Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Wondershare NIGHTmare

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Wondershare NIGHTmare

Unread postby tincat » August 29th, 2017, 1:16 am

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by jenni (administrator) on LAPTOP (29-08-2017 14:08:31)
Running from C:\Users\jenni\Desktop
Loaded Profiles: jenni (Available Profiles: jenni)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.2.221\WsAppService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
() C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe
() C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2014-10-07] (Realtek Semiconductor)
HKLM-x32\...\Run: [CheckNDISPortf0aca3] => C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe [421632 2013-05-25] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe [440648 2013-04-20] ()
HKU\S-1-5-21-2282976789-625184829-3266694354-1001\...\MountPoints2: {1746fe97-6bf2-11e7-9b05-364b50b7ef2d} - "F:\AutoRun.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{46b8b5f9-af40-40ab-ad87-e2c41d9b398d}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{501e53df-ded0-414e-95a0-ef1c1069f4ed}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{711b7c52-f737-4d07-9bbf-21d30304c5f0}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{86527de7-445f-4022-8cd3-55129e0c7776}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2282976789-625184829-3266694354-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
SearchScopes: HKU\S-1-5-21-2282976789-625184829-3266694354-1001 -> DefaultScope {53BD6D1B-477C-486B-A1FB-198C92735084} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v73-5_q
SearchScopes: HKU\S-1-5-21-2282976789-625184829-3266694354-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2282976789-625184829-3266694354-1001 -> {53BD6D1B-477C-486B-A1FB-198C92735084} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v73-5_q
SearchScopes: HKU\S-1-5-21-2282976789-625184829-3266694354-1001 -> {CB0DBEE1-E0CE-42B7-9E20-EF9B311B76AE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-04-08] (VideoLAN)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-12-06] (Intel Corporation)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-23] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-05] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-16] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.221\WsAppService.exe [459408 2017-02-10] (Wondershare)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-12] (HP)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-12] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3506464 2015-09-16] (Intel Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [76376 2016-10-04] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2016-12-27] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-29 14:08 - 2017-08-29 14:09 - 000007629 _____ C:\Users\jenni\Desktop\FRST.txt
2017-08-29 14:07 - 2017-08-29 14:08 - 000000000 ____D C:\FRST
2017-08-29 13:58 - 2017-08-29 13:58 - 002395648 _____ (Farbar) C:\Users\jenni\Desktop\FRST64.exe
2017-08-28 15:18 - 2017-08-29 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2017-08-28 15:18 - 2017-08-28 15:21 - 000000000 ____D C:\Users\jenni\AppData\Roaming\Wondershare
2017-08-28 15:18 - 2017-01-12 11:45 - 000076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusb0.dll
2017-08-28 15:18 - 2017-01-12 11:45 - 000052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\Drivers\libusb0.sys
2017-08-28 15:17 - 2017-08-29 11:27 - 000000000 ____D C:\ProgramData\Wondershare
2017-08-28 15:17 - 2017-08-29 11:27 - 000000000 ____D C:\Program Files (x86)\Wondershare
2017-08-28 15:17 - 2017-02-08 14:04 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2017-08-27 19:20 - 2017-08-27 19:20 - 000000000 ____D C:\Users\jenni\Documents\jokes
2017-08-26 20:20 - 2017-08-26 20:20 - 001514282 _____ C:\Users\jenni\Desktop\HANNAHiphoneAc.pdf
2017-08-26 15:47 - 2017-08-26 15:48 - 000000000 ____D C:\Users\jenni\Desktop\ZTEphone
2017-08-26 15:45 - 2017-08-29 11:47 - 000000000 ____D C:\Users\jenni\Desktop\PRINT
2017-08-25 12:37 - 2017-08-29 10:27 - 000000000 ____D C:\Users\jenni\Desktop\SomeHouse
2017-08-24 08:49 - 2017-08-24 08:49 - 000000000 ____D C:\Users\jenni\Desktop\New folder
2017-08-23 20:07 - 2017-08-25 19:23 - 000000000 ____D C:\Users\jenni\Desktop\OPEN 2days
2017-08-18 19:02 - 2017-08-18 19:02 - 000001391 _____ C:\Users\jenni\Desktop\10709071_CIS_70_My_Mobile_Broadband_Plus_140GB_12M - Shortcut.lnk
2017-08-18 18:57 - 2017-08-18 18:58 - 000000000 ____D C:\Users\jenni\Downloads\RECfound
2017-08-18 10:07 - 2017-08-18 10:07 - 000075145 _____ C:\Users\jenni\Downloads\10709071_CIS_70_My_Mobile_Broadband_Plus_140GB_12M.pdf
2017-08-17 17:10 - 2017-08-01 12:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-17 17:10 - 2017-08-01 12:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-17 17:10 - 2017-08-01 12:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-17 17:10 - 2017-08-01 12:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-17 17:10 - 2017-08-01 12:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-17 17:10 - 2017-08-01 12:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-17 17:10 - 2017-08-01 12:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-17 17:10 - 2017-08-01 12:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-17 17:10 - 2017-08-01 12:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-17 17:10 - 2017-08-01 12:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-17 17:10 - 2017-08-01 12:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-17 17:10 - 2017-08-01 11:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-17 17:10 - 2017-07-28 15:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-17 17:10 - 2017-07-28 14:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-17 17:10 - 2017-07-28 14:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-17 17:10 - 2017-07-28 14:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-17 17:10 - 2017-07-28 14:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-17 17:10 - 2017-07-28 14:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-17 17:10 - 2017-07-28 14:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-17 17:10 - 2017-07-28 14:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-17 17:10 - 2017-07-28 14:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-17 17:10 - 2017-07-28 14:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-17 17:10 - 2017-07-28 14:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-17 17:10 - 2017-07-28 14:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-17 17:10 - 2017-07-28 14:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-17 17:10 - 2017-07-28 14:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-17 17:10 - 2017-07-28 14:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-17 17:10 - 2017-07-28 14:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-17 17:10 - 2017-07-28 14:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-17 17:10 - 2017-07-28 14:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-17 17:10 - 2017-07-28 14:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-17 17:10 - 2017-07-28 14:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-17 17:10 - 2017-07-28 14:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-17 17:10 - 2017-07-28 14:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-17 17:10 - 2017-07-28 14:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-17 17:10 - 2017-07-28 14:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-17 17:10 - 2017-07-28 14:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-17 17:10 - 2017-07-28 14:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-17 17:10 - 2017-07-28 14:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-17 17:10 - 2017-07-28 14:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-17 17:10 - 2017-07-28 14:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-17 17:10 - 2017-07-28 14:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-17 17:09 - 2017-08-01 12:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-17 17:09 - 2017-08-01 12:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-17 17:09 - 2017-08-01 12:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-17 17:09 - 2017-08-01 12:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-17 17:09 - 2017-08-01 12:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-17 17:09 - 2017-08-01 12:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-17 17:09 - 2017-08-01 12:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-17 17:09 - 2017-08-01 12:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-17 17:09 - 2017-08-01 12:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-17 17:09 - 2017-08-01 12:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-17 17:09 - 2017-08-01 12:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-17 17:09 - 2017-08-01 12:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-17 17:09 - 2017-08-01 12:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-17 17:09 - 2017-08-01 12:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-17 17:09 - 2017-08-01 12:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-17 17:09 - 2017-08-01 12:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-17 17:09 - 2017-08-01 12:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-17 17:09 - 2017-08-01 12:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-17 17:09 - 2017-08-01 12:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-17 17:09 - 2017-08-01 12:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-17 17:09 - 2017-08-01 12:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-17 17:09 - 2017-08-01 12:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-17 17:09 - 2017-08-01 12:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-17 17:09 - 2017-08-01 12:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-17 17:09 - 2017-08-01 12:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-17 17:09 - 2017-08-01 12:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-17 17:09 - 2017-08-01 12:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-17 17:09 - 2017-08-01 12:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-17 17:09 - 2017-08-01 12:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-17 17:09 - 2017-08-01 12:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-17 17:09 - 2017-08-01 12:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-17 17:09 - 2017-08-01 12:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-17 17:09 - 2017-08-01 11:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-17 17:09 - 2017-08-01 11:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-17 17:09 - 2017-08-01 11:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-17 17:09 - 2017-08-01 11:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-17 17:09 - 2017-08-01 11:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-17 17:09 - 2017-08-01 11:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-17 17:09 - 2017-08-01 11:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-17 17:09 - 2017-08-01 11:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-17 17:09 - 2017-08-01 11:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-17 17:09 - 2017-08-01 11:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-17 17:09 - 2017-08-01 11:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-17 17:09 - 2017-08-01 08:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-17 17:09 - 2017-07-28 15:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-17 17:09 - 2017-07-28 15:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-17 17:09 - 2017-07-28 15:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-17 17:09 - 2017-07-28 15:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-17 17:09 - 2017-07-28 15:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-17 17:09 - 2017-07-28 15:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-17 17:09 - 2017-07-28 15:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-17 17:09 - 2017-07-28 15:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-17 17:09 - 2017-07-28 15:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-17 17:09 - 2017-07-28 15:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-17 17:09 - 2017-07-28 15:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-17 17:09 - 2017-07-28 15:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-17 17:09 - 2017-07-28 15:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-17 17:09 - 2017-07-28 15:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-17 17:09 - 2017-07-28 15:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-17 17:09 - 2017-07-28 15:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-17 17:09 - 2017-07-28 15:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-17 17:09 - 2017-07-28 15:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-17 17:09 - 2017-07-28 15:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-17 17:09 - 2017-07-28 15:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-17 17:09 - 2017-07-28 15:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-17 17:09 - 2017-07-28 15:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-17 17:09 - 2017-07-28 15:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-17 17:09 - 2017-07-28 15:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-17 17:09 - 2017-07-28 14:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-17 17:09 - 2017-07-28 14:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-17 17:09 - 2017-07-28 14:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-17 17:09 - 2017-07-28 14:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-17 17:09 - 2017-07-28 14:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-17 17:09 - 2017-07-28 14:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-17 17:09 - 2017-07-28 14:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-17 17:09 - 2017-07-28 14:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-17 17:09 - 2017-07-28 14:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-17 17:09 - 2017-07-28 14:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-17 17:09 - 2017-07-28 14:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-17 17:09 - 2017-07-28 14:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-17 17:09 - 2017-07-28 14:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-17 17:09 - 2017-07-28 14:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-17 17:09 - 2017-07-28 14:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-17 17:09 - 2017-07-28 14:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-17 17:09 - 2017-07-28 14:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-17 17:09 - 2017-07-28 14:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-17 17:09 - 2017-07-28 14:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-17 17:09 - 2017-07-28 14:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-17 17:09 - 2017-07-28 14:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-17 17:09 - 2017-07-28 14:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-17 17:09 - 2017-07-28 14:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-17 17:09 - 2017-07-28 14:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-17 17:09 - 2017-07-28 14:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-17 17:09 - 2017-07-28 14:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-17 17:09 - 2017-07-28 14:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-17 17:09 - 2017-07-28 14:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-17 17:09 - 2017-07-28 14:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-17 17:09 - 2017-07-28 14:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-17 17:09 - 2017-07-28 14:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-17 17:09 - 2017-07-28 14:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-17 17:09 - 2017-07-28 14:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-17 17:09 - 2017-07-28 14:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-17 17:09 - 2017-07-28 14:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-17 17:09 - 2017-07-28 14:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-17 17:09 - 2017-07-28 14:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-17 17:09 - 2017-07-28 14:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-17 17:09 - 2017-07-28 14:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-17 17:09 - 2017-07-28 14:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-17 17:09 - 2017-07-28 14:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-17 17:09 - 2017-07-28 14:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-17 17:09 - 2017-07-28 14:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-17 17:09 - 2017-07-28 14:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-17 17:09 - 2017-07-28 14:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-17 17:09 - 2017-07-28 14:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-17 17:09 - 2017-07-28 14:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-17 17:09 - 2017-07-28 14:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-17 17:09 - 2017-07-28 14:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-17 17:09 - 2017-07-28 14:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-17 17:09 - 2017-07-28 14:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-17 17:09 - 2017-07-28 14:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-17 17:09 - 2017-07-28 14:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-17 17:09 - 2017-07-28 14:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-17 17:09 - 2017-07-28 14:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-17 17:09 - 2017-07-28 14:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-17 17:09 - 2017-07-28 14:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-17 17:09 - 2017-07-28 14:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-17 17:09 - 2017-07-28 14:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-17 17:09 - 2017-07-28 14:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-17 17:09 - 2017-07-28 14:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-17 17:09 - 2017-07-28 14:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-17 17:09 - 2017-07-28 14:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-17 17:09 - 2017-07-28 14:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-17 17:09 - 2017-07-28 14:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-17 17:09 - 2017-07-28 14:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-17 17:09 - 2017-07-28 14:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-17 17:09 - 2017-07-28 14:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-17 17:09 - 2017-07-28 14:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-17 17:09 - 2017-07-28 14:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-17 17:09 - 2017-07-28 14:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-17 17:08 - 2017-08-01 12:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-17 17:08 - 2017-08-01 12:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-17 17:08 - 2017-08-01 12:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-17 17:08 - 2017-08-01 12:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-17 17:08 - 2017-08-01 12:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-17 17:08 - 2017-08-01 12:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-17 17:08 - 2017-08-01 12:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-17 17:08 - 2017-08-01 12:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-17 17:08 - 2017-08-01 11:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-17 17:08 - 2017-08-01 11:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-17 17:08 - 2017-08-01 11:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-17 17:08 - 2017-08-01 11:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-17 17:08 - 2017-08-01 11:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-17 17:08 - 2017-08-01 11:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-17 17:08 - 2017-08-01 11:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-17 17:08 - 2017-08-01 11:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-17 17:08 - 2017-08-01 11:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2017-08-17 17:08 - 2017-08-01 11:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-17 17:08 - 2017-08-01 11:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-17 17:08 - 2017-08-01 11:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-17 17:08 - 2017-08-01 11:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-17 17:08 - 2017-08-01 11:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-17 17:08 - 2017-08-01 11:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-17 17:08 - 2017-08-01 11:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-17 17:08 - 2017-08-01 11:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-17 17:08 - 2017-08-01 11:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-17 17:08 - 2017-08-01 11:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-17 17:08 - 2017-08-01 11:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-17 17:08 - 2017-08-01 11:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-17 17:08 - 2017-08-01 11:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-17 17:08 - 2017-08-01 11:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-17 17:08 - 2017-08-01 11:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-17 17:08 - 2017-08-01 11:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-17 17:08 - 2017-08-01 11:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-17 17:08 - 2017-08-01 11:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-17 17:08 - 2017-08-01 11:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-17 17:08 - 2017-08-01 11:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-17 17:08 - 2017-08-01 11:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-17 17:08 - 2017-08-01 11:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-17 17:08 - 2017-08-01 11:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-17 17:08 - 2017-08-01 11:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-17 17:08 - 2017-07-28 15:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-17 17:08 - 2017-07-28 15:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-17 17:08 - 2017-07-28 15:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-17 17:08 - 2017-07-28 15:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-17 17:08 - 2017-07-28 15:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-17 17:08 - 2017-07-28 15:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-17 17:08 - 2017-07-28 15:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-17 17:08 - 2017-07-28 15:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-17 17:08 - 2017-07-28 15:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-17 17:08 - 2017-07-28 15:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-17 17:08 - 2017-07-28 15:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-17 17:08 - 2017-07-28 14:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-17 17:08 - 2017-07-28 14:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-17 17:08 - 2017-07-28 14:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-17 17:08 - 2017-07-28 14:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-17 17:08 - 2017-07-28 14:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-17 17:08 - 2017-07-28 14:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-17 17:08 - 2017-07-28 14:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-17 17:08 - 2017-07-28 14:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-08-17 17:08 - 2017-07-28 14:25 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2017-08-17 17:08 - 2017-07-28 14:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-17 17:08 - 2017-07-28 14:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-17 17:08 - 2017-07-28 14:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-17 17:08 - 2017-07-28 14:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-17 17:08 - 2017-07-28 14:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-17 17:08 - 2017-07-28 14:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-17 17:08 - 2017-07-28 14:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-17 17:08 - 2017-07-28 14:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-17 17:08 - 2017-07-28 14:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-17 17:08 - 2017-07-28 14:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-17 17:08 - 2017-07-28 14:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-17 17:08 - 2017-07-28 14:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-17 17:08 - 2017-07-28 14:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-17 17:08 - 2017-07-28 14:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-08-17 17:08 - 2017-07-28 14:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-17 17:08 - 2017-07-28 14:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-17 17:08 - 2017-07-28 14:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-17 17:08 - 2017-07-28 14:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-17 17:08 - 2017-07-28 14:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-17 17:08 - 2017-07-28 14:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-17 17:08 - 2017-07-28 14:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-17 17:08 - 2017-07-28 14:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-17 17:08 - 2017-07-28 14:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-17 17:08 - 2017-07-28 14:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-17 17:08 - 2017-07-28 14:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-17 17:08 - 2017-07-28 14:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-17 17:08 - 2017-07-28 14:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-17 17:08 - 2017-07-28 14:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-17 17:08 - 2017-07-28 14:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-17 17:08 - 2017-07-28 14:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-17 17:08 - 2017-07-28 14:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-17 17:08 - 2017-07-28 14:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-17 17:08 - 2017-07-28 14:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-17 17:08 - 2017-07-28 14:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-17 17:08 - 2017-07-28 14:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-17 17:08 - 2017-07-28 14:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-17 17:08 - 2017-07-28 14:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-17 17:08 - 2017-07-28 14:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-17 17:08 - 2017-07-28 14:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-17 17:08 - 2017-07-28 14:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-17 17:08 - 2017-07-28 14:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-17 17:08 - 2017-07-28 14:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-17 17:08 - 2017-07-28 14:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-17 17:08 - 2017-07-28 14:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-17 17:08 - 2017-07-28 14:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-17 17:08 - 2017-07-28 14:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-17 17:08 - 2017-07-28 14:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-17 17:08 - 2017-07-28 14:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-17 17:08 - 2017-07-28 14:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-17 17:08 - 2017-07-28 14:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-17 12:21 - 2017-08-17 12:21 - 000000000 ____D C:\Users\jenni\Documents\RECORDINGStick
2017-08-17 11:01 - 2017-08-17 11:01 - 000000000 ____D C:\Users\jenni\Documents\REAL_ESTATE
2017-08-17 10:56 - 2017-08-17 10:56 - 000000000 ____D C:\Users\jenni\Documents\MALCOLM
2017-08-17 10:41 - 2017-08-17 10:41 - 000000000 ____D C:\Users\jenni\Documents\INSURANCE
2017-08-17 10:37 - 2017-08-28 20:08 - 000000000 ____D C:\Users\jenni\Desktop\COMPUTERs
2017-08-17 10:19 - 2017-08-29 10:28 - 000000000 ____D C:\Users\jenni\Desktop\JULIE
2017-08-10 08:45 - 2017-08-10 08:46 - 000091062 _____ C:\Users\jenni\Downloads\Interest_rate_TDA.pdf
2017-08-10 08:10 - 2017-08-10 08:11 - 000223767 _____ C:\Users\jenni\Downloads\candelo-bulk-price-list.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-29 14:00 - 2017-07-15 06:32 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E769400A-E9AC-4C96-953A-11D02380A1D2}
2017-08-29 13:04 - 2017-07-15 06:35 - 001186566 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-29 13:00 - 2017-07-15 06:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-29 13:00 - 2017-07-15 06:21 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-29 13:00 - 2015-12-13 13:25 - 000000000 __SHD C:\Users\jenni\IntelGraphicsProfiles
2017-08-29 12:59 - 2017-03-18 21:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2017-08-29 11:47 - 2017-07-06 08:57 - 000000000 ____D C:\Users\jenni\Desktop\PHONEdrama
2017-08-29 10:56 - 2017-07-15 06:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-29 09:29 - 2017-07-15 06:23 - 000000000 ____D C:\Users\jenni
2017-08-29 09:22 - 2017-07-15 06:18 - 000221848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-27 20:07 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-27 16:03 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-26 16:14 - 2017-05-15 19:00 - 000000000 ____D C:\Users\jenni\AppData\Roaming\vlc
2017-08-26 10:33 - 2017-03-19 07:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-25 11:20 - 2017-07-06 08:58 - 000000000 ____D C:\Users\jenni\Desktop\SALICYLS
2017-08-25 10:17 - 2017-02-01 13:12 - 000000000 ____D C:\Users\jenni\Documents\mum2017
2017-08-24 13:51 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-23 08:29 - 2017-06-30 10:40 - 000000000 ____D C:\Users\jenni\Desktop\109
2017-08-22 19:35 - 2017-07-11 08:48 - 000000000 ____D C:\Users\jenni\Desktop\OPTUS
2017-08-22 16:00 - 2017-03-19 07:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-19 06:53 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-19 00:58 - 2017-03-19 06:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-19 00:42 - 2015-12-13 13:23 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-18 22:17 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-18 13:13 - 2017-06-19 14:03 - 000121344 _____ C:\Users\jenni\Downloads\budget-planner-2017.xls
2017-08-18 09:02 - 2017-05-11 12:12 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-18 09:01 - 2017-05-11 12:11 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-18 08:31 - 2017-05-11 12:01 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-17 20:09 - 2017-05-03 17:04 - 000000000 ____D C:\Users\jenni\AppData\Local\Packages
2017-08-17 11:46 - 2016-08-24 06:19 - 000000000 ____D C:\Users\jenni\Documents\recipes
2017-08-17 11:12 - 2016-09-10 16:53 - 000000000 ____D C:\Users\jenni\Documents\nutrition
2017-08-17 10:40 - 2017-07-06 08:59 - 000000000 ____D C:\Users\jenni\Documents\GARNERcup
2017-08-16 08:25 - 2017-07-24 10:53 - 000000000 ____D C:\Users\jenni\AppData\Roaming\Audacity
2017-08-04 16:32 - 2017-07-17 06:36 - 000000000 ____D C:\Users\jenni\Desktop\INSURANCE
2017-08-01 01:15 - 2017-03-19 07:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-01 01:15 - 2017-03-19 07:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-25 06:49

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by jenni (29-08-2017 14:09:55)
Running from C:\Users\jenni\Desktop
Windows 10 Home Version 1703 (X64) (2017-07-14 20:40:42)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2282976789-625184829-3266694354-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2282976789-625184829-3266694354-503 - Limited - Disabled)
Guest (S-1-5-21-2282976789-625184829-3266694354-501 - Limited - Disabled)
jenni (S-1-5-21-2282976789-625184829-3266694354-1001 - Administrator - Enabled) => C:\Users\jenni

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Optus 4G Modem HL (HKLM-x32\...\Optus 4G Modem HL) (Version: 22.001.27.01.74 - Huawei Technologies Co.,Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
TELSTRA PRE-PAID 4G USB (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2282976789-625184829-3266694354-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\jenni\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2282976789-625184829-3266694354-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\jenni\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2282976789-625184829-3266694354-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\jenni\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-06] (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {C33E1DC1-44DB-4D78-81EB-1E1C1A4A5E27} - System32\Tasks\S-1-5-21-2282976789-625184829-3266694354-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-07-27 19:55 - 2015-09-23 12:06 - 000242264 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
2017-03-19 06:58 - 2017-03-19 06:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-19 06:59 - 2017-03-19 12:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-06 22:22 - 2016-12-06 22:22 - 000401904 _____ () C:\WINDOWS\system32\igfxTray.exe
2017-05-07 11:54 - 2013-05-25 03:16 - 000421632 _____ () C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe
2017-05-07 11:54 - 2013-04-20 00:21 - 000440648 _____ () C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-05-04 10:25 - 2017-05-04 10:22 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2282976789-625184829-3266694354-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jenni\Pictures\109 Crozier HEDGE.png
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{182897E0-7FBF-45A2-87C8-A08611D3CA78}] => (Allow) %systemroot%\system32\alg.exe

==================== Restore Points =========================

13-08-2017 06:51:38 Scheduled Checkpoint
18-08-2017 09:01:01 Windows Update
28-08-2017 07:26:27 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2017 11:50:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MessagingApplication.exe, version: 3.26.1702.24002, time stamp: 0x58b0c515
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.540, time stamp: 0xd330c8c8
Exception code: 0xc000027b
Fault offset: 0x00000000004434af
Faulting process id: 0x270c
Faulting application start time: 0x01d31fa0155c7198
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\MessagingApplication.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 1c8c3fe5-d7b9-40fc-b7fa-3e23905fb096
Faulting package full name: Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: x27e26f40ye031y48a6yb130yd1f20388991ax

Error: (08/28/2017 08:02:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: laptop)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/26/2017 12:54:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2017.35071.13510.0, time stamp: 0x5988e006
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.540, time stamp: 0xd330c8c8
Exception code: 0xc000027b
Fault offset: 0x00000000004a9df4
Faulting process id: 0x26b0
Faulting application start time: 0x01d31e1692332646
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 363dfabc-536e-422e-83d6-c588d1beffca
Faulting package full name: Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (08/24/2017 10:45:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.15063.0, time stamp: 0x5019fe1a
Faulting module name: jscript9.dll, version: 11.0.15063.540, time stamp: 0x36eda66c
Exception code: 0xc0000005
Fault offset: 0x000f6cd3
Faulting process id: 0x14e0
Faulting application start time: 0x01d31c6e64fa4785
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\Windows\System32\jscript9.dll
Report Id: d498319f-f2f9-4462-bef4-d14e89f0fabe
Faulting package full name:
Faulting package-relative application ID:

Error: (08/19/2017 12:42:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_AppReadiness, version: 10.0.15063.0, time stamp: 0x02799ef5
Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xa329d3a8
Exception code: 0xc0000374
Fault offset: 0x00000000000f775f
Faulting process id: 0x11b0
Faulting application start time: 0x01d3181c57737f0c
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3f632350-63e5-42a6-8c42-94199e97c00c
Faulting package full name:
Faulting package-relative application ID:

Error: (08/18/2017 09:02:42 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (08/17/2017 08:13:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2017.18062.13720.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 2144

Start Time: 01d3170ebd1e6a0d

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

Report Id: 800e4498-6c6d-4a9e-80fc-4a9fbe53c3b9

Faulting package full name: Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (08/17/2017 08:13:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: laptop)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/17/2017 09:39:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2017.18062.13720.0, time stamp: 0x594b16dc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.483, time stamp: 0xb0271b92
Exception code: 0xc000027b
Fault offset: 0x00000000004a9614
Faulting process id: 0x10d8
Faulting application start time: 0x01d316e81e3b208d
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: bf6a35d3-c6cc-4b90-af72-4244389e2cd3
Faulting package full name: Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (08/17/2017 08:47:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.15063.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 172c

Start Time: 01d316de686f8c98

Termination Time: 24

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 679d1ca9-0dd2-4ec7-a885-8ec8dd0f156b

Faulting package full name:

Faulting package-relative application ID:


System errors:
=============
Error: (08/29/2017 01:00:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WsDrvInst service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/29/2017 01:00:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpsrv service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/29/2017 01:00:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpsrv service to connect.

Error: (08/29/2017 01:00:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.

Error: (08/29/2017 12:54:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/29/2017 12:45:33 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {501E53DF-DED0-414E-95A0-EF1C1069F4ED}, had event 74

Error: (08/29/2017 12:15:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WsDrvInst service failed to start due to the following error:
The system cannot find the file specified.

Error: (08/29/2017 12:15:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The hpsrv service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (08/29/2017 12:15:54 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the hpsrv service to connect.

Error: (08/29/2017 12:15:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error:
The request is not supported.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz
Percentage of memory in use: 41%
Total physical RAM: 4018.27 MB
Available physical RAM: 2365.37 MB
Total Virtual: 4722.27 MB
Available Virtual: 3166.97 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:438.68 GB) (Free:359.45 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:25.19 GB) (Free:3.06 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 66EC646A)

Partition: GPT.

==================== End of Addition.txt ============================





Hello MRU Helpful Person,

Well my tale of woe began LAST NIGHT when I downloaded the try-before-u-buy version of the dr.fone app <not sure if *app* is correct terminology??> <some of my keys, including brackets and apostrophe, do not work due to spillage accident by my daughter when laptop was new :| >.
So the story on the dr.fone website was that one should download the trial version to see if it did what one wanted <reclaim accidentally deleted sms on iPhone>, and if it DID, you could purchase the full program, <to reclaim the missing iPhone data>.
So I downloaded it, and it said I had to then download ANOTHER program from the internet before I could try the trial version, which I did NOT want to do.
So I turned the computer off and went to bed. THIS MORNING I decided NOT to go any further with that and attempted to DELETE the dr.fone stuff, using it*s own *UNINSTALL* button. I did that, and googled a bit more and then tried another program <imobie PhoneRescue> which started downloading and then just sat there at 0%.
I thought it was maybe remnants of the dr.fone stopping it, so I went looking for it and found a folder in *downloads* called Wondershare, which turned out to be the dr. fone program. I deleted this and retried with the imobie one, but the same thing happened. I looked further and found another Wondershare folder in x86 All Programs - I TRIED delete on this a few times, but got a msg *cannot delete, in use by another program*. I emptied the BIN, and restarted a couple of times <it took ages to restart??> but the folder is still there.
It does not show up in *Apps* which is apparently the windows 10 equivalent of *Add/Remove* Programs.
The windows 10 forced update to *Creators Update* is installed on here <1703 ?> I think.

Thanks so much for reading my tale of WOE, and for any help you can offer, JENNI
tincat
Regular Member
 
Posts: 38
Joined: November 17th, 2009, 4:38 pm
Advertisement
Register to Remove

Re: Wondershare NIGHTmare

Unread postby Gary R » August 29th, 2017, 1:34 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 24794
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Wondershare NIGHTmare

Unread postby Gary R » August 29th, 2017, 3:26 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi Jenni

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.

    It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


    There's no sign of an active infection in the logs you've supplied, but there's a few Wondershare items that we can remove, and then see how that affects your machine.

    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press Ctrl+y (Ctrl and y keys at the same time)
    • A blank notepad file named fixlist.txt will open.
    • Copy and paste the contents of the following codebox into it (don't include code: select all) ....
    Code: Select all
    CreateRestorePoint:
    (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.2.221\WsAppService.exe
    HKU\S-1-5-21-2282976789-625184829-3266694354-1001\...\MountPoints2: {1746fe97-6bf2-11e7-9b05-364b50b7ef2d} - "F:\AutoRun.exe"
    R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.221\WsAppService.exe [459408 2017-02-10] (Wondershare)
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe [X]
    C:\Program Files (x86)\Wondershare
    2017-08-28 15:18 - 2017-08-29 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    2017-08-28 15:18 - 2017-08-28 15:21 - 000000000 ____D C:\Users\jenni\AppData\Roaming\Wondershare
    2017-08-28 15:18 - 2017-01-12 11:45 - 000076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusb0.dll
    2017-08-28 15:18 - 2017-01-12 11:45 - 000052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\Drivers\libusb0.sys
    2017-08-28 15:17 - 2017-08-29 11:27 - 000000000 ____D C:\ProgramData\Wondershare
    2017-08-28 15:17 - 2017-08-29 11:27 - 000000000 ____D C:\Program Files (x86)\Wondershare
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    CustomCLSID: HKU\S-1-5-21-2282976789-625184829-3266694354-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\jenni\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2282976789-625184829-3266694354-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\jenni\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2282976789-625184829-3266694354-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\jenni\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    Hosts:
    Cmd: ipconfig /flushdns
    EmptyTemp:

    • Press Ctrl+s to save fixlist.txt
    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Now press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

    Next ....

    We need to find out if there's any other Wondershare content on your machine that did not show in your initial logs. To do that, I need you to run a search for me using FRST.

    • Double click Frst64.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to the disclaimer.
      • Copy/Paste or Type the following line into the Search: box.
      wondershare;wonder;share

      • Press the Search Registry button.
      • When finished searching a log will open on your Desktop ... Search.txt
      • Please post it in your next reply.

    Summary of the logs I need from you in your next post:
    • Fixlog.txt
    • Search.txt


    Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
    User avatar
    Gary R
    Administrator
    Administrator
     
    Posts: 24794
    Joined: June 28th, 2005, 11:36 am
    Location: Yorkshire

    Re: Wondershare NIGHTmare

    Unread postby tincat » August 29th, 2017, 5:54 am

    hi Gary R,
    :cheers: , thanks for your prompt reply, I have JUST found your msgs, and will follow them TO THE LETTER. I am in Australia, it*s bedtime here, so >> morning, and Thanks Again, Jenni :)
    tincat
    Regular Member
     
    Posts: 38
    Joined: November 17th, 2009, 4:38 pm

    Re: Wondershare NIGHTmare

    Unread postby Gary R » August 29th, 2017, 9:24 am

    You're welcome ............... talk to you tomorrow then. :)
    User avatar
    Gary R
    Administrator
    Administrator
     
    Posts: 24794
    Joined: June 28th, 2005, 11:36 am
    Location: Yorkshire

    Re: Wondershare NIGHTmare

    Unread postby tincat » August 30th, 2017, 6:40 pm

    Hi Gary,
    Well despite saying I would follow your instructions, I have already stuffed this all up - sorry!
    I first clicked on the backup registry download, which took me to bleeping computer - there were two buttons, on said download now bleeping computer, the other said download now portable version, and I clicked on the FORMER. It asked if I wanted to run or save ... ?? .. so I clicked Run, then asked if I wanted to allow it to make changes to my computer and I clicked YES. THEN it said where did I want it save...I clicked on DESKTOP, and then it said where did I want the SHORTCUT, but there WAS NO desktop amongst the options, so I saw the Pictures folder and I thought I could find it okay in there, and selected that. It did it*s thing and then a sign popped up to say there was .. I can*t quite remember, but something like *a CONFLICT* on desktop... not quite accurate, .. anyhow it stopped there. I cannot find the QUICKSTART or whatever the Launch icon thing is called <that I thought was going into Pictures> - I panicked and thought I might be able to start again, so I tried to click on the UNINSTALL pic on my desktop, and that pops up a little box that says *Invalid start mode: archive filename*. There are folders and bits of *paper* with pics of COGS on the desktop. SORRY, what should I do now? Thanks again for your help and patience, Jenni
    tincat
    Regular Member
     
    Posts: 38
    Joined: November 17th, 2009, 4:38 pm

    Re: Wondershare NIGHTmare

    Unread postby Gary R » August 31st, 2017, 1:28 am

    OK, don't worry. Let's get a look at what's on your Desktop and in your Pictures folder, and see if we can sort things out.

    Please do the following for me ....

    • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press Ctrl+y (Ctrl and y keys at the same time)
    • A blank notepad file named fixlist.txt will open.
    • Copy and paste the following into it (don't include Code: Select all) ....
    Code: Select all
    Folder: C:\Users\jenni\Desktop
    Folder: C:\Users\jenni\Pictures

    • Press Ctrl+s to save fixlist.txt
    NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
    • Now press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log


    (Don't worry about the fact that I've asked you to hit the "fix" button, FRST will not fix anything, in this case it will just give me a report containing the contents of those two folders, and hopefully that will help me to untangle the mess you've managed to get yourself in.)
    User avatar
    Gary R
    Administrator
    Administrator
     
    Posts: 24794
    Joined: June 28th, 2005, 11:36 am
    Location: Yorkshire

    Re: Wondershare NIGHTmare

    Unread postby tincat » August 31st, 2017, 9:39 pm

    Hello again Gary,
    Here *tis, I HOPE I*ve managed to do THIS correctly... :oops: embarrassed to admit that even this did not go smoothly...anyhow,
    Thanks again, Jenni
    Oh God! it won*t post because it is over the number of characters...I will attempt to post as attachment <here*s hoping>!
    tincat
    Regular Member
     
    Posts: 38
    Joined: November 17th, 2009, 4:38 pm

    Re: Wondershare NIGHTmare

    Unread postby tincat » August 31st, 2017, 9:53 pm

    hopefull attached :P
    You do not have the required permissions to view the files attached to this post.
    tincat
    Regular Member
     
    Posts: 38
    Joined: November 17th, 2009, 4:38 pm

    Re: Wondershare NIGHTmare

    Unread postby tincat » August 31st, 2017, 9:59 pm

    So I notice it says *not downloaded yet* - before I pressed SUBMIT it said my attachment was attached?? Oh dear, I am SO sorry ... I will try again
    You do not have the required permissions to view the files attached to this post.
    tincat
    Regular Member
     
    Posts: 38
    Joined: November 17th, 2009, 4:38 pm

    Re: Wondershare NIGHTmare

    Unread postby tincat » August 31st, 2017, 10:01 pm

    Well it STILL looks to me like it has not worked, without resorting to expletives, I cannot do any more atm... I*m going for a walk and will try again l8er.
    I am sorry to be so TRYINGLY stoopid! Jenni
    tincat
    Regular Member
     
    Posts: 38
    Joined: November 17th, 2009, 4:38 pm

    Re: Wondershare NIGHTmare

    Unread postby Gary R » September 1st, 2017, 1:30 am

    It's OK, you've posted the log just fine. Don't forget, what you were doing is uploading the file to the forum server, I am the one that downloads it, so that I can look at it. So the reason the forum software says Not downloaded yet was because I hadn't at that time downloaded a copy. If you look at the first of your last 3 posts now, you'll see it says downloaded 1 time, because I've downloaded a copy.

    OK, as well as the log you've just posted, I'd like you to run a new scan with FRST, and post me the new FRST.txt and Additions.txt logs it produces.

    • Double click Frst.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to disclaimer.
      • Press the Scan button.
      • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
      • Please post (or attach) them in your next reply.

    I'd also like you to run a Registry Search for me using FRST .....

    • Double click Frst64.exe to launch it.
    • FRST will start to run.
      • When the tool opens click Yes to the disclaimer.
      • Copy/Paste or Type the following line into the Search: box.
      Tweaking.com;Tweaking;Wondershare

      • Press the Search Registry button.
      • When finished searching a log will open on your Desktop ... Search.txt
      • Please post it in your next reply.

    Summary of the logs I need from you in your next post:
    • FRST.txt
    • Addition.txt
    • Search.txt


    Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.


    Sorry if it seems I'm messing you around. I know I could have asked you to do this last time, and saved some time, but as you were having problems, I didn't want to overload you with a long list of tasks to perform.
    User avatar
    Gary R
    Administrator
    Administrator
     
    Posts: 24794
    Joined: June 28th, 2005, 11:36 am
    Location: Yorkshire

    Re: Wondershare NIGHTmare

    Unread postby tincat » September 1st, 2017, 2:47 am

    PLEASE don*t apologise for ANYTHING - it*s not your fault that I am a technical Trogolodyte. My tech abilities ran out when they upgraded from two tin cans and a bit of string to landline phones.
    Okay, I*m onto it >> L8er. Thanks, Jenni
    tincat
    Regular Member
     
    Posts: 38
    Joined: November 17th, 2009, 4:38 pm

    Re: Wondershare NIGHTmare

    Unread postby tincat » September 1st, 2017, 3:04 am

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
    Ran by jenni (01-09-2017 17:00:41)
    Running from C:\Users\jenni\Desktop
    Windows 10 Home Version 1703 (X64) (2017-07-14 20:40:42)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2282976789-625184829-3266694354-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2282976789-625184829-3266694354-503 - Limited - Disabled)
    Guest (S-1-5-21-2282976789-625184829-3266694354-501 - Limited - Disabled)
    jenni (S-1-5-21-2282976789-625184829-3266694354-1001 - Administrator - Enabled) => C:\Users\jenni

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Optus 4G Modem HL (HKLM-x32\...\Optus 4G Modem HL) (Version: 22.001.27.01.74 - Huawei Technologies Co.,Ltd)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7358 - Realtek Semiconductor Corp.)
    Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.11.45 - Synaptics Incorporated)
    TELSTRA PRE-PAID 4G USB (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.5.1 - VideoLAN)
    Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2282976789-625184829-3266694354-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\jenni\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2282976789-625184829-3266694354-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\jenni\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
    CustomCLSID: HKU\S-1-5-21-2282976789-625184829-3266694354-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\jenni\AppData\Local\Microsoft\OneDrive\17.3.6917.0607\amd64\FileSyncShell64.dll => No File
    ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
    ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
    ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
    ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-12-06] (Intel Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {C33E1DC1-44DB-4D78-81EB-1E1C1A4A5E27} - System32\Tasks\S-1-5-21-2282976789-625184829-3266694354-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-19] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


    ==================== Shortcuts & WMI ========================

    (The entries could be listed to be restored or removed.)


    ==================== Loaded Modules (Whitelisted) ==============

    2017-07-27 19:55 - 2015-09-23 12:06 - 000242264 _____ () C:\ProgramData\MobileBrServ\mbbservice.exe
    2017-03-19 06:58 - 2017-03-19 06:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
    2016-12-06 22:22 - 2016-12-06 22:22 - 000401904 _____ () C:\WINDOWS\system32\igfxTray.exe
    2017-03-19 06:59 - 2017-03-19 12:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-05-07 11:54 - 2013-05-25 03:16 - 000421632 _____ () C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe
    2017-05-07 11:54 - 2013-04-20 00:21 - 000440648 _____ () C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2017-05-04 10:25 - 2017-05-04 10:22 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2282976789-625184829-3266694354-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\jenni\Pictures\109 Crozier HEDGE.png
    DNS Servers: 192.168.8.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{182897E0-7FBF-45A2-87C8-A08611D3CA78}] => (Allow) %systemroot%\system32\alg.exe

    ==================== Restore Points =========================

    13-08-2017 06:51:38 Scheduled Checkpoint
    18-08-2017 09:01:01 Windows Update
    28-08-2017 07:26:27 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (08/30/2017 10:46:50 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: HxTsr.exe, version: 16.0.8400.4099, time stamp: 0x5996610e
    Faulting module name: twinapi.appcore.dll, version: 10.0.15063.332, time stamp: 0xf873d086
    Exception code: 0xc000027b
    Fault offset: 0x0000000000095a76
    Faulting process id: 0x960
    Faulting application start time: 0x01d320c6d3db4b49
    Faulting application path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8400.40995.0_x64__8wekyb3d8bbwe\HxTsr.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
    Report Id: c07279e4-b9bb-457b-8d25-c88e9e33df2c
    Faulting package full name: microsoft.windowscommunicationsapps_17.8400.40995.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

    Error: (08/28/2017 11:50:57 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: MessagingApplication.exe, version: 3.26.1702.24002, time stamp: 0x58b0c515
    Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.540, time stamp: 0xd330c8c8
    Exception code: 0xc000027b
    Fault offset: 0x00000000004434af
    Faulting process id: 0x270c
    Faulting application start time: 0x01d31fa0155c7198
    Faulting application path: C:\Program Files\WindowsApps\Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe\MessagingApplication.exe
    Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
    Report Id: 1c8c3fe5-d7b9-40fc-b7fa-3e23905fb096
    Faulting package full name: Microsoft.Messaging_3.26.24002.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: x27e26f40ye031y48a6yb130yd1f20388991ax

    Error: (08/28/2017 08:02:38 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: laptop)
    Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!microsoft.windowslive.mail failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (08/26/2017 12:54:06 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Microsoft.Photos.exe, version: 2017.35071.13510.0, time stamp: 0x5988e006
    Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.540, time stamp: 0xd330c8c8
    Exception code: 0xc000027b
    Fault offset: 0x00000000004a9df4
    Faulting process id: 0x26b0
    Faulting application start time: 0x01d31e1692332646
    Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
    Report Id: 363dfabc-536e-422e-83d6-c588d1beffca
    Faulting package full name: Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App

    Error: (08/24/2017 10:45:10 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: IEXPLORE.EXE, version: 11.0.15063.0, time stamp: 0x5019fe1a
    Faulting module name: jscript9.dll, version: 11.0.15063.540, time stamp: 0x36eda66c
    Exception code: 0xc0000005
    Fault offset: 0x000f6cd3
    Faulting process id: 0x14e0
    Faulting application start time: 0x01d31c6e64fa4785
    Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    Faulting module path: C:\Windows\System32\jscript9.dll
    Report Id: d498319f-f2f9-4462-bef4-d14e89f0fabe
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (08/19/2017 12:42:06 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_AppReadiness, version: 10.0.15063.0, time stamp: 0x02799ef5
    Faulting module name: ntdll.dll, version: 10.0.15063.447, time stamp: 0xa329d3a8
    Exception code: 0xc0000374
    Fault offset: 0x00000000000f775f
    Faulting process id: 0x11b0
    Faulting application start time: 0x01d3181c57737f0c
    Faulting application path: c:\windows\system32\svchost.exe
    Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
    Report Id: 3f632350-63e5-42a6-8c42-94199e97c00c
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (08/18/2017 09:02:42 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

    Error: (08/17/2017 08:13:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Microsoft.Photos.exe version 2017.18062.13720.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

    Process ID: 2144

    Start Time: 01d3170ebd1e6a0d

    Termination Time: 4294967295

    Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

    Report Id: 800e4498-6c6d-4a9e-80fc-4a9fbe53c3b9

    Faulting package full name: Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe

    Faulting package-relative application ID: App

    Error: (08/17/2017 08:13:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: laptop)
    Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (08/17/2017 09:39:39 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: Microsoft.Photos.exe, version: 2017.18062.13720.0, time stamp: 0x594b16dc
    Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.483, time stamp: 0xb0271b92
    Exception code: 0xc000027b
    Fault offset: 0x00000000004a9614
    Faulting process id: 0x10d8
    Faulting application start time: 0x01d316e81e3b208d
    Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
    Report Id: bf6a35d3-c6cc-4b90-af72-4244389e2cd3
    Faulting package full name: Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe
    Faulting package-relative application ID: App


    System errors:
    =============
    Error: (09/01/2017 03:54:38 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
    Description: Miniport Remote NDIS based Internet Sharing Device, {501E53DF-DED0-414E-95A0-EF1C1069F4ED}, had event 74

    Error: (09/01/2017 11:42:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The WsDrvInst service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (09/01/2017 11:42:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The hpsrv service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.

    Error: (09/01/2017 11:42:52 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the hpsrv service to connect.

    Error: (09/01/2017 11:42:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The CldFlt service failed to start due to the following error:
    The request is not supported.

    Error: (08/31/2017 11:10:54 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
    Description: Miniport Remote NDIS based Internet Sharing Device #3, {46B8B5F9-AF40-40AB-AD87-E2C41D9B398D}, had event 74

    Error: (08/31/2017 07:21:18 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR14.

    Error: (08/31/2017 01:58:14 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
    Description: Miniport Remote NDIS based Internet Sharing Device #3, {46B8B5F9-AF40-40AB-AD87-E2C41D9B398D}, had event 74

    Error: (08/30/2017 12:33:09 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
    Description: Miniport Remote NDIS based Internet Sharing Device, {501E53DF-DED0-414E-95A0-EF1C1069F4ED}, had event 74

    Error: (08/30/2017 12:33:03 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR12.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz
    Percentage of memory in use: 34%
    Total physical RAM: 4018.27 MB
    Available physical RAM: 2625.25 MB
    Total Virtual: 4722.27 MB
    Available Virtual: 3406.13 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:438.68 GB) (Free:358.79 GB) NTFS
    Drive d: (RECOVERY) (Fixed) (Total:25.19 GB) (Free:3.06 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 66EC646A)

    Partition: GPT.

    ==================== End of Addition.txt ============================
    tincat
    Regular Member
     
    Posts: 38
    Joined: November 17th, 2009, 4:38 pm

    Re: Wondershare NIGHTmare

    Unread postby tincat » September 1st, 2017, 3:06 am

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
    Ran by jenni (administrator) on LAPTOP (01-09-2017 16:59:07)
    Running from C:\Users\jenni\Desktop
    Loaded Profiles: jenni (Available Profiles: jenni)
    Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    () C:\ProgramData\MobileBrServ\mbbService.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.2.221\WsAppService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    () C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    () C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe
    () C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7642328 2014-10-07] (Realtek Semiconductor)
    HKLM-x32\...\Run: [CheckNDISPortf0aca3] => C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CheckNDISPort_df.exe [421632 2013-05-25] ()
    HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\4G Hostless Modem\TELSTRA PRE-PAID 4G USB\CancelAutoPlay_df.exe [440648 2013-04-20] ()
    HKU\S-1-5-21-2282976789-625184829-3266694354-1001\...\MountPoints2: {1746fe97-6bf2-11e7-9b05-364b50b7ef2d} - "F:\AutoRun.exe"

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{46b8b5f9-af40-40ab-ad87-e2c41d9b398d}: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{501e53df-ded0-414e-95a0-ef1c1069f4ed}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{711b7c52-f737-4d07-9bbf-21d30304c5f0}: [DhcpNameServer] 192.168.8.1 192.168.8.1
    Tcpip\..\Interfaces\{86527de7-445f-4022-8cd3-55129e0c7776}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2282976789-625184829-3266694354-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
    SearchScopes: HKU\S-1-5-21-2282976789-625184829-3266694354-1001 -> DefaultScope {53BD6D1B-477C-486B-A1FB-198C92735084} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v73-5_q
    SearchScopes: HKU\S-1-5-21-2282976789-625184829-3266694354-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-2282976789-625184829-3266694354-1001 -> {53BD6D1B-477C-486B-A1FB-198C92735084} URL = hxxps://duckduckgo.com/?q={searchTerms}&atb=v73-5_q
    SearchScopes: HKU\S-1-5-21-2282976789-625184829-3266694354-1001 -> {CB0DBEE1-E0CE-42B7-9E20-EF9B311B76AE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

    FireFox:
    ========
    FF Plugin: @videolan.org/vlc,version=2.2.5.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2017-04-08] (VideoLAN)

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-12-06] (Intel Corporation)
    R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-23] ()
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-05] (Realtek Semiconductor)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [266848 2016-12-27] (Synaptics Incorporated)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-16] (Microsoft Corporation)
    R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.2.221\WsAppService.exe [459408 2017-02-10] (Wondershare)
    R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
    S2 WsDrvInst; C:\Program Files (x86)\Wondershare\dr.fone toolkit for iOS\Library\DriverInstaller\DriverInstall.exe [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-12] (HP)
    R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-12] (HP)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2017-03-09] (Intel Corporation)
    R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
    R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3506464 2015-09-16] (Intel Corporation)
    S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
    S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [76376 2016-10-04] (Synaptics Incorporated)
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [72792 2016-12-27] (Synaptics Incorporated)
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [30368 2017-06-21] (HP)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-09-01 16:59 - 2017-09-01 16:59 - 000007500 _____ C:\Users\jenni\Desktop\FRST.txt
    2017-09-01 10:44 - 2017-09-01 10:44 - 002395648 _____ (Farbar) C:\Users\jenni\Downloads\FRST64.exe
    2017-08-31 07:51 - 2017-08-31 07:51 - 001388544 _____ (Indigo Rose Corporation) C:\Users\jenni\Desktop\uninstall.exe
    2017-08-31 07:51 - 2017-08-31 07:51 - 000329944 _____ (Lua.org) C:\Users\jenni\Desktop\lua5.1.dll
    2017-08-31 07:51 - 2017-08-31 07:51 - 000000000 ____D C:\Users\jenni\Desktop\Uninstall
    2017-08-31 07:51 - 2017-08-31 07:51 - 000000000 ____D C:\Users\jenni\Desktop\files
    2017-08-31 07:51 - 2017-08-31 07:51 - 000000000 ____D C:\Users\jenni\Desktop\color_presets
    2017-08-31 07:48 - 2017-08-31 07:51 - 000003306 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2017-08-29 14:07 - 2017-09-01 16:59 - 000000000 ____D C:\FRST
    2017-08-29 13:58 - 2017-08-29 13:58 - 002395648 _____ (Farbar) C:\Users\jenni\Desktop\FRST64.exe
    2017-08-28 15:18 - 2017-08-29 11:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
    2017-08-28 15:18 - 2017-08-28 15:21 - 000000000 ____D C:\Users\jenni\AppData\Roaming\Wondershare
    2017-08-28 15:18 - 2017-01-12 11:45 - 000076384 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\libusb0.dll
    2017-08-28 15:18 - 2017-01-12 11:45 - 000052832 _____ (hxxp://libusb-win32.sourceforge.net) C:\WINDOWS\SysWOW64\Drivers\libusb0.sys
    2017-08-28 15:17 - 2017-08-29 11:27 - 000000000 ____D C:\ProgramData\Wondershare
    2017-08-28 15:17 - 2017-08-29 11:27 - 000000000 ____D C:\Program Files (x86)\Wondershare
    2017-08-28 15:17 - 2017-02-08 14:04 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
    2017-08-27 19:20 - 2017-08-27 19:20 - 000000000 ____D C:\Users\jenni\Documents\jokes
    2017-08-26 20:20 - 2017-08-26 20:20 - 001514282 _____ C:\Users\jenni\Desktop\HANNAHiphoneAc.pdf
    2017-08-26 15:47 - 2017-08-26 15:48 - 000000000 ____D C:\Users\jenni\Desktop\ZTEphone
    2017-08-26 15:45 - 2017-08-29 11:47 - 000000000 ____D C:\Users\jenni\Desktop\PRINT
    2017-08-26 10:52 - 2017-09-01 11:16 - 000000000 ____D C:\Users\jenni\Documents\2017-06
    2017-08-25 12:37 - 2017-08-29 10:27 - 000000000 ____D C:\Users\jenni\Desktop\SomeHouse
    2017-08-24 08:49 - 2017-08-24 08:49 - 000000000 ____D C:\Users\jenni\Desktop\New folder
    2017-08-23 20:07 - 2017-08-25 19:23 - 000000000 ____D C:\Users\jenni\Desktop\OPEN 2days
    2017-08-18 19:02 - 2017-08-18 19:02 - 000001391 _____ C:\Users\jenni\Desktop\10709071_CIS_70_My_Mobile_Broadband_Plus_140GB_12M - Shortcut.lnk
    2017-08-18 18:57 - 2017-08-18 18:58 - 000000000 ____D C:\Users\jenni\Downloads\RECfound
    2017-08-18 10:07 - 2017-08-18 10:07 - 000075145 _____ C:\Users\jenni\Downloads\10709071_CIS_70_My_Mobile_Broadband_Plus_140GB_12M.pdf
    2017-08-17 17:10 - 2017-08-01 12:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2017-08-17 17:10 - 2017-08-01 12:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2017-08-17 17:10 - 2017-08-01 12:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2017-08-17 17:10 - 2017-08-01 12:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2017-08-17 17:10 - 2017-08-01 12:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2017-08-17 17:10 - 2017-08-01 12:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2017-08-17 17:10 - 2017-08-01 12:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2017-08-17 17:10 - 2017-08-01 12:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
    2017-08-17 17:10 - 2017-08-01 12:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2017-08-17 17:10 - 2017-08-01 12:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2017-08-17 17:10 - 2017-08-01 12:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2017-08-17 17:10 - 2017-08-01 11:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2017-08-17 17:10 - 2017-07-28 15:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2017-08-17 17:10 - 2017-07-28 14:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2017-08-17 17:10 - 2017-07-28 14:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2017-08-17 17:10 - 2017-07-28 14:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2017-08-17 17:10 - 2017-07-28 14:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2017-08-17 17:10 - 2017-07-28 14:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2017-08-17 17:10 - 2017-07-28 14:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2017-08-17 17:10 - 2017-07-28 14:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2017-08-17 17:10 - 2017-07-28 14:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2017-08-17 17:10 - 2017-07-28 14:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2017-08-17 17:10 - 2017-07-28 14:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2017-08-17 17:10 - 2017-07-28 14:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2017-08-17 17:10 - 2017-07-28 14:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
    2017-08-17 17:10 - 2017-07-28 14:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2017-08-17 17:10 - 2017-07-28 14:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2017-08-17 17:10 - 2017-07-28 14:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
    2017-08-17 17:10 - 2017-07-28 14:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2017-08-17 17:10 - 2017-07-28 14:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2017-08-17 17:10 - 2017-07-28 14:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2017-08-17 17:10 - 2017-07-28 14:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2017-08-17 17:10 - 2017-07-28 14:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2017-08-17 17:10 - 2017-07-28 14:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
    2017-08-17 17:10 - 2017-07-28 14:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
    2017-08-17 17:10 - 2017-07-28 14:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2017-08-17 17:10 - 2017-07-28 14:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2017-08-17 17:10 - 2017-07-28 14:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
    2017-08-17 17:10 - 2017-07-28 14:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2017-08-17 17:10 - 2017-07-28 14:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2017-08-17 17:10 - 2017-07-28 14:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2017-08-17 17:10 - 2017-07-28 14:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2017-08-17 17:09 - 2017-08-01 12:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2017-08-17 17:09 - 2017-08-01 12:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2017-08-17 17:09 - 2017-08-01 12:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2017-08-17 17:09 - 2017-08-01 12:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2017-08-17 17:09 - 2017-08-01 12:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
    2017-08-17 17:09 - 2017-08-01 12:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2017-08-17 17:09 - 2017-08-01 12:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
    2017-08-17 17:09 - 2017-08-01 12:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2017-08-17 17:09 - 2017-08-01 12:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2017-08-17 17:09 - 2017-08-01 12:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2017-08-17 17:09 - 2017-08-01 12:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
    2017-08-17 17:09 - 2017-08-01 12:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2017-08-17 17:09 - 2017-08-01 12:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2017-08-17 17:09 - 2017-08-01 12:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2017-08-17 17:09 - 2017-08-01 12:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2017-08-17 17:09 - 2017-08-01 12:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
    2017-08-17 17:09 - 2017-08-01 12:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2017-08-17 17:09 - 2017-08-01 12:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
    2017-08-17 17:09 - 2017-08-01 12:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
    2017-08-17 17:09 - 2017-08-01 12:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2017-08-17 17:09 - 2017-08-01 12:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
    2017-08-17 17:09 - 2017-08-01 12:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2017-08-17 17:09 - 2017-08-01 12:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
    2017-08-17 17:09 - 2017-08-01 12:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2017-08-17 17:09 - 2017-08-01 12:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
    2017-08-17 17:09 - 2017-08-01 12:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2017-08-17 17:09 - 2017-08-01 12:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2017-08-17 17:09 - 2017-08-01 12:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
    2017-08-17 17:09 - 2017-08-01 12:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2017-08-17 17:09 - 2017-08-01 12:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2017-08-17 17:09 - 2017-08-01 12:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2017-08-17 17:09 - 2017-08-01 12:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2017-08-17 17:09 - 2017-08-01 11:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2017-08-17 17:09 - 2017-08-01 11:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2017-08-17 17:09 - 2017-08-01 11:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2017-08-17 17:09 - 2017-08-01 11:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2017-08-17 17:09 - 2017-08-01 11:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2017-08-17 17:09 - 2017-08-01 11:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2017-08-17 17:09 - 2017-08-01 11:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
    2017-08-17 17:09 - 2017-08-01 11:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2017-08-17 17:09 - 2017-08-01 11:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2017-08-17 17:09 - 2017-08-01 11:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2017-08-17 17:09 - 2017-08-01 11:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
    2017-08-17 17:09 - 2017-08-01 08:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
    2017-08-17 17:09 - 2017-07-28 15:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2017-08-17 17:09 - 2017-07-28 15:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2017-08-17 17:09 - 2017-07-28 15:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2017-08-17 17:09 - 2017-07-28 15:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
    2017-08-17 17:09 - 2017-07-28 15:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
    2017-08-17 17:09 - 2017-07-28 15:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2017-08-17 17:09 - 2017-07-28 15:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2017-08-17 17:09 - 2017-07-28 15:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
    2017-08-17 17:09 - 2017-07-28 15:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2017-08-17 17:09 - 2017-07-28 15:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2017-08-17 17:09 - 2017-07-28 15:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
    2017-08-17 17:09 - 2017-07-28 15:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2017-08-17 17:09 - 2017-07-28 15:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2017-08-17 17:09 - 2017-07-28 15:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2017-08-17 17:09 - 2017-07-28 15:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2017-08-17 17:09 - 2017-07-28 15:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2017-08-17 17:09 - 2017-07-28 15:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2017-08-17 17:09 - 2017-07-28 15:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
    2017-08-17 17:09 - 2017-07-28 15:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2017-08-17 17:09 - 2017-07-28 15:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2017-08-17 17:09 - 2017-07-28 15:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2017-08-17 17:09 - 2017-07-28 15:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2017-08-17 17:09 - 2017-07-28 15:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2017-08-17 17:09 - 2017-07-28 15:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2017-08-17 17:09 - 2017-07-28 14:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
    2017-08-17 17:09 - 2017-07-28 14:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
    2017-08-17 17:09 - 2017-07-28 14:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2017-08-17 17:09 - 2017-07-28 14:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
    2017-08-17 17:09 - 2017-07-28 14:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2017-08-17 17:09 - 2017-07-28 14:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2017-08-17 17:09 - 2017-07-28 14:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
    2017-08-17 17:09 - 2017-07-28 14:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
    2017-08-17 17:09 - 2017-07-28 14:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
    2017-08-17 17:09 - 2017-07-28 14:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
    2017-08-17 17:09 - 2017-07-28 14:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
    2017-08-17 17:09 - 2017-07-28 14:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2017-08-17 17:09 - 2017-07-28 14:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
    2017-08-17 17:09 - 2017-07-28 14:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
    2017-08-17 17:09 - 2017-07-28 14:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
    2017-08-17 17:09 - 2017-07-28 14:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2017-08-17 17:09 - 2017-07-28 14:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
    2017-08-17 17:09 - 2017-07-28 14:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
    2017-08-17 17:09 - 2017-07-28 14:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2017-08-17 17:09 - 2017-07-28 14:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
    2017-08-17 17:09 - 2017-07-28 14:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
    2017-08-17 17:09 - 2017-07-28 14:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
    2017-08-17 17:09 - 2017-07-28 14:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
    2017-08-17 17:09 - 2017-07-28 14:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
    2017-08-17 17:09 - 2017-07-28 14:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2017-08-17 17:09 - 2017-07-28 14:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2017-08-17 17:09 - 2017-07-28 14:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
    2017-08-17 17:09 - 2017-07-28 14:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2017-08-17 17:09 - 2017-07-28 14:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2017-08-17 17:09 - 2017-07-28 14:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
    2017-08-17 17:09 - 2017-07-28 14:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2017-08-17 17:09 - 2017-07-28 14:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2017-08-17 17:09 - 2017-07-28 14:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2017-08-17 17:09 - 2017-07-28 14:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2017-08-17 17:09 - 2017-07-28 14:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2017-08-17 17:09 - 2017-07-28 14:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
    2017-08-17 17:09 - 2017-07-28 14:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
    2017-08-17 17:09 - 2017-07-28 14:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
    2017-08-17 17:09 - 2017-07-28 14:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2017-08-17 17:09 - 2017-07-28 14:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
    2017-08-17 17:09 - 2017-07-28 14:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2017-08-17 17:09 - 2017-07-28 14:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
    2017-08-17 17:09 - 2017-07-28 14:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
    2017-08-17 17:09 - 2017-07-28 14:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2017-08-17 17:09 - 2017-07-28 14:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
    2017-08-17 17:09 - 2017-07-28 14:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2017-08-17 17:09 - 2017-07-28 14:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2017-08-17 17:09 - 2017-07-28 14:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2017-08-17 17:09 - 2017-07-28 14:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
    2017-08-17 17:09 - 2017-07-28 14:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2017-08-17 17:09 - 2017-07-28 14:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
    2017-08-17 17:09 - 2017-07-28 14:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2017-08-17 17:09 - 2017-07-28 14:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2017-08-17 17:09 - 2017-07-28 14:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
    2017-08-17 17:09 - 2017-07-28 14:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2017-08-17 17:09 - 2017-07-28 14:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2017-08-17 17:09 - 2017-07-28 14:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2017-08-17 17:09 - 2017-07-28 14:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2017-08-17 17:09 - 2017-07-28 14:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
    2017-08-17 17:09 - 2017-07-28 14:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2017-08-17 17:09 - 2017-07-28 14:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
    2017-08-17 17:09 - 2017-07-28 14:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2017-08-17 17:09 - 2017-07-28 14:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
    2017-08-17 17:09 - 2017-07-28 14:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2017-08-17 17:09 - 2017-07-28 14:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
    2017-08-17 17:09 - 2017-07-28 14:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
    2017-08-17 17:09 - 2017-07-28 14:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
    2017-08-17 17:09 - 2017-07-28 14:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
    2017-08-17 17:09 - 2017-07-28 14:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
    2017-08-17 17:09 - 2017-07-28 14:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
    2017-08-17 17:09 - 2017-07-28 14:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
    2017-08-17 17:08 - 2017-08-01 12:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2017-08-17 17:08 - 2017-08-01 12:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2017-08-17 17:08 - 2017-08-01 12:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2017-08-17 17:08 - 2017-08-01 12:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
    2017-08-17 17:08 - 2017-08-01 12:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2017-08-17 17:08 - 2017-08-01 12:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2017-08-17 17:08 - 2017-08-01 12:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
    2017-08-17 17:08 - 2017-08-01 12:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
    2017-08-17 17:08 - 2017-08-01 11:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2017-08-17 17:08 - 2017-08-01 11:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
    2017-08-17 17:08 - 2017-08-01 11:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2017-08-17 17:08 - 2017-08-01 11:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
    2017-08-17 17:08 - 2017-08-01 11:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
    2017-08-17 17:08 - 2017-08-01 11:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
    2017-08-17 17:08 - 2017-08-01 11:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
    2017-08-17 17:08 - 2017-08-01 11:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2017-08-17 17:08 - 2017-08-01 11:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
    2017-08-17 17:08 - 2017-08-01 11:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2017-08-17 17:08 - 2017-08-01 11:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
    2017-08-17 17:08 - 2017-08-01 11:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2017-08-17 17:08 - 2017-08-01 11:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
    2017-08-17 17:08 - 2017-08-01 11:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
    2017-08-17 17:08 - 2017-08-01 11:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
    2017-08-17 17:08 - 2017-08-01 11:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
    2017-08-17 17:08 - 2017-08-01 11:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2017-08-17 17:08 - 2017-08-01 11:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
    2017-08-17 17:08 - 2017-08-01 11:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
    2017-08-17 17:08 - 2017-08-01 11:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2017-08-17 17:08 - 2017-08-01 11:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
    2017-08-17 17:08 - 2017-08-01 11:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2017-08-17 17:08 - 2017-08-01 11:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2017-08-17 17:08 - 2017-08-01 11:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2017-08-17 17:08 - 2017-08-01 11:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2017-08-17 17:08 - 2017-08-01 11:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
    2017-08-17 17:08 - 2017-08-01 11:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2017-08-17 17:08 - 2017-08-01 11:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
    2017-08-17 17:08 - 2017-08-01 11:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2017-08-17 17:08 - 2017-08-01 11:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2017-08-17 17:08 - 2017-08-01 11:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
    2017-08-17 17:08 - 2017-08-01 11:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2017-08-17 17:08 - 2017-08-01 11:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
    2017-08-17 17:08 - 2017-07-28 15:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2017-08-17 17:08 - 2017-07-28 15:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
    2017-08-17 17:08 - 2017-07-28 15:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
    2017-08-17 17:08 - 2017-07-28 15:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2017-08-17 17:08 - 2017-07-28 15:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
    2017-08-17 17:08 - 2017-07-28 15:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
    2017-08-17 17:08 - 2017-07-28 15:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
    2017-08-17 17:08 - 2017-07-28 15:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
    2017-08-17 17:08 - 2017-07-28 15:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2017-08-17 17:08 - 2017-07-28 15:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
    2017-08-17 17:08 - 2017-07-28 15:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
    2017-08-17 17:08 - 2017-07-28 14:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
    2017-08-17 17:08 - 2017-07-28 14:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
    2017-08-17 17:08 - 2017-07-28 14:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
    2017-08-17 17:08 - 2017-07-28 14:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
    2017-08-17 17:08 - 2017-07-28 14:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
    2017-08-17 17:08 - 2017-07-28 14:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
    2017-08-17 17:08 - 2017-07-28 14:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
    2017-08-17 17:08 - 2017-07-28 14:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
    2017-08-17 17:08 - 2017-07-28 14:25 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
    2017-08-17 17:08 - 2017-07-28 14:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
    2017-08-17 17:08 - 2017-07-28 14:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
    2017-08-17 17:08 - 2017-07-28 14:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
    2017-08-17 17:08 - 2017-07-28 14:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2017-08-17 17:08 - 2017-07-28 14:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2017-08-17 17:08 - 2017-07-28 14:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
    2017-08-17 17:08 - 2017-07-28 14:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
    2017-08-17 17:08 - 2017-07-28 14:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
    2017-08-17 17:08 - 2017-07-28 14:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
    2017-08-17 17:08 - 2017-07-28 14:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
    2017-08-17 17:08 - 2017-07-28 14:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
    2017-08-17 17:08 - 2017-07-28 14:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
    2017-08-17 17:08 - 2017-07-28 14:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2017-08-17 17:08 - 2017-07-28 14:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2017-08-17 17:08 - 2017-07-28 14:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
    2017-08-17 17:08 - 2017-07-28 14:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
    2017-08-17 17:08 - 2017-07-28 14:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2017-08-17 17:08 - 2017-07-28 14:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2017-08-17 17:08 - 2017-07-28 14:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2017-08-17 17:08 - 2017-07-28 14:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
    2017-08-17 17:08 - 2017-07-28 14:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2017-08-17 17:08 - 2017-07-28 14:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
    2017-08-17 17:08 - 2017-07-28 14:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2017-08-17 17:08 - 2017-07-28 14:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2017-08-17 17:08 - 2017-07-28 14:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2017-08-17 17:08 - 2017-07-28 14:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2017-08-17 17:08 - 2017-07-28 14:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2017-08-17 17:08 - 2017-07-28 14:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
    2017-08-17 17:08 - 2017-07-28 14:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2017-08-17 17:08 - 2017-07-28 14:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2017-08-17 17:08 - 2017-07-28 14:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2017-08-17 17:08 - 2017-07-28 14:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2017-08-17 17:08 - 2017-07-28 14:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
    2017-08-17 17:08 - 2017-07-28 14:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2017-08-17 17:08 - 2017-07-28 14:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2017-08-17 17:08 - 2017-07-28 14:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2017-08-17 17:08 - 2017-07-28 14:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2017-08-17 17:08 - 2017-07-28 14:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2017-08-17 17:08 - 2017-07-28 14:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2017-08-17 17:08 - 2017-07-28 14:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2017-08-17 17:08 - 2017-07-28 14:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
    2017-08-17 17:08 - 2017-07-28 14:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
    2017-08-17 17:08 - 2017-07-28 14:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
    2017-08-17 17:08 - 2017-07-28 14:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
    2017-08-17 17:08 - 2017-07-28 14:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
    2017-08-17 17:08 - 2017-07-28 14:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2017-08-17 17:08 - 2017-07-28 14:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2017-08-17 17:08 - 2017-07-28 14:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
    2017-08-17 17:08 - 2017-07-28 14:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
    2017-08-17 17:08 - 2017-07-28 14:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
    2017-08-17 12:21 - 2017-08-17 12:21 - 000000000 ____D C:\Users\jenni\Documents\RECORDINGStick
    2017-08-17 11:01 - 2017-08-17 11:01 - 000000000 ____D C:\Users\jenni\Documents\REAL_ESTATE
    2017-08-17 10:56 - 2017-08-17 10:56 - 000000000 ____D C:\Users\jenni\Documents\MALCOLM
    2017-08-17 10:41 - 2017-08-17 10:41 - 000000000 ____D C:\Users\jenni\Documents\INSURANCE
    2017-08-17 10:37 - 2017-08-30 13:48 - 000000000 ____D C:\Users\jenni\Desktop\COMPUTERs
    2017-08-17 10:19 - 2017-08-29 10:28 - 000000000 ____D C:\Users\jenni\Desktop\JULIE
    2017-08-10 08:45 - 2017-08-10 08:46 - 000091062 _____ C:\Users\jenni\Downloads\Interest_rate_TDA.pdf
    2017-08-10 08:10 - 2017-08-10 08:11 - 000223767 _____ C:\Users\jenni\Downloads\candelo-bulk-price-list.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-09-01 16:59 - 2017-07-15 06:32 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E769400A-E9AC-4C96-953A-11D02380A1D2}
    2017-09-01 16:24 - 2017-07-15 06:18 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-09-01 15:54 - 2017-07-15 06:21 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-09-01 15:54 - 2015-12-13 13:25 - 000000000 __SHD C:\Users\jenni\IntelGraphicsProfiles
    2017-09-01 11:47 - 2017-07-15 06:35 - 001232026 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-09-01 11:42 - 2017-07-15 06:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-09-01 11:42 - 2017-03-18 21:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2017-09-01 11:18 - 2017-05-15 19:00 - 000000000 ____D C:\Users\jenni\AppData\Roaming\vlc
    2017-08-30 12:40 - 2017-03-19 07:03 - 000000000 ___HD C:\Program Files\WindowsApps
    2017-08-30 12:40 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\AppReadiness
    2017-08-29 14:10 - 2017-03-19 07:01 - 000000000 ____D C:\WINDOWS\INF
    2017-08-29 11:47 - 2017-07-06 08:57 - 000000000 ____D C:\Users\jenni\Desktop\PHONEdrama
    2017-08-29 09:29 - 2017-07-15 06:23 - 000000000 ____D C:\Users\jenni
    2017-08-29 09:22 - 2017-07-15 06:18 - 000221848 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2017-08-27 20:07 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\system32\NDF
    2017-08-25 11:20 - 2017-07-06 08:58 - 000000000 ____D C:\Users\jenni\Desktop\SALICYLS
    2017-08-25 10:17 - 2017-02-01 13:12 - 000000000 ____D C:\Users\jenni\Documents\mum2017
    2017-08-24 13:51 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2017-08-23 08:29 - 2017-06-30 10:40 - 000000000 ____D C:\Users\jenni\Desktop\109
    2017-08-22 19:35 - 2017-07-11 08:48 - 000000000 ____D C:\Users\jenni\Desktop\OPTUS
    2017-08-19 06:53 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\rescache
    2017-08-19 00:58 - 2017-03-19 06:51 - 000000000 ____D C:\WINDOWS\CbsTemp
    2017-08-19 00:42 - 2015-12-13 13:23 - 000000000 __RHD C:\Users\Public\AccountPictures
    2017-08-18 22:17 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
    2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\system32\oobe
    2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2017-08-18 22:16 - 2017-03-19 07:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2017-08-18 13:13 - 2017-06-19 14:03 - 000121344 _____ C:\Users\jenni\Downloads\budget-planner-2017.xls
    2017-08-18 09:02 - 2017-05-11 12:12 - 000000000 ____D C:\WINDOWS\system32\MRT
    2017-08-18 09:01 - 2017-05-11 12:11 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-08-18 08:31 - 2017-05-11 12:01 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2017-08-17 20:09 - 2017-05-03 17:04 - 000000000 ____D C:\Users\jenni\AppData\Local\Packages
    2017-08-17 11:46 - 2016-08-24 06:19 - 000000000 ____D C:\Users\jenni\Documents\recipes
    2017-08-17 11:12 - 2016-09-10 16:53 - 000000000 ____D C:\Users\jenni\Documents\nutrition
    2017-08-17 10:40 - 2017-07-06 08:59 - 000000000 ____D C:\Users\jenni\Documents\GARNERcup
    2017-08-16 08:25 - 2017-07-24 10:53 - 000000000 ____D C:\Users\jenni\AppData\Roaming\Audacity
    2017-08-04 16:32 - 2017-07-17 06:36 - 000000000 ____D C:\Users\jenni\Desktop\INSURANCE

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-08-25 06:49

    ==================== End of FRST.txt ============================
    tincat
    Regular Member
     
    Posts: 38
    Joined: November 17th, 2009, 4:38 pm
    Advertisement
    Register to Remove

    Next

    • Similar Topics
      Replies
      Views
      Last post

    Return to Infected? Virus, malware, adware, ransomware, oh my!



    Who is online

    Users browsing this forum: No registered users and 63 guests

    Contact us:

    Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

    Member site: UNITE Against Malware