Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mein Flugsimulator (Microsoft FSX) PC leidet plötzlich unter schlechten Bildwiederholungsraten (https://www.trojaner-board.de/184565-flugsimulator-microsoft-fsx-pc-leidet-ploetzlich-schlechten-bildwiederholungsraten.html)

ikarus2557 28.02.2017 08:13
Mein Flugsimulator (Microsoft FSX) PC leidet plötzlich unter schlechten Bildwiederholungsraten
 
An die Experten.
Wäre Euch sehr dankbar, wenn Ihr mir helfen könntet die Leistung meines 2 Jahre alten PCs mit den Komponenten i7-4790K und Nvidia GTX750 zu verbessern. Kürzlich habe ich ihn mit ESET Nod32 gescannt. Es gab 2 Viren, die gelöscht wurden. Dennoch ist die Leistung nicht besser geworden. Kurz: Sie ist nicht mehr das, was sie zu Beginn einmal war. Ich habe längere Zeit nun am FSX experimentiert, und festgestellt, dass der Einfluss von kaum anspruchsvollen bis sehr anspruchsvollen Einstellungen nicht wesentlich ins Gewicht fallen, d.h. irgendetwas "bremst" den PC.

Vielen Dank für Eure Hilfe

mit herzlichem Gruss

Alfred

ikarus2557 02.03.2017 07:27
gibt es jemand, der mir da helfen könnte

Gruss
Alfred

cosinus 02.03.2017 10:02
Dazu müsstest du mal mit Infos rüberrücken :kaffee:

"Es gab 2 Viren" - ähm ja, welche denn wo genau? :wtf:

ikarus2557 02.03.2017 13:20
Hallo Cosinus,
oha, keine Ahnung mehr, was das für Viren waren. Am besten wir beginnen von vorne mit dem Parcour durch den Profi.. oder was meinst Du?
herzlicher Gruss
Alfred

cosinus 02.03.2017 14:27
Dann durchforste deinen Virenscanner ESET im Menü und schau nach den Logs (Protokollen) - da werden alle Funde festgehalten.

ikarus2557 02.03.2017 16:04
ok, Cosinus, hier das ESET log
herzlichen Dank und
Gruss
alfred

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=init
# utc_time=2016-09-20 12:59:38
# local_time=2016-09-20 07:59:38 (+0700, SE Asia Standard Time)
# country="Thailand"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 30811
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=updated
# utc_time=2016-09-20 01:13:02
# local_time=2016-09-20 08:13:02 (+0700, SE Asia Standard Time)
# country="Thailand"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# engine=30811
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-09-21 05:03:15
# local_time=2016-09-21 12:03:15 (+0700, SE Asia Standard Time)
# country="Thailand"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 63612 28244738 0 0
# scanned=2573198
# found=12
# cleaned=12
# scan_time=57012
sh=5B7820485A53F89CFF971D65CE01A7AAC2E8FBCB ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potenziell unsichere Anwendung (gelöscht)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-465342472-1690862640-1647311925-1001\$RB58SPP\Hawaii Photoreal Vol. 2 - Maui v.0.95\FSX Captain Sim 707.rar"
sh=928A536FBFF196495B90E4BD51B932485B84A099 ft=1 fh=748b6a41a833329e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\MSI_USER\AppData\Local\Temp\DMR\dmr_72.exe"
sh=40F6CA5EF25B7DBD42AE8B4FDA5F98144B1AD360 ft=1 fh=08965c270c124c2f vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht)" ac=C fn="C:\Users\MSI_USER\Downloads\ccsetup519.exe"
sh=FB46431DE4C0672F8659E71460F043A4FADD9C15 ft=1 fh=31614a081caee633 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\MSI_USER\Downloads\Image Resizer - CHIP-Installer.exe"
sh=B7C20CA5F3D03CA0B47FE84EA238FF4F69E5183B ft=1 fh=075c4223825eb116 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht)" ac=C fn="D:\Downloads ex C\ccsetup513.exe"
sh=477546F75761C3FB17630D0F7401BA46B6992A69 ft=1 fh=9e83281c124af5cc vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung (Gesäubert durch Löschen)" ac=C fn="D:\Downloads ex C\uTorrent.exe"
sh=5B7820485A53F89CFF971D65CE01A7AAC2E8FBCB ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potenziell unsichere Anwendung (gelöscht)" ac=C fn="D:\FSX Addon sceneries\Hawaii Photoreal Vol. 2 - Maui v.0.95\FSX Captain Sim 707.rar"
sh=477546F75761C3FB17630D0F7401BA46B6992A69 ft=1 fh=9e83281c124af5cc vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung (Gesäubert durch Löschen)" ac=C fn="E:\FSX PC thai new DOWNLOADS bup\uTorrent.exe"
sh=5B7820485A53F89CFF971D65CE01A7AAC2E8FBCB ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potenziell unsichere Anwendung (gelöscht)" ac=C fn="G:\FSX 485GB\FSX FREEWARE\HAWAII ISLANDS\Hawaii Photoreal Vol. 2 - Maui v.0.95\FSX Captain Sim 707.rar"
sh=5B7820485A53F89CFF971D65CE01A7AAC2E8FBCB ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potenziell unsichere Anwendung (gelöscht)" ac=C fn="G:\FSX 485GB\FSX PAYWARE\Captain Sim 707-fsx.rar"
sh=5B7820485A53F89CFF971D65CE01A7AAC2E8FBCB ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potenziell unsichere Anwendung (gelöscht)" ac=C fn="G:\FSX 485GB\FSX PAYWARE\Captain Sim 707.rar"
sh=20B2C31135C2E338EC296C23365A20ACBD5BEA8B ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potenziell unsichere Anwendung (gelöscht)" ac=C fn="G:\FSX 485GB\FSX PAYWARE\1.Captain_Sim\Captain Sim 707.rar"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=init
# utc_time=2017-02-06 08:00:19
# local_time=2017-02-06 03:00:19 (+0700, SE Asia Standard Time)
# country="Thailand"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 32310
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=updated
# utc_time=2017-02-06 08:02:17
# local_time=2017-02-06 03:02:17 (+0700, SE Asia Standard Time)
# country="Thailand"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# engine=32310
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-02-06 11:24:34
# local_time=2017-02-06 06:24:34 (+0700, SE Asia Standard Time)
# country="Thailand"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12571 40190817 0 0
# scanned=2243677
# found=4
# cleaned=0
# scan_time=12137
sh=45E4EE7D1CF429DB3E1C02C63C7C39BEA9F9A2D9 ft=1 fh=c1d5e5be4faf5d92 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-465342472-1690862640-1647311925-1001\$R2O612V.exe"
sh=23073837FDCC6878EB8A2DA2248C745215B35D49 ft=1 fh=2114750c0916edcc vn="Variante von Win32/DownloadGuide.D eventuell unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-465342472-1690862640-1647311925-1001\$RG2IAVJ.exe"
sh=928A536FBFF196495B90E4BD51B932485B84A099 ft=1 fh=748b6a41a833329e vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\MSI_USER\AppData\Local\Temp\DMR\dmr_72.exe"
sh=D8049E0C4852BA0442E6E2F1FA68783005676016 ft=1 fh=cf5bda33c71546c6 vn="Variante von Win32/PCCleaners.B eventuell unerwünschte Anwendung" ac=I fn="D:\Downloads ex C\app_German.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=init
# utc_time=2017-02-25 03:38:24
# local_time=2017-02-25 10:38:24 (+0700, SE Asia Standard Time)
# country="Switzerland"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 32524
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=updated
# utc_time=2017-02-25 03:41:19
# local_time=2017-02-25 10:41:19 (+0700, SE Asia Standard Time)
# country="Switzerland"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# engine=32524
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-02-25 07:08:13
# local_time=2017-02-26 02:08:13 (+0700, SE Asia Standard Time)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 13445 41860236 0 0
# scanned=2305307
# found=2
# cleaned=2
# scan_time=12413
sh=928A536FBFF196495B90E4BD51B932485B84A099 ft=1 fh=748b6a41a833329e vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\MSI_USER\AppData\Local\Temp\DMR\dmr_72.exe"
sh=D8049E0C4852BA0442E6E2F1FA68783005676016 ft=1 fh=cf5bda33c71546c6 vn="Variante von Win32/PCCleaners.B eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="D:\Downloads ex C\app_German.exe"

cosinus 02.03.2017 16:09
Zitat:
D:\FSX Addon sceneries\Hawaii Photoreal Vol. 2 - Maui v.0.95\FSX Captain Sim 707.rar
E:\FSX PC thai new DOWNLOADS bu\uTorrent.exe
G:\FSX 485GB\FSX FREEWARE\HAWAII ISLANDS\Hawaii Photoreal Vol. 2 - Maui v.0.95\FSX Captain Sim 707.rar
G:\FSX 485GB\FSX PAYWARE\Captain Sim 707-fsx.rar
G:\FSX 485GB\FSX PAYWARE\Captain Sim 707.rar
G:\FSX 485GB\FSX PAYWARE\1.Captain_Sim\Captain Sim 707.rar

Das soll was genau sein, wo hast du das her?

ikarus2557 03.03.2017 01:42
Hallo Cosinus,

Zu den von Dir beanstandeten Files:

1.Hawaii Fotoreal ist 100% freeware. Payware Captain Sim.707 (eine Boeing 707) ist von mir zu 100% bezahlte payware. Ich kann Dir, wenn gewünscht, das Bild vom Kaufbeleg schicken.
2.uTorrent.exe. ist eine nicht mehr auszuführende web Datei und die hat folgende Geschichte:
Als leidenschaftlicher PC Pilot lade ich mir manchmal recht teure payware Flugzeuge auf den PC, die tatsächlich von u torrents stammen,
n u r aber um sie ausprobieren zu können. Wenn sie für mich kaufenswert sind, annulliere ich diese und kaufe sie legal.
Es gibt Simulatorsoftwarehersteller, die es einem ermöglichen, ein Flugzeug vor dem Kauf zu testen, die meisten leider aber nicht. und eine Katze im Sack kaufen, will ich nicht.
3.diese nicht mehr auszuführende u torrent datei bedeutet, dass ich das utorrent weggeschmissen habe.

Gruss
alfred

cosinus 03.03.2017 09:49
Dir ist schon klar, dass das Zeugs aus Hacktool eingestuft wird. Vermutlich hast du das aus komischen Filesharingquellen. Muss man das extra erwähnen, dass dort viel Schund im Umlauf ist? Wenn du die Finger von inoffiziellem Mist aus filesharingquellen nicht läss wirst du immer wieder Sicherheitsprobleme bekommen!



Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

ikarus2557 03.03.2017 14:46
Hallo Cosinus,
habe mir Deine Warnung zu Herzen genommen, eigentlich schon eine längere Zeit und fühle mich seither selbst clean..
Anbei die logs First und Addition.
Vielen Dank für Deine Hilfe und Deine Nachsicht.
Alfred


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-03-2017
Ran by MSI_USER (administrator) on DESKTOP-TUSRUQC (03-03-2017 20:35:14)
Running from C:\Users\MSI_USER\Desktop
Loaded Profiles: MSI_USER (Available Profiles: MSI_USER)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
() E:\FSX NEW\FlyLogic\SeasonFileSwitcherV2\SeasonFileSwitcherV2.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corp.) E:\FSX NEW\fsx.exe
() E:\FSX NEW\FlyLogic\SeasonFileSwitcherV2\SeasonFileSwitcherV2.exe
(Gamecentric) E:\FSX NEW\fsdreamteam\couatl\couatl.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2016-01-16] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-11] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] ()
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe [695528 2015-02-03] (Zbshareware Lab)
HKLM-x32\...\Run: [CheckNDISPortF0ac7B] => C:\Program Files (x86)\Hostless Modem\Shared WiFi 3\CheckNDISPort_df.exe [417536 2013-03-02] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\Shared WiFi 3\CancelAutoPlay_df.exe [446720 2013-03-01] ()
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11340752 2016-07-19] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto
HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\RunOnce: [Uninstall C:\Users\MSI_USER\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MSI_USER\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\MountPoints2: {4f0748ac-bcc7-11e5-879d-806e6f6e6963} - "F:\AfmTool.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-01-17]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{51519eaa-519f-4a82-b642-48dbcb0c8d35}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{9e7bd24b-3b46-4ab7-8720-2a997df0e4b8}: [DhcpNameServer] 110.78.191.20 110.78.191.21
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: b4eo7tkp.default
FF ProfilePath: C:\Users\MSI_USER\AppData\Roaming\Mozilla\Firefox\Profiles\b4eo7tkp.default [2016-08-11]
FF Keyword.URL: Mozilla\Firefox\Profiles\b4eo7tkp.default -> user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-03-02] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-03-02] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-465342472-1690862640-1647311925-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

Opera:
=======
OPR Session Restore: -> is enabled.

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [452096 2015-09-16] (Rivet Networks) [File not signed]
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-12] (Paramount Software UK Ltd)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2227152 2016-07-19] (Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-08] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-08] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-08] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [142904 2015-09-16] (Rivet Networks, LLC.)
S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2016-01-16] (ELECOM)
S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2016-01-16] (ELECOM)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2016-01-16] ()
R3 KillerEth; C:\WINDOWS\System32\drivers\e22w10x64.sys [158272 2015-09-03] (Qualcomm Atheros, Inc.)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-08] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-08] (NVIDIA Corporation)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2016-01-16] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2016-01-17] (Intel Corporation)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-03 20:35 - 2017-03-03 20:35 - 00013056 _____ C:\Users\MSI_USER\Desktop\FRST.txt
2017-03-03 20:34 - 2017-03-03 20:34 - 00000000 ____D C:\Users\MSI_USER\Desktop\FRST-OlderVersion
2017-03-03 20:33 - 2017-03-03 20:34 - 00000000 ____D C:\Users\MSI_USER\Desktop\Trojaner-board.de.cosinus
2017-03-03 09:56 - 2017-03-03 09:56 - 00000000 ____D C:\Users\MSI_USER\Desktop\New folder
2017-03-03 09:46 - 2017-03-02 22:19 - 00015474 _____ C:\Users\MSI_USER\Desktop\fsx.CFG
2017-03-03 07:27 - 2015-04-15 18:37 - 00035310 _____ C:\Users\MSI_USER\Desktop\uTorrent (1).exe.opdownload
2017-03-02 20:11 - 2017-03-02 20:11 - 00000609 _____ C:\Users\Public\Desktop\Fraps.lnk
2017-03-02 20:11 - 2017-03-02 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2017-02-28 19:51 - 2017-03-03 20:35 - 00000000 ____D C:\FRST
2017-02-28 19:49 - 2017-02-28 19:50 - 22851472 _____ (Malwarebytes ) C:\Users\MSI_USER\Desktop\mbam-setup-2.2.1.1043.exe
2017-02-28 19:49 - 2017-02-28 19:49 - 04015056 _____ C:\Users\MSI_USER\Desktop\AdwCleaner_6.043.exe
2017-02-28 19:48 - 2017-03-03 20:34 - 02423808 _____ (Farbar) C:\Users\MSI_USER\Desktop\FRST64.exe
2017-02-26 22:50 - 2017-02-26 22:50 - 00000000 ____D C:\Users\MSI_USER\ansel
2017-02-26 20:24 - 2017-02-26 20:24 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-26 20:24 - 2017-02-10 09:33 - 00512960 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-26 20:24 - 2017-02-10 05:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-26 20:24 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-26 20:24 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-26 20:24 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-26 20:24 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-26 20:23 - 2017-02-10 09:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 16871184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 13815192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00640272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00618416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00515648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00207672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00182952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00177808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00152064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-02-26 20:23 - 2017-02-10 09:33 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-02-26 19:59 - 2017-02-26 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-26 19:59 - 2017-02-26 19:59 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-26 19:59 - 2017-02-10 06:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-26 19:59 - 2017-02-08 18:57 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-02-26 19:59 - 2017-02-08 17:54 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-02-26 19:58 - 2017-02-08 18:57 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-26 19:58 - 2017-02-08 18:57 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-02-26 19:58 - 2017-02-08 18:57 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-02-26 19:58 - 2017-02-08 18:57 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-02-26 19:53 - 2017-02-26 19:56 - 78658464 _____ (NVIDIA Corporation) C:\Users\MSI_USER\Downloads\GeForce_Experience_v3.3.0.100.exe
2017-02-26 17:15 - 2017-02-26 17:15 - 02549112 _____ (Microsoft Corporation) C:\Users\MSI_USER\Downloads\DefaultPack.EXE
2017-02-26 17:15 - 2017-02-26 17:15 - 00315624 _____ (Microsoft Corporation) C:\Users\MSI_USER\Downloads\dx9websetup.exe
2017-02-26 11:15 - 2017-02-28 19:39 - 00000000 ____D C:\Users\MSI_USER\AppData\Local\CrashDumps
2017-02-25 22:24 - 2017-02-25 22:26 - 37993280 _____ (VIRTUALI Sagl ) C:\Users\MSI_USER\Desktop\setup_addonmanagerX.exe
2017-02-25 07:18 - 2017-02-27 19:35 - 00003210 _____ C:\WINDOWS\System32\Tasks\FRAPS
2017-02-24 19:33 - 2017-02-24 19:33 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-02-24 19:33 - 2017-02-24 19:33 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-02-19 14:57 - 2017-02-19 14:57 - 00000146 _____ C:\Users\MSI_USER\Desktop\Windows Defender - Shortcut (2).lnk
2017-02-16 21:20 - 2016-12-21 16:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-02-16 21:20 - 2016-12-21 16:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-02-16 21:20 - 2016-12-21 15:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-02-16 21:20 - 2016-12-21 14:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-02-16 21:20 - 2016-12-21 13:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-02-16 21:20 - 2016-12-21 12:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-02-16 21:20 - 2016-12-21 12:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-02-16 21:20 - 2016-12-21 12:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-02-16 21:20 - 2016-12-21 12:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-02-16 21:20 - 2016-12-21 12:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-02-16 21:20 - 2016-12-21 11:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-02-16 21:20 - 2016-11-22 18:42 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-02-16 21:20 - 2016-11-22 17:43 - 03692040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-02-16 21:20 - 2016-11-22 17:36 - 00159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-02-16 21:20 - 2016-11-22 17:35 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-02-16 21:20 - 2016-11-22 17:35 - 00075448 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-02-16 21:20 - 2016-11-22 17:04 - 02549456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-02-16 21:20 - 2016-11-22 17:03 - 01777280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-02-16 21:20 - 2016-11-22 17:02 - 01399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-02-16 21:20 - 2016-11-22 16:32 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-02-16 21:20 - 2016-11-22 16:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-02-16 21:20 - 2016-11-22 16:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-02-16 21:20 - 2016-11-22 16:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-02-16 21:20 - 2016-11-22 16:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-02-16 21:20 - 2016-11-22 16:13 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-02-16 21:20 - 2016-11-22 16:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-02-16 21:20 - 2016-11-22 15:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-02-16 21:20 - 2016-11-22 15:55 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-02-16 21:20 - 2016-11-22 15:50 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-02-16 21:20 - 2016-11-22 15:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-02-16 21:20 - 2016-11-22 15:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-02-16 21:20 - 2016-11-22 15:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-02-16 21:20 - 2016-11-22 15:35 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-02-16 21:20 - 2016-11-22 15:32 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-02-16 21:20 - 2016-11-22 15:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-02-16 21:20 - 2016-11-22 15:20 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-02-16 21:20 - 2016-11-22 15:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-02-16 21:20 - 2016-11-22 15:04 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-02-16 21:20 - 2016-11-22 14:57 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-02-16 21:20 - 2016-11-22 14:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-02-16 21:20 - 2016-11-22 14:53 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-02-16 21:20 - 2016-11-22 14:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-02-16 21:20 - 2016-11-22 14:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-02-16 21:20 - 2016-11-22 14:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-02-16 21:20 - 2016-11-22 14:26 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-02-16 21:20 - 2016-11-22 14:26 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-02-16 21:20 - 2016-11-22 14:21 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-02-16 21:20 - 2016-11-22 14:02 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-02-16 21:20 - 2016-11-22 14:01 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-02-16 21:20 - 2016-11-22 13:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-02-16 21:20 - 2016-11-22 13:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-02-16 21:20 - 2016-11-22 13:35 - 19350016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-02-16 21:20 - 2016-11-22 13:34 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-02-16 21:20 - 2016-11-02 22:12 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-02-16 21:20 - 2016-11-02 22:08 - 00636296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-02-16 21:20 - 2016-11-02 21:25 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-02-16 21:20 - 2016-11-02 20:32 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-02-16 21:20 - 2016-11-02 20:31 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-02-16 21:20 - 2016-11-02 19:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-02-16 21:20 - 2016-10-25 16:44 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-02-16 21:20 - 2016-10-25 16:44 - 00875480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-02-16 21:20 - 2016-10-25 16:42 - 07468384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-02-16 21:20 - 2016-10-25 16:42 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-16 21:20 - 2016-10-25 16:42 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-02-16 21:20 - 2016-10-25 16:42 - 01142560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-02-16 21:20 - 2016-10-25 16:42 - 01098648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-02-16 21:20 - 2016-10-25 16:42 - 00125280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2017-02-16 21:20 - 2016-10-25 16:42 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2017-02-16 21:20 - 2016-10-25 16:41 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-02-16 21:20 - 2016-10-25 16:39 - 01238584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2017-02-16 21:20 - 2016-10-25 16:39 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-02-16 21:20 - 2016-10-25 16:34 - 00454496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2017-02-16 21:20 - 2016-10-25 16:26 - 00528736 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-02-16 21:20 - 2016-10-25 16:25 - 01637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-02-16 21:20 - 2016-10-25 16:24 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-02-16 21:20 - 2016-10-25 16:19 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-02-16 21:20 - 2016-10-25 16:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-02-16 21:20 - 2016-10-25 15:51 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2017-02-16 21:20 - 2016-10-25 15:50 - 00439136 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2017-02-16 21:20 - 2016-10-25 15:49 - 00588328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmdrmdev.dll
2017-02-16 21:20 - 2016-10-25 15:49 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 01554152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 01552104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 01017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 00847648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-02-16 21:20 - 2016-10-25 15:42 - 02607336 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-02-16 21:20 - 2016-10-25 15:42 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-02-16 21:20 - 2016-10-25 15:42 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-02-16 21:20 - 2016-10-25 15:39 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2017-02-16 21:20 - 2016-10-25 15:39 - 00730352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-02-16 21:20 - 2016-10-25 15:39 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2017-02-16 21:20 - 2016-10-25 15:38 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-02-16 21:20 - 2016-10-25 15:38 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-02-16 21:20 - 2016-10-25 15:38 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-02-16 21:20 - 2016-10-25 15:37 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-02-16 21:20 - 2016-10-25 15:37 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-02-16 21:20 - 2016-10-25 15:37 - 01603224 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-02-16 21:20 - 2016-10-25 15:37 - 01040792 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-02-16 21:20 - 2016-10-25 15:37 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-02-16 21:20 - 2016-10-25 15:35 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-02-16 21:20 - 2016-10-25 15:34 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-02-16 21:20 - 2016-10-25 15:34 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-02-16 21:20 - 2016-10-25 15:34 - 00106928 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2017-02-16 21:20 - 2016-10-25 15:33 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-02-16 21:20 - 2016-10-25 15:32 - 01862000 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-02-16 21:20 - 2016-10-25 15:32 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-02-16 21:20 - 2016-10-25 15:32 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-02-16 21:20 - 2016-10-25 15:32 - 00845568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-02-16 21:20 - 2016-10-25 15:32 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2017-02-16 21:20 - 2016-10-25 15:30 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-02-16 21:20 - 2016-10-25 15:30 - 00360288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-02-16 21:20 - 2016-10-25 15:28 - 01083648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2017-02-16 21:20 - 2016-10-25 15:05 - 00712032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-02-16 21:20 - 2016-10-25 15:03 - 01988440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-02-16 21:20 - 2016-10-25 15:02 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-02-16 21:20 - 2016-10-25 15:02 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-02-16 21:20 - 2016-10-25 15:01 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-02-16 21:20 - 2016-10-25 15:01 - 00324448 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2017-02-16 21:20 - 2016-10-25 14:47 - 28851216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-02-16 21:20 - 2016-10-25 14:47 - 02641928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2017-02-16 21:20 - 2016-10-25 14:47 - 00305808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2017-02-16 21:20 - 2016-10-25 14:46 - 00388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-02-16 21:20 - 2016-10-25 14:46 - 00376528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-02-16 21:20 - 2016-10-25 14:45 - 00503600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2017-02-16 21:20 - 2016-10-25 14:45 - 00032096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2017-02-16 21:20 - 2016-10-25 14:40 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2017-02-16 21:20 - 2016-10-25 14:40 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-02-16 21:20 - 2016-10-25 14:39 - 00306840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2017-02-16 21:20 - 2016-10-25 14:37 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-02-16 21:20 - 2016-10-25 14:37 - 01349632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-02-16 21:20 - 2016-10-25 14:37 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-02-16 21:20 - 2016-10-25 14:37 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-02-16 21:20 - 2016-10-25 14:37 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-02-16 21:20 - 2016-10-25 14:37 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-02-16 21:20 - 2016-10-25 14:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2017-02-16 21:20 - 2016-10-25 14:33 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\genericusbfn.sys
2017-02-16 21:20 - 2016-10-25 14:32 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-02-16 21:20 - 2016-10-25 14:32 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll
2017-02-16 21:20 - 2016-10-25 14:31 - 01824272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-02-16 21:20 - 2016-10-25 14:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-02-16 21:20 - 2016-10-25 14:31 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2017-02-16 21:20 - 2016-10-25 14:31 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-02-16 21:20 - 2016-10-25 14:31 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-02-16 21:20 - 2016-10-25 14:30 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-02-16 21:20 - 2016-10-25 14:30 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-02-16 21:20 - 2016-10-25 14:30 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-02-16 21:20 - 2016-10-25 14:29 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-02-16 21:20 - 2016-10-25 14:27 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-02-16 21:20 - 2016-10-25 14:27 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-02-16 21:20 - 2016-10-25 14:27 - 00256704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2017-02-16 21:20 - 2016-10-25 14:26 - 05240952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-02-16 21:20 - 2016-10-25 14:26 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-02-16 21:20 - 2016-10-25 14:26 - 01355344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2017-02-16 21:20 - 2016-10-25 14:26 - 00836752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-02-16 21:20 - 2016-10-25 14:26 - 00569752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-02-16 21:20 - 2016-10-25 14:26 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-02-16 21:20 - 2016-10-25 14:24 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2017-02-16 21:20 - 2016-10-25 14:23 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2017-02-16 21:20 - 2016-10-25 14:22 - 00268040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-02-16 21:20 - 2016-10-25 14:22 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2017-02-16 21:20 - 2016-10-25 14:21 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-02-16 21:20 - 2016-10-25 14:21 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2017-02-16 21:20 - 2016-10-25 14:20 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2017-02-16 21:20 - 2016-10-25 14:19 - 00295776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-02-16 21:20 - 2016-10-25 14:19 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-02-16 21:20 - 2016-10-25 14:18 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-02-16 21:20 - 2016-10-25 14:18 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2017-02-16 21:20 - 2016-10-25 14:16 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-02-16 21:20 - 2016-10-25 14:14 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-02-16 21:20 - 2016-10-25 14:13 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2017-02-16 21:20 - 2016-10-25 14:13 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-02-16 21:20 - 2016-10-25 14:13 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2017-02-16 21:20 - 2016-10-25 14:12 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2017-02-16 21:20 - 2016-10-25 14:12 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-02-16 21:20 - 2016-10-25 14:12 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2017-02-16 21:20 - 2016-10-25 14:12 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-02-16 21:20 - 2016-10-25 14:12 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-02-16 21:20 - 2016-10-25 14:10 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-02-16 21:20 - 2016-10-25 14:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2017-02-16 21:20 - 2016-10-25 14:10 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-02-16 21:20 - 2016-10-25 14:10 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2017-02-16 21:20 - 2016-10-25 14:09 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-02-16 21:20 - 2016-10-25 14:08 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2017-02-16 21:20 - 2016-10-25 14:06 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-02-16 21:20 - 2016-10-25 14:06 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceConnectApi.dll
2017-02-16 21:20 - 2016-10-25 14:05 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2017-02-16 21:20 - 2016-10-25 14:05 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FingerprintEnrollment.dll
2017-02-16 21:20 - 2016-10-25 14:04 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LegacyNetUXHost.exe
2017-02-16 21:20 - 2016-10-25 14:02 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-02-16 21:20 - 2016-10-25 14:02 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-02-16 21:20 - 2016-10-25 14:02 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-02-16 21:20 - 2016-10-25 14:00 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-02-16 21:20 - 2016-10-25 13:59 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-02-16 21:20 - 2016-10-25 13:59 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-02-16 21:20 - 2016-10-25 13:59 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-02-16 21:20 - 2016-10-25 13:59 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvc.dll
2017-02-16 21:20 - 2016-10-25 13:59 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2017-02-16 21:20 - 2016-10-25 13:58 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2017-02-16 21:20 - 2016-10-25 13:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-02-16 21:20 - 2016-10-25 13:58 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-02-16 21:20 - 2016-10-25 13:57 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2017-02-16 21:20 - 2016-10-25 13:57 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-02-16 21:20 - 2016-10-25 13:56 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2017-02-16 21:20 - 2016-10-25 13:56 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3ui.dll
2017-02-16 21:20 - 2016-10-25 13:56 - 00317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-02-16 21:20 - 2016-10-25 13:56 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dxpserver.exe
2017-02-16 21:20 - 2016-10-25 13:56 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-02-16 21:20 - 2016-10-25 13:55 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-02-16 21:20 - 2016-10-25 13:55 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-02-16 21:20 - 2016-10-25 13:55 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-02-16 21:20 - 2016-10-25 13:55 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-02-16 21:20 - 2016-10-25 13:55 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2017-02-16 21:20 - 2016-10-25 13:54 - 00752128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-02-16 21:20 - 2016-10-25 13:54 - 00273760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2017-02-16 21:20 - 2016-10-25 13:54 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack_win.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2017-02-16 21:20 - 2016-10-25 13:51 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFS.exe
2017-02-16 21:20 - 2016-10-25 13:51 - 00469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-02-16 21:20 - 2016-10-25 13:51 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-02-16 21:20 - 2016-10-25 13:51 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-02-16 21:20 - 2016-10-25 13:51 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2017-02-16 21:20 - 2016-10-25 13:51 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-02-16 21:20 - 2016-10-25 13:50 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2017-02-16 21:20 - 2016-10-25 13:50 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2017-02-16 21:20 - 2016-10-25 13:50 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2017-02-16 21:20 - 2016-10-25 13:50 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2017-02-16 21:20 - 2016-10-25 13:50 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneOm.dll
2017-02-16 21:20 - 2016-10-25 13:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2017-02-16 21:20 - 2016-10-25 13:49 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-02-16 21:20 - 2016-10-25 13:49 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2017-02-16 21:20 - 2016-10-25 13:49 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2017-02-16 21:20 - 2016-10-25 13:48 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceApi.dll
2017-02-16 21:20 - 2016-10-25 13:48 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-02-16 21:20 - 2016-10-25 13:47 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-02-16 21:20 - 2016-10-25 13:47 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2017-02-16 21:20 - 2016-10-25 13:47 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2017-02-16 21:20 - 2016-10-25 13:47 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-02-16 21:20 - 2016-10-25 13:46 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2017-02-16 21:20 - 2016-10-25 13:46 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-02-16 21:20 - 2016-10-25 13:46 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-02-16 21:20 - 2016-10-25 13:45 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-02-16 21:20 - 2016-10-25 13:44 - 01479168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2017-02-16 21:20 - 2016-10-25 13:44 - 00602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-02-16 21:20 - 2016-10-25 13:43 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-02-16 21:20 - 2016-10-25 13:43 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-02-16 21:20 - 2016-10-25 13:43 - 00440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2017-02-16 21:20 - 2016-10-25 13:43 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-16 21:20 - 2016-10-25 13:42 - 01813504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-02-16 21:20 - 2016-10-25 13:42 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2017-02-16 21:20 - 2016-10-25 13:42 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-02-16 21:20 - 2016-10-25 13:42 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-02-16 21:20 - 2016-10-25 13:41 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2017-02-16 21:20 - 2016-10-25 13:41 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-02-16 21:20 - 2016-10-25 13:41 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-02-16 21:20 - 2016-10-25 13:41 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2017-02-16 21:20 - 2016-10-25 13:41 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-02-16 21:20 - 2016-10-25 13:41 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 02331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2017-02-16 21:20 - 2016-10-25 13:40 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 00947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxApplicabilityEngine.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrGidsHandler.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 00466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WLanConn.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 00610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmdrmsdk.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-02-16 21:20 - 2016-10-25 13:37 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-02-16 21:20 - 2016-10-25 13:37 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-02-16 21:20 - 2016-10-25 13:37 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-02-16 21:20 - 2016-10-25 13:37 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-02-16 21:20 - 2016-10-25 13:36 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-02-16 21:20 - 2016-10-25 13:36 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2017-02-16 21:20 - 2016-10-25 13:36 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-02-16 21:20 - 2016-10-25 13:35 - 01434112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-02-16 21:20 - 2016-10-25 13:35 - 01132544 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2017-02-16 21:20 - 2016-10-25 13:35 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-02-16 21:20 - 2016-10-25 13:35 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-02-16 21:20 - 2016-10-25 13:34 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-02-16 21:20 - 2016-10-25 13:34 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-02-16 21:20 - 2016-10-25 13:34 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-02-16 21:20 - 2016-10-25 13:33 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-02-16 21:20 - 2016-10-25 13:33 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2017-02-16 21:20 - 2016-10-25 13:33 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2017-02-16 21:20 - 2016-10-25 13:33 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2017-02-16 21:20 - 2016-10-25 13:32 - 01159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2017-02-16 21:20 - 2016-10-25 13:32 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-02-16 21:20 - 2016-10-25 13:32 - 01037824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-02-16 21:20 - 2016-10-25 13:32 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-02-16 21:20 - 2016-10-25 13:32 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2017-02-16 21:20 - 2016-10-25 13:32 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-02-16 21:20 - 2016-10-25 13:32 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2017-02-16 21:20 - 2016-10-25 13:30 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-02-16 21:20 - 2016-10-25 13:30 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-02-16 21:20 - 2016-10-25 13:29 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2017-02-16 21:20 - 2016-10-25 13:29 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-02-16 21:20 - 2016-10-25 13:29 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-02-16 21:20 - 2016-10-25 13:29 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-02-16 21:20 - 2016-10-25 13:28 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 02731008 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 01466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Pimstore.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMNetMgr.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-02-16 21:20 - 2016-10-25 13:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-02-16 21:20 - 2016-10-25 13:26 - 02103296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-02-16 21:20 - 2016-10-25 13:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-02-16 21:20 - 2016-10-25 13:25 - 01872896 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-02-16 21:20 - 2016-10-25 13:25 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2017-02-16 21:20 - 2016-10-25 13:25 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-02-16 21:20 - 2016-10-25 13:24 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-02-16 21:20 - 2016-10-25 13:24 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-02-16 21:20 - 2016-10-25 13:24 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-02-16 21:20 - 2016-10-25 13:23 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-02-16 21:20 - 2016-10-25 13:23 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-02-16 21:20 - 2016-10-25 13:22 - 01424384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-02-16 21:20 - 2016-10-25 13:22 - 00638976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-02-16 21:20 - 2016-10-25 13:22 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-02-16 21:20 - 2016-10-25 13:21 - 02054144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-02-16 21:20 - 2016-10-25 13:21 - 01570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2017-02-16 21:20 - 2016-10-25 13:21 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-02-16 21:20 - 2016-10-25 13:21 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2017-02-16 21:20 - 2016-10-25 13:20 - 03549696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2017-02-16 21:20 - 2016-10-25 13:19 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-02-16 21:20 - 2016-10-25 13:18 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-02-16 21:20 - 2016-10-25 13:17 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-02-16 21:20 - 2016-10-25 13:16 - 03415040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2017-02-16 21:20 - 2016-10-25 13:16 - 01965568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2017-02-16 21:20 - 2016-10-25 13:16 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-02-16 21:20 - 2016-10-25 13:12 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-02-16 21:20 - 2016-10-25 13:11 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-02-16 21:20 - 2016-10-25 13:09 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-02-16 21:20 - 2016-10-25 13:09 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2017-02-16 21:20 - 2016-10-25 13:08 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2017-02-16 21:20 - 2016-10-25 13:07 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-02-16 21:20 - 2016-10-25 13:06 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2017-02-16 21:20 - 2016-10-25 13:05 - 02610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-02-16 21:20 - 2016-10-25 13:05 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2017-02-16 21:20 - 2016-10-25 13:05 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StikyNot.exe
2017-02-16 21:20 - 2016-10-25 13:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-02-16 21:20 - 2016-10-25 13:03 - 06675968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-02-16 21:20 - 2016-10-25 13:03 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-02-16 21:20 - 2016-10-25 13:03 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-02-16 21:20 - 2016-10-25 13:03 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SCardDlg.dll
2017-02-16 21:20 - 2016-10-25 13:03 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-02-16 21:20 - 2016-10-25 13:01 - 01755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-02-16 21:20 - 2016-10-25 13:01 - 01121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-02-16 21:20 - 2016-10-25 13:01 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2017-02-16 21:20 - 2016-10-25 13:01 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-02-16 21:20 - 2016-10-25 13:00 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-02-16 21:20 - 2016-10-25 13:00 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll
2017-02-16 21:20 - 2016-10-25 13:00 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-02-16 21:20 - 2016-10-25 12:59 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-02-16 21:20 - 2016-10-25 12:57 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2017-02-16 21:20 - 2016-10-25 12:57 - 00833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2017-02-16 21:20 - 2016-10-25 12:56 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll
2017-02-16 21:20 - 2016-10-25 12:55 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-02-16 21:20 - 2016-10-25 12:54 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2017-02-16 21:20 - 2016-10-25 12:54 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-02-16 21:20 - 2016-10-25 12:54 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-02-16 21:20 - 2016-10-25 12:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-02-16 21:20 - 2016-10-25 12:53 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-02-16 21:20 - 2016-10-25 12:53 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-02-16 21:20 - 2016-10-25 12:52 - 04170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-02-16 21:20 - 2016-10-25 12:52 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2017-02-16 21:20 - 2016-10-25 12:52 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-02-16 21:20 - 2016-10-25 12:51 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-02-16 21:20 - 2016-10-25 12:51 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2017-02-16 21:20 - 2016-10-25 12:50 - 02874880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2017-02-16 21:20 - 2016-10-25 12:50 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2017-02-16 21:20 - 2016-10-25 12:50 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2017-02-16 21:20 - 2016-10-25 12:50 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-02-16 21:20 - 2016-10-25 12:50 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-02-16 21:20 - 2016-10-25 12:49 - 03081216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-02-16 21:20 - 2016-10-25 12:49 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-02-16 21:20 - 2016-10-25 12:49 - 01997312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-02-16 21:20 - 2016-10-25 12:49 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3ui.dll
2017-02-16 21:20 - 2016-10-25 12:48 - 04826624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-02-16 21:20 - 2016-10-25 12:48 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-02-16 21:20 - 2016-10-25 12:48 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-02-16 21:20 - 2016-10-25 12:47 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-02-16 21:20 - 2016-10-25 12:47 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll
2017-02-16 21:20 - 2016-10-25 12:46 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-02-16 21:20 - 2016-10-25 12:46 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnfldr.dll
2017-02-16 21:20 - 2016-10-25 12:46 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-02-16 21:20 - 2016-10-25 12:45 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-02-16 21:20 - 2016-10-25 12:45 - 00564736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2017-02-16 21:20 - 2016-10-25 12:45 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-02-16 21:20 - 2016-10-25 12:45 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneOm.dll
2017-02-16 21:20 - 2016-10-25 12:44 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2017-02-16 21:20 - 2016-10-25 12:43 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-02-16 21:20 - 2016-10-25 12:43 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceApi.dll
2017-02-16 21:20 - 2016-10-25 12:43 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\filemgmt.dll
2017-02-16 21:20 - 2016-10-25 12:42 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-02-16 21:20 - 2016-10-25 12:42 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-02-16 21:20 - 2016-10-25 12:41 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-02-16 21:20 - 2016-10-25 12:41 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-02-16 21:20 - 2016-10-25 12:41 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-02-16 21:20 - 2016-10-25 12:40 - 01336832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2017-02-16 21:20 - 2016-10-25 12:40 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-02-16 21:20 - 2016-10-25 12:39 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-02-16 21:20 - 2016-10-25 12:39 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-02-16 21:20 - 2016-10-25 12:39 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2017-02-16 21:20 - 2016-10-25 12:39 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-16 21:20 - 2016-10-25 12:38 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-02-16 21:20 - 2016-10-25 12:37 - 04143104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WlanMM.dll
2017-02-16 21:20 - 2016-10-25 12:37 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2017-02-16 21:20 - 2016-10-25 12:37 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-02-16 21:20 - 2016-10-25 12:37 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 04646400 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-02-16 21:20 - 2016-10-25 12:36 - 00879616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WLanConn.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-02-16 21:20 - 2016-10-25 12:35 - 02902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-02-16 21:20 - 2016-10-25 12:35 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-02-16 21:20 - 2016-10-25 12:35 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-02-16 21:20 - 2016-10-25 12:35 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmdrmsdk.dll
2017-02-16 21:20 - 2016-10-25 12:35 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-02-16 21:20 - 2016-10-25 12:34 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-02-16 21:20 - 2016-10-25 12:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-02-16 21:20 - 2016-10-25 12:34 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-02-16 21:20 - 2016-10-25 12:33 - 01063936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-02-16 21:20 - 2016-10-25 12:33 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-02-16 21:20 - 2016-10-25 12:32 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-02-16 21:20 - 2016-10-25 12:32 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2017-02-16 21:20 - 2016-10-25 12:32 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2017-02-16 21:20 - 2016-10-25 12:32 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-02-16 21:20 - 2016-10-25 12:32 - 00645632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll
2017-02-16 21:20 - 2016-10-25 12:31 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2017-02-16 21:20 - 2016-10-25 12:30 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-02-16 21:20 - 2016-10-25 12:29 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2017-02-16 21:20 - 2016-10-25 12:29 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-02-16 21:20 - 2016-10-25 12:29 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 02578432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 01186816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMNetMgr.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 00885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 00882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-02-16 21:20 - 2016-10-25 12:27 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-02-16 21:20 - 2016-10-25 12:27 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-02-16 21:20 - 2016-10-25 12:26 - 02563584 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2017-02-16 21:20 - 2016-10-25 12:26 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-02-16 21:20 - 2016-10-25 12:25 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-02-16 21:20 - 2016-10-25 12:25 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-02-16 21:20 - 2016-10-25 12:25 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-02-16 21:20 - 2016-10-25 12:25 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-02-16 21:20 - 2016-10-25 12:25 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-02-16 21:20 - 2016-10-25 12:25 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-02-16 21:20 - 2016-10-25 12:24 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-02-16 21:20 - 2016-10-25 12:24 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-02-16 21:20 - 2016-10-25 12:23 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2017-02-16 21:20 - 2016-10-25 12:23 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-02-16 21:20 - 2016-10-25 12:23 - 00964096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-02-16 21:20 - 2016-10-25 12:22 - 01562624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2017-02-16 21:20 - 2016-10-25 12:21 - 03577344 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-02-16 21:20 - 2016-10-25 12:21 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-02-16 21:20 - 2016-10-25 12:20 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-02-16 21:20 - 2016-10-25 12:19 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-02-16 21:20 - 2016-10-25 12:17 - 00581632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-02-16 21:20 - 2016-10-25 12:14 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-02-16 21:20 - 2016-10-25 12:14 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-02-16 21:20 - 2016-10-25 12:14 - 00651776 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2017-02-16 21:20 - 2016-10-25 12:13 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-02-16 21:20 - 2016-10-25 12:12 - 11544576 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-02-16 21:20 - 2016-10-25 12:11 - 06471168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-02-16 21:20 - 2016-10-25 12:11 - 04078592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-02-16 21:20 - 2016-10-25 12:11 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-02-16 21:20 - 2016-10-25 12:10 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-02-16 21:20 - 2016-10-25 12:10 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2017-02-16 21:20 - 2016-10-25 12:09 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2017-02-16 21:20 - 2016-10-25 12:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2017-02-16 21:20 - 2016-10-25 12:05 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-02-16 21:20 - 2016-10-25 12:05 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-02-16 21:20 - 2016-10-25 12:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-02-16 21:20 - 2016-10-25 12:05 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-02-16 21:20 - 2016-10-25 12:05 - 01385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-02-16 21:20 - 2016-10-25 12:04 - 00835072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-02-16 21:20 - 2016-10-25 12:03 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2017-02-16 21:20 - 2016-10-25 12:02 - 06976512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-02-16 21:20 - 2016-10-25 12:02 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-02-16 21:20 - 2016-10-25 12:02 - 03459584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-02-16 21:20 - 2016-10-25 12:01 - 02361856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2017-02-16 21:20 - 2016-10-25 12:00 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-02-16 21:20 - 2016-10-25 12:00 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-02-16 21:20 - 2016-10-25 12:00 - 02555904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-02-16 21:20 - 2016-10-25 12:00 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-02-16 21:20 - 2016-10-25 12:00 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-02-16 21:20 - 2016-10-25 11:59 - 14258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-02-16 21:20 - 2016-10-25 11:59 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-02-16 21:20 - 2016-10-25 11:59 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-02-16 21:20 - 2016-10-25 11:58 - 09920512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-02-16 21:20 - 2016-10-25 11:58 - 07536128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-02-16 21:20 - 2016-10-25 11:57 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-02-16 21:20 - 2016-10-25 11:56 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-02-16 21:20 - 2016-10-25 11:55 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-02-16 21:20 - 2016-10-25 11:55 - 02217984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2017-02-16 21:20 - 2016-10-25 11:55 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-02-16 21:20 - 2016-10-25 11:55 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnfldr.dll
2017-02-16 21:20 - 2016-10-25 11:54 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-02-16 21:20 - 2016-10-25 11:53 - 03294208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-02-16 21:20 - 2016-10-25 11:53 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-02-16 21:20 - 2016-10-25 11:53 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-02-16 21:20 - 2016-10-25 11:52 - 03555840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-02-16 21:20 - 2016-10-25 11:52 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-02-16 21:20 - 2016-10-25 11:51 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2017-02-16 21:20 - 2016-10-25 11:50 - 01487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-02-16 21:20 - 2016-10-25 11:48 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2017-02-16 21:20 - 2016-10-25 11:47 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-02-16 21:20 - 2016-10-25 11:46 - 02771968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-02-16 21:20 - 2016-10-25 11:45 - 02679808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-02-16 21:20 - 2016-10-25 11:44 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-02-16 21:20 - 2016-10-25 11:44 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2017-02-16 21:20 - 2016-10-25 11:43 - 04404736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-02-16 21:20 - 2016-10-25 11:43 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2017-02-16 21:20 - 2016-10-25 11:41 - 02519552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2017-02-16 21:20 - 2016-10-25 11:40 - 05325824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-02-16 21:20 - 2016-10-25 11:38 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-02-16 21:20 - 2016-10-25 11:37 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-02-16 21:20 - 2016-10-25 11:36 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-02-16 21:20 - 2016-10-25 11:35 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-02-16 21:20 - 2016-10-25 11:35 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2017-02-16 21:20 - 2016-10-25 11:34 - 02062336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-02-16 21:20 - 2016-10-25 11:34 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-02-16 21:20 - 2016-10-25 11:34 - 01228800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-02-16 21:20 - 2016-10-25 11:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2017-02-16 21:20 - 2016-10-25 11:32 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-02-16 21:20 - 2016-10-25 11:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2017-02-16 21:20 - 2016-10-25 11:32 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-02-16 21:20 - 2016-10-25 11:30 - 12590080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-02-16 21:20 - 2016-10-25 11:29 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-02-16 21:20 - 2016-10-25 11:27 - 03065344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-02-16 21:20 - 2016-10-25 11:23 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2017-02-16 21:20 - 2016-10-25 11:21 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2017-02-16 21:20 - 2016-10-25 11:07 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-02-16 21:20 - 2016-10-25 09:19 - 00775336 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-02-16 21:20 - 2016-10-25 09:19 - 00775336 _____ C:\WINDOWS\system32\locale.nls
2017-02-16 21:20 - 2016-10-25 08:47 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-02-16 21:20 - 2016-10-05 14:56 - 01644736 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-02-16 21:20 - 2016-10-05 14:56 - 01242304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-02-16 21:20 - 2016-10-05 14:56 - 00602304 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-02-16 21:20 - 2016-10-05 14:56 - 00591040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-02-16 21:20 - 2016-10-05 14:56 - 00329920 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-02-16 21:20 - 2016-10-05 14:56 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-02-16 21:20 - 2016-10-05 14:56 - 00144576 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-02-16 21:20 - 2016-10-05 14:56 - 00085696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-02-16 21:20 - 2016-10-05 14:19 - 00129376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-02-16 21:20 - 2016-10-05 14:01 - 01337184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-02-16 21:20 - 2016-10-05 13:54 - 01297760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-02-16 21:20 - 2016-10-05 12:45 - 00987488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-02-16 21:20 - 2016-10-05 12:37 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-02-16 21:20 - 2016-10-05 12:31 - 00422240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-02-16 21:20 - 2016-10-05 12:25 - 00871776 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2017-02-16 21:20 - 2016-10-05 12:00 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-02-16 21:20 - 2016-10-05 11:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-02-16 21:20 - 2016-10-05 11:50 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2017-02-16 21:20 - 2016-10-05 11:49 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2017-02-16 21:20 - 2016-10-05 11:49 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-02-16 21:20 - 2016-10-05 11:47 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
2017-02-16 21:20 - 2016-10-05 11:47 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-02-16 21:20 - 2016-10-05 11:38 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2017-02-16 21:20 - 2016-10-05 11:35 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2017-02-16 21:20 - 2016-10-05 11:34 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-02-16 21:20 - 2016-10-05 11:32 - 00538744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-02-16 21:20 - 2016-10-05 11:30 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2017-02-16 21:20 - 2016-10-05 11:29 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2017-02-16 21:20 - 2016-10-05 11:23 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-02-16 21:20 - 2016-10-05 11:19 - 00717152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2017-02-16 21:20 - 2016-10-05 11:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2017-02-16 21:20 - 2016-10-05 11:17 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-02-16 21:20 - 2016-10-05 11:15 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2017-02-16 21:20 - 2016-10-05 11:10 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-02-16 21:20 - 2016-10-05 11:05 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-02-16 21:20 - 2016-10-05 11:04 - 01718272 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-02-16 21:20 - 2016-10-05 11:00 - 01661952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-02-16 21:20 - 2016-10-05 11:00 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-02-16 21:20 - 2016-10-05 11:00 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2017-02-16 21:20 - 2016-10-05 10:48 - 02437120 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-02-16 21:20 - 2016-10-05 10:40 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2017-02-16 21:20 - 2016-10-05 10:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
2017-02-16 21:20 - 2016-10-05 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-02-16 21:20 - 2016-10-05 10:30 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2017-02-16 21:20 - 2016-10-05 10:29 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-02-16 21:20 - 2016-10-05 10:28 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2017-02-16 21:20 - 2016-10-05 10:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2017-02-16 21:20 - 2016-10-05 10:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2017-02-16 21:20 - 2016-10-05 10:15 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-02-16 21:20 - 2016-10-05 10:13 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2017-02-16 21:20 - 2016-10-05 10:09 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-02-16 21:20 - 2016-10-05 10:05 - 01467904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-02-16 21:20 - 2016-10-05 09:54 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-02-16 21:20 - 2016-10-05 09:40 - 01626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-02-16 21:20 - 2016-09-27 09:39 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-02-16 21:20 - 2016-06-18 11:55 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2017-02-16 21:20 - 2016-06-18 11:51 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-02-16 21:20 - 2016-06-18 11:49 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2017-02-15 19:32 - 2017-02-15 19:32 - 00001133 _____ C:\Users\MSI_USER\Desktop\FlusiFix06.exe - Shortcut.lnk
2017-02-11 13:13 - 2017-02-11 13:13 - 00001090 _____ C:\Users\MSI_USER\Desktop\ACHTUNG.FSX PC NEW C+E Macrium auf seagate ROT - Shortcut.lnk
2017-02-10 21:30 - 2017-02-10 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSDG
2017-02-09 20:23 - 2017-02-09 20:23 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-09 12:45 - 2017-03-03 20:32 - 00765362 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-09 12:45 - 2017-03-03 20:32 - 00155416 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-09 12:45 - 2017-02-09 12:45 - 00305634 _____ C:\WINDOWS\system32\perfi007.dat
2017-02-09 12:45 - 2017-02-09 12:45 - 00040390 _____ C:\WINDOWS\system32\perfd007.dat
2017-02-09 12:45 - 2017-02-09 12:45 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-02-09 12:45 - 2017-02-09 12:45 - 00000000 ____D C:\WINDOWS\SysWOW64\de
2017-02-09 12:45 - 2017-02-09 12:45 - 00000000 ____D C:\WINDOWS\system32\de
2017-02-09 12:45 - 2017-02-09 12:45 - 00000000 ____D C:\Program Files\Windows Journal
2017-02-09 11:02 - 2017-02-09 11:03 - 00000000 ____D C:\Users\MSI_USER\Downloads\1.openzip
2017-02-09 11:01 - 2017-02-09 11:02 - 02008000 _____ C:\Users\MSI_USER\Downloads\SimConnect.zip
2017-02-08 11:39 - 2017-02-08 11:39 - 00000919 _____ C:\Users\MSI_USER\Desktop\DESKTOP FSX - Shortcut.lnk
2017-02-08 11:38 - 2017-02-27 10:06 - 00000000 ___RD C:\Users\MSI_USER\Documents\DESKTOP FSX
2017-02-07 20:39 - 2017-02-07 20:39 - 00001139 _____ C:\Users\Public\Desktop\USB Disk Security.lnk
2017-02-07 10:00 - 2017-02-07 13:30 - 00000546 _____ C:\WINDOWS\Tasks\Macrium-Backup-{D5990322-26A1-4F98-89E8-86A839B05F19}.job
2017-02-07 10:00 - 2017-02-07 10:00 - 00003264 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{D5990322-26A1-4F98-89E8-86A839B05F19}
2017-02-07 08:55 - 2017-02-07 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-02-06 20:16 - 2017-02-06 20:16 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\France VFR
2017-02-06 19:38 - 2017-02-06 19:57 - 271322425 _____ () C:\Users\MSI_USER\Downloads\LFLB_FRANCEVFR-chambery_fsx.exe
2017-02-06 13:45 - 2017-02-06 13:45 - 08813488 _____ (Piriform Ltd) C:\Users\MSI_USER\Downloads\ccsetup526.exe
2017-02-06 13:41 - 2017-02-06 13:41 - 00000000 ____D C:\ProgramData\dbg
2017-02-06 13:37 - 2017-02-06 13:41 - 00000000 ____D C:\Program Files\KMSpico
2017-02-06 13:37 - 2017-02-06 13:37 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-02-06 13:37 - 2017-02-06 13:37 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2017-02-06 13:37 - 2017-02-06 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2017-02-06 13:37 - 2010-12-06 09:16 - 00090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2017-02-04 10:38 - 2017-02-05 11:49 - 00007168 _____ (painter) C:\WINDOWS\system32\painter_x64.dll
2017-02-03 20:27 - 2017-02-03 20:27 - 00000000 ____D C:\ProgramData\cGWJzVeUd0y
2017-02-03 20:23 - 2017-02-03 20:23 - 00001275 _____ C:\Users\Public\Desktop\FSX Booster Live.lnk
2017-02-03 20:23 - 2017-02-03 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSPS
2017-02-03 20:23 - 2017-02-03 20:23 - 00000000 ____D C:\Program Files (x86)\FSPS
2017-02-03 16:59 - 2016-09-23 02:07 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-02-03 16:50 - 2017-02-03 21:24 - 43236703 _____ C:\Users\MSI_USER\Downloads\north_american_ra-5c_vigilante.zip
2017-02-03 16:43 - 2017-02-03 16:50 - 38643176 _____ (VIRTUALI Sagl ) C:\Users\MSI_USER\Downloads\setup_addonmanagerX.exe
2017-02-03 16:39 - 2017-02-26 10:32 - 00003296 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-03 20:32 - 2016-01-17 07:24 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-03 20:32 - 2015-10-30 14:21 - 00000000 ____D C:\WINDOWS\INF
2017-03-03 20:31 - 2016-01-30 13:49 - 00004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6EF0C1BD-6B25-4ACC-94AA-4C1DA6F67AEA}
2017-03-03 20:31 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-03 12:25 - 2016-01-17 09:45 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-03 12:24 - 2016-01-18 01:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-03 10:14 - 2016-01-19 20:33 - 00000888 _____ C:\Users\MSI_USER\Desktop\fsx - Shortcut.lnk
2017-03-03 10:14 - 2016-01-17 10:55 - 00000000 ____D C:\Users\MSI_USER\Documents\Flight Simulator X-Dateien
2017-03-02 20:19 - 2016-09-07 10:16 - 00005163 _____ C:\Users\MSI_USER\Desktop\TO DO FSX.txt
2017-03-02 20:11 - 2016-08-08 13:03 - 00000000 ____D C:\Fraps
2017-03-02 20:10 - 2016-01-21 20:12 - 00000000 ____D C:\Users\Public\Documents\DX10SceneryFixer
2017-03-02 20:02 - 2016-01-23 10:44 - 00003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1453520686
2017-03-02 20:02 - 2016-01-23 10:44 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-02 20:02 - 2016-01-23 10:44 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-02 13:24 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-02 13:24 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-02 12:59 - 2016-01-17 08:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-02 12:59 - 2015-10-30 14:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-02 12:58 - 2016-01-17 08:37 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-02 12:58 - 2015-10-30 14:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-27 20:21 - 2016-09-10 18:49 - 00000216 _____ C:\Users\MSI_USER\Desktop\TO DO.txt
2017-02-27 19:35 - 2016-01-24 12:24 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-02-27 19:35 - 2016-01-17 09:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-27 19:35 - 2015-10-30 13:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-02-27 09:52 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\rescache
2017-02-26 22:52 - 2016-01-17 08:04 - 00000000 ____D C:\Users\MSI_USER\AppData\Local\NVIDIA Corporation
2017-02-26 22:50 - 2016-01-17 09:45 - 00000000 ____D C:\Users\MSI_USER
2017-02-26 20:25 - 2016-01-17 09:45 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-26 20:25 - 2016-01-17 09:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-26 20:24 - 2016-01-17 09:45 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-26 19:59 - 2016-01-17 08:02 - 00000000 ____D C:\Users\MSI_USER\AppData\Local\NVIDIA
2017-02-26 10:34 - 2016-01-24 12:24 - 00004030 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-26 10:34 - 2016-01-18 01:12 - 00000000 ____D C:\Users\MSI_USER\AppData\Local\Adobe
2017-02-26 10:32 - 2016-01-17 07:37 - 00002372 _____ C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-26 10:32 - 2016-01-17 07:37 - 00000000 ___RD C:\Users\MSI_USER\OneDrive
2017-02-26 00:53 - 2016-01-18 01:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-26 00:13 - 2016-08-26 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-02-25 22:29 - 2016-01-17 08:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-25 22:14 - 2016-08-16 08:12 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\Virtuali
2017-02-24 20:27 - 2016-01-17 07:36 - 00000000 ____D C:\Users\MSI_USER\AppData\Local\Packages
2017-02-24 19:34 - 2016-01-17 09:44 - 00407464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-24 19:33 - 2016-07-14 20:54 - 00000000 ____D C:\Program Files\CMAK
2017-02-24 19:33 - 2016-07-14 20:54 - 00000000 ____D C:\Program Files (x86)\CMAK
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\Provisioning
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-15 19:32 - 2016-01-18 19:50 - 00000000 ___RD C:\Users\MSI_USER\Documents\FSX
2017-02-12 13:25 - 2016-01-18 00:42 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-02-12 13:07 - 2016-01-28 11:13 - 00000000 ____D C:\Users\MSI_USER\Documents\Flight Simulator X Files
2017-02-12 12:58 - 2016-01-28 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Captain Sim
2017-02-12 12:55 - 2016-01-19 10:40 - 00000146 _____ C:\Users\MSI_USER\Desktop\Windows Defender - Shortcut.lnk
2017-02-12 12:52 - 2016-01-28 11:12 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captain Sim
2017-02-12 12:44 - 2016-01-27 19:51 - 00000000 ____D C:\ProgramData\CaptainSim
2017-02-12 10:12 - 2016-08-22 15:33 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\CaptainSim
2017-02-11 02:29 - 2016-01-17 08:01 - 14516664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2017-02-10 09:33 - 2017-01-04 15:21 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-10 09:33 - 2016-01-17 08:01 - 23738944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2017-02-10 09:33 - 2016-01-17 08:01 - 20012720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2017-02-10 09:33 - 2016-01-17 08:01 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 09:33 - 2016-01-17 08:01 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 09:33 - 2016-01-17 08:01 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-02-10 09:33 - 2016-01-17 08:01 - 00217528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-02-10 09:33 - 2016-01-17 08:01 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 09:33 - 2015-10-30 14:18 - 00418752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-10 05:57 - 2016-01-17 09:45 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-09 20:23 - 2016-01-18 00:44 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\Com
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\IME
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\Help
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\Program Files\Common Files\System
2017-02-09 12:45 - 2015-10-30 13:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-02-09 12:45 - 2015-10-30 13:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-09 12:45 - 2015-10-30 13:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-02-09 12:45 - 2015-10-30 13:28 - 00000000 ____D C:\WINDOWS\servicing
2017-02-07 20:39 - 2016-01-18 02:16 - 00000000 ____D C:\Program Files (x86)\USB Disk Security
2017-02-07 18:50 - 2016-01-26 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimMarket
2017-02-07 16:58 - 2016-08-13 20:33 - 00000000 ____D C:\Users\MSI_USER\Downloads\Macrium
2017-02-07 16:57 - 2016-01-18 01:39 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\vlc
2017-02-07 10:00 - 2016-08-25 11:51 - 00000000 ____D C:\Users\MSI_USER\Documents\Reflect
2017-02-07 08:55 - 2016-08-13 21:00 - 00000000 ____D C:\Program Files\Macrium
2017-02-07 08:55 - 2016-08-13 20:33 - 00000000 ____D C:\ProgramData\Macrium
2017-02-07 02:45 - 2015-10-30 14:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-07 02:45 - 2015-10-30 14:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 18:58 - 2016-08-17 20:00 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH
2017-02-06 13:48 - 2016-01-17 07:47 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 19:08 - 2016-01-17 07:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-04 19:03 - 2016-02-08 21:22 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons
2017-02-04 19:03 - 2016-02-08 21:21 - 00000000 ____D C:\ProgramData\InstallMate
2017-02-04 19:01 - 2016-01-20 13:05 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\NVIDIA
2017-02-04 10:38 - 2016-08-14 21:27 - 00003662 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-03 21:23 - 2016-02-08 21:20 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\Rikoooo
2017-02-03 18:33 - 2016-01-18 01:14 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-02-03 17:07 - 2016-01-20 19:18 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-02-03 17:06 - 2016-01-20 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A2A Simulations
2017-02-03 17:00 - 2016-01-17 07:46 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-03 17:00 - 2016-01-17 07:46 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-03 16:59 - 2016-08-16 08:05 - 00000000 ____D C:\ProgramData\Esellerate
2017-02-03 16:36 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-03 14:37 - 2016-10-20 10:56 - 00000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat

==================== Files in the root of some directories =======

2016-01-22 23:01 - 2016-08-04 11:01 - 0000231 _____ () C:\Users\MSI_USER\AppData\Roaming\WB.CFG
2016-01-17 07:40 - 2016-01-17 07:40 - 0000000 _____ () C:\Users\MSI_USER\AppData\Local\Driver_LOM_8161Present.flag

Files to move or delete:
====================
C:\Users\MSI_USER\FSDreamTeam_Geneva.reg
C:\Users\MSI_USER\FSDreamTeam_Hawaiian Airports Volume 1.reg
C:\Users\MSI_USER\FSDreamTeam_Hawaiian Airports Volume 2.reg
C:\Users\MSI_USER\FSDreamTeam_Honolulu.reg
C:\Users\MSI_USER\FSDreamTeam_ZurichX.reg


Some files in TEMP:
====================
2016-09-15 21:04 - 2017-02-07 08:05 - 46580704 _____ (Paramount Software UK Ltd) C:\Users\MSI_USER\AppData\Local\Temp\reflectPatch.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-24 15:23

==================== End of FRST.txt ============================
--- --- ---

--- --- ---

ikarus2557 03.03.2017 14:52
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-03-2017
Ran by MSI_USER (03-03-2017 20:35:52)
Running from C:\Users\MSI_USER\Desktop
Windows 10 Pro Version 1511 (X64) (2016-01-17 02:48:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-465342472-1690862640-1647311925-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-465342472-1690862640-1647311925-503 - Limited - Disabled)
Guest (S-1-5-21-465342472-1690862640-1647311925-501 - Limited - Disabled)
MSI_USER (S-1-5-21-465342472-1690862640-1647311925-1001 - Administrator - Enabled) => C:\Users\MSI_USER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

737 Captain (737-100 Expansion Model) 1.5 (HKLM-x32\...\e731) (Version: 1.5.00 - ฉ 1999-2012 Captain Sim)
737 Captain (737-100 Exterior Model) 0.2 (HKLM-x32\...\x730) (Version: 0.2.00 - ฉ 1999-2011 Captain Sim)
777 Captain (777-200 Exterior Model) 0.1 (HKLM-x32\...\x770) (Version: 0.1.00 - ฉ 1999-2011 Captain Sim)
Accu-Feel (HKLM-x32\...\Accu-Feel) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
aerosoft's - Lukla X - Mount Everest (HKLM-x32\...\{EF32F291-8B08-43EF-8BAA-58B9F8C9540F}) (Version: 1.00 - aerosoft)
aerosoft's - Menorca X for FSX (HKLM-x32\...\{5BD1BBB6-DC09-420F-B459-DD61DD351541}) (Version: 1.00 - aerosoft)
Aerosoft's - MonacoX (HKLM-x32\...\{B56D25A0-1316-4255-AB45-1147C9D01C5E}) (Version: 1.02 - Aerosoft)
aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.10 - aerosoft)
Aerosoft's - Piper Cheyenne FSX (HKLM-x32\...\{B7429839-9FAE-448E-8413-4888DCFE064F}) (Version: 1.00 - Aerosoft)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.00.976 - AIMP DevTeam)
Airbus A320 Family Mega Pack FSX & P3D (HKLM\...\{B3433E82-1261-4523-9D4E-BEC8CA678D50}) (Version: 1 - Project Airbus & its collaborators, François Doré, repack by Luis Quintero)
ALABEO Pitts S-2S (HKLM-x32\...\ALABEO Pitts S-2S) (Version: 1.00.00.00 - ALABEO)
Alphasim EFA Typhoon FSX & P3D (HKLM\...\{35F708C4-5C11-46C5-B4A1-EFA97EC214DE}) (Version: 1 - Alphasim/Virtavia)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Antonov An-2 0.9.7 (HKLM-x32\...\{7cd9d678-9999-4f1e-8ae0-24f71faad1a0}_is1) (Version: 0.9.7 - SibWings)
B1900D HD SERIES FSX/P3D (HKLM-x32\...\B1900D HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
BAE Red Arrows Hawk T1 (HKLM-x32\...\BAE Red Arrows Hawk T1) (Version:  - )
Basler BT-67 Base Pack V2 FSX SP2 & P3D (HKLM\...\{EB6BE03D-1D14-4137-AAE8-6DEEBDB8575D}) (Version: 1 - Manfred Jahn, Daniel Fuernkaess, Alexander M. Metzger, Hansjoerg Naegele)
Boeing 777-200ER Ultimate Pack (HKLM\...\{5849CFC1-98B4-4B0A-98F7-86322E790294}) (Version: 1 - Project OpenSky, update by Hanzalah Ravat)
Boeing P8-A Poseidon (HKLM\...\{0D1B836B-D6BC-4C8B-9B06-CE966304893D}) (Version: 1 - Model by TDS, enhanced by Alejandro Rojas Lucena, packaged by Chris Evans)
C90B King Air HD SERIES FSX (HKLM-x32\...\C90B King Air HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
Carenado Baron 58 FSX (HKLM-x32\...\Carenado Baron 58 FSX) (Version: 1.00.00.00 - Carenado)
Carenado C340 II FSX (HKLM-x32\...\Carenado C340 II FSX) (Version: 1.00.00.00 - Carenado)
Carenado F33A Bonanza (HKLM-x32\...\Carenado F33A Bonanza) (Version: 1.00.00.00 - Carenado)
Carenado PA28-181 ARCHER II FSX (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\Carenado PA28-181 ARCHER II FSX) (Version:  - )
Carenado Piper Cherokee FSX (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\Carenado Piper Cherokee FSX) (Version:  - )
Carenado V35B Bonanza for FSX (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\Carenado V35B Bonanza for FSX) (Version:  - )
Cessna Citation Excel XLS+ (HKLM\...\{66DB8AF6-8736-40AB-BC09-7168A951B8B7}) (Version: 1 - Aryus Works, Alex Sandro Guedes Silva, Jeffrey S. Bryner, Christoffer Petersen, Bigmike)
CH Control Manager Software (HKLM-x32\...\CHControlManager_is1) (Version:  - )
CLS Piper Arrow (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\CLS Piper Arrow) (Version:  - )
DX10 Scenery Fixer (HKLM-x32\...\{BEC93831-5B06-4A2B-911E-DCC135AFCA08}) (Version: 3.0.92.1 - Stevefx)
EMB500 Phenom 100 FSX/P3D (HKLM-x32\...\EMB500 Phenom 100 FSX/P3D) (Version: ${PRODUCT_VERSION} - Carenado)
EMB505 Phenom 300 v1.3 (HKLM-x32\...\EMB505 Phenom 300 v1.3with Navigraph Pack 1.1FSX) (Version: with Navigraph Pack 1.1 - Carenado)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
F-8 Vought Crusader v2 (HKLM\...\{B88A5BAF-08DB-4704-A587-8B04DCDBA672}) (Version: 2 - Alphasim/Virtavia. Henk Schuitemaker)
F9F Panther (HKLM-x32\...\F9F Panther) (Version:  - )
Fiji Photoreal Package Western FSX & P3D (HKLM\...\{DC17D3A5-1F2A-47F2-8FDD-6F5550C6030E}) (Version: 1 - Tiberius Kowalski)
Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
FlyLogic's - Altenrhein X (HKLM-x32\...\{E5326C48-869C-43C0-A78E-B531CCFF066B}) (Version: 1.00 - FlyLogic)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FSDG-Paro (HKLM-x32\...\FSDG-Paro) (Version:  - )
FSDreamTeam Geneva FSX (HKLM-x32\...\FSDreamTeam Geneva FSX_is1) (Version: 1.7.1 - VIRTUALI Sagl)
FSDreamTeam Hawaiian Airports Volume 1 FSX (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 1 FSX_is1) (Version: 1.8.3 - VIRTUALI Sagl)
FSDreamTeam Hawaiian Airports Volume 2 FSX (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 2 FSX_is1) (Version: 1.5.3 - VIRTUALI Sagl)
FSDreamTeam Honolulu International FSX (HKLM-x32\...\FSDreamTeam Honolulu International FSX_is1) (Version: 1.4.3 - VIRTUALI Sagl)
FSDreamTeam ZurichX FSX (HKLM-x32\...\FSDreamTeam ZurichX FSX_is1) (Version: 2.7.1 - VIRTUALI Sagl)
FSX & P3D - Hawaii Photoreal Vol. 3 - The Big Island v.0.93 version 0.93 (HKLM-x32\...\{C81E0194-A136-4653-9EB6-E9B7C3BD05C7}_is1) (Version: 0.93 - AveMetal Entertainment, Inc.)
FSX Booster Live (HKLM-x32\...\{D364ED64-2EEE-440F-83C8-0589EA17F6BF}) (Version: 1.1.0.0 - FSPS)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
H25B_H850XP FSX/P3D (HKLM-x32\...\H25B_H850XP FSX/P3D) (Version: ${PRODUCT_VERSION} - Carenado)
Hawaii Oahu (HKLM-x32\...\MegaSceneryX_is1) (Version: 1 - PC Aviator Inc.)
ICE AI Traffic for FSX (5.00) version 5.00 (HKLM-x32\...\{5F23C994-DED7-4AE0-B899-BBCBC57FC0F8}_is1) (Version: 5.00 - ICE AI Traffic Group)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
ItalySim-LICA 2016 (HKLM-x32\...\ISD-LICA2016-18199E96-4C34-473F-9530-E949D9209CE6_is1) (Version: 1.0.0.0 - SimMarket)
JetStream Designs LFML X 2013 (HKLM-x32\...\FSX_JETSTREAM_DESIGN_LFML_X_2013_is1) (Version: 1.0.0.0 - SimMarket)
JetStream Designs Palermo LICJ (HKLM-x32\...\JETSTREAMDESIGN-PALERMOLICJ-08588E01-7F3A-401B-A~17A2AB48_is1) (Version: 1.0.0.0 - SimMarket)
Just Flight - DC-8 Jetliner Series 10 to 40 (HKLM-x32\...\{14410905-9476-45D9-AC33-3DEDC9BDD257}) (Version: 1.00.0000 - Just Flight)
Just Flight - MilViz F-15E Strike Eagle (HKLM-x32\...\{AFCBCDA6-98C4-4D33-BA8F-3168A1860608}) (Version: 1.00.000 - Just Flight)
Just Flight Constellation Professional (HKLM-x32\...\{070B2AFF-E7F2-4085-83CD-5ED64A4C9CE5}) (Version: 1.00.000 - )
Just Flight MD-81/82 Jetliner (HKLM-x32\...\{6AA6251B-B7C8-40FC-8FB9-DCB9D81BE4C7}) (Version: 1.00.000 - )
Killer Bandwidth Control Filter Driver (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1120 - Rivet Networks)
L-1011 Captain (1011-1 Exterior Model) 0.1 (HKLM-x32\...\l111) (Version: 0.1.00 - ฉ 1999-2013 Captain Sim)
LFKB Bastia Poretta v1.1 (HKLM-x32\...\RFSCENERYBUILDING_LFKB_is1) (Version: 1.1.0.0 - SimMarket)
LFLB - Chamb้ry Aix les Bains FSX (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\LFLB - Chamb้ry Aix les Bains FSX) (Version:  - )
LFMD Cannes FSX version 1.01 (HKLM-x32\...\{75CBE292-551C-4CBD-89D4-D57733A4B14E}_is1) (Version: 1.01 - LMT SIMULATION)
LICC_Catania-Fontanarossa (HKLM-x32\...\RFS_LICC_CATANIA_FONTANAROSSA_is1) (Version: 1.1.0.0 - SimMarket)
LLH1 (HKLM-x32\...\LLH1) (Version:  - )
LLH9 (HKLM-x32\...\LLH9) (Version:  - )
Lockheed L-1049H Super Constellation FSX  (HKLM\...\{9C5D1F18-A234-4162-BEA8-4C90FF362EA4}) (Version:  - Manfred Jahn)
LSMP Airbase Payerne Version 3 (HKLM-x32\...\LSMP Airbase Payerne Version 3) (Version:  - )
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden
Mailsoft's - Birrfeld X (HKLM-x32\...\{F3F3CA83-5D04-4F6F-9234-0E3557CEADBD}) (Version: 1.00 - Mailsoft)
MeatWater FO Altitude Callouts v1.0 (HKLM-x32\...\MeatWater FO Altitude Callouts v1.0) (Version:  - )
MegaSceneryEarth Seattle Ultra Res 001 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 001 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 002 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 002 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 003 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 003 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 004 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 004 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 005 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 005 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 006 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 006 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 007 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 007 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 008 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 008 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 009 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 009 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 010 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 010 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 011 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 011 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 012 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 012 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Washington Charts 2.0 (HKLM-x32\...\MegaSceneryEarth Washington Charts 2.0) (Version: 2.0 - MegaSceneryEarth)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft OneDrive (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.021 - MSI)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
North American F-86 EF Sabre FSX  (HKLM\...\{B8876B7C-AAF9-4ACB-B0A4-D33113B9E855}) (Version:  - SECTIONF8)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.100 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.100 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.100 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.11.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
P-3C Orion V3.31 (HKLM\...\{CE6DA500-D22D-4DDF-BE50-4ECFB65FE06E}) (Version: 2 - Team FS KBT)
PA34 200T SENECA II FSX (HKLM-x32\...\PA34 200T SENECA II FSX) (Version: 1.00.00.00 - Carenado)
Pilatus PC-7 V2.0 FSX FSX (HKLM\...\{5556F404-3009-46E8-90CD-0EF7A16F4850}) (Version: FSX - Tim Piglet Conrad)
QualityWings Ultimate 146 Collection FSX (HKLM-x32\...\QualityWings Ultimate 146 Collection FSX) (Version:  - )
RAZBAM LTV A-7 E & D Corsair II Volume I (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\RAZBAM LTV A-7 E & D Corsair II Volume I) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
SAAB 91 Safir X 3.0.2 (HKLM-x32\...\{971F7265-110A-4A7E-A159-3DB0A3CE4C63}_is1) (Version: 3.0.2 - SibWings lab)
SBD Dauntless FSX (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\SBD Dauntless FSX) (Version:  - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.100 - NVIDIA Corporation) Hidden
Skydesigners - LFTZ Saint-Tropez La Mole Airport (HKLM-x32\...\FSX_SKYDESIGNERS_LFTZ_SAINT_TROPEZ_LA_MOLE_is1) (Version: 1.0.0.0 - SimMarket)
SOD Dragoneye HK v2 (HKLM-x32\...\SOD_DRAGONEYE_HK_V2_is1) (Version: 1.0.0.0 - SimMarket)
UKMIL Buccaneer S2 PACKAGE FSX & P3D (HKLM\...\{A1BA46E2-9D56-4DDC-93E7-EBAE79BF4214}) (Version: 1 - UKMIL)
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
Vickers Viking for FSX (HKLM-x32\...\{74DEA96E-53A5-4616-A267-71A714A10840}) (Version: 1.00.0000 - Jens B. Kristensen)
VIRTUALI Addon ManagerX FSX (HKLM-x32\...\VIRTUALI Addon ManagerX FSX_is1) (Version: 3.1.0.1 - VIRTUALI Sagl)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.4.2012.5 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B801D7D-1A90-4D1D-82A6-FD5C14CCFD32} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-08] (NVIDIA Corporation)
Task: {21DDB531-EF3E-4BB1-AC58-F9D081CB2F47} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {285F3B85-892B-44DA-81AE-FD1DEEE82814} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {2A74CB1A-9F5C-4761-BF9E-11A658B174AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.)
Task: {3425460B-F385-4591-A52F-A94AEB7EABF0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-08] (NVIDIA Corporation)
Task: {37223355-7936-4B91-9282-7250B86333BA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-08] (NVIDIA Corporation)
Task: {561CF9CE-1BA1-443F-8B4E-2E28F7BA5260} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-08] (NVIDIA Corporation)
Task: {6034BD26-6F4A-44CC-A7F1-6D192FA8AE49} - System32\Tasks\Macrium-Backup-{D5990322-26A1-4F98-89E8-86A839B05F19} => C:\program files\macrium\reflect\Reflect.exe [2016-12-12] (Paramount Software UK Ltd)
Task: {7C513035-1B3C-4AAD-8044-DDBD01A77CFF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-02] (Adobe Systems Incorporated)
Task: {7D48E2EC-CBBF-4E60-A950-20B7370359A1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-08] (NVIDIA Corporation)
Task: {88E09071-B3C7-43D5-9D4F-916EA872D4BD} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2015-09-05] (Beepa P/L)
Task: {A2D7DAFC-2FCE-4F9A-9A11-FF1EFE9C184A} - System32\Tasks\Opera scheduled Autoupdate 1453520686 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {B8F7B765-1BF8-412A-8987-3DFDEB503081} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.)
Task: {B9A03441-08A4-4C83-8671-32215926C9BC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-26] (Adobe Systems Incorporated)
Task: {C2D83748-8C30-4C7C-A750-B9E055555514} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-08] (NVIDIA Corporation)
Task: {F305DA39-12FB-406A-A015-DB73972BCB32} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-08] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Macrium-Backup-{D5990322-26A1-4F98-89E8-86A839B05F19}.job => C:\program files\macrium\reflect\Reflect.exe t-e -w -dp C:\Users\MSI_USER\Documents\Reflect\My Backup C + E.xml

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons\Pilatus PC-7 V2.0 FSX\www.rikoooo.com.lnk -> hxxp://www.rikoooo.com
Shortcut: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons\North American F-86 EF Sabre FSX\www.rikoooo.com.lnk -> hxxp://www.rikoooo.com
Shortcut: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons\North American F-86 EF Sabre FSX\www.sectionf8.com.lnk -> hxxp://www.sectionf8.com
Shortcut: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons\Lockheed L-1049H Super Constellation FSX\calclassic.proboards55.com.lnk -> hxxp://calclassic.proboards55.com
Shortcut: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons\Lockheed L-1049H Super Constellation FSX\www.calclassic.com.lnk -> hxxp://www.calclassic.com
Shortcut: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons\Lockheed L-1049H Super Constellation FSX\www.rikoooo.com.lnk -> hxxp://www.rikoooo.com

ShortcutWithArgument: C:\Users\MSI_USER\Documents\DESKTOP\ARCHIV 1\Shared WiFi 3.lnk -> C:\Program Files (x86)\Hostless Modem\Shared WiFi 3\LaunchWebUI.exe () -> hxxp://m.home

==================== Loaded Modules (Whitelisted) ==============

2017-02-26 19:59 - 2017-02-08 18:57 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-10-30 14:18 - 2015-10-30 14:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-17 09:45 - 2017-02-10 05:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-16 21:20 - 2016-10-25 16:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-16 21:20 - 2016-10-25 16:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-18 00:42 - 2016-01-18 00:42 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-14 11:37 - 2016-07-01 10:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-02-16 21:20 - 2016-10-25 11:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-02-16 21:20 - 2016-10-25 11:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-16 21:20 - 2016-10-25 11:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-02-16 21:20 - 2016-10-25 11:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-11 21:55 - 2016-07-11 21:55 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-08-26 10:27 - 2009-11-14 23:14 - 00063488 _____ () E:\FSX NEW\FlyLogic\SeasonFileSwitcherV2\SeasonFileSwitcherV2.exe
2016-08-04 11:33 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-11 21:55 - 2016-07-11 21:55 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-07-11 21:55 - 2016-07-11 21:56 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-07-11 21:55 - 2016-07-11 21:55 - 02941440 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2016-07-11 21:55 - 2016-07-11 21:55 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2016-07-11 21:55 - 2016-07-11 21:55 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll
2017-02-26 19:59 - 2017-02-08 18:56 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-02-26 19:59 - 2017-02-08 17:54 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-02-26 19:59 - 2017-02-08 17:54 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-02-26 19:59 - 2017-02-08 17:54 - 02807232 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-02-26 19:59 - 2017-02-08 17:54 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-02-26 19:59 - 2017-02-08 17:54 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-02-26 19:59 - 2017-02-08 17:54 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-02-26 19:59 - 2017-02-08 17:54 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-02-26 19:59 - 2017-02-08 17:54 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-03-02 20:01 - 2017-03-02 20:01 - 39821912 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_browser.dll
2017-03-02 20:01 - 2017-03-02 20:01 - 45842008 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll
2017-03-02 20:01 - 2017-03-02 20:01 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libglesv2.dll
2017-03-02 20:01 - 2017-03-02 20:01 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libegl.dll
2017-02-23 22:46 - 2016-08-19 08:39 - 00019968 _____ () E:\FSX NEW\d3dx10_34.dll
2017-02-23 22:46 - 2016-08-19 08:39 - 00562688 _____ () E:\FSX NEW\dx10fixerlib.DLL
2017-02-23 22:46 - 2016-08-19 08:38 - 00007168 _____ () E:\FSX NEW\dx10SharedLib.dll
2014-03-20 00:18 - 2014-03-20 00:18 - 08458752 _____ () E:\FSX NEW\CMeteoXml.dll
2017-02-03 17:06 - 2012-09-13 09:22 - 00603648 _____ () E:\FSX NEW\Modules\A2A_Feel.dll
2017-02-03 17:06 - 2012-08-14 09:16 - 00190976 _____ () E:\FSX NEW\Modules\AccuFeelMenu.dll
2016-09-14 19:28 - 2010-06-04 11:51 - 00023552 _____ () E:\FSX NEW\MD80.dll
2012-03-29 05:16 - 2012-03-29 05:16 - 00049152 _____ () E:\FSX NEW\Captain_Sim\bin\cs.sound.dll
2016-01-22 22:54 - 2012-10-20 12:51 - 00827392 _____ () E:\FSX NEW\QualityWings\qwings.dll
2006-04-30 04:20 - 2003-05-01 22:44 - 00040960 _____ () E:\FSX NEW\GaugeSound.DLL
2012-10-30 00:57 - 2012-10-28 21:34 - 27561984 _____ () E:\FSX NEW\GAUGES\QWBae146.GAU
2017-02-25 22:27 - 2015-03-12 15:11 - 01157632 _____ () E:\FSX NEW\fsdreamteam\couatl\wx\_core_.pyd
2017-02-25 22:27 - 2015-03-12 15:11 - 00790528 _____ () E:\FSX NEW\fsdreamteam\couatl\wx\_gdi_.pyd
2017-02-25 22:27 - 2015-03-12 15:11 - 00811008 _____ () E:\FSX NEW\fsdreamteam\couatl\wx\_windows_.pyd
2017-02-25 22:27 - 2015-03-12 15:11 - 01059328 _____ () E:\FSX NEW\fsdreamteam\couatl\wx\_controls_.pyd
2017-02-25 22:27 - 2015-03-12 15:11 - 00733696 _____ () E:\FSX NEW\fsdreamteam\couatl\wx\_misc_.pyd
2017-02-25 22:27 - 2015-03-12 15:11 - 00152576 _____ () E:\FSX NEW\fsdreamteam\couatl\wx\_xrc.pyd
2016-08-16 08:05 - 2015-03-23 12:10 - 01202176 _____ () E:\FSX NEW\fsdreamteam\couatl\_libastro.pyd

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-01-17 07:08 - 2016-01-17 07:07 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-465342472-1690862640-1647311925-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MSI_USER\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{a702d396-7125-4a27-8cf7-8a3365003199}.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Fast Boot"
HKLM\...\StartupApproved\Run32: => "USB Security"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "adm_tray.exe"
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPortF0ac7B"
HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_566FF74826DC815D3E0370C0C29D28A3"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{DFC29034-E9F3-45B6-8F27-9E2A7955E4C4}C:\users\msi_user\appdata\local\microsoft\onedrive\onedrive.exe] => (Allow) C:\users\msi_user\appdata\local\microsoft\onedrive\onedrive.exe
FirewallRules: [TCP Query User{829D104F-3C9B-4B6B-ADFA-06C026871431}C:\users\msi_user\appdata\local\microsoft\onedrive\onedrive.exe] => (Allow) C:\users\msi_user\appdata\local\microsoft\onedrive\onedrive.exe
FirewallRules: [{694024F0-FC8F-4EFF-97AC-4118E714BC82}] => (Allow) C:\Users\MSI_USER\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{5242918F-7C07-40C0-AD5A-F4A2C4E9E28B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0D139D88-1BA6-4D4C-94F4-0B3A2330E4FD}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{0DB6C35C-3BCB-4070-A309-EFBA91EDFA41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4DB5F2DC-1688-41EC-9CA2-2C5257F5B36A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{07DE7EEF-1141-4D87-B464-64CD509BDA0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A5B5CF15-232A-4360-86FF-B612C302ACBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5DF56E8C-6A83-4F27-A434-2054E29B809B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8CB826C4-2343-4C6C-9803-753965FC77BB}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe

==================== Restore Points =========================

25-02-2017 22:27:57 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
02-03-2017 12:58:36 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/03/2017 07:46:08 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (03/02/2017 10:01:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (03/02/2017 08:13:28 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (03/02/2017 08:10:45 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\MSI_USER\Downloads\esetsmartinstaller_deu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (03/02/2017 12:58:37 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/28/2017 07:39:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: couatl.exe, version: 3.1.0.3625, time stamp: 0x58921765
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7ecb070e
Faulting process id: 0xf90
Faulting application start time: 0x01d291bfb2fb4bdf
Faulting application path: E:\FSX NEW\fsdreamteam\couatl\couatl.exe
Faulting module path: unknown
Report Id: ab01f86e-375f-4a68-9570-9f5fc122864c
Faulting package full name:
Faulting package-relative application ID:

Error: (02/27/2017 12:43:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: couatl.exe, version: 3.1.0.3625, time stamp: 0x58921765
Faulting module name: couatl.exe, version: 3.1.0.3625, time stamp: 0x58921765
Exception code: 0xc0000005
Fault offset: 0x0046028e
Faulting process id: 0x1f30
Faulting application start time: 0x01d290bc5fb310da
Faulting application path: E:\FSX NEW\fsdreamteam\couatl\couatl.exe
Faulting module path: E:\FSX NEW\fsdreamteam\couatl\couatl.exe
Report Id: 772066b7-40f2-434a-a1e1-ade6753e8932
Faulting package full name:
Faulting package-relative application ID:

Error: (02/26/2017 10:50:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (02/26/2017 08:29:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-TUSRUQC)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (02/26/2017 08:26:49 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.


System errors:
=============
Error: (03/03/2017 08:29:03 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {51519EAA-519F-4A82-B642-48DBCB0C8D35}, had event 74

Error: (03/03/2017 08:29:03 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TUSRUQC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 and APPID
{CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
 to the user DESKTOP-TUSRUQC\MSI_USER SID (S-1-5-21-465342472-1690862640-1647311925-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2017 12:07:32 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TUSRUQC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 and APPID
{CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
 to the user DESKTOP-TUSRUQC\MSI_USER SID (S-1-5-21-465342472-1690862640-1647311925-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2017 10:59:05 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TUSRUQC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 and APPID
{CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
 to the user DESKTOP-TUSRUQC\MSI_USER SID (S-1-5-21-465342472-1690862640-1647311925-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2017 09:55:24 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TUSRUQC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 and APPID
{CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
 to the user DESKTOP-TUSRUQC\MSI_USER SID (S-1-5-21-465342472-1690862640-1647311925-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2017 09:39:11 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TUSRUQC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 and APPID
{CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
 to the user DESKTOP-TUSRUQC\MSI_USER SID (S-1-5-21-465342472-1690862640-1647311925-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2017 09:39:10 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {51519EAA-519F-4A82-B642-48DBCB0C8D35}, had event 74

Error: (03/03/2017 06:54:20 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TUSRUQC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 and APPID
{CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
 to the user DESKTOP-TUSRUQC\MSI_USER SID (S-1-5-21-465342472-1690862640-1647311925-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.

Error: (03/03/2017 06:54:16 AM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {51519EAA-519F-4A82-B642-48DBCB0C8D35}, had event 74

Error: (03/02/2017 10:19:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_8a3dff5 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2017-03-03 06:57:18.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-02 12:59:53.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-24 19:34:42.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-16 21:17:13.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-09 12:55:11.520
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-07 10:35:08.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 18:10:48.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-25 10:08:34.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-18 17:33:29.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-02 09:37:18.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 52%
Total physical RAM: 8135.94 MB
Available physical RAM: 3861.43 MB
Total Virtual: 9415.94 MB
Available Virtual: 2542.33 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.69 GB) (Free:38.82 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:423.26 GB) NTFS
Drive e: (Local Disk) (Fixed) (Total:1863.01 GB) (Free:630.36 GB) NTFS
Drive f: (AFM_DISK1) (CDROM) (Total:5.27 GB) (Free:0 GB) CDFS
Drive g: (KINGSTON) (Removable) (Total:14.4 GB) (Free:2.97 GB) FAT32
Drive h: (Elements 2) (Fixed) (Total:1862.98 GB) (Free:239.41 GB) NTFS
Drive i: (Elements 1) (Fixed) (Total:1862.98 GB) (Free:269.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: FADE989E)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1ED78F3D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1ED78F3E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 29292B5C)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 14.4 GB) (Disk ID: 4E6F2201)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0B)

========================================================
Disk: 6 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 62F0B16C)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

cosinus 03.03.2017 20:07
edit: verklickt

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

ikarus2557 04.03.2017 08:00
Hallo Cosinus,
hier die mbar-logs
Wünsche Dir ein tolles Wochenende
Gruss
Alfred

Code:
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.03.04.02
  rootkit: v2017.02.27.01

Windows 10 x64 NTFS
Internet Explorer 11.713.10586.0
MSI_USER :: DESKTOP-TUSRUQC [administrator]

04.03.2017 12:41:43
mbar-log-2017-03-04 (12-41-43).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 320052
Time elapsed: 3 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Users\MSI_USER\AppData\Local\Temp\DMR (Adware.ChinAd) -> Delete on reboot. [2ed409bd4c5cef4751b2f5e7e61ba957]
C:\Users\MSI_USER\AppData\Local\Temp\DMR\Downloads (Adware.ChinAd) -> Delete on reboot. [2ed409bd4c5cef4751b2f5e7e61ba957]
C:\Users\MSI_USER\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1 (Adware.ChinAd) -> Delete on reboot. [2ed409bd4c5cef4751b2f5e7e61ba957]
C:\Users\MSI_USER\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\386cbda44cba6f62565561df9aee79a7 (Adware.ChinAd) -> Delete on reboot. [2ed409bd4c5cef4751b2f5e7e61ba957]
C:\Users\MSI_USER\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\af733a929cbb2c2f1241e01d5290384e (Adware.ChinAd) -> Delete on reboot. [2ed409bd4c5cef4751b2f5e7e61ba957]

Files Detected: 7
C:\Users\MSI_USER\AppData\Local\Temp\DMR\amrgnxfpjxjajdvy.dat (Adware.ChinAd) -> Delete on reboot. [2ed409bd4c5cef4751b2f5e7e61ba957]
C:\Users\MSI_USER\AppData\Local\Temp\DMR\hxspwkciymdnlxch.dat (Adware.ChinAd) -> Delete on reboot. [2ed409bd4c5cef4751b2f5e7e61ba957]
C:\Users\MSI_USER\AppData\Local\Temp\DMR\mxcvoffundydaubr.dat (Adware.ChinAd) -> Delete on reboot. [2ed409bd4c5cef4751b2f5e7e61ba957]
C:\Users\MSI_USER\AppData\Local\Temp\DMR\tkkoyifnwpmrqcxl.dat (Adware.ChinAd) -> Delete on reboot. [2ed409bd4c5cef4751b2f5e7e61ba957]
C:\Users\MSI_USER\AppData\Local\Temp\DMR\xzzzrhmkipxzrdhg.dat (Adware.ChinAd) -> Delete on reboot. [2ed409bd4c5cef4751b2f5e7e61ba957]
C:\Users\MSI_USER\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\386cbda44cba6f62565561df9aee79a7\ImageResizerSetup_3.0.4802.exe (Adware.ChinAd) -> Delete on reboot. [2ed409bd4c5cef4751b2f5e7e61ba957]
C:\Users\MSI_USER\AppData\Local\Temp\DMR\Downloads\152e221a8bef8d2d13c58f995563a1a1\af733a929cbb2c2f1241e01d5290384e\br14_free_ger.exe (Adware.ChinAd) -> Delete on reboot. [2ed409bd4c5cef4751b2f5e7e61ba957]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Code:
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2014.11.18.05
  rootkit: v2014.11.12.01

Windows 10 x64 NTFS
Internet Explorer 11.713.10586.0
MSI_USER :: DESKTOP-TUSRUQC [administrator]

04.03.2017 12:47:47
mbar-log-2017-03-04 (12-47-47).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 353397
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [60dd69d4c2ba90a6339afff555ae34cc]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [182578c5ef8d86b08462d61e649f659b]
HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [c578e8559ddf69cdcc3acd2a21e2c63a]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MRT.exe (Trojan.Agent) -> Delete on reboot. [28158ab31e5e270f6964fff5758ee917]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\MsMpEng.exe (Security.Hijack) -> Delete on reboot. [50edd8654b31fa3c6482886c976cc040]
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\svchost.exe (Security.Hijack) -> Delete on reboot. [cf6e81bc106c9f974fb72acdb54ea45c]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
[CODE][Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2014.11.18.05
rootkit: v2014.11.12.01

Windows 10 x64 NTFS
Internet Explorer 11.713.10586.0
MSI_USER :: DESKTOP-TUSRUQC [administrator]

04.03.2017 12:58:20
mbar-log-2017-03-04 (12-58-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 353407
Time elapsed: 3 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
/CODE]

cosinus 04.03.2017 14:39
Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


ikarus2557 05.03.2017 03:53
hier die logs JRT und AdwCl.

Gruss
Alfred


Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 10 Pro x64
Ran by MSI_USER (Administrator) on 05.03.2017 at  9:42:54.19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\ProgramData\esellerate (Folder)
Successfully deleted: C:\Users\MSI_USER\AppData\Roaming\Mozilla\Firefox\Profiles\b4eo7tkp.default\user.js (File)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_566FF74826DC815D3E0370C0C29D28A3 (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.03.2017 at  9:44:01.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
# AdwCleaner v6.044 - Logfile created 05/03/2017 at 09:40:05
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : MSI_USER - DESKTOP-TUSRUQC
# Running from : C:\Users\MSI_USER\Desktop\AdwCleaner_6.044.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\MSI_USER\AppData\Roaming\Zbshareware Lab
[-] Folder deleted: C:\ProgramData\Tarma Installer
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Tarma Installer
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Disk Security
[-] Folder deleted: C:\Program Files (x86)\USB Disk Security


***** [ Files ] *****

[-] File deleted: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Web Navigation.lnk
[-] File deleted: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\USB Disk Security.lnk
[-] File deleted: C:\Users\Public\Desktop\USB Disk Security.lnk


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKU\S-1-5-21-465342472-1690862640-1647311925-1001\Software\Classes\.bgl
[#] Key deleted on reboot: HKCU\Software\Classes\.bgl
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\.bgl
[-] Key deleted: [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key deleted: [x64] HKLM\SOFTWARE\DtsEncodeTools
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hao123.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\th.hao123.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hao123.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\th.hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\th.hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\hao123.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\th.hao123.com
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd


***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: Proxy settings cleared
:: IE policies deleted
:: Chrome policies deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4132 Bytes] - [05/03/2017 09:40:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [4156 Bytes] - [05/03/2017 09:38:56]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4278 Bytes] ##########


Alle Zeitangaben in WEZ +1. Es ist jetzt 20:38 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131