Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System trying to connect to multiple IP on port 8888


  • This topic is locked This topic is locked
1 reply to this topic

#1 gpontis

gpontis

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 09 July 2016 - 11:32 AM

Windows 7 x64
EMET 5.5
No AV
External firewall, OpenBSD PF

Problem:

System has been observed trying to connect to many suspicious IP, all using port 8888. Here is a log from the firewall:

 
/root >> tcpdump -i em0 port 8888
tcpdump: listening on em0, link-type EN10MB
07:48:14.878761 192.168.1.111.1286 > host.my-tss.com.8888: S 3476452961:3476452961(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.878879 192.168.1.111.1287 > 208.167.254.98.8888: S 4017075576:4017075576(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879002 192.168.1.111.1288 > 108.61.228.99.8888: S 1349937316:1349937316(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879124 192.168.1.111.1289 > 162.216.46.34.8888: S 4018100496:4018100496(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879245 192.168.1.111.1290 > 104.156.240.156.8888: S 3494645583:3494645583(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879366 192.168.1.111.1291 > 104.200.154.96.8888: S 360574494:360574494(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879368 192.168.1.111.1292 > 104.200.151.11.8888: S 3536689075:3536689075(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879489 192.168.1.111.1293 > 104.156.228.165.8888: S 1862038447:1862038447(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879613 192.168.1.111.1294 > d15f3280.setaptr.net.8888: S 4091261163:4091261163(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879735 192.168.1.111.1295 > 104.238.169.23.8888: S 3335169738:3335169738(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879857 192.168.1.111.1296 > 92b91cfc.rdns.100tb.com.8888: S 1871084788:1871084788(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879860 192.168.1.111.1297 > 172.98.67.127.8888: S 893589533:893589533(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.879979 192.168.1.111.1298 > 173.199.65.24.choopa.net.8888: S 3916149417:3916149417(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880102 192.168.1.111.1299 > 2f.06.01a8.ip4.static.sl-reverse.com.8888: S 2710558423:2710558423(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880222 192.168.1.111.1300 > 9.4b.01a8.ip4.static.sl-reverse.com.8888: S 1106162657:1106162657(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880345 192.168.1.111.1301 > 107.150.94.6.8888: S 3137397753:3137397753(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880348 192.168.1.111.1302 > tsn109-201-152-227.dyn.nltelcom.net.8888: S 3882590632:3882590632(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880476 192.168.1.111.1303 > 185.3.135.146.8888: S 2622796143:2622796143(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880586 192.168.1.111.1304 > 192.40.88.71.8888: S 2051452973:2051452973(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880708 192.168.1.111.1305 > 192.40.89.19.8888: S 2202609241:2202609241(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880711 192.168.1.111.1306 > 192.40.95.10.8888: S 2747790111:2747790111(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880830 192.168.1.111.1307 > 179.43.178.66.8888: S 3682643731:3682643731(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880952 192.168.1.111.1308 > 108.61.122.152.choopa.net.8888: S 2823140411:2823140411(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.880955 192.168.1.111.1309 > hosted-by.leaseweb.com.8888: S 3901600789:3901600789(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881074 192.168.1.111.1310 > 185.108.128.9.8888: S 3195045884:3195045884(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881214 192.168.1.111.1311 > e2.85.7a9f.ip4.static.sl-reverse.com.8888: S 2037801718:2037801718(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881318 192.168.1.111.1312 > D.C.B.A-nia.romaninternet.com.8888: S 1801130459:1801130459(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881321 192.168.1.111.1313 > vpn.8888: S 4041098794:4041098794(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881440 192.168.1.111.1314 > 84.f9.5177.ip4.static.sl-reverse.com.8888: S 97354762:97354762(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881562 192.168.1.111.1315 > 58.7c.5177.ip4.static.sl-reverse.com.8888: S 2189574550:2189574550(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881685 192.168.1.111.1316 > 93.48.caa1.ip4.static.sl-reverse.com.8888: S 1982592617:1982592617(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881688 192.168.1.111.1317 > 31-168-172-142.telavivwifi.com.8888: S 738721504:738721504(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881801 192.168.1.111.1318 > d8.00.39a9.ip4.static.sl-reverse.com.8888: S 2051320951:2051320951(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881932 192.168.1.111.1319 > 105.145.154.177.static.sp2.alog.com.br.8888: S 4022182732:4022182732(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:14.881935 192.168.1.111.1320 > server9.hosted-by-100tb.com.8888: S 1839012297:1839012297(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877356 192.168.1.111.1291 > 104.200.154.96.8888: S 360574494:360574494(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877359 192.168.1.111.1308 > 108.61.122.152.choopa.net.8888: S 2823140411:2823140411(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877361 192.168.1.111.1312 > D.C.B.A-nia.romaninternet.com.8888: S 1801130459:1801130459(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877363 192.168.1.111.1314 > 84.f9.5177.ip4.static.sl-reverse.com.8888: S 97354762:97354762(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.877365 192.168.1.111.1299 > 2f.06.01a8.ip4.static.sl-reverse.com.8888: S 2710558423:2710558423(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878313 192.168.1.111.1294 > d15f3280.setaptr.net.8888: S 4091261163:4091261163(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878316 192.168.1.111.1310 > 185.108.128.9.8888: S 3195045884:3195045884(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878318 192.168.1.111.1301 > 107.150.94.6.8888: S 3137397753:3137397753(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878320 192.168.1.111.1311 > e2.85.7a9f.ip4.static.sl-reverse.com.8888: S 2037801718:2037801718(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878439 192.168.1.111.1288 > 108.61.228.99.8888: S 1349937316:1349937316(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878442 192.168.1.111.1318 > d8.00.39a9.ip4.static.sl-reverse.com.8888: S 2051320951:2051320951(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878444 192.168.1.111.1307 > 179.43.178.66.8888: S 3682643731:3682643731(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878445 192.168.1.111.1292 > 104.200.151.11.8888: S 3536689075:3536689075(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878447 192.168.1.111.1315 > 58.7c.5177.ip4.static.sl-reverse.com.8888: S 2189574550:2189574550(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878449 192.168.1.111.1313 > vpn.8888: S 4041098794:4041098794(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878451 192.168.1.111.1287 > 208.167.254.98.8888: S 4017075576:4017075576(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878453 192.168.1.111.1296 > 92b91cfc.rdns.100tb.com.8888: S 1871084788:1871084788(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878454 192.168.1.111.1289 > 162.216.46.34.8888: S 4018100496:4018100496(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878456 192.168.1.111.1302 > tsn109-201-152-227.dyn.nltelcom.net.8888: S 3882590632:3882590632(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878458 192.168.1.111.1306 > 192.40.95.10.8888: S 2747790111:2747790111(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878460 192.168.1.111.1305 > 192.40.89.19.8888: S 2202609241:2202609241(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878462 192.168.1.111.1309 > hosted-by.leaseweb.com.8888: S 3901600789:3901600789(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878463 192.168.1.111.1286 > host.my-tss.com.8888: S 3476452961:3476452961(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.878465 192.168.1.111.1317 > 31-168-172-142.telavivwifi.com.8888: S 738721504:738721504(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879340 192.168.1.111.1298 > 173.199.65.24.choopa.net.8888: S 3916149417:3916149417(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879342 192.168.1.111.1297 > 172.98.67.127.8888: S 893589533:893589533(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879344 192.168.1.111.1293 > 104.156.228.165.8888: S 1862038447:1862038447(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879346 192.168.1.111.1295 > 104.238.169.23.8888: S 3335169738:3335169738(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879459 192.168.1.111.1304 > 192.40.88.71.8888: S 2051452973:2051452973(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879461 192.168.1.111.1320 > server9.hosted-by-100tb.com.8888: S 1839012297:1839012297(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879463 192.168.1.111.1290 > 104.156.240.156.8888: S 3494645583:3494645583(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879465 192.168.1.111.1303 > 185.3.135.146.8888: S 2622796143:2622796143(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879467 192.168.1.111.1316 > 93.48.caa1.ip4.static.sl-reverse.com.8888: S 1982592617:1982592617(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879469 192.168.1.111.1300 > 9.4b.01a8.ip4.static.sl-reverse.com.8888: S 1106162657:1106162657(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:17.879471 192.168.1.111.1319 > 105.145.154.177.static.sp2.alog.com.br.8888: S 4022182732:4022182732(0) win 8192 <mss 1460,nop,wscale 8,nop,nop,sackOK> (DF)
07:48:23.878689 192.168.1.111.1294 > d15f3280.setaptr.net.8888: S 4091261163:4091261163(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878692 192.168.1.111.1310 > 185.108.128.9.8888: S 3195045884:3195045884(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878694 192.168.1.111.1301 > 107.150.94.6.8888: S 3137397753:3137397753(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878696 192.168.1.111.1307 > 179.43.178.66.8888: S 3682643731:3682643731(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878698 192.168.1.111.1311 > e2.85.7a9f.ip4.static.sl-reverse.com.8888: S 2037801718:2037801718(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878808 192.168.1.111.1315 > 58.7c.5177.ip4.static.sl-reverse.com.8888: S 2189574550:2189574550(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878811 192.168.1.111.1288 > 108.61.228.99.8888: S 1349937316:1349937316(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878813 192.168.1.111.1292 > 104.200.151.11.8888: S 3536689075:3536689075(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878815 192.168.1.111.1287 > 208.167.254.98.8888: S 4017075576:4017075576(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878817 192.168.1.111.1289 > 162.216.46.34.8888: S 4018100496:4018100496(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878819 192.168.1.111.1313 > vpn.8888: S 4041098794:4041098794(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878820 192.168.1.111.1318 > d8.00.39a9.ip4.static.sl-reverse.com.8888: S 2051320951:2051320951(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878822 192.168.1.111.1306 > 192.40.95.10.8888: S 2747790111:2747790111(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878824 192.168.1.111.1296 > 92b91cfc.rdns.100tb.com.8888: S 1871084788:1871084788(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878826 192.168.1.111.1309 > hosted-by.leaseweb.com.8888: S 3901600789:3901600789(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878828 192.168.1.111.1302 > tsn109-201-152-227.dyn.nltelcom.net.8888: S 3882590632:3882590632(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878829 192.168.1.111.1305 > 192.40.89.19.8888: S 2202609241:2202609241(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878831 192.168.1.111.1286 > host.my-tss.com.8888: S 3476452961:3476452961(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.878833 192.168.1.111.1317 > 31-168-172-142.telavivwifi.com.8888: S 738721504:738721504(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879708 192.168.1.111.1298 > 173.199.65.24.choopa.net.8888: S 3916149417:3916149417(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879711 192.168.1.111.1297 > 172.98.67.127.8888: S 893589533:893589533(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879713 192.168.1.111.1293 > 104.156.228.165.8888: S 1862038447:1862038447(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879715 192.168.1.111.1295 > 104.238.169.23.8888: S 3335169738:3335169738(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879828 192.168.1.111.1304 > 192.40.88.71.8888: S 2051452973:2051452973(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879831 192.168.1.111.1320 > server9.hosted-by-100tb.com.8888: S 1839012297:1839012297(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879833 192.168.1.111.1290 > 104.156.240.156.8888: S 3494645583:3494645583(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879835 192.168.1.111.1303 > 185.3.135.146.8888: S 2622796143:2622796143(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879836 192.168.1.111.1316 > 93.48.caa1.ip4.static.sl-reverse.com.8888: S 1982592617:1982592617(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879838 192.168.1.111.1300 > 9.4b.01a8.ip4.static.sl-reverse.com.8888: S 1106162657:1106162657(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.879840 192.168.1.111.1319 > 105.145.154.177.static.sp2.alog.com.br.8888: S 4022182732:4022182732(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881700 192.168.1.111.1291 > 104.200.154.96.8888: S 360574494:360574494(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881703 192.168.1.111.1308 > 108.61.122.152.choopa.net.8888: S 2823140411:2823140411(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881705 192.168.1.111.1312 > D.C.B.A-nia.romaninternet.com.8888: S 1801130459:1801130459(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881707 192.168.1.111.1314 > 84.f9.5177.ip4.static.sl-reverse.com.8888: S 97354762:97354762(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)
07:48:23.881709 192.168.1.111.1299 > 2f.06.01a8.ip4.static.sl-reverse.com.8888: S 2710558423:2710558423(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)

I can turn on the Windows 7 firewall and set it to block outgoing packets to port 8888 and provide notification. The packets are blocked but there is no notification.

Currently running with Win 7 firewall turned off but OpenBSD firewall blocking any TCP connections to port 8888. Kaspersky free AV scan and Malwarebytes scan do not find any

programs or processes of interest. Kaspersky recommends some changes to browser settings regarding cache, etc.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-07-2016
Ran by GPontis (administrator) on EL_NEGRO (09-07-2016 08:44:32)
Running from C:\Users\GPontis\Downloads
Loaded Profiles: GPontis (Available Profiles: GPontis)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Flexera Software, Inc.) C:\Cadence\LicenseManager\lmgrd.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(SafeNet Inc.) C:\Windows\System32\hasplms.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files\pia_manager\pia_manager.exe
(CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\GPontis\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Flexera Software, Inc.) C:\Cadence\LicenseManager\lmgrd.exe
() C:\Cadence\LicenseManager\cdslmd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(hxxp://www.ruby-lang.org/) C:\Users\GPontis\AppData\Local\Temp\ocr48D2.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(hxxp://www.ruby-lang.org/) C:\Users\GPontis\AppData\Local\Temp\ocr68C0.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(VanDyke Software, Inc.) C:\Program Files\VanDyke Software\Clients\SecureCRT.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Opera Software) C:\Program Files (x86)\Opera\38.0.2220.41\opera.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [508312 2009-12-15] (CANON INC.)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [570152 2014-08-14] (Acronis)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2634872 2015-08-26] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323056 2015-11-04] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-06-01] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-04-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-04-22] (Apple Inc.)
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5343664 2015-07-20] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [691056 2015-07-20] (Acronis International GmbH)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\Run: [Amazon Music] => C:\Users\GPontis\AppData\Local\Amazon Music\Amazon Music Helper.exe [5890368 2015-12-14] ()
HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\RunOnce: [Uninstall C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64] => C:\Windows\system32\cmd.exe

/q /c rmdir /s /q "C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.4604.0120\amd64"
HKU\S-1-5-21-587778828-1590401162-796269308-1000\...\RunOnce: [Uninstall C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\Windows\system32\cmd.exe

/q /c rmdir /s /q "C:\Users\GPontis\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64"
HKU\S-1-5-21-587778828-1590401162-796269308-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [KSS] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
ShellIconOverlayIdentifiers: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25]

(hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-

25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-

25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25]

(hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-

25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25]

(hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25]

(hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-08-25]

(hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2015-

08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09]

(Acronis)
ShellIconOverlayIdentifiers: [AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2014-09-09] (Acronis)
ShellIconOverlayIdentifiers-x32: [  Tortoise1Normal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise2Modified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise3Conflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise4Locked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise5ReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise6Deleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise7Added] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise8Ignored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[2015-08-25] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [  Tortoise9Unversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays

\TortoiseOverlays.dll [2015-08-25] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kaspersky Software Updater Beta.lnk [2016-07-09]
ShortcutTarget: Kaspersky Software Updater Beta.lnk -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater Beta\ksu.exe (AO Kaspersky Lab)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{635AB71F-89B2-4475-B3C8-A7BEF4C05B0F}: [DhcpNameServer] 192.168.144.5 192.168.144.6
Tcpip\..\Interfaces\{74F2E3F1-C0F4-46B6-B0AA-7F2D0B518F99}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{B735400A-C888-4803-B88C-41F55B3EFC1A}: [DhcpNameServer] 192.168.0.7 192.168.0.10
Tcpip\..\Interfaces\{EB86D60F-2C2D-4D1B-83EE-AE60B5DA31BB}: [DhcpNameServer] 209.222.18.222 209.222.18.218

Internet Explorer:
==================
HKU\S-1-5-21-587778828-1590401162-796269308-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/search?

q=google&sourceid=ie7&rls=com.microsoft:en-US:IE-Address&ie=&oe=&gws_rd=ssl
SearchScopes: HKU\S-1-5-21-587778828-1590401162-796269308-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll

[2016-06-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-

04-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office

\Office16\URLREDIR.DLL [2016-06-18] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft

Office\Office16\GROOVEEX.DLL [2016-06-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll

[2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-

04-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-06-18] (Microsoft

Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

[2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX

\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX

\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T28L10NSP12_CP1-16851/webex/ieatgpc1.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-18] (Microsoft

Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-18] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-18] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-06-18] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2013-07-17] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-06-18] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-11-05] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-587778828-1590401162-796269308-1000: @citrixonline.com/appdetectorplugin -> C:\Users\GPontis\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2013-

12-17] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-05-16]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-04-23]

Opera:
=======
OPR Extension: (Adblock Plus) - C:\Users\GPontis\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-06-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor14.0; C:\Program Files\Adobe\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-12-07] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 Cadence License Manager; C:\Cadence\LicenseManager\lmgrd.exe [1814352 2011-08-30] (Flexera Software, Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1155192 2015-08-26] (NVIDIA Corporation)
R2 hasplms; C:\Windows\system32\hasplms.exe [4665168 2015-09-23] (SafeNet Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19440 2015-11-04] (Intel Corporation)
R2 kss; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe [1556448 2015-12-15] (AO Kaspersky Lab)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-08-26] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [5544568 2015-08-26] (NVIDIA Corporation)
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [423536 2011-08-19] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423536 2011-08-19] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [423536 2011-08-19] (VMware, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [77912 2015-09-23] (SafeNet Inc.)
R3 akshhl; C:\Windows\System32\DRIVERS\akshhl.sys [81368 2015-09-23] (SafeNet Inc.)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [322560 2015-09-23] (SafeNet Inc.)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [74352 2011-03-15] (VMware, Inc.)
R3 e1qexpress; C:\Windows\System32\DRIVERS\e1q60x64.sys [244736 2009-06-10] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 file_tracker; C:\Windows\System32\DRIVERS\file_tracker.sys [296736 2015-08-28] (Acronis International GmbH)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [350552 2015-09-23] (SafeNet Inc.)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [31728 2015-11-12] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-08-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-10] (NVIDIA Corporation)
S3 PixeLINKUsbcamX64; C:\Windows\System32\DRIVERS\pxlusb64.sys [55680 2013-04-10] (PixeLINK Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 ser2at; C:\Windows\System32\DRIVERS\ser2at64.sys [96256 2009-10-15] (ATEN)
R0 tib; C:\Windows\System32\DRIVERS\tib.sys [1058632 2015-08-28] (Acronis International GmbH)
R2 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [248648 2015-08-28] (Acronis International GmbH)
R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-06-01] (Acronis International GmbH)
R3 vmkbd2; C:\Windows\system32\drivers\VMkbd.sys [33472 2016-04-14] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-11-05] (VMware, Inc.)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [254976 2012-12-05] (Jungo)
R3 WirelessKeyboardFilter; C:\Windows\System32\DRIVERS\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
R2 XilinxPC4Driver; C:\Windows\System32\drivers\xpc4drvr.sys [27384 2012-12-05] (Xilinx, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-09 08:44 - 2016-07-09 08:44 - 00025182 _____ C:\Users\GPontis\Downloads\FRST.txt
2016-07-09 08:44 - 2016-07-09 08:44 - 00000000 ____D C:\FRST
2016-07-09 08:42 - 2016-07-09 08:42 - 02390016 _____ (Farbar) C:\Users\GPontis\Downloads\FRST64.exe
2016-07-09 07:53 - 2016-07-09 07:53 - 00000000 ____D C:\Users\GPontis\AppData\Local\CEF
2016-07-09 07:52 - 2016-07-09 07:52 - 00001095 _____ C:\Users\Public\Desktop\Kaspersky Software Updater Beta.lnk
2016-07-09 07:52 - 2016-07-09 07:52 - 00001055 _____ C:\Users\Public\Desktop\Kaspersky Security Scan.lnk
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Software Updater Beta
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-07-09 07:52 - 2016-07-09 07:52 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-07-08 07:00 - 2016-07-08 07:00 - 10103621 _____ C:\Users\GPontis\Downloads\Spectrum_19914_Jul_2016.PDF
2016-07-07 13:23 - 2016-07-07 13:23 - 00281705 _____ C:\Users\GPontis\Desktop\PV Site Map.PDF
2016-07-05 17:11 - 2016-07-05 17:11 - 00080403 _____ C:\Users\GPontis\Downloads\C_CL32A475KLULNNE.pdf
2016-07-05 16:21 - 2016-07-05 16:21 - 00223072 _____ C:\Users\GPontis\Downloads\C_CL10A475KA8NQNC.pdf
2016-07-01 15:05 - 2016-07-01 15:05 - 01928684 _____ C:\Users\GPontis\Downloads\fast_data_2.csv.gz
2016-06-29 11:03 - 2016-06-29 11:03 - 36416458 _____ C:\Users\GPontis\Downloads\KollerPics6-28-16-2016-06-29.zip
2016-06-25 12:25 - 2016-06-25 12:26 - 00331449 _____ C:\Users\GPontis\Downloads\UMK107AB7105KA-T_SS.pdf
2016-06-25 12:12 - 2016-06-25 12:12 - 00054530 _____ C:\Users\GPontis\Downloads\C_CL21B106KPQNFNE.pdf
2016-06-25 07:28 - 2016-06-25 07:28 - 00054530 _____ C:\Users\GPontis\Downloads\C_CL21B106KPQNNNE.pdf
2016-06-25 07:12 - 2016-06-25 07:12 - 00309834 _____ C:\Users\GPontis\Downloads\JMK107ABJ106MAHT_SS.pdf
2016-06-25 07:05 - 2016-06-25 07:05 - 00047747 _____ C:\Users\GPontis\Downloads\C_CL10X106MP8NRNC.pdf
2016-06-24 11:44 - 2016-05-16 16:22 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-06-24 11:44 - 2016-05-16 16:19 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-06-24 11:44 - 2016-05-16 16:19 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-06-24 11:44 - 2016-05-16 16:19 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-24 11:44 - 2016-05-16 16:19 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-06-24 11:44 - 2016-05-16 16:18 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-06-24 11:44 - 2016-05-16 16:18 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-06-24 11:44 - 2016-05-16 16:17 - 01732888 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-06-24 11:44 - 2016-05-16 16:16 - 01314136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 16:14 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 14:23 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-06-24 11:44 - 2016-05-16 14:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-06-24 11:44 - 2016-05-16 14:23 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-06-24 11:44 - 2016-05-16 14:23 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-06-24 11:44 - 2016-05-16 14:19 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-06-24 11:44 - 2016-05-16 14:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-06-24 11:44 - 2016-05-16 14:16 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-06-24 11:44 - 2016-05-16 14:15 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-06-24 11:44 - 2016-05-16 14:15 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-06-24 11:44 - 2016-05-16 14:14 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-06-24 11:44 - 2016-05-16 14:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-06-24 11:44 - 2016-05-16 14:14 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-06-24 11:44 - 2016-05-16 14:10 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-06-24 11:44 - 2016-05-16 14:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-06-24 11:44 - 2016-05-16 14:10 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-06-24 11:44 - 2016-05-16 14:10 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-06-24 11:44 - 2016-05-16 14:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-06-24 11:44 - 2016-05-16 14:09 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 14:09 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 14:09 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-06-24 11:44 - 2016-05-16 14:09 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-06-24 11:44 - 2016-05-13 15:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-06-24 11:44 - 2016-05-13 15:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-06-24 11:44 - 2016-05-13 15:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-06-24 11:44 - 2016-05-13 15:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-06-24 11:44 - 2016-05-13 14:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-24 11:44 - 2016-05-13 14:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-06-24 11:44 - 2016-05-13 14:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-06-24 11:44 - 2016-05-13 14:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-24 11:44 - 2016-05-13 14:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-06-24 11:44 - 2016-05-13 14:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-06-24 11:44 - 2016-05-13 14:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-06-24 11:44 - 2016-05-13 14:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-06-24 11:44 - 2016-05-13 14:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-06-24 11:44 - 2016-05-13 14:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-06-24 11:44 - 2016-05-13 14:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-06-24 11:44 - 2016-05-13 14:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-06-24 11:44 - 2016-05-12 10:14 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-06-24 11:44 - 2016-05-12 10:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-06-24 11:44 - 2016-05-12 08:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-06-24 11:44 - 2016-05-12 08:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-24 11:44 - 2016-05-12 08:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-06-24 11:44 - 2016-05-04 10:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-06-24 11:44 - 2016-05-04 10:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-06-24 11:44 - 2016-05-04 10:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-06-24 11:44 - 2016-05-04 10:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-06-24 11:44 - 2016-05-04 10:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-06-24 11:44 - 2016-05-04 08:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-06-24 11:44 - 2016-05-04 07:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-06-23 16:00 - 2016-06-23 16:01 - 14540436 _____ C:\Users\GPontis\Downloads\eagle.zip
2016-06-22 09:19 - 2016-06-22 09:19 - 02697018 _____ C:\Users\GPontis\Desktop\E4400-90323.pdf
2016-06-20 09:04 - 2016-06-20 19:25 - 00000000 ____D C:\Users\GPontis\Desktop\Solar Installation
2016-06-20 08:32 - 2016-06-20 08:32 - 00277273 _____ C:\Users\GPontis\Desktop\solaredge-se3000a-us-u-inverter-specs-2669527910.pdf
2016-06-20 08:07 - 2016-05-23 16:37 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-06-20 08:07 - 2016-05-23 15:54 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-06-20 08:07 - 2016-05-21 10:28 - 25802752 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-20 08:07 - 2016-05-21 09:57 - 20341248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-20 08:07 - 2016-05-20 15:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-06-20 08:07 - 2016-05-20 15:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-06-20 08:07 - 2016-05-20 15:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-06-20 08:07 - 2016-05-20 15:10 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-06-20 08:07 - 2016-05-20 15:09 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-20 08:07 - 2016-05-20 15:09 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-06-20 08:07 - 2016-05-20 15:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-06-20 08:07 - 2016-05-20 15:08 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-20 08:07 - 2016-05-20 15:08 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-06-20 08:07 - 2016-05-20 15:02 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-20 08:07 - 2016-05-20 15:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-06-20 08:07 - 2016-05-20 14:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-06-20 08:07 - 2016-05-20 14:57 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-20 08:07 - 2016-05-20 14:57 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-06-20 08:07 - 2016-05-20 14:57 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-06-20 08:07 - 2016-05-20 14:56 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-06-20 08:07 - 2016-05-20 14:56 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-06-20 08:07 - 2016-05-20 14:55 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-06-20 08:07 - 2016-05-20 14:54 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-06-20 08:07 - 2016-05-20 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-06-20 08:07 - 2016-05-20 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-06-20 08:07 - 2016-05-20 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-06-20 08:07 - 2016-05-20 14:50 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-20 08:07 - 2016-05-20 14:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-06-20 08:07 - 2016-05-20 14:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-06-20 08:07 - 2016-05-20 14:45 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-06-20 08:07 - 2016-05-20 14:45 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-06-20 08:07 - 2016-05-20 14:44 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-06-20 08:07 - 2016-05-20 14:44 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-06-20 08:07 - 2016-05-20 14:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-06-20 08:07 - 2016-05-20 14:41 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-06-20 08:07 - 2016-05-20 14:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-06-20 08:07 - 2016-05-20 14:33 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-06-20 08:07 - 2016-05-20 14:32 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-06-20 08:07 - 2016-05-20 14:29 - 13815808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-20 08:07 - 2016-05-20 14:28 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-06-20 08:07 - 2016-05-20 14:27 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-06-20 08:07 - 2016-05-20 14:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-06-20 08:07 - 2016-05-20 14:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-06-20 08:07 - 2016-05-20 14:25 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-06-20 08:07 - 2016-05-20 14:23 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-06-20 08:07 - 2016-05-20 14:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-06-20 08:07 - 2016-05-20 14:22 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-06-20 08:07 - 2016-05-20 14:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-06-20 08:07 - 2016-05-20 14:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-06-20 08:07 - 2016-05-20 14:14 - 04610048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-20 08:07 - 2016-05-20 14:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-06-20 08:07 - 2016-05-20 14:11 - 15420928 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-20 08:07 - 2016-05-20 14:11 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-06-20 08:07 - 2016-05-20 14:09 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-06-20 08:07 - 2016-05-20 14:09 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-20 08:07 - 2016-05-20 14:08 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-06-20 08:07 - 2016-05-20 14:08 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-20 08:07 - 2016-05-20 14:07 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-06-20 08:07 - 2016-05-20 14:07 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-06-20 08:07 - 2016-05-20 14:06 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-06-20 08:07 - 2016-05-20 13:46 - 02597888 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-20 08:07 - 2016-05-20 13:42 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-20 08:07 - 2016-05-20 13:38 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-20 08:07 - 2016-05-20 13:38 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-06-20 08:07 - 2016-05-20 13:34 - 01544192 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-20 08:07 - 2016-05-20 13:23 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-06-20 08:07 - 2016-05-18 09:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-20 08:07 - 2016-05-18 09:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-20 08:07 - 2016-05-13 15:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-20 08:07 - 2016-05-13 15:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-20 08:07 - 2016-05-13 15:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-20 08:07 - 2016-05-13 15:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-06-20 08:07 - 2016-05-13 15:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-06-20 08:07 - 2016-05-13 14:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-20 08:07 - 2016-05-13 14:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-06-20 08:07 - 2016-05-13 14:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-20 08:07 - 2016-05-13 14:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-06-20 08:07 - 2016-05-13 14:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-20 08:07 - 2016-05-12 10:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-06-20 08:07 - 2016-05-12 10:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00793088 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-20 08:07 - 2016-05-12 10:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-20 08:07 - 2016-05-12 10:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-20 08:07 - 2016-05-12 08:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-06-20 08:07 - 2016-05-12 08:06 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\gpscript.exe
2016-06-20 08:07 - 2016-05-12 08:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-06-20 08:07 - 2016-05-12 07:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-20 08:07 - 2016-05-12 07:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-20 08:07 - 2016-05-12 07:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-20 08:07 - 2016-05-12 07:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.dll
2016-06-20 08:07 - 2016-05-12 07:57 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpscript.exe
2016-06-20 08:07 - 2016-05-12 06:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-20 08:07 - 2016-05-12 06:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-20 08:07 - 2016-05-12 06:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-20 08:07 - 2016-05-11 10:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-20 08:07 - 2016-05-11 10:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-20 08:07 - 2016-05-11 10:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-20 08:07 - 2016-05-11 10:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-20 08:07 - 2016-05-11 08:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-20 08:07 - 2016-05-11 08:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-20 08:07 - 2016-05-11 08:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-20 08:07 - 2016-05-11 08:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-20 08:07 - 2016-05-11 08:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-06-20 08:07 - 2016-05-11 08:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-06-20 08:07 - 2016-05-11 07:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-18 14:47 - 2016-06-18 14:47 - 00002180 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk
2016-06-18 14:32 - 2016-06-18 14:32 - 03482312 _____ (Microsoft Corporation) C:\Users\GPontis\Downloads\Setup.x86.en-us_VisioProRetail_N9KYH-G2X7P-FDW8P-87FJV-

7QW4W_TX_PR_act_1_.exe
2016-06-18 13:02 - 2016-06-18 13:02 - 00000000 ____D C:\Users\GPontis\AppData\Local\SolarEdge Technologies
2016-06-18 13:00 - 2016-06-18 13:00 - 21109733 _____ C:\Users\GPontis\Downloads\solaredge-site-designer.zip
2016-06-17 20:31 - 2016-06-18 14:33 - 00000110 _____ C:\Users\GPontis\Desktop\visio.txt
2016-06-17 20:29 - 2016-06-17 20:29 - 04880584 _____ (Microsoft Corporation) C:\Users\GPontis\Downloads\Setup.x64.en-us_VisioProRetail_N9KYH-G2X7P-FDW8P-87FJV-

7QW4W_TX_PR_act_1_.exe
2016-06-17 11:22 - 2016-06-17 11:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
2016-06-17 11:22 - 2016-06-17 11:22 - 00000000 ____D C:\Program Files\TortoiseSVN
2016-06-17 11:22 - 2016-06-17 11:22 - 00000000 ____D C:\Program Files\Common Files\TortoiseOverlays
2016-06-14 13:01 - 2016-06-14 13:01 - 00000000 ____D C:\Users\GPontis\AppData\Local\DesignSoft
2016-06-14 12:48 - 2016-06-14 12:48 - 00000000 ____D C:\Users\Public\Documents\DesignSoft
2016-06-14 12:48 - 2016-06-14 12:48 - 00000000 ____D C:\Users\GPontis\Documents\DesignSoft
2016-06-14 12:48 - 2016-06-14 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tina 9
2016-06-14 12:48 - 2016-06-14 12:48 - 00000000 ____D C:\Program Files (x86)\DesignSoft
2016-06-14 12:03 - 2016-06-14 12:08 - 108577043 _____ C:\Users\GPontis\Downloads\Tina90-TIen.9.3.150.4.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-09 08:34 - 2014-07-17 13:06 - 00000574 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-587778828-1590401162-796269308-1000.job
2016-07-09 08:32 - 2015-04-06 08:22 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-09 08:31 - 2015-04-06 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-07-09 08:31 - 2015-04-06 08:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-09 08:16 - 2013-06-17 14:43 - 00000000 ____D C:\Users\GPontis\Documents\Outlook Files
2016-07-09 07:54 - 2009-07-13 21:45 - 00027168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-09 07:54 - 2009-07-13 21:45 - 00027168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-09 07:51 - 2014-08-14 07:07 - 00000000 ____D C:\Users\GPontis\AppData\Local\Adobe
2016-07-09 07:47 - 2013-07-06 12:42 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-09 07:47 - 2009-07-13 22:13 - 00792710 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-09 07:47 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2016-07-09 07:41 - 2016-02-26 19:34 - 00000000 ____D C:\Users\GPontis\AppData\Local\TSVNCache
2016-07-09 07:41 - 2015-09-17 14:55 - 00000000 ____D C:\ProgramData\NVIDIA
2016-07-09 07:41 - 2013-07-25 13:34 - 08405015 _____ C:\Windows\TmpFile1
2016-07-09 07:41 - 2013-01-15 14:53 - 00000000 ____D C:\ProgramData\VMware
2016-07-09 07:41 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-08 20:28 - 2013-06-18 10:45 - 00000000 ____D C:\Consult
2016-07-08 20:01 - 2015-05-19 19:56 - 00000000 ____D C:\Users\GPontis\Desktop\Network
2016-07-08 19:25 - 2015-05-30 18:59 - 00000670 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-587778828-1590401162-796269308-1000.job
2016-07-08 17:39 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-07-07 18:17 - 2013-05-28 08:53 - 00000000 ____D C:\ProgramData\TEMP
2016-07-07 07:06 - 2014-06-04 07:22 - 00003846 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1389809592
2016-07-07 07:06 - 2013-02-05 09:07 - 00000000 ____D C:\Program Files (x86)\Opera
2016-07-03 14:09 - 2013-06-19 10:25 - 00000000 ____D C:\Users\GPontis\AppData\Roaming\vlc
2016-07-03 14:09 - 2013-02-05 09:27 - 00000000 ____D C:\Users\GPontis\Documents\Newsbin
2016-07-03 11:30 - 2013-06-20 10:05 - 00000000 ____D C:\Users\GPontis\AppData\Roaming\SpamSource
2016-07-03 11:30 - 2013-02-05 09:25 - 00000000 ____D C:\Users\GPontis\AppData\Local\Newsbin
2016-07-02 07:54 - 2013-03-12 14:55 - 00004556 _____ C:\Users\GPontis\AppData\Roaming\LTspiceIV.ini
2016-07-01 09:52 - 2015-05-30 18:59 - 00003700 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-587778828-1590401162-796269308-1000
2016-07-01 09:52 - 2014-07-17 13:06 - 00003604 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-587778828-1590401162-796269308-1000
2016-06-27 06:34 - 2013-03-08 16:56 - 26558464 _____ C:\Users\GPontis\Desktop\Business & Home.QDF
2016-06-27 06:06 - 2013-03-17 15:09 - 02923664 _____ C:\Users\GPontis\Desktop\Business & HomeOFXLOG.DAT
2016-06-25 08:17 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2016-06-24 16:14 - 2016-02-26 14:34 - 00000000 ____D C:\Users\GPontis\AppData\Roaming\TortoiseSVN
2016-06-23 16:42 - 2014-05-14 16:32 - 00000000 ___HD C:\__Previews
2016-06-21 14:35 - 2013-08-10 20:03 - 00000000 ____D C:\Users\GPontis\Documents\Electronics
2016-06-21 12:13 - 2010-11-20 20:27 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-06-20 08:23 - 2009-07-13 21:45 - 00439984 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-20 08:11 - 2013-07-11 07:45 - 00000000 ____D C:\Windows\system32\MRT
2016-06-20 08:08 - 2013-01-14 22:13 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-18 14:55 - 2015-10-27 20:24 - 00002162 _____ C:\Users\GPontis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-06-18 14:55 - 2015-10-27 20:24 - 00000000 ___RD C:\Users\GPontis\OneDrive
2016-06-18 14:55 - 2015-10-27 20:14 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-06-18 14:47 - 2013-02-17 23:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-06-18 14:15 - 2013-01-15 13:42 - 00000000 ____D C:\Users\GPontis\AppData\Local\Microsoft Help
2016-06-16 12:47 - 2013-07-06 12:42 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-16 12:47 - 2013-07-06 12:42 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-16 12:47 - 2013-07-06 12:42 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-06-14 12:48 - 2013-01-14 22:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-12 14:59 - 2013-04-09 19:44 - 00000000 ____D C:\Users\GPontis\Desktop\BACKUP

==================== Files in the root of some directories =======

2015-11-19 10:40 - 2015-11-19 10:42 - 0038467 _____ () C:\Users\GPontis\AppData\Roaming\Comma Separated Values.ADR
2013-03-12 14:55 - 2016-07-02 07:54 - 0004556 _____ () C:\Users\GPontis\AppData\Roaming\LTspiceIV.ini
2013-05-08 20:51 - 2013-05-08 20:52 - 125814851 _____ () C:\Users\GPontis\AppData\Roaming\SecureFX.dmp
2013-01-14 22:40 - 2015-07-22 13:45 - 0007672 _____ () C:\Users\GPontis\AppData\Local\Resmon.ResmonCfg

Files to move or delete:
====================
C:\Users\Public\SP6920102.exe

Some files in TEMP:
====================
C:\Users\GPontis\AppData\Local\Temp\917b0b87-3358-4e79-93de-3dfc2fc99ed0.exe
C:\Users\GPontis\AppData\Local\Temp\BCUpdate.exe
C:\Users\GPontis\AppData\Local\Temp\PATCH72n-ADIsimPE.exe
C:\Users\GPontis\AppData\Local\Temp\vlc-2.2.4-win32.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-07 20:04

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,521 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:16 AM

Posted 10 July 2016 - 08:06 AM

Duplicate. This topic will be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users