microsoft Corporation) C:\Windows\System32\netbtugc.exe
2017-11-01 08:17 - 2016-05-11 07:01 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-11-01 08:17 - 2016-05-11 06:58 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2017-11-01 08:17 - 2016-04-14 08:42 - 000573952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2017-11-01 08:17 - 2016-04-14 07:33 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-11-01 08:17 - 2016-02-09 01:55 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\seclogon.dll
2017-11-01 08:17 - 2016-01-21 22:27 - 005573056 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-11-01 08:17 - 2016-01-21 22:27 - 000154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2017-11-01 08:17 - 2016-01-21 22:24 - 001733592 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2017-11-01 08:17 - 2016-01-21 22:20 - 000503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2017-11-01 08:17 - 2016-01-21 22:20 - 000362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2017-11-01 08:17 - 2016-01-21 22:20 - 000243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2017-11-01 08:17 - 2016-01-21 22:20 - 000215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2017-11-01 08:17 - 2016-01-21 22:20 - 000210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2017-11-01 08:17 - 2016-01-21 22:20 - 000086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2017-11-01 08:17 - 2016-01-21 22:19 - 001214464 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2017-11-01 08:17 - 2016-01-21 22:19 - 000344064 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2017-11-01 08:17 - 2016-01-21 22:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2017-11-01 08:17 - 2016-01-21 22:18 - 000723968 _____ (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2017-11-01 08:17 - 2016-01-21 22:17 - 000315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-11-01 08:17 - 2016-01-21 22:17 - 000312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2017-11-01 08:17 - 2016-01-21 22:17 - 000159744 _____ (Microsoft Corporation) C:\Windows\System32\mtxoci.dll
2017-11-01 08:17 - 2016-01-21 22:16 - 001461248 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-11-01 08:17 - 2016-01-21 22:15 - 001163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2017-11-01 08:17 - 2016-01-21 22:15 - 000730112 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-11-01 08:17 - 2016-01-21 22:15 - 000422400 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2017-11-01 08:17 - 2016-01-21 22:13 - 003993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-11-01 08:17 - 2016-01-21 22:13 - 003938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-11-01 08:17 - 2016-01-21 22:12 - 000880128 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2017-11-01 08:17 - 2016-01-21 22:12 - 000686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2017-11-01 08:17 - 2016-01-21 22:09 - 001314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-11-01 08:17 - 2016-01-21 22:06 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-11-01 08:17 - 2016-01-21 22:06 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-11-01 08:17 - 2016-01-21 22:06 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-11-01 08:17 - 2016-01-21 22:05 - 000251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-11-01 08:17 - 2016-01-21 22:04 - 000642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2017-11-01 08:17 - 2016-01-21 22:04 - 000535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2017-11-01 08:17 - 2016-01-21 22:02 - 000553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-11-01 08:17 - 2016-01-21 22:02 - 000259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-11-01 08:17 - 2016-01-21 22:02 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-11-01 08:17 - 2016-01-21 22:02 - 000114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2017-11-01 08:17 - 2016-01-21 21:59 - 000686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-11-01 08:17 - 2016-01-21 21:59 - 000642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-11-01 08:17 - 2016-01-21 20:59 - 000159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-11-01 08:17 - 2016-01-21 20:58 - 000290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-11-01 08:17 - 2016-01-21 20:58 - 000129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-11-01 08:17 - 2015-12-08 13:54 - 001620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 001568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 001325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2017-11-01 08:17 - 2015-12-08 13:54 - 000739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 003209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2017-11-01 08:17 - 2015-12-08 13:53 - 000153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-11-01 08:17 - 2015-12-08 13:53 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-11-01 08:17 - 2015-12-08 13:53 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2017-11-01 08:17 - 2015-12-08 13:50 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 004121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 001955328 _____ (Microsoft Corporation) C:\Windows\System32\WMVENCOD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 001888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 001575424 _____ (Microsoft Corporation) C:\Windows\System32\WMSPDMOE.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 001573888 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 001307136 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2adec.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 001232896 _____ (Microsoft Corporation) C:\Windows\System32\WMADMOD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 001160192 _____ (Microsoft Corporation) C:\Windows\System32\MSMPEG2ENC.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 001153024 _____ (Microsoft Corporation) C:\Windows\System32\WMADMOE.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 001026048 _____ (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 001010688 _____ (Microsoft Corporation) C:\Windows\System32\mcmde.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000978944 _____ (Microsoft Corporation) C:\Windows\System32\WMSPDMOD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000666112 _____ (Microsoft Corporation) C:\Windows\System32\WMVSDECD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000653824 _____ (Microsoft Corporation) C:\Windows\System32\MP4SDECD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000642048 _____ (Microsoft Corporation) C:\Windows\System32\WMVXENCD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000632320 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000624640 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000484864 _____ (Microsoft Corporation) C:\Windows\System32\MFWMAAEC.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000447488 _____ (Microsoft Corporation) C:\Windows\System32\WMVSENCD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000378880 _____ (Microsoft Corporation) C:\Windows\System32\SysFxUI.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000292352 _____ (Microsoft Corporation) C:\Windows\System32\VIDRESZR.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000254464 _____ (Microsoft Corporation) C:\Windows\System32\qasf.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000225792 _____ (Microsoft Corporation) C:\Windows\System32\RESAMPLEDMO.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000224768 _____ (Microsoft Corporation) C:\Windows\System32\MPG4DECD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000223744 _____ (Microsoft Corporation) C:\Windows\System32\MP43DECD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000189952 _____ (Microsoft Corporation) C:\Windows\System32\COLORCNV.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\MP3DMOD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000076288 _____ (Microsoft Corporation) C:\Windows\System32\devenum.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000070144 _____ (Microsoft Corporation) C:\Windows\System32\mfvdsp.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2017-11-01 08:17 - 2015-12-08 11:07 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\ksuser.dll
2017-11-01 08:17 - 2015-12-08 11:06 - 000250880 _____ (Microsoft Corporation) C:\Windows\System32\ksproxy.ax
2017-11-01 08:17 - 2015-12-08 11:06 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2017-11-01 08:17 - 2015-12-08 11:04 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2017-11-01 08:17 - 2015-12-08 10:54 - 000116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2017-11-01 08:17 - 2015-12-08 10:12 - 000230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2017-11-01 08:17 - 2015-12-08 10:11 - 000005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2017-11-01 08:17 - 2015-09-23 05:15 - 000460776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2017-11-01 08:17 - 2015-09-23 05:15 - 000299632 _____ (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll
2017-11-01 08:17 - 2015-09-23 05:09 - 000251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-11-01 08:17 - 2014-11-10 19:08 - 000241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2017-11-01 08:17 - 2014-11-10 18:44 - 000186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2017-11-01 08:17 - 2014-09-03 21:23 - 000424448 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2017-11-01 08:17 - 2014-09-03 21:04 - 000372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2017-11-01 08:17 - 2014-08-11 18:02 - 000878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2017-11-01 08:17 - 2014-08-11 17:36 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-11-01 08:17 - 2012-09-25 14:47 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2017-11-01 08:17 - 2012-09-25 14:46 - 000095744 _____ (Microsoft Corporation) C:\Windows\System32\synceng.dll
2017-11-01 08:17 - 2012-03-16 23:58 - 000075120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2017-11-01 08:16 - 2016-05-12 09:15 - 000105472 _____ (Microsoft Corporation) C:\Windows\System32\winipsec.dll
2017-11-01 08:16 - 2016-05-12 09:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\System32\gpsvc.dll
2017-11-01 08:16 - 2016-05-12 09:14 - 000793088 _____ (Microsoft Corporation) C:\Windows\System32\gpprefcl.dll
2017-11-01 08:16 - 2016-05-12 09:14 - 000502272 _____ (Microsoft Corporation) C:\Windows\System32\IPSECSVC.DLL
2017-11-01 08:16 - 2016-05-12 09:14 - 000373760 _____ (Microsoft Corporation) C:\Windows\System32\polstore.dll
2017-11-01 08:16 - 2016-05-12 09:14 - 000096256 _____ (Microsoft Corporation) C:\Windows\System32\gpapi.dll
2017-11-01 08:16 - 2016-05-12 09:14 - 000075776 _____ (Microsoft Corporation) C:\Windows\System32\FwRemoteSvr.dll
2017-11-01 08:16 - 2016-05-12 09:14 - 000032768 _____ (Microsoft Corporation) C:\Windows\System32\gpscript.dll
2017-11-01 08:16 - 2016-05-12 07:18 - 000591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2017-11-01 08:16 - 2016-05-12 07:18 - 000274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2017-11-01 08:16 - 2016-05-12 07:18 - 000079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2017-11-01 08:16 - 2016-05-12 07:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2017-11-01 08:16 - 2016-05-12 07:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2017-11-01 08:16 - 2016-05-12 07:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\gpscript.exe
2017-11-01 08:16 - 2016-05-12 06:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2017-11-01 08:16 - 2016-05-12 06:57 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2017-11-01 08:16 - 2016-04-06 07:27 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\jnwmon.dll
2017-11-01 08:16 - 2016-01-21 22:27 - 000095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-11-01 08:16 - 2016-01-21 22:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-11-01 08:16 - 2016-01-21 22:20 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2017-11-01 08:16 - 2016-01-21 22:20 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2017-11-01 08:16 - 2016-01-21 22:20 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2017-11-01 08:16 - 2016-01-21 22:19 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2017-11-01 08:16 - 2016-01-21 22:18 - 000016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2017-11-01 08:16 - 2016-01-21 22:16 - 000146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2017-11-01 08:16 - 2016-01-21 22:16 - 000060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2017-11-01 08:16 - 2016-01-21 22:13 - 000043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2017-11-01 08:16 - 2016-01-21 22:13 - 000043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2017-11-01 08:16 - 2016-01-21 22:13 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:06 - 000171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-11-01 08:16 - 2016-01-21 22:06 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-11-01 08:16 - 2016-01-21 22:06 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-11-01 08:16 - 2016-01-21 22:06 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-11-01 08:16 - 2016-01-21 22:06 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-11-01 08:16 - 2016-01-21 22:05 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-11-01 08:16 - 2016-01-21 22:02 - 000176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2017-11-01 08:16 - 2016-01-21 22:02 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-11-01 08:16 - 2016-01-21 22:02 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2017-11-01 08:16 - 2016-01-21 21:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2017-11-01 08:16 - 2016-01-21 21:07 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-11-01 08:16 - 2016-01-21 21:05 - 000296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2017-11-01 08:16 - 2016-01-21 20:57 - 000112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2017-11-01 08:16 - 2016-01-21 20:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2017-11-01 08:16 - 2016-01-21 20:53 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-11-01 08:16 - 2016-01-21 20:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-11-01 08:16 - 2016-01-21 20:53 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-11-01 08:16 - 2016-01-21 20:53 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-11-01 08:16 - 2016-01-21 20:51 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-11-01 08:16 - 2016-01-21 20:51 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 20:51 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 20:51 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 20:51 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-11-01 08:16 - 2015-10-12 20:57 - 000950720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2017-11-01 08:16 - 2012-11-22 19:13 - 000068608 _____ (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2017-11-01 08:15 - 2015-11-03 11:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\System32\els.dll
2017-11-01 08:15 - 2015-11-03 10:55 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2017-11-01 08:15 - 2015-03-03 20:55 - 000367552 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys
2017-11-01 08:15 - 2015-03-03 20:41 - 000079360 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll
2017-11-01 08:15 - 2015-03-03 20:10 - 000058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2017-11-01 08:15 - 2014-12-07 19:09 - 000406528 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2017-11-01 08:15 - 2014-12-07 18:46 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2017-11-01 08:15 - 2014-10-24 17:57 - 000077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2017-11-01 08:15 - 2014-10-24 17:32 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2017-11-01 08:15 - 2014-07-16 18:07 - 003722240 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2017-11-01 08:15 - 2014-07-16 18:07 - 001118720 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2017-11-01 08:15 - 2014-07-16 18:07 - 000681984 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2017-11-01 08:15 - 2014-07-16 18:07 - 000455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2017-11-01 08:15 - 2014-07-16 18:07 - 000235520 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
2017-11-01 08:15 - 2014-07-16 18:07 - 000150528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2017-11-01 08:15 - 2014-07-16 17:40 - 000157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2017-11-01 08:15 - 2014-07-16 17:39 - 003221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-11-01 08:15 - 2014-07-16 17:39 - 001051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-11-01 08:15 - 2014-07-16 17:39 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2017-11-01 08:15 - 2014-07-16 17:21 - 000212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2017-11-01 08:15 - 2014-07-16 17:21 - 000039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2017-11-01 08:15 - 2013-10-11 18:32 - 000150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2017-11-01 08:15 - 2013-10-11 18:31 - 000202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2017-11-01 08:15 - 2013-10-11 18:04 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2017-11-01 08:15 - 2013-10-11 18:03 - 000163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2017-11-01 08:15 - 2013-10-11 17:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2017-11-01 08:15 - 2013-10-11 17:33 - 000156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2017-11-01 08:15 - 2013-10-11 17:15 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2017-11-01 08:15 - 2013-10-11 17:15 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2017-11-01 08:15 - 2013-05-12 21:51 - 001464320 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2017-11-01 08:15 - 2013-05-12 21:51 - 000184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2017-11-01 08:15 - 2013-05-12 21:51 - 000139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2017-11-01 08:15 - 2013-05-12 21:50 - 000052224 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2017-11-01 08:15 - 2013-05-12 20:45 - 001160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-11-01 08:15 - 2013-05-12 20:45 - 000140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-11-01 08:15 - 2013-05-12 20:45 - 000103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-11-01 08:15 - 2013-05-12 19:43 - 001192448 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2017-11-01 08:15 - 2013-05-12 19:08 - 000903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-11-01 08:15 - 2013-05-12 19:08 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2017-11-01 08:15 - 2013-02-14 22:08 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2017-11-01 08:15 - 2013-02-14 22:02 - 000158720 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2017-11-01 08:15 - 2013-02-14 19:25 - 000036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-11-01 08:15 - 2012-07-04 14:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2017-11-01 08:15 - 2012-07-04 14:13 - 000136704 _____ (Microsoft Corporation) C:\Windows\System32\browser.dll
2017-11-01 08:15 - 2012-07-04 14:13 - 000059392 _____ (Microsoft Corporation) C:\Windows\System32\browcli.dll
2017-11-01 08:15 - 2012-07-04 13:16 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2017-11-01 08:15 - 2012-07-04 13:14 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2017-11-01 08:15 - 2012-04-25 21:41 - 000077312 _____ (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2017-11-01 08:15 - 2012-04-25 21:34 - 000009216 _____ (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2017-11-01 08:15 - 2011-12-16 00:46 - 000634880 _____ (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2017-11-01 08:15 - 2011-12-15 23:52 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2017-11-01 08:01 - 2017-11-01 08:01 - 000000000 ____D C:\Users\JeffS\Documents\Bluetooth Exchange Folder
2017-11-01 08:01 - 2017-11-01 08:01 - 000000000 ____D C:\Users\JeffS\AppData\Local\Broadcom
2017-11-01 08:00 - 2017-11-01 08:00 - 000000000 ___RD C:\Users\JeffS\Virtual Machines
2017-11-01 08:00 - 2017-11-01 08:00 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Roxio
2017-11-01 08:00 - 2017-11-01 08:00 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Creative
2017-11-01 07:59 - 2017-11-07 01:48 - 000000000 ____D C:\users\JeffS
2017-11-01 07:59 - 2017-11-01 08:55 - 000131440 _____ C:\Users\JeffS\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-01 07:59 - 2017-11-01 07:59 - 000001426 __RSH C:\Users\JeffS\ntuser.pol
2017-11-01 07:59 - 2017-11-01 07:59 - 000000020 ___SH C:\Users\JeffS\ntuser.ini
2017-11-01 07:59 - 2017-11-01 07:59 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Windows Small Business Server
2017-11-01 07:59 - 2010-11-20 23:16 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Media Center Programs
2017-11-01 07:50 - 2012-06-05 22:02 - 001133568 _____ (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2017-11-01 07:50 - 2012-06-05 21:03 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-11-01 07:40 - 2014-06-30 14:24 - 000008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2017-11-01 07:40 - 2014-06-30 14:14 - 000008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2017-11-01 07:40 - 2014-06-05 22:16 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-11-01 07:40 - 2014-06-05 22:12 - 000035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2017-11-01 07:40 - 2014-03-09 13:48 - 001389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2017-11-01 07:40 - 2014-03-09 13:48 - 000171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2017-11-01 07:40 - 2014-03-09 13:47 - 000619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2017-11-01 07:40 - 2014-03-09 13:47 - 000099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2017-11-01 07:16 - 2017-11-01 07:16 - 000000000 ____D C:\Program Files\ESET
2017-11-01 07:11 - 2017-11-01 07:16 - 000000000 ____D C:\ProgramData\ESET
2017-11-01 07:11 - 2012-02-16 22:38 - 001031680 _____ (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2017-11-01 07:11 - 2012-02-16 21:34 - 000826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-11-01 07:11 - 2012-02-16 20:57 - 000023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2017-11-01 07:09 - 2017-11-01 07:09 - 000000000 ____D C:\Users\CAMAdmin\Documents\Bluetooth Exchange Folder
2017-11-01 07:09 - 2017-11-01 07:09 - 000000000 ____D C:\Users\CAMAdmin\AppData\Local\Broadcom
2017-11-01 07:08 - 2017-11-01 07:08 - 000000000 ___RD C:\Users\CAMAdmin\Virtual Machines
2017-11-01 07:08 - 2017-11-01 07:08 - 000000000 ____D C:\Users\CAMAdmin\AppData\Roaming\Roxio
2017-11-01 07:08 - 2017-11-01 07:08 - 000000000 ____D C:\Users\CAMAdmin\AppData\Roaming\Creative
2017-11-01 07:08 - 2017-11-01 07:08 - 000000000 ____D C:\Users\CAMAdmin\AppData\Local\VirtualStore
2017-11-01 07:07 - 2017-11-07 01:48 - 000000000 ____D C:\users\CAMAdmin
2017-11-01 07:07 - 2017-11-02 08:45 - 000047548 __RSH C:\ProgramData\ntuser.pol
2017-11-01 07:07 - 2017-11-01 07:07 - 000074400 _____ C:\Users\CAMAdmin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-01 07:07 - 2017-11-01 07:07 - 000000020 ___SH C:\Users\CAMAdmin\ntuser.ini
2017-11-01 07:07 - 2017-11-01 07:07 - 000000000 ____D C:\Users\CAMAdmin\AppData\Roaming\Windows Small Business Server
2017-11-01 07:07 - 2017-11-01 07:07 - 000000000 ____D C:\ProgramData\GroupPolicy
2017-11-01 07:07 - 2010-11-20 23:16 - 000000000 ____D C:\Users\CAMAdmin\AppData\Roaming\Media Center Programs
2017-11-01 03:59 - 2017-11-01 03:59 - 000000000 _____ C:\Windows\invcol.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-07 01:48 - 2016-09-06 11:32 - 000000000 ____D C:\Windows\Minidump
2017-11-07 01:48 - 2016-08-24 12:14 - 000000000 ____D C:\Windows\LTSvc
2017-11-07 01:48 - 2016-08-24 10:34 - 000000000 ____D C:\users\CAM_Latitude_ransom
2017-11-07 01:48 - 2012-02-06 20:28 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-07 01:48 - 2012-02-06 18:34 - 000000000 ____D C:\users\UpdatusUser
2017-11-07 01:48 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\security
2017-11-07 01:48 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-11-07 01:47 - 2011-02-10 06:25 - 000000000 ____D C:\dell
2017-11-07 01:47 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\registration
2017-11-07 01:44 - 2012-02-06 19:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-06 10:51 - 2016-08-24 10:43 - 000000136 _____ C:\Windows\System32\config\netlogon.ftl
2017-11-03 12:08 - 2016-08-24 12:14 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-03 12:06 - 2009-07-13 20:45 - 000021312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-03 12:06 - 2009-07-13 20:45 - 000021312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-03 12:06 - 2009-07-13 19:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-11-03 12:04 - 2009-07-13 21:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-11-03 11:38 - 2016-08-24 14:07 - 000000000 ____D C:\Windows\System32\%windir%
2017-11-03 11:35 - 2009-07-13 21:13 - 000825734 _____ C:\Windows\System32\PerfStringBackup.INI
2017-11-03 11:34 - 2011-02-10 06:33 - 000804306 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-03 11:14 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-03 05:21 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\rescache
2017-11-02 09:29 - 2016-09-06 11:32 - 509810839 _____ C:\Windows\MEMORY.DMP
2017-11-02 08:44 - 2009-07-13 20:45 - 000493096 _____ C:\Windows\System32\FNTCACHE.DAT
2017-11-02 08:41 - 2010-11-20 23:17 - 000000000 ____D C:\Program Files\Windows Journal
2017-11-02 08:41 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-11-01 07:46 - 2012-02-06 19:40 - 000000000 ____D C:\ProgramData\Intel
2017-11-01 07:46 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\AppCompat
2017-11-01 05:44 - 2016-09-02 08:11 - 000000000 ____D C:\ProgramData\ScreenConnect Client (65de14f11c8a4200)
2017-11-01 05:44 - 2016-09-02 08:11 - 000000000 ____D C:\Program Files (x86)\ScreenConnect Client (65de14f11c8a4200)
2017-11-01 04:51 - 2016-09-06 12:10 - 000000000 ____D C:\Users\CAM_Latitude_ransom\AppData\Local\ElevatedDiagnostics
2017-11-01 03:59 - 2012-02-06 19:22 - 000000031 _____ C:\tmuninst.ini
2017-11-01 03:58 - 2016-08-29 07:03 - 000000000 ____D C:\Windows\System32\Tasks\Dell
2017-11-01 03:48 - 2012-02-06 19:18 - 000000000 ____D C:\ProgramData\Sonic
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
==================== Known DLLs (Whitelisted) =========================
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <==== ATTENTION
==================== Association (Whitelisted) =============
==================== Restore Points =========================
Restore point date: 2017-11-01 08:27
Restore point date: 2017-11-01 08:46
Restore point date: 2017-11-02 05:35
Restore point date: 2017-11-02 05:47
Restore point date: 2017-11-02 06:05
Restore point date: 2017-11-02 07:25
Restore point date: 2017-11-02 07:32
Restore point date: 2017-11-02 08:01
Restore point date: 2017-11-03 04:26
Restore point date: 2017-11-03 04:28
Restore point date: 2017-11-03 12:07
Restore point date: 2017-11-03 12:08
Restore point date: 2017-11-03 12:09
Restore point date: 2017-11-06 08:51
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 3977.02 MB
Available physical RAM: 3154.44 MB
Total Virtual: 3975.21 MB
Available Virtual: 3149.08 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:281.9 GB) (Free:226.43 GB) NTFS
Drive e: (W7SP1_PROFESSIONAL) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
Drive f: (EMTEC) (Removable) (Total:7.21 GB) (Free:7.2 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:16.15 GB) (Free:7.49 GB) NTFS ==>[system with boot components (obtained from drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected.
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 7AA15390)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=281.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: 1B4B2DAD)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0C)
LastRegBack: 2017-11-01 04:45
==================== End of FRST.txt ============================
Ran by SYSTEM on MININT-48DTP74 (08-11-2017 05:50:48)
Running from F:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [611192 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [NVHotkey] => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
HKLM\...\Run: [FreeFallProtection] => C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2011-07-25] ()
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [6492672 2011-01-15] (Dell Inc.)
HKLM\...\Run: [DFEPApplication] => c:\Program Files\Dell\Feature Enhancement Pack\DFEPApplication.exe [7077272 2011-08-24] (Dell Inc.)
HKLM\...\Run: [TdmNotify] => C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [257392 2011-05-27] (Wave Systems Corp.)
HKLM\...\Run: [DBRMTray] => C:\Dell\DBRM\Reminder\DbrmTrayIcon.exe [227328 2011-03-08] (Dell Computer Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Endpoint Antivirus\egui.exe [4165248 2017-03-10] (ESET)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112408 2011-08-08] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462993 2010-03-12] (Creative Technology Ltd)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM\...\RunOnce: [DBRMTray] => C:\Dell\DBRM\Reminder\TrayApp.exe [7168 2010-02-04] (Microsoft)
HKLM\...\RunOnce: [29F3BE79A831A7AE1E01] => C:\Program Files (x86)\Microsoft Visual Studio\Installer\vs_installershell.exe [57180768 2017-11-03] (Microsoft Corporation)
HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2016-01-21] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist Corporate\1230\G2AWinLogon_x64.dll (Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [226920 2011-06-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [193128 2011-06-05] (NVIDIA Corporation)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\CAMAdmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\CAM_Latitude_ransom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\JeffS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Smart Settings.lnk [2012-02-06]
ShortcutTarget: Smart Settings.lnk -> C:\Program Files\Dell\Feature Enhancement Pack\SmartSettings.exe (Microsoft)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7923880 2017-10-23] (Microsoft Corporation)
S2 DFEPService; c:\Program Files\Dell\Feature Enhancement Pack\DFEPService.exe [2279320 2011-08-24] (Dell Inc.)
S3 EhttpSrv; C:\Program Files\ESET\ESET Endpoint Antivirus\EHttpSrv.exe [53376 2017-03-10] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET Endpoint Antivirus\x86\ekrn.exe [1072320 2017-03-10] (ESET)
S3 ESHASRV; C:\Program Files\ESET\ESET Endpoint Antivirus\EShaSrv.exe [200832 2017-03-10] (ESET)
S3 GoToAssist; C:\Program Files (x86)\Citrix\GoToAssist Corporate\1230\G2AC_Service.exe [309712 2017-11-02] (Citrix Systems, Inc.)
S2 LTService; C:\Windows\LTSvc\LTSVC.exe [2368440 2017-09-29] (LabTech Software)
S2 LTSvcMon; C:\Windows\LTSvc\LTSvcMon.exe [277432 2017-09-29] (LabTech Software)
S2 O2SDIOAssist; c:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
S2 ScreenConnect Client (65de14f11c8a4200); C:\Program Files (x86)\ScreenConnect Client (65de14f11c8a4200)\ScreenConnect.ClientService.exe [90256 2016-06-06] ()
S2 tcsd_win32.exe; C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1633280 2011-02-17] ()
S2 Wave Authentication Manager Service; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [1600000 2011-07-01] (Wave Systems Corp.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5839872 2011-01-15] (Dell Inc.)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 cpuz138; C:\Windows\TEMP\cpuz138\cpuz138_x64.sys [27320 2017-11-01] (CPUID)
S1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [262600 2016-10-19] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [193032 2016-10-19] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [183576 2016-10-19] (ESET)
S3 HBtnKey; C:\Windows\system32\drivers\HBtnKey.sys [20424 2011-07-19] (Dell Inc.)
S4 warpview; no ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-08 05:50 - 2017-11-08 05:50 - 000000000 ____D C:\FRST
2017-11-06 10:21 - 2017-11-06 10:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-11-06 10:21 - 2017-11-06 10:21 - 000000000 ____D C:\Program Files\Malwarebytes
2017-11-06 09:41 - 2017-11-06 09:41 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Roxio Burn
2017-11-06 09:15 - 2017-11-06 14:15 - 000000000 ____D C:\Max
2017-11-06 04:53 - 2017-11-06 14:15 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\Downloads\bluescreenview-x64
2017-11-06 04:50 - 2017-11-06 04:50 - 000084917 _____ C:\Users\admin.CAMBUILDS.000\Downloads\bluescreenview-x64.zip
2017-11-03 12:22 - 2017-11-03 12:22 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\source
2017-11-03 12:21 - 2017-11-03 12:21 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\.IdentityService
2017-11-03 12:14 - 2017-11-03 12:23 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\Documents\Visual Studio 2017
2017-11-03 12:05 - 2017-11-03 12:11 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2017-11-03 12:05 - 2017-11-03 12:05 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-11-03 11:48 - 2017-11-07 01:46 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-11-03 11:48 - 2017-11-03 11:49 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Visual Studio Setup
2017-11-03 11:48 - 2017-11-03 11:48 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\vstelemetry
2017-11-03 11:48 - 2017-11-03 11:48 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\ServiceHub
2017-11-03 11:25 - 2017-11-03 11:26 - 065444688 _____ (Microsoft Corporation) C:\Users\admin.CAMBUILDS.000\Downloads\NDP46-KB3045557-x86-x64-AllOS-ENU.exe
2017-11-03 11:24 - 2017-11-03 11:24 - 001077176 _____ (Microsoft Corporation) C:\Users\admin.CAMBUILDS.000\Downloads\vs_community__1319136878.1509737043.exe
2017-11-03 11:20 - 2017-11-03 11:20 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Macromedia
2017-11-03 03:27 - 2017-11-03 03:28 - 000250596 _____ C:\Windows\ntbtlog.txt
2017-11-02 10:19 - 2017-11-02 10:19 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\Dell
2017-11-02 10:11 - 2017-11-02 10:11 - 067702176 _____ (Dell Inc.) C:\Users\admin.CAMBUILDS.000\Downloads\DRVR_WIN_R298100.EXE
2017-11-02 10:09 - 2017-11-02 10:09 - 006205768 _____ C:\Users\admin.CAMBUILDS.000\Downloads\Latitude_E6420_E6420ATG_A24 (1).exe
2017-11-02 10:08 - 2017-11-02 10:08 - 006205768 _____ C:\Users\admin.CAMBUILDS.000\Downloads\Latitude_E6420_E6420ATG_A24.exe
2017-11-02 10:07 - 2017-11-02 10:07 - 000015605 _____ C:\Users\admin.CAMBUILDS.000\Downloads\DellSystemDetectLauncher.Application
2017-11-02 10:07 - 2017-11-02 10:07 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\Deployment
2017-11-02 09:29 - 2017-11-02 09:29 - 000262144 _____ C:\Windows\Minidump\110217-21247-01.dmp
2017-11-02 09:05 - 2017-11-02 09:05 - 000262144 _____ C:\Windows\Minidump\110217-28126-01.dmp
2017-11-02 09:02 - 2017-11-02 10:07 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\Apps\2.0
2017-11-02 08:40 - 2017-11-02 08:40 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\ElevatedDiagnostics
2017-11-02 08:11 - 2012-02-29 22:46 - 000023408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2017-11-02 08:11 - 2012-02-29 22:38 - 000220672 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2017-11-02 08:11 - 2012-02-29 22:33 - 000081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2017-11-02 08:11 - 2012-02-29 22:28 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\wmi.dll
2017-11-02 08:11 - 2012-02-29 21:37 - 000172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-11-02 08:11 - 2012-02-29 21:33 - 000159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2017-11-02 08:11 - 2012-02-29 21:29 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2017-11-02 08:09 - 2017-04-27 14:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-11-02 08:09 - 2017-04-12 05:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_47.dll
2017-11-02 07:47 - 2013-10-11 18:30 - 000830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2017-11-02 07:47 - 2013-10-11 18:29 - 000859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2017-11-02 07:47 - 2013-10-11 18:29 - 000324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2017-11-02 07:47 - 2013-10-11 18:03 - 000656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2017-11-02 07:47 - 2013-10-11 18:01 - 000216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2017-11-02 07:35 - 2017-11-02 07:35 - 000262144 _____ C:\Windows\Minidump\110217-23337-01.dmp
2017-11-02 07:33 - 2017-11-07 01:48 - 000000000 ____D C:\ProgramData\FLEXnet
2017-11-02 07:33 - 2017-11-02 07:33 - 000001957 _____ C:\Users\Public\Desktop\On-Screen Takeoff 3.lnk
2017-11-02 07:32 - 2017-11-03 11:12 - 000000000 ____D C:\Program Files (x86)\On-Screen Takeoff 3
2017-11-02 07:32 - 2017-11-02 07:32 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\Downloaded Installations
2017-11-02 07:32 - 2017-11-02 07:32 - 000000000 ____D C:\Program Files (x86)\Crystal Decisions
2017-11-02 07:26 - 2017-11-02 07:26 - 108836200 _____ (On Center Software, Inc) C:\Users\admin.CAMBUILDS.000\Downloads\OST39321Setup.exe
2017-11-02 07:26 - 2017-11-02 07:26 - 000000000 ____D C:\Windows\System32\appmgmt
2017-11-02 07:24 - 2017-11-02 07:24 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\GoTo Opener
2017-11-02 07:15 - 2017-11-02 07:15 - 000262144 _____ C:\Windows\Minidump\110217-20638-01.dmp
2017-11-02 07:10 - 2017-11-07 01:48 - 000000000 ____D C:\users\admin.CAMBUILDS.000
2017-11-02 07:10 - 2017-11-02 10:06 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\Google
2017-11-02 07:10 - 2017-11-02 08:47 - 000000008 __RSH C:\Users\admin.CAMBUILDS.000\ntuser.pol
2017-11-02 07:10 - 2017-11-02 07:16 - 000000000 ___RD C:\Users\admin.CAMBUILDS.000\Virtual Machines
2017-11-02 07:10 - 2017-11-02 07:12 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Adobe
2017-11-02 07:10 - 2017-11-02 07:10 - 000132320 _____ C:\Users\admin.CAMBUILDS.000\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-02 07:10 - 2017-11-02 07:10 - 000000020 ___SH C:\Users\admin.CAMBUILDS.000\ntuser.ini
2017-11-02 07:10 - 2017-11-02 07:10 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Windows Small Business Server
2017-11-02 07:10 - 2017-11-02 07:10 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Roxio
2017-11-02 07:10 - 2017-11-02 07:10 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Creative
2017-11-02 07:10 - 2017-11-02 07:10 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Local\Adobe
2017-11-02 07:10 - 2010-11-20 23:16 - 000000000 ____D C:\Users\admin.CAMBUILDS.000\AppData\Roaming\Media Center Programs
2017-11-02 07:08 - 2017-11-02 07:08 - 000262144 _____ C:\Windows\Minidump\110217-21153-01.dmp
2017-11-02 07:06 - 2017-11-02 07:06 - 000000000 ____D C:\Users\Chris\AppData\Local\GoToAssist Corporate
2017-11-02 07:06 - 2017-11-02 07:06 - 000000000 ____D C:\Users\Chris\AppData\Local\GoTo Opener
2017-11-02 07:06 - 2017-11-02 07:06 - 000000000 ____D C:\Program Files (x86)\Citrix
2017-11-02 06:52 - 2017-11-02 06:52 - 000262144 _____ C:\Windows\Minidump\110217-20560-01.dmp
2017-11-02 06:25 - 2017-11-02 06:25 - 000262144 _____ C:\Windows\Minidump\110217-18688-01.dmp
2017-11-02 06:18 - 2017-11-02 06:18 - 000262144 _____ C:\Windows\Minidump\110217-34944-01.dmp
2017-11-02 06:13 - 2017-11-02 06:13 - 000000000 ____D C:\92c353637f47183c8cc2b2
2017-11-02 06:06 - 2017-11-02 06:06 - 000000000 ____D C:\Program Files (x86)\MSXML 4.0
2017-11-02 06:02 - 2016-04-08 22:58 - 001190912 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2017-11-02 06:02 - 2016-04-08 22:54 - 001011712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-11-02 05:57 - 2015-02-03 19:16 - 000392192 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2017-11-02 05:57 - 2015-02-03 18:54 - 000318464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-11-02 05:36 - 2017-11-02 05:36 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Macromedia
2017-11-02 05:35 - 2017-11-02 05:35 - 000000000 ____D C:\OCS Documents
2017-11-02 05:32 - 2017-11-02 05:32 - 000000000 ____D C:\Users\Chris\AppData\Local\Downloaded Installations
2017-11-02 05:13 - 2017-11-07 01:48 - 000000000 ____D C:\users\Chris
2017-11-02 05:13 - 2017-11-02 05:36 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Adobe
2017-11-02 05:13 - 2017-11-02 05:13 - 000132320 _____ C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-02 05:13 - 2017-11-02 05:13 - 000000020 ___SH C:\Users\Chris\ntuser.ini
2017-11-02 05:13 - 2017-11-02 05:13 - 000000000 ___RD C:\Users\Chris\Virtual Machines
2017-11-02 05:13 - 2017-11-02 05:13 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Windows Small Business Server
2017-11-02 05:13 - 2017-11-02 05:13 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Roxio
2017-11-02 05:13 - 2017-11-02 05:13 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Creative
2017-11-02 05:13 - 2017-11-02 05:13 - 000000000 ____D C:\Users\Chris\AppData\Local\Google
2017-11-02 05:13 - 2017-11-02 05:13 - 000000000 ____D C:\Users\Chris\AppData\Local\Adobe
2017-11-02 05:13 - 2010-11-20 23:16 - 000000000 ____D C:\Users\Chris\AppData\Roaming\Media Center Programs
2017-11-02 05:10 - 2017-11-02 05:10 - 000002261 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-11-02 05:10 - 2017-11-02 05:10 - 000000000 ____D C:\Users\JeffS\AppData\Local\Google
2017-11-02 05:09 - 2017-11-02 05:10 - 000000000 ____D C:\Program Files (x86)\Google
2017-11-02 05:09 - 2017-11-02 05:09 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-11-02 05:09 - 2017-11-02 05:09 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-11-02 05:09 - 2017-11-02 05:09 - 000000000 ____D C:\Users\JeffS\AppData\Local\Deployment
2017-11-02 05:09 - 2017-11-02 05:09 - 000000000 ____D C:\Users\JeffS\AppData\Local\Apps\2.0
2017-11-02 04:59 - 2017-11-02 04:59 - 000003174 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3224453683-1470921515-3759671195-1171
2017-11-02 04:49 - 2017-11-02 05:26 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2017-11-01 08:49 - 2017-11-02 04:59 - 000000000 ___RD C:\Users\JeffS\OneDrive
2017-11-01 08:49 - 2017-11-01 08:49 - 000000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2017-11-01 08:48 - 2017-11-01 08:48 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Skype
2017-11-01 08:48 - 2017-11-01 08:48 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-11-01 08:46 - 2015-07-18 05:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-private-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-math-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-string-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-stdio-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-runtime-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-convert-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-time-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-heap-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-utility-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-locale-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-crt-environment-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-eventing-provider-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l2-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
2017-11-01 08:46 - 2015-07-18 05:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
2017-11-01 08:44 - 2017-11-01 08:44 - 000000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2017-11-01 08:43 - 2017-11-06 04:37 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-11-01 08:35 - 2017-11-07 01:48 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-11-01 08:31 - 2017-11-01 08:32 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-11-01 08:31 - 2017-11-01 08:31 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Macromedia
2017-11-01 08:31 - 2017-11-01 08:31 - 000000000 ____D C:\Users\JeffS\AppData\LocalLow\Adobe
2017-11-01 08:29 - 2017-11-01 08:32 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Adobe
2017-11-01 08:29 - 2017-11-01 08:31 - 000000000 ____D C:\Users\JeffS\AppData\Local\Adobe
2017-11-01 08:29 - 2017-11-01 08:29 - 000002046 _____ C:\Users\Public\Desktop\Adobe Acrobat X Standard.lnk
2017-11-01 08:27 - 2017-11-01 08:32 - 000000000 ____D C:\ProgramData\Adobe
2017-11-01 08:27 - 2017-11-01 08:27 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-11-01 08:19 - 2016-02-04 17:19 - 000381440 _____ (Microsoft Corporation) C:\Windows\System32\mfds.dll
2017-11-01 08:19 - 2016-02-04 10:41 - 000296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2017-11-01 08:19 - 2015-11-11 10:53 - 001735680 _____ (Microsoft Corporation) C:\Windows\System32\comsvcs.dll
2017-11-01 08:19 - 2015-11-11 10:53 - 000525312 _____ (Microsoft Corporation) C:\Windows\System32\catsrvut.dll
2017-11-01 08:19 - 2015-11-11 10:39 - 001242624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2017-11-01 08:19 - 2015-11-11 10:39 - 000487936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2017-11-01 08:19 - 2015-10-13 08:41 - 000497664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2017-11-01 08:19 - 2015-10-13 08:40 - 000118272 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2017-11-01 08:19 - 2013-07-12 02:41 - 000185344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbvideo.sys
2017-11-01 08:19 - 2013-07-12 02:41 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbcir.sys
2017-11-01 08:19 - 2013-07-02 20:05 - 000076800 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidclass.sys
2017-11-01 08:19 - 2013-07-02 20:05 - 000032896 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2017-11-01 08:18 - 2015-12-15 14:28 - 017892352 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2017-11-01 08:18 - 2015-12-15 14:25 - 002350080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2017-11-01 08:18 - 2015-12-15 14:21 - 010938368 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2017-11-01 08:18 - 2015-12-15 14:20 - 001388032 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2017-11-01 08:18 - 2015-12-15 14:20 - 000448512 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2017-11-01 08:18 - 2015-12-15 14:19 - 002158080 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2017-11-01 08:18 - 2015-12-15 14:19 - 001392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 002382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2017-11-01 08:18 - 2015-12-15 14:18 - 001494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2017-11-01 08:18 - 2015-12-15 14:18 - 000816128 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000579584 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000173568 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2017-11-01 08:18 - 2015-12-15 14:18 - 000096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000086016 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2017-11-01 08:18 - 2015-12-15 14:18 - 000012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2017-11-01 08:18 - 2015-12-15 14:18 - 000011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2017-11-01 08:18 - 2015-12-15 13:50 - 001814528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-11-01 08:18 - 2015-12-15 13:49 - 012388864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-11-01 08:18 - 2015-12-15 13:47 - 000367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-11-01 08:18 - 2015-12-15 13:46 - 009753088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-11-01 08:18 - 2015-12-15 13:45 - 001140224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-11-01 08:18 - 2015-12-15 13:45 - 001129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-11-01 08:18 - 2015-12-15 13:44 - 001804800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-11-01 08:18 - 2015-12-15 13:44 - 001427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-11-01 08:18 - 2015-12-15 13:44 - 000718848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-11-01 08:18 - 2015-12-15 13:44 - 000424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-11-01 08:18 - 2015-12-15 13:44 - 000231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2017-11-01 08:18 - 2015-12-15 13:44 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-11-01 08:18 - 2015-12-15 13:44 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 002382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-11-01 08:18 - 2015-12-15 13:43 - 000607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 000353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 000176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 000041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2017-11-01 08:18 - 2015-12-15 13:43 - 000011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2017-11-01 08:18 - 2015-12-15 13:43 - 000010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2017-11-01 08:18 - 2015-07-30 10:06 - 001838080 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2017-11-01 08:18 - 2015-07-30 10:06 - 001550336 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2017-11-01 08:18 - 2015-07-30 10:06 - 001148416 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2017-11-01 08:18 - 2015-07-30 10:06 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2017-11-01 08:18 - 2015-07-30 10:06 - 000046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2017-11-01 08:18 - 2015-07-30 10:06 - 000041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2017-11-01 08:18 - 2015-07-30 10:06 - 000014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2017-11-01 08:18 - 2015-07-30 09:57 - 001171456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-11-01 08:18 - 2015-07-30 09:57 - 001081856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-11-01 08:18 - 2015-07-30 09:57 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-11-01 08:18 - 2015-07-30 09:57 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-11-01 08:18 - 2015-07-30 09:57 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-11-01 08:18 - 2015-07-30 09:55 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-11-01 08:18 - 2015-07-30 08:56 - 003208192 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2017-11-01 08:18 - 2015-07-30 08:52 - 000372736 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2017-11-01 08:18 - 2015-07-30 08:49 - 000299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-11-01 08:18 - 2015-07-09 09:57 - 000193536 _____ (Microsoft Corporation) C:\Windows\System32\notepad.exe
2017-11-01 08:18 - 2015-07-09 09:57 - 000193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2017-11-01 08:18 - 2015-07-09 09:42 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2017-11-01 08:18 - 2012-11-01 21:59 - 000478208 _____ (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2017-11-01 08:18 - 2012-11-01 21:11 - 000376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2017-11-01 08:17 - 2016-05-11 09:02 - 000483840 _____ (Microsoft Corporation) C:\Windows\System32\StructuredQuery.dll
2017-11-01 08:17 - 2016-05-11 09:02 - 000444928 _____ (Microsoft Corporation) C:\Windows\System32\winhttp.dll
2017-11-01 08:17 - 2016-05-11 09:02 - 000327168 _____ (Microsoft Corporation) C:\Windows\System32\mswsock.dll
2017-11-01 08:17 - 2016-05-11 09:02 - 000296448 _____ (Microsoft Corporation) C:\Windows\System32\ws2_32.dll
2017-11-01 08:17 - 2016-05-11 07:19 - 000363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2017-11-01 08:17 - 2016-05-11 07:19 - 000351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2017-11-01 08:17 - 2016-05-11 07:19 - 000231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2017-11-01 08:17 - 2016-05-11 07:19 - 000206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2017-11-01 08:17 - 2016-05-11 07:11 - 000025088 _____ (Microsoft Corporation) C:\Windows\System32\netbtugc.exe
2017-11-01 08:17 - 2016-05-11 07:01 - 000026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2017-11-01 08:17 - 2016-05-11 06:58 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netbt.sys
2017-11-01 08:17 - 2016-04-14 08:42 - 000573952 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2017-11-01 08:17 - 2016-04-14 07:33 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-11-01 08:17 - 2016-02-09 01:55 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\seclogon.dll
2017-11-01 08:17 - 2016-01-21 22:27 - 005573056 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2017-11-01 08:17 - 2016-01-21 22:27 - 000154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2017-11-01 08:17 - 2016-01-21 22:24 - 001733592 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2017-11-01 08:17 - 2016-01-21 22:20 - 000503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2017-11-01 08:17 - 2016-01-21 22:20 - 000362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2017-11-01 08:17 - 2016-01-21 22:20 - 000243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2017-11-01 08:17 - 2016-01-21 22:20 - 000215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2017-11-01 08:17 - 2016-01-21 22:20 - 000210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2017-11-01 08:17 - 2016-01-21 22:20 - 000086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2017-11-01 08:17 - 2016-01-21 22:19 - 001214464 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2017-11-01 08:17 - 2016-01-21 22:19 - 000344064 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2017-11-01 08:17 - 2016-01-21 22:18 - 000961024 _____ (Microsoft Corporation) C:\Windows\System32\CPFilters.dll
2017-11-01 08:17 - 2016-01-21 22:18 - 000723968 _____ (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2017-11-01 08:17 - 2016-01-21 22:17 - 000315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2017-11-01 08:17 - 2016-01-21 22:17 - 000312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2017-11-01 08:17 - 2016-01-21 22:17 - 000159744 _____ (Microsoft Corporation) C:\Windows\System32\mtxoci.dll
2017-11-01 08:17 - 2016-01-21 22:16 - 001461248 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2017-11-01 08:17 - 2016-01-21 22:15 - 001163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2017-11-01 08:17 - 2016-01-21 22:15 - 000730112 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2017-11-01 08:17 - 2016-01-21 22:15 - 000422400 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2017-11-01 08:17 - 2016-01-21 22:13 - 003993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-11-01 08:17 - 2016-01-21 22:13 - 003938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-11-01 08:17 - 2016-01-21 22:12 - 000880128 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2017-11-01 08:17 - 2016-01-21 22:12 - 000686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2017-11-01 08:17 - 2016-01-21 22:09 - 001314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-11-01 08:17 - 2016-01-21 22:06 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-11-01 08:17 - 2016-01-21 22:06 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-11-01 08:17 - 2016-01-21 22:06 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-11-01 08:17 - 2016-01-21 22:05 - 000251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-11-01 08:17 - 2016-01-21 22:04 - 000642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2017-11-01 08:17 - 2016-01-21 22:04 - 000535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2017-11-01 08:17 - 2016-01-21 22:02 - 000553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-11-01 08:17 - 2016-01-21 22:02 - 000259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-11-01 08:17 - 2016-01-21 22:02 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-11-01 08:17 - 2016-01-21 22:02 - 000114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2017-11-01 08:17 - 2016-01-21 21:59 - 000686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-11-01 08:17 - 2016-01-21 21:59 - 000642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-11-01 08:17 - 2016-01-21 20:59 - 000159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2017-11-01 08:17 - 2016-01-21 20:58 - 000290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2017-11-01 08:17 - 2016-01-21 20:58 - 000129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2017-11-01 08:17 - 2015-12-08 13:54 - 001620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 001568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 001325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2017-11-01 08:17 - 2015-12-08 13:54 - 000739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2017-11-01 08:17 - 2015-12-08 13:54 - 000154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 003209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2017-11-01 08:17 - 2015-12-08 13:53 - 000153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2017-11-01 08:17 - 2015-12-08 13:53 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2017-11-01 08:17 - 2015-12-08 13:53 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2017-11-01 08:17 - 2015-12-08 13:53 - 000023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2017-11-01 08:17 - 2015-12-08 13:53 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2017-11-01 08:17 - 2015-12-08 13:50 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 004121600 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 001955328 _____ (Microsoft Corporation) C:\Windows\System32\WMVENCOD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 001888768 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 001575424 _____ (Microsoft Corporation) C:\Windows\System32\WMSPDMOE.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 001573888 _____ (Microsoft Corporation) C:\Windows\System32\quartz.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 001307136 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2adec.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 001232896 _____ (Microsoft Corporation) C:\Windows\System32\WMADMOD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 001160192 _____ (Microsoft Corporation) C:\Windows\System32\MSMPEG2ENC.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 001153024 _____ (Microsoft Corporation) C:\Windows\System32\WMADMOE.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 001026048 _____ (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 001010688 _____ (Microsoft Corporation) C:\Windows\System32\mcmde.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000978944 _____ (Microsoft Corporation) C:\Windows\System32\WMSPDMOD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000666112 _____ (Microsoft Corporation) C:\Windows\System32\WMVSDECD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000653824 _____ (Microsoft Corporation) C:\Windows\System32\MP4SDECD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000642048 _____ (Microsoft Corporation) C:\Windows\System32\WMVXENCD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000632320 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000624640 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000484864 _____ (Microsoft Corporation) C:\Windows\System32\MFWMAAEC.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000447488 _____ (Microsoft Corporation) C:\Windows\System32\WMVSENCD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000432128 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000378880 _____ (Microsoft Corporation) C:\Windows\System32\SysFxUI.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000371712 _____ (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000292352 _____ (Microsoft Corporation) C:\Windows\System32\VIDRESZR.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000254464 _____ (Microsoft Corporation) C:\Windows\System32\qasf.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000225792 _____ (Microsoft Corporation) C:\Windows\System32\RESAMPLEDMO.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000224768 _____ (Microsoft Corporation) C:\Windows\System32\MPG4DECD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000223744 _____ (Microsoft Corporation) C:\Windows\System32\MP43DECD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000206848 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000189952 _____ (Microsoft Corporation) C:\Windows\System32\COLORCNV.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000100864 _____ (Microsoft Corporation) C:\Windows\System32\MP3DMOD.DLL
2017-11-01 08:17 - 2015-12-08 11:07 - 000076288 _____ (Microsoft Corporation) C:\Windows\System32\devenum.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000070144 _____ (Microsoft Corporation) C:\Windows\System32\mfvdsp.dll
2017-11-01 08:17 - 2015-12-08 11:07 - 000055808 _____ (Microsoft Corporation) C:\Windows\System32\rrinstaller.exe
2017-11-01 08:17 - 2015-12-08 11:07 - 000005120 _____ (Microsoft Corporation) C:\Windows\System32\ksuser.dll
2017-11-01 08:17 - 2015-12-08 11:06 - 000250880 _____ (Microsoft Corporation) C:\Windows\System32\ksproxy.ax
2017-11-01 08:17 - 2015-12-08 11:06 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\mfpmp.exe
2017-11-01 08:17 - 2015-12-08 11:04 - 000002048 _____ (Microsoft Corporation) C:\Windows\System32\mferror.dll
2017-11-01 08:17 - 2015-12-08 10:54 - 000116736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmk.sys
2017-11-01 08:17 - 2015-12-08 10:12 - 000230400 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2017-11-01 08:17 - 2015-12-08 10:11 - 000005632 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\drmkaud.sys
2017-11-01 08:17 - 2015-09-23 05:15 - 000460776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2017-11-01 08:17 - 2015-09-23 05:15 - 000299632 _____ (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll
2017-11-01 08:17 - 2015-09-23 05:09 - 000251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2017-11-01 08:17 - 2014-11-10 19:08 - 000241152 _____ (Microsoft Corporation) C:\Windows\System32\pku2u.dll
2017-11-01 08:17 - 2014-11-10 18:44 - 000186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2017-11-01 08:17 - 2014-09-03 21:23 - 000424448 _____ (Microsoft Corporation) C:\Windows\System32\rastls.dll
2017-11-01 08:17 - 2014-09-03 21:04 - 000372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2017-11-01 08:17 - 2014-08-11 18:02 - 000878080 _____ (Microsoft Corporation) C:\Windows\System32\IMJP10K.DLL
2017-11-01 08:17 - 2014-08-11 17:36 - 000701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2017-11-01 08:17 - 2012-09-25 14:47 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2017-11-01 08:17 - 2012-09-25 14:46 - 000095744 _____ (Microsoft Corporation) C:\Windows\System32\synceng.dll
2017-11-01 08:17 - 2012-03-16 23:58 - 000075120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2017-11-01 08:16 - 2016-05-12 09:15 - 000105472 _____ (Microsoft Corporation) C:\Windows\System32\winipsec.dll
2017-11-01 08:16 - 2016-05-12 09:14 - 000794624 _____ (Microsoft Corporation) C:\Windows\System32\gpsvc.dll
2017-11-01 08:16 - 2016-05-12 09:14 - 000793088 _____ (Microsoft Corporation) C:\Windows\System32\gpprefcl.dll
2017-11-01 08:16 - 2016-05-12 09:14 - 000502272 _____ (Microsoft Corporation) C:\Windows\System32\IPSECSVC.DLL
2017-11-01 08:16 - 2016-05-12 09:14 - 000373760 _____ (Microsoft Corporation) C:\Windows\System32\polstore.dll
2017-11-01 08:16 - 2016-05-12 09:14 - 000096256 _____ (Microsoft Corporation) C:\Windows\System32\gpapi.dll
2017-11-01 08:16 - 2016-05-12 09:14 - 000075776 _____ (Microsoft Corporation) C:\Windows\System32\FwRemoteSvr.dll
2017-11-01 08:16 - 2016-05-12 09:14 - 000032768 _____ (Microsoft Corporation) C:\Windows\System32\gpscript.dll
2017-11-01 08:16 - 2016-05-12 07:18 - 000591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2017-11-01 08:16 - 2016-05-12 07:18 - 000274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2017-11-01 08:16 - 2016-05-12 07:18 - 000079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2017-11-01 08:16 - 2016-05-12 07:18 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2017-11-01 08:16 - 2016-05-12 07:18 - 000044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2017-11-01 08:16 - 2016-05-12 07:06 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\gpscript.exe
2017-11-01 08:16 - 2016-05-12 06:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2017-11-01 08:16 - 2016-05-12 06:57 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2017-11-01 08:16 - 2016-04-06 07:27 - 000024576 _____ (Microsoft Corporation) C:\Windows\System32\jnwmon.dll
2017-11-01 08:16 - 2016-01-21 22:27 - 000095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2017-11-01 08:16 - 2016-01-21 22:20 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2017-11-01 08:16 - 2016-01-21 22:20 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2017-11-01 08:16 - 2016-01-21 22:20 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2017-11-01 08:16 - 2016-01-21 22:20 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2017-11-01 08:16 - 2016-01-21 22:19 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2017-11-01 08:16 - 2016-01-21 22:18 - 000016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2017-11-01 08:16 - 2016-01-21 22:16 - 000146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2017-11-01 08:16 - 2016-01-21 22:16 - 000060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2017-11-01 08:16 - 2016-01-21 22:13 - 000043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2017-11-01 08:16 - 2016-01-21 22:13 - 000043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2017-11-01 08:16 - 2016-01-21 22:13 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:12 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 22:06 - 000171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-11-01 08:16 - 2016-01-21 22:06 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-11-01 08:16 - 2016-01-21 22:06 - 000065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-11-01 08:16 - 2016-01-21 22:06 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-11-01 08:16 - 2016-01-21 22:06 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-11-01 08:16 - 2016-01-21 22:05 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-11-01 08:16 - 2016-01-21 22:02 - 000176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2017-11-01 08:16 - 2016-01-21 22:02 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-11-01 08:16 - 2016-01-21 22:02 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:59 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 21:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2017-11-01 08:16 - 2016-01-21 21:07 - 000338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2017-11-01 08:16 - 2016-01-21 21:07 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-11-01 08:16 - 2016-01-21 21:05 - 000296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2017-11-01 08:16 - 2016-01-21 20:57 - 000112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2017-11-01 08:16 - 2016-01-21 20:57 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2017-11-01 08:16 - 2016-01-21 20:53 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-11-01 08:16 - 2016-01-21 20:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-11-01 08:16 - 2016-01-21 20:53 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-11-01 08:16 - 2016-01-21 20:53 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-11-01 08:16 - 2016-01-21 20:51 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-11-01 08:16 - 2016-01-21 20:51 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 20:51 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 20:51 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-11-01 08:16 - 2016-01-21 20:51 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-11-01 08:16 - 2015-10-12 20:57 - 000950720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2017-11-01 08:16 - 2012-11-22 19:13 - 000068608 _____ (Microsoft Corporation) C:\Windows\System32\taskhost.exe
2017-11-01 08:15 - 2015-11-03 11:04 - 000241664 _____ (Microsoft Corporation) C:\Windows\System32\els.dll
2017-11-01 08:15 - 2015-11-03 10:55 - 000179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\els.dll
2017-11-01 08:15 - 2015-03-03 20:55 - 000367552 _____ (Microsoft Corporation) C:\Windows\System32\clfs.sys
2017-11-01 08:15 - 2015-03-03 20:41 - 000079360 _____ (Microsoft Corporation) C:\Windows\System32\clfsw32.dll
2017-11-01 08:15 - 2015-03-03 20:10 - 000058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2017-11-01 08:15 - 2014-12-07 19:09 - 000406528 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2017-11-01 08:15 - 2014-12-07 18:46 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2017-11-01 08:15 - 2014-10-24 17:57 - 000077824 _____ (Microsoft Corporation) C:\Windows\System32\packager.dll
2017-11-01 08:15 - 2014-10-24 17:32 - 000067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2017-11-01 08:15 - 2014-07-16 18:07 - 003722240 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2017-11-01 08:15 - 2014-07-16 18:07 - 001118720 _____ (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2017-11-01 08:15 - 2014-07-16 18:07 - 000681984 _____ (Microsoft Corporation) C:\Windows\System32\termsrv.dll
2017-11-01 08:15 - 2014-07-16 18:07 - 000455168 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2017-11-01 08:15 - 2014-07-16 18:07 - 000235520 _____ (Microsoft Corporation) C:\Windows\System32\winsta.dll
2017-11-01 08:15 - 2014-07-16 18:07 - 000150528 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2017-11-01 08:15 - 2014-07-16 17:40 - 000157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2017-11-01 08:15 - 2014-07-16 17:39 - 003221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2017-11-01 08:15 - 2014-07-16 17:39 - 001051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2017-11-01 08:15 - 2014-07-16 17:39 - 000131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2017-11-01 08:15 - 2014-07-16 17:21 - 000212480 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2017-11-01 08:15 - 2014-07-16 17:21 - 000039936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2017-11-01 08:15 - 2013-10-11 18:32 - 000150016 _____ (Microsoft Corporation) C:\Windows\System32\wshom.ocx
2017-11-01 08:15 - 2013-10-11 18:31 - 000202752 _____ (Microsoft Corporation) C:\Windows\System32\scrrun.dll
2017-11-01 08:15 - 2013-10-11 18:04 - 000121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2017-11-01 08:15 - 2013-10-11 18:03 - 000163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2017-11-01 08:15 - 2013-10-11 17:33 - 000168960 _____ (Microsoft Corporation) C:\Windows\System32\wscript.exe
2017-11-01 08:15 - 2013-10-11 17:33 - 000156160 _____ (Microsoft Corporation) C:\Windows\System32\cscript.exe
2017-11-01 08:15 - 2013-10-11 17:15 - 000141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2017-11-01 08:15 - 2013-10-11 17:15 - 000126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2017-11-01 08:15 - 2013-05-12 21:51 - 001464320 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2017-11-01 08:15 - 2013-05-12 21:51 - 000184320 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2017-11-01 08:15 - 2013-05-12 21:51 - 000139776 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2017-11-01 08:15 - 2013-05-12 21:50 - 000052224 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2017-11-01 08:15 - 2013-05-12 20:45 - 001160192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-11-01 08:15 - 2013-05-12 20:45 - 000140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-11-01 08:15 - 2013-05-12 20:45 - 000103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-11-01 08:15 - 2013-05-12 19:43 - 001192448 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2017-11-01 08:15 - 2013-05-12 19:08 - 000903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2017-11-01 08:15 - 2013-05-12 19:08 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2017-11-01 08:15 - 2013-02-14 22:08 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2017-11-01 08:15 - 2013-02-14 22:02 - 000158720 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2017-11-01 08:15 - 2013-02-14 19:25 - 000036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2017-11-01 08:15 - 2012-07-04 14:16 - 000073216 _____ (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2017-11-01 08:15 - 2012-07-04 14:13 - 000136704 _____ (Microsoft Corporation) C:\Windows\System32\browser.dll
2017-11-01 08:15 - 2012-07-04 14:13 - 000059392 _____ (Microsoft Corporation) C:\Windows\System32\browcli.dll
2017-11-01 08:15 - 2012-07-04 13:16 - 000057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2017-11-01 08:15 - 2012-07-04 13:14 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2017-11-01 08:15 - 2012-04-25 21:41 - 000077312 _____ (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2017-11-01 08:15 - 2012-04-25 21:34 - 000009216 _____ (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2017-11-01 08:15 - 2011-12-16 00:46 - 000634880 _____ (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2017-11-01 08:15 - 2011-12-15 23:52 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2017-11-01 08:01 - 2017-11-01 08:01 - 000000000 ____D C:\Users\JeffS\Documents\Bluetooth Exchange Folder
2017-11-01 08:01 - 2017-11-01 08:01 - 000000000 ____D C:\Users\JeffS\AppData\Local\Broadcom
2017-11-01 08:00 - 2017-11-01 08:00 - 000000000 ___RD C:\Users\JeffS\Virtual Machines
2017-11-01 08:00 - 2017-11-01 08:00 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Roxio
2017-11-01 08:00 - 2017-11-01 08:00 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Creative
2017-11-01 07:59 - 2017-11-07 01:48 - 000000000 ____D C:\users\JeffS
2017-11-01 07:59 - 2017-11-01 08:55 - 000131440 _____ C:\Users\JeffS\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-01 07:59 - 2017-11-01 07:59 - 000001426 __RSH C:\Users\JeffS\ntuser.pol
2017-11-01 07:59 - 2017-11-01 07:59 - 000000020 ___SH C:\Users\JeffS\ntuser.ini
2017-11-01 07:59 - 2017-11-01 07:59 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Windows Small Business Server
2017-11-01 07:59 - 2010-11-20 23:16 - 000000000 ____D C:\Users\JeffS\AppData\Roaming\Media Center Programs
2017-11-01 07:50 - 2012-06-05 22:02 - 001133568 _____ (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2017-11-01 07:50 - 2012-06-05 21:03 - 000805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-11-01 07:40 - 2014-06-30 14:24 - 000008856 _____ (Microsoft Corporation) C:\Windows\System32\icardres.dll
2017-11-01 07:40 - 2014-06-30 14:14 - 000008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2017-11-01 07:40 - 2014-06-05 22:16 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-11-01 07:40 - 2014-06-05 22:12 - 000035480 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe
2017-11-01 07:40 - 2014-03-09 13:48 - 001389208 _____ (Microsoft Corporation) C:\Windows\System32\icardagt.exe
2017-11-01 07:40 - 2014-03-09 13:48 - 000171160 _____ (Microsoft Corporation) C:\Windows\System32\infocardapi.dll
2017-11-01 07:40 - 2014-03-09 13:47 - 000619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2017-11-01 07:40 - 2014-03-09 13:47 - 000099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2017-11-01 07:16 - 2017-11-01 07:16 - 000000000 ____D C:\Program Files\ESET
2017-11-01 07:11 - 2017-11-01 07:16 - 000000000 ____D C:\ProgramData\ESET
2017-11-01 07:11 - 2012-02-16 22:38 - 001031680 _____ (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2017-11-01 07:11 - 2012-02-16 21:34 - 000826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2017-11-01 07:11 - 2012-02-16 20:57 - 000023552 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2017-11-01 07:09 - 2017-11-01 07:09 - 000000000 ____D C:\Users\CAMAdmin\Documents\Bluetooth Exchange Folder
2017-11-01 07:09 - 2017-11-01 07:09 - 000000000 ____D C:\Users\CAMAdmin\AppData\Local\Broadcom
2017-11-01 07:08 - 2017-11-01 07:08 - 000000000 ___RD C:\Users\CAMAdmin\Virtual Machines
2017-11-01 07:08 - 2017-11-01 07:08 - 000000000 ____D C:\Users\CAMAdmin\AppData\Roaming\Roxio
2017-11-01 07:08 - 2017-11-01 07:08 - 000000000 ____D C:\Users\CAMAdmin\AppData\Roaming\Creative
2017-11-01 07:08 - 2017-11-01 07:08 - 000000000 ____D C:\Users\CAMAdmin\AppData\Local\VirtualStore
2017-11-01 07:07 - 2017-11-07 01:48 - 000000000 ____D C:\users\CAMAdmin
2017-11-01 07:07 - 2017-11-02 08:45 - 000047548 __RSH C:\ProgramData\ntuser.pol
2017-11-01 07:07 - 2017-11-01 07:07 - 000074400 _____ C:\Users\CAMAdmin\AppData\Local\GDIPFONTCACHEV1.DAT
2017-11-01 07:07 - 2017-11-01 07:07 - 000000020 ___SH C:\Users\CAMAdmin\ntuser.ini
2017-11-01 07:07 - 2017-11-01 07:07 - 000000000 ____D C:\Users\CAMAdmin\AppData\Roaming\Windows Small Business Server
2017-11-01 07:07 - 2017-11-01 07:07 - 000000000 ____D C:\ProgramData\GroupPolicy
2017-11-01 07:07 - 2010-11-20 23:16 - 000000000 ____D C:\Users\CAMAdmin\AppData\Roaming\Media Center Programs
2017-11-01 03:59 - 2017-11-01 03:59 - 000000000 _____ C:\Windows\invcol.tmp
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-11-07 01:48 - 2016-09-06 11:32 - 000000000 ____D C:\Windows\Minidump
2017-11-07 01:48 - 2016-08-24 12:14 - 000000000 ____D C:\Windows\LTSvc
2017-11-07 01:48 - 2016-08-24 10:34 - 000000000 ____D C:\users\CAM_Latitude_ransom
2017-11-07 01:48 - 2012-02-06 20:28 - 000000000 ____D C:\ProgramData\NVIDIA
2017-11-07 01:48 - 2012-02-06 18:34 - 000000000 ____D C:\users\UpdatusUser
2017-11-07 01:48 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\security
2017-11-07 01:48 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2017-11-07 01:47 - 2011-02-10 06:25 - 000000000 ____D C:\dell
2017-11-07 01:47 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\registration
2017-11-07 01:44 - 2012-02-06 19:08 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-11-06 10:51 - 2016-08-24 10:43 - 000000136 _____ C:\Windows\System32\config\netlogon.ftl
2017-11-03 12:08 - 2016-08-24 12:14 - 000000000 ____D C:\ProgramData\Package Cache
2017-11-03 12:06 - 2009-07-13 20:45 - 000021312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-11-03 12:06 - 2009-07-13 20:45 - 000021312 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-11-03 12:06 - 2009-07-13 19:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-11-03 12:04 - 2009-07-13 21:32 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-11-03 11:38 - 2016-08-24 14:07 - 000000000 ____D C:\Windows\System32\%windir%
2017-11-03 11:35 - 2009-07-13 21:13 - 000825734 _____ C:\Windows\System32\PerfStringBackup.INI
2017-11-03 11:34 - 2011-02-10 06:33 - 000804306 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-11-03 11:14 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-11-03 05:21 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\rescache
2017-11-02 09:29 - 2016-09-06 11:32 - 509810839 _____ C:\Windows\MEMORY.DMP
2017-11-02 08:44 - 2009-07-13 20:45 - 000493096 _____ C:\Windows\System32\FNTCACHE.DAT
2017-11-02 08:41 - 2010-11-20 23:17 - 000000000 ____D C:\Program Files\Windows Journal
2017-11-02 08:41 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-11-01 07:46 - 2012-02-06 19:40 - 000000000 ____D C:\ProgramData\Intel
2017-11-01 07:46 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\AppCompat
2017-11-01 05:44 - 2016-09-02 08:11 - 000000000 ____D C:\ProgramData\ScreenConnect Client (65de14f11c8a4200)
2017-11-01 05:44 - 2016-09-02 08:11 - 000000000 ____D C:\Program Files (x86)\ScreenConnect Client (65de14f11c8a4200)
2017-11-01 04:51 - 2016-09-06 12:10 - 000000000 ____D C:\Users\CAM_Latitude_ransom\AppData\Local\ElevatedDiagnostics
2017-11-01 03:59 - 2012-02-06 19:22 - 000000031 _____ C:\tmuninst.ini
2017-11-01 03:58 - 2016-08-29 07:03 - 000000000 ____D C:\Windows\System32\Tasks\Dell
2017-11-01 03:48 - 2012-02-06 19:18 - 000000000 ____D C:\ProgramData\Sonic
C:\Windows\svchost.exe
ATTENTION ====> Check for partition/boot infection.
==================== Known DLLs (Whitelisted) =========================
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
TDL4: custom:26000022 <==== ATTENTION
==================== Association (Whitelisted) =============
==================== Restore Points =========================
Restore point date: 2017-11-01 08:27
Restore point date: 2017-11-01 08:46
Restore point date: 2017-11-02 05:35
Restore point date: 2017-11-02 05:47
Restore point date: 2017-11-02 06:05
Restore point date: 2017-11-02 07:25
Restore point date: 2017-11-02 07:32
Restore point date: 2017-11-02 08:01
Restore point date: 2017-11-03 04:26
Restore point date: 2017-11-03 04:28
Restore point date: 2017-11-03 12:07
Restore point date: 2017-11-03 12:08
Restore point date: 2017-11-03 12:09
Restore point date: 2017-11-06 08:51
==================== Memory info ===========================
Percentage of memory in use: 20%
Total physical RAM: 3977.02 MB
Available physical RAM: 3154.44 MB
Total Virtual: 3975.21 MB
Available Virtual: 3149.08 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:281.9 GB) (Free:226.43 GB) NTFS
Drive e: (W7SP1_PROFESSIONAL) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
Drive f: (EMTEC) (Removable) (Total:7.21 GB) (Free:7.2 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:16.15 GB) (Free:7.49 GB) NTFS ==>[system with boot components (obtained from drive)]
ATTENTION: Malware custom entry on BCD on drive y: detected.
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 7AA15390)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=16.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=281.9 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: 1B4B2DAD)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0C)
LastRegBack: 2017-11-01 04:45
==================== End of FRST.txt ============================
