Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I have a rootkit, not sure though.


  • This topic is locked This topic is locked
4 replies to this topic

#1 brdsgn

brdsgn

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:04 AM

Posted 30 May 2017 - 06:34 AM

I've noticed that when I stay at a certain family member's house my PC gets really wonky. Recently, my main e-mail was hijacked and the support from that e-mail service have not gotten back to me, so I'm kind of panicking. I nmapped local loopback (127.0.0.1) and found there was an open port, 31337, named "Elite". Naturally this means Back Orifice, but I cannot find any traces of that on my PC so I don't think it's that. I ran good old GMER last night and it found nothing, I tried scanning my PC with Spybot and got the same results, this guy must have a pretty good crypter! I think now that, because this only happens at a certain family member's house, that the modem is infected with some sort of backdoor. I don't know how to fix this, they have a Ubee modem, I can't reinstall the software on it because they would be angry with me.

 

I've been enabling two-factor auth on everything I can but I'm still paranoid, tons of weird stuff has been happening like my mouse randomly stops moving, windows sometimes tab out and I've also noticed my connection being forcibly dropped when I try to do some things, namely installing anti-malware applications.

 

What can I do to fix this?

 

Oh, I also tried aswMBR and TDSSKiller, they found nothing.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-05-2017
Ran by nvmr (administrator) on B (30-05-2017 06:44:32)
Running from C:\Users\nvmr\Downloads
Loaded Profiles: nvmr (Available Profiles: nvmr)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\DeskScapes8\DS8Srv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Stardock Software, Inc) C:\Program Files (x86)\Stardock\DeskScapes8\Deskscapes64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(ESET) C:\Program Files\ESET\ESET Antivirus\x86\ekrn.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
() C:\tor\Tor\tor.exe
(TorrentsTime) C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(ESET) C:\Program Files\ESET\ESET Antivirus\egui.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
() C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe
(Spotify Ltd) C:\Users\nvmr\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Initex) C:\Program Files (x86)\Proxifier\Proxifier.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Antivirus\egui.exe [5595848 2017-02-07] (ESET)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2017-02-09] (Razer Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2017-03-06] (Apple Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-02-26] (Dominik Reichl)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-28] (Valve Corporation)
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [13082608 2016-12-15] (Plex, Inc.)
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\Run: [KeePass Password Safe 2] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-02-26] (Dominik Reichl)
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27793888 2017-05-05] (Skype Technologies S.A.)
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\Run: [WallpaperEngine] => C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper64.exe [955904 2017-05-12] ()
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\Run: [Google Update] => C:\Users\nvmr\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\Run: [Spotify Web Helper] => C:\Users\nvmr\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1560176 2017-05-26] (Spotify Ltd)
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\Run: [Proxifier] => c:\program files (x86)\proxifier\proxifier.exe [4624976 2015-12-02] (Initex)
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9363672 2017-02-16] (Piriform Ltd)
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\MountPoints2: G - G:\NoAutorun.exe
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\MountPoints2: {aa747071-0918-11e6-a76a-c6a666b27ec2} - G:\NoAutorun.exe
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\MountPoints2: {aa74707a-0918-11e6-a76a-c6a666b27ec2} - J:\NoAutorun.exe
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\MountPoints2: {aa74707d-0918-11e6-a76a-c6a666b27ec2} - J:\NoAutorun.exe
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [!BTSync2.3.7Done] -> {581FFA04-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll [2016-06-08] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.7RO] -> {581FFA03-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll [2016-06-08] ()
ShellIconOverlayIdentifiers: [!BTSync2.3.7RW] -> {581FFA02-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay64_1C3.dll [2016-06-08] ()
ShellIconOverlayIdentifiers: [!Resilio Sync 2.4.4Done] -> {581FFA04-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll [2017-02-17] ()
ShellIconOverlayIdentifiers: [!Resilio Sync 2.4.4RO] -> {581FFA03-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll [2017-02-17] ()
ShellIconOverlayIdentifiers: [!Resilio Sync 2.4.4RW] -> {581FFA02-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll [2017-02-17] ()
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7Done] -> {581FFA04-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_1C3.dll [2016-06-08] ()
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7RO] -> {581FFA03-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_1C3.dll [2016-06-08] ()
ShellIconOverlayIdentifiers-x32: [!BTSync2.3.7RW] -> {581FFA02-FC33-0007-0302-95003A5CDE89} => C:\ProgramData\BitTorrent Sync\ShellExtensionOverlay86_1C3.dll [2016-06-08] ()
ShellIconOverlayIdentifiers-x32: [!Resilio Sync 2.4.4Done] -> {581FFA04-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay86_2DC.dll [2017-02-17] ()
ShellIconOverlayIdentifiers-x32: [!Resilio Sync 2.4.4RO] -> {581FFA03-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay86_2DC.dll [2017-02-17] ()
ShellIconOverlayIdentifiers-x32: [!Resilio Sync 2.4.4RW] -> {581FFA02-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay86_2DC.dll [2017-02-17] ()
Startup: C:\Users\nvmr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qBittorrent.lnk [2017-02-24]
ShortcutTarget: qBittorrent.lnk -> C:\Program Files (x86)\qBittorrent\qbittorrent.exe ()
Startup: C:\Users\nvmr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\younity-native [2017-02-13] ()
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Windows\SysWOW64\PrxerNsp.dll [84040 2015-03-28] ()
Winsock: Catalog9 01 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 02 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 03 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 04 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog9 15 C:\Windows\SysWOW64\PrxerDrv.dll [97864 2015-03-28] (Initex)
Winsock: Catalog5-x64 07 C:\Windows\system32\PrxerNsp.dll [96840 2015-03-28] ()
Winsock: Catalog9-x64 01 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 02 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 03 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 04 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Winsock: Catalog9-x64 15 C:\Windows\system32\PrxerDrv.dll [118856 2015-03-28] (Initex)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{ABB00FD6-471E-4AED-BEDC-D644834B7E23}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{C9CFFDCC-4588-4CE8-94E2-7CCF74E0A0C9}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{C9CFFDCC-4588-4CE8-94E2-7CCF74E0A0C9}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{EEAEEA0B-AA6E-4E22-A486-E7083CC49048}: [NameServer] 209.244.0.3,209.244.0.4
Tcpip\..\Interfaces\{EEAEEA0B-AA6E-4E22-A486-E7083CC49048}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-12] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-12] (Oracle Corporation)
BHO-x32: ATLAS Toolbar -> {3C6301ED-0F78-4AF2-8150-D9C052361A8E} -> C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL [2007-10-04] (FUJITSU LIMITED)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
Toolbar: HKLM-x32 - ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL [2007-10-04] (FUJITSU LIMITED)
 
FireFox:
========
FF DefaultProfile: ddlpaguq.default
FF DefaultProfile: xmo4hzqu.default
FF ProfilePath: C:\Users\nvmr\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ddlpaguq.default [2017-05-30]
FF Extension: (DOM Inspector) - C:\Users\nvmr\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ddlpaguq.default\Extensions\inspector@mozilla.org [2016-04-27]
FF Extension: (ChatZilla) - C:\Users\nvmr\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ddlpaguq.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}.xpi [2016-04-09] [not signed]
FF Extension: (Adblock Plus) - C:\Users\nvmr\AppData\Roaming\Mozilla\SeaMonkey\Profiles\ddlpaguq.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-29]
FF ProfilePath: C:\Users\nvmr\AppData\Roaming\Mozilla\Firefox\Profiles\xmo4hzqu.default [2017-05-30]
FF user.js: detected! => C:\Users\nvmr\AppData\Roaming\Mozilla\Firefox\Profiles\xmo4hzqu.default\user.js [2016-08-24]
FF NetworkProxy: Mozilla\Firefox\Profiles\xmo4hzqu.default -> socks", "127.0.0.1"
FF NetworkProxy: Mozilla\Firefox\Profiles\xmo4hzqu.default -> socks_port", 555
FF NetworkProxy: Mozilla\Firefox\Profiles\xmo4hzqu.default -> type", 1
FF Extension: (MEGA) - C:\Users\nvmr\AppData\Roaming\Mozilla\Firefox\Profiles\xmo4hzqu.default\Extensions\firefox@mega.co.nz.xpi [2017-05-04]
FF Extension: (Disable WebRTC) - C:\Users\nvmr\AppData\Roaming\Mozilla\Firefox\Profiles\xmo4hzqu.default\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2016-12-17]
FF Extension: (Tab Auto Reload) - C:\Users\nvmr\AppData\Roaming\Mozilla\Firefox\Profiles\xmo4hzqu.default\Extensions\TabAutoReload@schuzak.jp.xpi [2017-05-04]
FF Extension: (Sync Center Client) - C:\Users\nvmr\AppData\Roaming\Mozilla\Firefox\Profiles\xmo4hzqu.default\Extensions\{11EE043E-096D-C603-C683-ABCC76EECBBB} [2016-08-29] [not signed]
FF Extension: (FlashGot) - C:\Users\nvmr\AppData\Roaming\Mozilla\Firefox\Profiles\xmo4hzqu.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2017-01-14]
FF Extension: (Adblock Plus) - C:\Users\nvmr\AppData\Roaming\Mozilla\Firefox\Profiles\xmo4hzqu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-17]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-09] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-12] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-09] ()
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2016-12-22] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @nexon.net/NxGame -> C:\ProgramData\NexonUS\NGM\npNxGameUS.dll [2016-11-16] (Nexon)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin HKU\S-1-5-21-2527488993-3859118049-2027114840-1000: @nsroblox.roblox.com/launcher -> C:\Program Files (x86)\Roblox\Versions\version-d31f23e3f760404e\\NPRobloxProxy.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2527488993-3859118049-2027114840-1000: @nsroblox.roblox.com/launcher64 -> C:\Program Files (x86)\Roblox\Versions\version-d31f23e3f760404e\\NPRobloxProxy64.dll [2013-01-01] ( ROBLOX Corporation)
FF Plugin HKU\S-1-5-21-2527488993-3859118049-2027114840-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\nvmr\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2527488993-3859118049-2027114840-1000: @talk.google.com/O1DPlugin -> C:\Users\nvmr\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-2527488993-3859118049-2027114840-1000: @tools.google.com/Google Update;version=3 -> C:\Users\nvmr\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2527488993-3859118049-2027114840-1000: @tools.google.com/Google Update;version=9 -> C:\Users\nvmr\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-2527488993-3859118049-2027114840-1000: torrents-time.com/TTPlugin -> C:\Program Files (x86)\TorrentsTime Media Player\bin\npTTPlugin.dll [2017-01-17] (Torrents Time)
FF Plugin HKU\S-1-5-21-2527488993-3859118049-2027114840-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-12-24] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Users\nvmr\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\nvmr\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "hxxp://google.com/","hxxp://youtube.com/","hxxp://www.stumbleupon.com/home","hxxp://forum.blockland.us/"
CHR Profile: C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default [2017-05-30]
CHR Extension: (Google Translate) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-10-19]
CHR Extension: (Google Slides) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-24]
CHR Extension: (Nimbus Screenshot App) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aecjogkncpbkjfobfnoaiepipllcadhe [2017-04-20]
CHR Extension: (Flash Video Downloader) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-25]
CHR Extension: (Google Docs) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-24]
CHR Extension: (Google Drive) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-24]
CHR Extension: (YouTube) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-24]
CHR Extension: (Adblock Plus) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-21]
CHR Extension: (Gom VPN - Bypass and unblock) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckiahbcmlmkpfiijecbpflfahoimklke [2017-02-12]
CHR Extension: (Tampermonkey) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-15]
CHR Extension: (WebRTC Leak Prevent) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiadekoaikejlgdbkbdfeijglgfdalml [2017-02-08]
CHR Extension: (Google Sheets) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-24]
CHR Extension: (Google Docs Offline) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-26]
CHR Extension: (Vanilla Cookie Manager) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gieohaicffldbmiilohhggbidhephnjj [2017-01-09]
CHR Extension: (SoundCloud) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2016-06-03]
CHR Extension: (Jamstash) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jccdpflnecheidefpofmlblgebobbloc [2017-05-07]
CHR Extension: (Linkclump) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2017-03-21]
CHR Extension: (Soundtracker) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnaedmbnendhlbcjmikgbgfdheablfmn [2016-06-03]
CHR Extension: (Qmee) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbaanpgkpkoamihninlcegnjclcpibde [2017-03-18]
CHR Extension: (Pocket) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjcnijlhddpbdemagnpefmlkjdagkogk [2016-06-03]
CHR Extension: (Sunrise Calendar) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mojepfklcankkmikonjlnidiooanmpbb [2016-06-03]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-05-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (AdF.ly Skipper ★NOW WORKING: 5/2/2017★) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\obnfifcganohemahpomajbhocfkdgmjb [2017-05-03]
CHR Extension: (Weather Underground) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2016-06-03]
CHR Extension: (Gmail) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-24]
CHR Extension: (Chrome Media Router) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
CHR Extension: (Toky: free calls with links) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnndgdcjiaidepgfnfhdgjmnekboijig [2016-06-03]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-06] (Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-05-26] ()
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-10-01] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-10-01] (COMODO)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-19] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [48944 2017-05-17] (Dropbox, Inc.)
R2 DeskScapes8; C:\Program Files (x86)\Stardock\DeskScapes8\ds8srv.exe [75376 2014-03-10] (Stardock Software, Inc)
S4 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [File not signed]
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1443520 2016-04-04] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [400656 2017-02-15] (EasyAntiCheat Ltd)
R2 ekrn; C:\Program Files\ESET\ESET Antivirus\x86\ekrn.exe [1353720 2017-02-07] (ESET)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [107520 2016-10-21] (Freemake) [File not signed]
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-10-21] (Ellora Assets Corp.) [File not signed]
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-10-10] (Hi-Rez Studios) [File not signed]
S4 ManyCam Service; C:\ProgramData\ManyCam\Service\ManyCamService.exe [544984 2016-03-31] (Visicom Media Inc.)
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [28552 2016-11-18] (Microsoft)
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2016-09-24] () [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4362656 2016-02-24] (INCA Internet Co., Ltd.) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-24] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-24] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2017-05-24] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-29] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-24] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\VPN.ht\resources\bin\openvpnserv.exe [32568 2015-09-25] (The OpenVPN Project)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2142728 2016-10-13] (Electronic Arts)
S4 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2209296 2016-10-13] (Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [1919472 2016-12-15] (Plex, Inc.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [66872 2017-05-26] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [103736 2017-05-26] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S4 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-09-07] (Sandboxie Holdings, LLC)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2017-05-29] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2017-05-29] (Safer-Networking Ltd.) [File not signed]
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2017-05-29] (Safer-Networking Ltd.) [File not signed]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2017-02-08] (@ByELDI) [File not signed]
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5232072 2016-11-16] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2016-09-21] (Adobe Systems Incorporated) [File not signed]
R2 tor; C:\tor\Tor\tor.exe [2420224 2000-01-01] () [File not signed]
R2 TTService; C:\Program Files (x86)\TorrentsTime Media Player\bin\TTService.exe [3278336 2017-01-27] (TorrentsTime) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [627992 2016-11-12] (Wacom Technology, Corp.)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ampa; C:\Windows\system32\ampa.sys [38320 2016-12-25] ()
S3 ampa; C:\Windows\SysWOW64\ampa.sys [38320 2016-12-25] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-08-31] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [830624 2016-08-31] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56976 2016-08-31] (COMODO)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2016-05-08] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2016-05-08] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2017-02-07] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2017-02-07] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2017-02-07] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [168208 2017-02-07] (ESET)
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO64A.SYS [27552 2017-05-22] (REALiX™)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-08-31] (COMODO)
R3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [49304 2014-12-28] (Visicom Media Inc.)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2017-05-29] (Malwarebytes)
R3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [35992 2014-12-28] (Visicom Media Inc.)
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0033.sys [38432 2016-11-16] (SoftEther Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [48248 2017-05-24] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [57976 2017-05-24] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13512 2015-12-09] ()
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [848384 2013-01-01] (Realtek Semiconductor Corporation                           )
S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [59608 2016-09-19] (Realtek Corporation)
R3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [50392 2015-08-13] (Razer Inc)
R3 rzmpos; C:\Windows\System32\DRIVERS\rzmpos.sys [48840 2015-08-13] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-16] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [130880 2015-12-14] (Razer, Inc.)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-06-14] (Sandboxie Holdings, LLC)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-10] ()
R3 VBAudioVMVAIOMME; C:\Windows\System32\DRIVERS\vbaudio_vmvaio64_win7.sys [41192 2016-09-22] (Windows ® Win 7 DDK provider)
R1 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [131096 2016-10-18] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\System32\DRIVERS\VBoxNetLwf.sys [203856 2016-10-18] (Oracle Corporation)
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S3 cpuz140; \??\C:\Users\nvmr\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-30 06:44 - 2017-05-30 06:45 - 00037826 _____ C:\Users\nvmr\Downloads\FRST.txt
2017-05-30 06:44 - 2017-05-30 06:44 - 00000000 ____D C:\FRST
2017-05-30 06:43 - 2017-05-30 06:43 - 02429952 _____ (Farbar) C:\Users\nvmr\Downloads\FRST64.exe
2017-05-30 05:32 - 2017-05-30 05:32 - 00007870 _____ C:\Users\nvmr\Documents\startup.txt
2017-05-29 18:03 - 2017-05-29 18:03 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-05-29 18:03 - 2017-05-29 18:03 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-29 17:44 - 2017-05-29 18:02 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-29 17:44 - 2017-05-29 17:44 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-05-29 17:44 - 2017-05-29 17:44 - 00001395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-29 17:44 - 2017-05-29 17:44 - 00001383 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-29 17:44 - 2017-05-29 17:44 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-05-29 17:44 - 2017-05-29 17:44 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-29 17:44 - 2017-05-29 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-29 17:43 - 2017-05-29 17:43 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\nvmr\Downloads\spybot-2.4.exe
2017-05-29 17:07 - 2017-05-29 17:08 - 01211098 _____ C:\Users\nvmr\Documents\cc_20170529_170741.reg
2017-05-29 14:44 - 2017-05-29 14:44 - 05200384 _____ (AVAST Software) C:\Users\nvmr\Downloads\aswmbr.exe
2017-05-29 12:54 - 2017-05-29 12:54 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-29 12:54 - 2017-05-29 12:54 - 00002259 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-29 03:07 - 2017-05-29 03:07 - 00380928 _____ C:\Users\nvmr\Downloads\asdkjaskd.exe
2017-05-29 03:05 - 2017-05-29 03:06 - 00235744 _____ C:\TDSSKiller.3.1.0.15_29.05.2017_03.05.24_log.txt
2017-05-29 03:05 - 2017-05-29 03:05 - 04922400 _____ (AO Kaspersky Lab) C:\Users\nvmr\Downloads\tdsskiller (1).exe
2017-05-29 02:40 - 2017-05-29 02:40 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-05-29 02:39 - 2017-05-29 03:07 - 00328206 _____ C:\Windows\ntbtlog.txt
2017-05-29 02:20 - 2017-05-29 02:22 - 00000000 ____D C:\Users\nvmr\Downloads\complete
2017-05-29 02:11 - 2017-05-29 02:26 - 00000000 ____D C:\Users\nvmr\Downloads\incomplete
2017-05-29 02:11 - 2017-05-29 02:11 - 00000000 ____D C:\Users\nvmr\AppData\Local\sabnzbd
2017-05-29 02:10 - 2017-05-29 02:10 - 20809554 _____ C:\Users\nvmr\Downloads\SABnzbd-2.0.1-win-setup.exe
2017-05-29 02:10 - 2017-05-29 02:10 - 00047753 _____ C:\Users\nvmr\Downloads\(Kaspersky_Anti-Virus_2018_V18.0.0.405).nzb
2017-05-29 02:10 - 2017-05-29 02:10 - 00000756 _____ C:\Users\nvmr\Desktop\SABnzbd.lnk
2017-05-29 02:10 - 2017-05-29 02:10 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SABnzbd
2017-05-29 02:10 - 2017-05-29 02:10 - 00000000 ____D C:\Program Files\SABnzbd
2017-05-28 17:58 - 2017-05-28 17:58 - 00380928 _____ C:\Users\nvmr\Downloads\s30msd7p.exe
2017-05-28 16:02 - 2017-05-28 16:02 - 00000000 ____D C:\Users\nvmr\Downloads\Equalify.1.0.0.2276.Cracked.By.NiOS
2017-05-28 11:15 - 2017-05-28 11:21 - 00000000 ____D C:\Users\nvmr\Documents\Black Desert
2017-05-27 20:24 - 2017-05-27 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-05-27 20:20 - 2017-05-27 20:20 - 00001471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2017-05-27 20:18 - 2017-05-27 22:02 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Visual Studio Setup
2017-05-27 20:18 - 2017-05-27 20:18 - 00002222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-05-27 20:18 - 2017-05-27 20:18 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\vstelemetry
2017-05-27 20:18 - 2017-05-27 20:18 - 00000000 ____D C:\Users\nvmr\AppData\Local\ServiceHub
2017-05-27 20:16 - 2017-05-27 20:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-05-27 20:14 - 2017-05-27 20:14 - 01041624 _____ (Microsoft Corporation) C:\Users\nvmr\Downloads\vs_community__445299048.1495941244.exe
2017-05-27 15:24 - 2017-05-27 15:24 - 00000222 _____ C:\Users\nvmr\Desktop\Black Desert Online.url
2017-05-27 02:42 - 2017-05-27 02:42 - 00036812 _____ C:\Users\nvmr\Downloads\MEMORIES - Movie [1995] - Bluray MKV h264 10-bit 1080p FLAC 5.1 Softsubs (Afro).80678.torrent
2017-05-27 02:06 - 2017-05-27 02:06 - 00034970 _____ C:\Users\nvmr\Downloads\A Clockwork Orange - 1971 (Blu-ray - x264 - 720p).torrent
2017-05-27 00:11 - 2017-05-27 00:26 - 00000000 ____D C:\Users\nvmr\Downloads\Sample.Diggers.In.The.Field.Vol.1.WAV
2017-05-27 00:10 - 2017-05-27 00:10 - 00019939 _____ C:\Users\nvmr\Downloads\[audionews.org].t183501.torrent
2017-05-26 18:30 - 2017-05-26 18:30 - 00000000 ____D C:\SteamLibrary
2017-05-26 01:29 - 2017-05-26 01:29 - 00000331 _____ C:\Windows\game.ini
2017-05-26 01:29 - 2017-05-26 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2017-05-26 01:22 - 2017-05-26 01:22 - 00000000 ____D C:\Program Files (x86)\Activision
2017-05-25 13:12 - 2017-05-25 13:12 - 00000088 _____ C:\Windows\SysWOW64\cdpent.dat
2017-05-25 02:06 - 2017-05-25 02:06 - 00000000 ____D C:\Program Files\7-Zip
2017-05-25 02:05 - 2017-05-25 02:05 - 01398143 _____ (Igor Pavlov) C:\Users\nvmr\Downloads\7z1700-x64.exe
2017-05-25 01:19 - 2017-05-25 01:19 - 00519834 _____ C:\Users\nvmr\Downloads\Call_Of_Duty_4-Razor1911[ultimategamer.club].torrent
2017-05-24 17:59 - 2016-10-21 22:22 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2017-05-24 17:53 - 2017-05-24 17:59 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-05-24 17:53 - 2017-05-24 17:59 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 40125496 _____ C:\Windows\system32\nvcompiler.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 35224120 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 34701368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 28136504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 19917400 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 17426520 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 17338976 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 14394528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 14017984 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-05-24 17:53 - 2017-05-24 17:54 - 10910184 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 10772640 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 10324072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 09112272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 08912488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 08715728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 03627968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 03469408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 03193400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437563.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437563.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 01037368 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00975416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00944184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00896056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00683824 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00573072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00521096 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00492560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00439864 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00435904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00407248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00170688 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00153184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-05-24 17:53 - 2017-05-24 17:54 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-05-24 17:53 - 2016-10-22 00:20 - 00041344 _____ C:\Windows\system32\nvinfo.pb
2017-05-24 17:53 - 2016-10-22 00:20 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2017-05-24 17:53 - 2016-10-22 00:20 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2017-05-24 17:40 - 2017-05-24 17:40 - 00003814 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-24 17:40 - 2017-05-24 17:40 - 00001416 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-05-24 17:36 - 2017-05-24 17:39 - 00057976 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2017-05-24 17:36 - 2017-05-24 17:37 - 00175736 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2017-05-24 17:36 - 2017-05-24 17:37 - 00143480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2017-05-24 17:36 - 2017-05-24 17:37 - 00048248 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2017-05-24 17:31 - 2017-05-24 17:31 - 00000000 ____D C:\Users\nvmr\AppData\Local\TslGame
2017-05-24 17:26 - 2017-05-24 17:26 - 00000000 ____D C:\NVIDIA
2017-05-24 12:05 - 2017-05-24 12:05 - 00000222 _____ C:\Users\nvmr\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS.url
2017-05-24 12:05 - 2017-05-24 12:05 - 00000222 _____ C:\Users\nvmr\Desktop\PLAYERUNKNOWN'S BATTLEGROUNDS (Test Server).url
2017-05-23 18:45 - 2017-05-23 18:45 - 16806966 _____ C:\Users\nvmr\Desktop\bleepmusic.wav
2017-05-22 22:00 - 2017-05-22 22:00 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
2017-05-22 22:00 - 2017-05-22 22:00 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2017-05-22 21:59 - 2017-05-22 21:59 - 03211048 _____ (techPowerUp (www.techpowerup.com)) C:\Users\nvmr\Downloads\GPU-Z.1.20.0.exe
2017-05-22 21:51 - 2017-05-22 21:51 - 00027552 _____ (REALiX™) C:\Windows\system32\Drivers\HWiNFO64A.SYS
2017-05-22 21:50 - 2017-05-22 21:50 - 03812072 _____ (Martin Malík - REALiX ) C:\Users\nvmr\Downloads\hw64_550.exe
2017-05-22 21:50 - 2017-05-22 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2017-05-22 21:50 - 2017-05-22 21:50 - 00000000 ____D C:\Program Files\HWiNFO64
2017-05-22 21:37 - 2017-05-22 21:37 - 00000000 ____D C:\Users\nvmr\Desktop\Re-Animator.1985.BluRay.1080p.x264.DXVA.DTS-de[42]
2017-05-22 21:01 - 2017-05-23 17:28 - 00000745 _____ C:\Users\nvmr\Desktop\redacted.txt
2017-05-21 21:55 - 2017-05-21 21:55 - 00000837 _____ C:\Users\nvmr\Desktop\scientology.xspf
2017-05-20 15:13 - 2017-05-20 15:13 - 00000000 ____D C:\Users\nvmr\Desktop\dpythonm
2017-05-20 15:12 - 2017-05-20 15:12 - 00482716 _____ C:\Users\nvmr\Downloads\discord.py-async.zip
2017-05-20 15:10 - 2017-05-20 15:10 - 00015120 _____ C:\Users\nvmr\Downloads\SpamBot-master.zip
2017-05-20 15:10 - 2017-05-20 15:10 - 00000000 ____D C:\Users\nvmr\Desktop\DiscordSpam
2017-05-20 14:14 - 2017-05-20 14:14 - 00028521 _____ C:\Users\nvmr\Downloads\Going Clear_ Scientology and the Prison of Belief - 2015 (Blu-ray - x264 - 720p).torrent
2017-05-19 16:43 - 2017-05-19 16:43 - 00000222 _____ C:\Users\nvmr\Desktop\Enter the Gungeon.url
2017-05-18 21:31 - 2017-05-18 21:31 - 00016715 _____ C:\Users\nvmr\Downloads\[MTV]The Blacklist - The.Blacklist.S04E22.720p.HDTV.x264-KILLERS - 2013 (HDTV - x264 - 720p).torrent
2017-05-17 16:30 - 2017-05-17 16:30 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\KORG
2017-05-17 16:27 - 2017-05-17 16:28 - 00000000 ____D C:\ProgramData\KORG
2017-05-17 16:27 - 2017-05-17 16:27 - 00000990 _____ C:\Users\Public\Desktop\WAVESTATION.lnk
2017-05-17 16:27 - 2017-05-17 16:27 - 00000939 _____ C:\Users\Public\Desktop\M1.lnk
2017-05-17 16:27 - 2017-05-17 16:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KORG
2017-05-17 16:27 - 2017-05-17 16:27 - 00000000 ____D C:\Program Files (x86)\KORG
2017-05-17 16:22 - 2017-05-17 16:24 - 00000000 ____D C:\Users\nvmr\Downloads\Korg.Legacy.Collection.Digital.Edition.VSTi.RTAS.v1.32.Incl.Keygen-AiR
2017-05-17 16:22 - 2017-05-17 16:21 - 00030768 _____ C:\Users\nvmr\Downloads\[audionews.org].t70419.torrent
2017-05-17 12:56 - 2017-05-17 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-17 05:10 - 2017-05-17 05:13 - 00000000 ____D C:\Users\nvmr\Downloads\Production.Music.Live.Boiler.Production.Massive.Presets.NMSV.MiDi
2017-05-17 05:10 - 2017-05-17 05:10 - 00000618 _____ C:\Users\nvmr\Downloads\[audionews.org].t198594.torrent
2017-05-16 05:22 - 2017-05-16 05:22 - 00038790 _____ C:\Users\nvmr\Downloads\Momoko Kikuchi - Adventure - 1986 (CD - FLAC - Lossless)-2252 (1).torrent
2017-05-16 05:21 - 2017-05-16 05:21 - 00038790 _____ C:\Users\nvmr\Downloads\Momoko Kikuchi - Adventure - 1986 (CD - FLAC - Lossless)-2252.torrent
2017-05-16 05:13 - 2017-05-16 05:13 - 00038787 _____ C:\Users\nvmr\Desktop\Momoko Kikuchi - Adventure [FLAC].torrent
2017-05-16 05:07 - 2017-05-16 05:07 - 00047200 _____ C:\Users\nvmr\Downloads\First Choice & Unknown Artist - Verktyg 01 - 2013 (Vinyl - FLAC - Lossless)-2251.torrent
2017-05-16 05:05 - 2017-05-16 05:05 - 00047197 _____ C:\Users\nvmr\Desktop\Various Artists - Verktyg 01 [FLAC].torrent
2017-05-15 15:55 - 2017-05-15 15:55 - 00029344 _____ C:\Users\nvmr\Downloads\Morten242s UI for DSfix-45-1-5-1.zip
2017-05-15 15:53 - 2017-05-15 15:52 - 00051327 _____ C:\Users\nvmr\Downloads\DSMfix.zip
2017-05-15 10:42 - 2017-05-15 10:42 - 04121760 _____ (Husdawg, LLC) C:\Users\nvmr\Downloads\Detection.exe
2017-05-13 17:50 - 2017-05-15 05:52 - 00000000 ____D C:\Users\nvmr\Downloads\SynthHacker.Massive.Mega-Pack.TUTORIAL
2017-05-13 17:50 - 2017-05-13 17:50 - 00013432 _____ C:\Users\nvmr\Downloads\[audionews.org].t192893.torrent
2017-05-13 17:21 - 2017-05-13 17:21 - 00000322 _____ C:\Users\nvmr\Downloads\play.m3u
2017-05-13 17:19 - 2017-05-13 17:19 - 00023821 _____ C:\Users\nvmr\Downloads\First Choice - Verktyg 01 - 2013 (Vinyl - FLAC - Lossless)-647738 (1).torrent
2017-05-13 16:07 - 2017-05-13 16:07 - 00000000 ____D C:\Users\nvmr\Desktop\Annie-may
2017-05-13 15:19 - 2017-05-13 15:19 - 00000212 _____ C:\Users\nvmr\Desktop\Quake Champions.url
2017-05-13 15:19 - 2017-05-13 15:19 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher
2017-05-13 14:06 - 2017-05-13 14:06 - 00023821 _____ C:\Users\nvmr\Downloads\First Choice - Verktyg 01 - 2013 (Vinyl - FLAC - Lossless)-647738.torrent
2017-05-13 10:06 - 2017-05-13 10:06 - 00038754 _____ C:\Users\nvmr\Downloads\Momoko Kikuchi (菊池桃子) - Adventure - 1986 (CD - FLAC - Lossless)-21338 (1).torrent
2017-05-13 09:24 - 2017-05-13 09:25 - 00000000 ____D C:\Users\nvmr\Downloads\SPF.Samplers.Massive.Deep.House.Presets.3.MiDI.Ni.Massive.Presets
2017-05-13 09:24 - 2017-05-13 09:24 - 00003099 _____ C:\Users\nvmr\Downloads\[audionews.org].t182184.torrent
2017-05-13 08:23 - 2017-05-13 08:23 - 00000000 ____D C:\Users\nvmr\Desktop\Dead Letter Circus - The Endless Mile [ 2017 ]
2017-05-13 08:19 - 2017-05-13 08:19 - 00014934 _____ C:\Users\nvmr\Downloads\Dead Letter Circus - The Endless Mile - 2017 (CD - FLAC - Lossless)-853578.torrent
2017-05-13 08:15 - 2017-05-13 08:15 - 00014215 _____ C:\Users\nvmr\Downloads\Anold Bax & Frederick Delius performed by The Carice Singers under George Parris - Delius & Bax Choral Music - 2017 (WEB - FLAC - Lossless)-853572.torrent
2017-05-12 13:13 - 2017-05-12 13:13 - 00026983 _____ C:\Users\nvmr\Downloads\Musuko ♂ NTR -Jippu ni Kimeseku Saremakuru Furyou Shounen- - 2017 (Web)-16983.torrent
2017-05-12 13:13 - 2017-05-12 13:13 - 00025108 _____ C:\Users\nvmr\Downloads\B.o.B - Ether - 2017 (WEB - FLAC - Lossless)-852074.torrent
2017-05-12 11:02 - 2017-05-12 11:02 - 00055501 _____ C:\Users\nvmr\Downloads\[MTV]The Blacklist - The.Blacklist.S04E20.720p.WEB-DL.DD5.1.H264-RARBG - 2013 (WEB-DL - Other - 720p).torrent
2017-05-12 09:22 - 2017-05-12 09:22 - 00571000 _____ C:\Users\nvmr\Documents\memedreambeam.veg
2017-05-12 09:13 - 2017-05-12 09:13 - 00028581 _____ C:\Users\nvmr\Downloads\Groundislava - TV Dream EP - 2012 (WEB - FLAC - Lossless)-538967.torrent
2017-05-12 08:54 - 2017-05-12 08:54 - 00018464 _____ C:\Users\nvmr\Downloads\マクロスMACROSS 82-99 - A Million Miles Away - 2014 (WEB - FLAC - Lossless)-29061.torrent
2017-05-12 06:12 - 2017-05-12 06:12 - 00000722 _____ C:\Users\nvmr\Desktop\s04e19.xspf
2017-05-12 05:19 - 2017-05-12 05:18 - 00032928 _____ C:\Users\nvmr\Downloads\[MTV]The Blacklist - The.Blacklist.S04E19.720p.AMZN.WEBRip.DDP5.1.x264-ViSUM - 2013 (WEBRip - x264 - 720p) (1).torrent
2017-05-11 06:56 - 2017-05-11 07:33 - 00001055 _____ C:\Users\nvmr\Desktop\s04e18.xspf
2017-05-11 05:38 - 2017-05-11 05:38 - 00011915 _____ C:\Users\nvmr\Downloads\Mizuryu Kei – MERCURY SHADOW 5 - 2014 (Scan)-16535.torrent
2017-05-11 05:31 - 2017-05-11 05:31 - 00032928 _____ C:\Users\nvmr\Downloads\[MTV]The Blacklist - The.Blacklist.S04E19.720p.AMZN.WEBRip.DDP5.1.x264-ViSUM - 2013 (WEBRip - x264 - 720p).torrent
2017-05-11 05:30 - 2017-05-11 05:30 - 00033268 _____ C:\Users\nvmr\Downloads\[MTV]The Blacklist - The.Blacklist.S04E18.720p.AMZN.WEBRip.DDP5.1.x264-ViSUM - 2013 (WEBRip - x264 - 720p).torrent
2017-05-10 19:10 - 2017-05-10 19:10 - 00000824 _____ C:\Users\nvmr\AppData\Local\recently-used.xbel
2017-05-10 17:52 - 2017-05-10 17:52 - 00036208 _____ C:\Users\nvmr\Downloads\[MTV]The Blacklist - The.Blacklist.S04E16.720p.AMZN.WEBRip.DDP5.1.x264-ViSUM - 2013 (WEBRip - x264 - 720p).torrent
2017-05-10 11:22 - 2017-05-10 11:22 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Electronic Arts
2017-05-10 11:17 - 2017-05-10 11:17 - 00000000 ____D C:\ProgramData\IsolatedStorage
2017-05-10 11:13 - 2017-05-10 11:21 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Uthgard
2017-05-10 11:13 - 2017-05-10 11:13 - 00323704 _____ (Uthgard) C:\Users\nvmr\Downloads\uthgard.setup.exe
2017-05-10 11:13 - 2017-05-10 11:13 - 00000995 _____ C:\Users\nvmr\Desktop\Uthgard Launcher.lnk
2017-05-10 11:13 - 2017-05-10 11:13 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Uthgard
2017-05-10 11:13 - 2017-05-10 11:13 - 00000000 ____D C:\Program Files (x86)\Uthgard
2017-05-10 03:17 - 2017-05-10 03:17 - 00000000 ____D C:\Users\nvmr\Desktop\True.Samples.Raw.Techno.WAV.MiDi.LENNAR.DiGiTAL.SYLENTH1.REVEAL.SOUND.SPiRE-DISCOVER
2017-05-10 03:15 - 2017-05-10 03:17 - 435683328 _____ C:\Users\nvmr\Desktop\Virtual Nature.avi
2017-05-10 01:30 - 2017-05-10 01:30 - 25741312 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 20278272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 15250944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 13661184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 05977600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 05547240 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 04548608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 03945192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 03220992 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 02899456 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 02767872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 02290176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 02132992 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-05-10 01:30 - 2017-05-10 01:30 - 02065408 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 02057216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-05-10 01:30 - 2017-05-10 01:30 - 01895656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01544704 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01508352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pla.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01483776 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01417728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\pla.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00986856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00876544 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00706792 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-05-10 01:30 - 2017-05-10 01:30 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-05-10 01:30 - 2017-05-10 01:30 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00300544 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-05-10 01:30 - 2017-05-10 01:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00265448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\exfat.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-05-10 01:30 - 2017-05-10 01:30 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-05-10 01:30 - 2017-05-10 01:30 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-05-10 01:30 - 2017-05-10 01:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleres.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\oleres.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\plasrv.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\comcat.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comcat.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-05-10 01:30 - 2017-05-10 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2017-05-10 01:30 - 2017-05-10 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-05-10 01:30 - 2017-04-16 02:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-05-10 01:30 - 2017-04-16 01:55 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-05-10 01:30 - 2017-04-16 01:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-05-10 01:30 - 2017-04-16 01:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-05-09 12:26 - 2017-05-09 12:26 - 00021867 _____ C:\Users\nvmr\Downloads\linda –  - 2006 (Scan)-16194.torrent
2017-05-09 06:01 - 2017-05-09 06:01 - 00000222 _____ C:\Users\nvmr\Desktop\Path of Exile.url
2017-05-08 14:15 - 2017-05-08 14:15 - 00000000 ____D C:\Users\nvmr\AppData\LocalLow\Cygames
2017-05-07 11:09 - 2017-05-07 11:14 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\MusicBee
2017-05-07 11:07 - 2017-05-07 11:07 - 00131942 _____ C:\Users\nvmr\Downloads\MB_SubSonic_v2.11.7z
2017-05-07 11:05 - 2017-05-07 11:05 - 12153541 _____ C:\Users\nvmr\Downloads\MusicBeeSetup_3_0_Update5.zip
2017-05-07 11:05 - 2017-05-07 11:05 - 00001029 _____ C:\Users\nvmr\Desktop\MusicBee.lnk
2017-05-07 11:05 - 2017-05-07 11:05 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2017-05-07 11:05 - 2017-05-07 11:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee
2017-05-07 11:05 - 2017-05-07 11:05 - 00000000 ____D C:\Program Files (x86)\MusicBee
2017-05-07 10:55 - 2017-05-07 10:55 - 22011528 _____ C:\Users\nvmr\Downloads\ClementineSetup-1.3.1.exe
2017-05-07 10:55 - 2017-05-07 10:55 - 00000000 ____D C:\Users\nvmr\.config
2017-05-07 10:55 - 2017-05-07 10:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clementine
2017-05-07 10:55 - 2017-05-07 10:55 - 00000000 ____D C:\Program Files (x86)\Clementine
2017-05-07 10:51 - 2017-05-07 10:51 - 03958951 _____ (foobar2000.org) C:\Users\nvmr\Downloads\foobar2000_v1.3.15.exe
2017-05-07 10:51 - 2017-05-07 10:51 - 00001035 _____ C:\Users\Public\Desktop\foobar2000.lnk
2017-05-06 08:56 - 2017-05-06 08:58 - 27278693 _____ C:\Users\nvmr\Downloads\Analogue - Evening.mp4
2017-05-06 08:54 - 2017-05-06 08:55 - 00251456 _____ C:\Users\nvmr\Desktop\Analogue - Evening.sfk
2017-05-06 08:50 - 2017-05-06 08:50 - 32177742 _____ C:\Users\nvmr\Desktop\Analogue - Evening.wav
2017-05-05 20:21 - 2017-05-05 20:32 - 00072385 _____ C:\Users\nvmr\Downloads\php.ini
2017-05-05 18:09 - 2017-05-05 18:08 - 00013799 _____ C:\Users\nvmr\Downloads\Hiroshi Sato & Wendy Matthews - Awakening - 2005 (CD - FLAC - Lossless)-625727.torrent
2017-05-05 16:15 - 2017-05-05 16:17 - 00000000 ____D C:\Program Files (x86)\Pianoteq 2.2
2017-05-05 16:15 - 2008-06-22 12:19 - 00000000 ____D C:\Users\nvmr\Downloads\PIANOTEQ v2.2 + ADD-ONS + PRESSETS RELEASED
2017-05-05 16:14 - 2017-05-05 16:14 - 28228721 _____ C:\Users\nvmr\Downloads\PIANOTEQ v2.2 + ADD-ONS + PRESSETS RELEASED.rar
2017-05-05 16:14 - 2017-05-05 16:13 - 00009032 _____ C:\Users\nvmr\Downloads\[audionews.org].t49126.torrent
2017-05-05 13:09 - 2017-05-05 13:15 - 00000966 _____ C:\Users\nvmr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Obscurium.lnk
2017-05-05 13:09 - 2017-05-05 13:09 - 00000000 ____D C:\Users\nvmr\Documents\Sugar Bytes
2017-05-05 13:09 - 2017-05-05 13:09 - 00000000 ____D C:\Program Files\Sugar Bytes
2017-05-05 13:07 - 2017-05-05 13:08 - 00000000 ____D C:\Users\nvmr\Downloads\Sugar.Bytes.Obscurium.v1.0.5.Incl.Keygen-R2R
2017-05-05 13:07 - 2017-05-05 13:07 - 00007964 _____ C:\Users\nvmr\Downloads\[audionews.org].t196233.torrent
2017-05-05 11:56 - 2017-05-05 11:56 - 00000962 _____ C:\Users\nvmr\Desktop\Dark Age of Camelot.lnk
2017-05-05 11:56 - 2017-05-05 11:56 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2017-05-05 11:55 - 2017-05-05 11:55 - 15094147 _____ C:\Users\nvmr\Downloads\DAoCSetup.exe
2017-05-05 10:28 - 2017-05-05 10:29 - 19200294 _____ C:\Users\nvmr\Downloads\Analogue - Dreaming.mp4
2017-05-05 10:24 - 2017-05-05 10:24 - 00176984 _____ C:\Users\nvmr\Desktop\Analogue - Dreaming.sfk
2017-05-05 10:23 - 2017-05-05 10:23 - 00000000 _____ C:\Users\nvmr\Documents\MOOB14D.tmp
2017-05-05 10:23 - 2017-05-05 10:23 - 00000000 _____ C:\Users\nvmr\Documents\MOOB14C.tmp
2017-05-05 10:23 - 2017-05-05 10:23 - 00000000 _____ C:\Users\nvmr\Documents\MOOB139.tmp
2017-05-05 10:23 - 2017-05-05 10:23 - 00000000 _____ C:\Users\nvmr\Documents\MOOB138.tmp
2017-05-05 10:22 - 2017-05-05 10:22 - 00000000 _____ C:\Users\nvmr\Documents\MOO151D.tmp
2017-05-05 10:08 - 2017-05-05 10:08 - 22645530 _____ C:\Users\nvmr\Desktop\Analogue - Dreaming.wav
2017-05-05 09:32 - 2017-05-05 09:32 - 00000551 _____ C:\Users\nvmr\Downloads\[audionews.org].t203184.torrent
2017-05-05 09:32 - 2017-05-05 09:32 - 00000000 ____D C:\Users\nvmr\Downloads\Production.Music.Live.Massive.Presets.Vol.1.Deep.House.NMSV
2017-05-05 09:26 - 2017-05-05 09:26 - 00000000 ____D C:\Users\nvmr\AppData\Local\Native Instruments
2017-05-05 09:24 - 2017-05-05 09:24 - 00000950 _____ C:\Users\Public\Desktop\Massive.lnk
2017-05-05 09:24 - 2017-05-05 09:24 - 00000000 __HDC C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}
2017-05-05 08:56 - 2017-05-05 09:21 - 00000000 ____D C:\Users\nvmr\Downloads\Native.Instruments.Massive.STANDALONE.VSTi.RTAS.v1.3.0.x86.x64-ASSiGN
2017-05-05 08:56 - 2017-05-05 08:56 - 00021719 _____ C:\Users\nvmr\Downloads\[audionews.org].t104333.torrent
2017-05-05 08:46 - 2017-05-05 08:46 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NI Service Center
2017-05-05 08:46 - 2017-05-05 08:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NI Service Center
2017-05-05 08:44 - 2017-05-05 09:22 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive
2017-05-05 08:44 - 2017-05-05 09:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments Massive
2017-05-05 08:43 - 2017-05-05 09:22 - 00000000 ____D C:\Program Files (x86)\Native Instruments
2017-05-05 08:36 - 2017-05-05 08:39 - 00000000 ____D C:\Users\nvmr\Downloads\Native.Instruments.Massive.VSTi.DXi.RTAS.AU.HYBRID.ISO-DYNAMiCS
2017-05-05 08:36 - 2017-05-05 08:36 - 00017383 _____ C:\Users\nvmr\Downloads\[audionews.org].t48702.torrent
2017-05-05 08:34 - 2017-05-05 13:08 - 00000000 ____D C:\Users\nvmr\Desktop\Raw.Cutz.Hip.Hop.Complete.WAV.REX-AUDIOSTRiKE
2017-05-05 08:33 - 2017-05-05 08:33 - 00013640 _____ C:\Users\nvmr\Downloads\[audionews.org].t177793.torrent
2017-05-05 08:31 - 2017-05-05 08:31 - 00016152 _____ C:\Users\nvmr\Downloads\[audionews.org].t139826.torrent
2017-05-05 08:29 - 2017-05-05 08:29 - 00047849 _____ C:\Users\nvmr\Downloads\[audionews.org].t209489.torrent
2017-05-05 08:29 - 2017-05-05 08:29 - 00047070 _____ C:\Users\nvmr\Downloads\[audionews.org].t209488.torrent
2017-05-05 08:29 - 2017-05-05 08:29 - 00038252 _____ C:\Users\nvmr\Downloads\[audionews.org].t209487.torrent
2017-05-05 06:56 - 2017-05-05 06:56 - 07013752 _____ (Tim Kosse) C:\Users\nvmr\Downloads\FileZilla_3.25.2_win64-setup.exe
2017-05-05 06:16 - 2017-05-05 06:16 - 00000000 ____D C:\Users\nvmr\AppData\LocalLow\Ankama
2017-05-05 06:13 - 2017-05-05 06:13 - 00000000 ____D C:\Users\nvmr\AppData\Local\Ankama
2017-05-05 05:52 - 2017-05-05 05:52 - 00109004 ____H C:\Windows\SysWOW64\mlfcache.dat
2017-05-05 05:51 - 2017-05-14 10:08 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\vShare
2017-05-05 05:51 - 2017-05-14 10:07 - 00001147 _____ C:\Users\Public\Desktop\vShare Helper.lnk
2017-05-05 04:38 - 2017-05-05 04:38 - 974028800 _____ C:\Users\nvmr\Desktop\The.Whole.Nine.Yards.2000.720p.HDTV.DD5.1.x264-Fizo.mkv
2017-05-05 04:37 - 2017-05-05 04:37 - 00000000 ____D C:\Users\nvmr\Desktop\The.Eric.Andre.Show.S04.720p.HDTV.DD5.1.x264-MiNDTHEGAP
2017-05-05 04:35 - 2017-05-05 04:38 - 959496192 _____ C:\Users\nvmr\Desktop\en_windows_10_multiple_editions_version_1607_updated_jul_2016_x64_dvd_9058187.iso
2017-05-05 04:03 - 2017-05-05 04:03 - 00011164 _____ C:\Users\nvmr\Downloads\Momoko Kikuchi - ESCAPE from DIMENSION - 1987-05-27 (CD - FLAC - Lossless).torrent
2017-05-05 03:57 - 2017-05-05 03:57 - 00011533 _____ C:\Users\nvmr\Downloads\Momoko Kikuchi - Tropic Of Capricorn - 1985-09-10 (CD - FLAC - Lossless).torrent
2017-05-04 16:14 - 2017-05-04 16:14 - 00000023 _____ C:\Users\nvmr\Downloads\bleep.html
2017-05-03 16:19 - 2017-05-03 16:20 - 45292505 _____ C:\Users\nvmr\Downloads\ampache-3.8.2_all.zip
2017-05-03 06:18 - 2017-05-03 06:22 - 1451718155 _____ C:\Users\nvmr\Downloads\The.Blacklist.S04E17.720p.WEB-DL.DD5.1.H264-RARBG.mkv
2017-05-03 06:18 - 2017-05-03 06:18 - 00055661 _____ C:\Users\nvmr\Downloads\[MTV]The Blacklist - The.Blacklist.S04E17.720p.WEB-DL.DD5.1.H264-RARBG - 2013 (WEB-DL - Other - 720p).torrent
2017-05-02 07:21 - 2017-05-02 07:21 - 00000000 _____ C:\Users\nvmr\Documents\MOO93F0.tmp
2017-05-02 07:21 - 2017-05-02 07:21 - 00000000 _____ C:\Users\nvmr\Documents\MOO93ED.tmp
2017-04-30 02:27 - 2017-04-30 02:30 - 231837945 _____ C:\Users\nvmr\Downloads\Analogue - NetZombie.mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-05-30 06:45 - 2016-04-10 07:39 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Skype
2017-05-30 06:04 - 2016-12-01 15:45 - 00000000 ____D C:\Users\nvmr\AppData\Local\Warframe
2017-05-30 05:54 - 2016-11-19 08:37 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-05-30 05:37 - 2016-04-10 07:46 - 00000000 ____D C:\Program Files (x86)\Steam
2017-05-30 05:32 - 2016-12-13 13:02 - 00003122 _____ C:\Windows\System32\Tasks\{A218CFC0-F6B3-4DDE-B15A-A5480DA34EE8}
2017-05-30 05:32 - 2016-11-16 11:18 - 00003380 _____ C:\Windows\System32\Tasks\{3C236C26-4098-486B-BC30-2FF1D5CDACD4}
2017-05-30 05:31 - 2017-02-15 06:39 - 00003204 _____ C:\Windows\System32\Tasks\klcp_update
2017-05-30 05:29 - 2016-06-10 18:03 - 00000000 ____D C:\Users\nvmr\AppData\Local\Spotify
2017-05-30 05:28 - 2016-06-10 18:03 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Spotify
2017-05-30 03:46 - 2009-07-13 21:45 - 00032112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-05-30 03:46 - 2009-07-13 21:45 - 00032112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-05-29 18:06 - 2017-02-16 21:29 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\qBittorrent
2017-05-29 18:06 - 2016-04-09 23:57 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-29 17:57 - 2016-11-19 08:37 - 00000900 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-05-29 17:57 - 2016-11-16 12:18 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2017-05-29 17:56 - 2016-04-28 15:11 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-05-29 17:56 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-05-29 16:43 - 2017-03-03 13:33 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\KeePass
2017-05-29 12:54 - 2016-05-24 03:08 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-29 03:03 - 2016-08-30 13:35 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-05-29 02:41 - 2016-04-23 07:07 - 00000000 ____D C:\Users\nvmr\AppData\Local\ElevatedDiagnostics
2017-05-29 02:34 - 2016-06-10 03:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-29 01:51 - 2016-04-10 18:49 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\HexChat
2017-05-29 01:02 - 2016-05-07 10:47 - 00000600 _____ C:\Users\nvmr\AppData\Local\PUTTY.RND
2017-05-28 15:54 - 2017-03-23 19:32 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2017-05-28 15:39 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2017-05-28 14:09 - 2016-05-17 16:59 - 00000000 ____D C:\Users\nvmr\AppData\Local\Battle.net
2017-05-27 23:28 - 2017-01-14 23:41 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-05-27 22:43 - 2016-05-17 16:58 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-05-27 20:24 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-27 20:23 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-05-27 17:39 - 2016-04-12 10:23 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-05-27 15:24 - 2016-04-10 08:07 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2017-05-27 03:28 - 2016-05-09 02:14 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\obs-studio
2017-05-26 19:01 - 2017-03-23 19:33 - 00029411 _____ C:\Windows\SysWOW64\report.txt
2017-05-26 01:30 - 2016-08-08 01:04 - 00103736 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2017-05-26 01:29 - 2016-08-08 01:04 - 00066872 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2017-05-26 01:29 - 2016-04-09 23:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-25 14:42 - 2016-05-18 23:53 - 00000000 ____D C:\Users\nvmr\AppData\Local\Ubisoft Game Launcher
2017-05-25 01:47 - 2016-10-26 21:15 - 00000000 ____D C:\Users\nvmr\Documents\Blockland
2017-05-24 22:58 - 2016-04-10 08:26 - 00000000 ____D C:\Users\nvmr\AppData\Local\CrashDumps
2017-05-24 19:58 - 2016-11-19 08:49 - 00000000 ___RD C:\Users\nvmr\Dropbox
2017-05-24 18:05 - 2016-04-09 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-05-24 18:00 - 2016-04-09 23:45 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-24 17:59 - 2017-02-01 19:55 - 00000000 ____D C:\temp
2017-05-24 17:59 - 2016-09-09 11:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-26-0.exe
2017-05-24 17:59 - 2016-09-09 11:24 - 00125216 _____ C:\Windows\system32\vulkaninfo-1-1-0-26-0.exe
2017-05-24 17:59 - 2016-04-09 23:55 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-05-24 17:59 - 2016-04-09 23:54 - 01595456 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-05-24 17:59 - 2016-04-09 23:51 - 00000000 ____D C:\Users\nvmr\AppData\Local\NVIDIA Corporation
2017-05-24 17:59 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\inf
2017-05-24 17:58 - 2016-11-22 22:10 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-05-24 17:56 - 2016-04-09 23:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-24 17:54 - 2016-04-09 23:54 - 03930688 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-05-24 17:40 - 2016-11-22 22:10 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-24 17:39 - 2017-02-11 19:26 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-24 17:39 - 2016-04-09 23:45 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-24 17:38 - 2017-02-11 19:25 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-05-24 17:38 - 2016-11-22 22:10 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-24 17:38 - 2016-11-22 22:10 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-24 17:38 - 2016-11-22 22:10 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-24 17:38 - 2016-11-22 22:10 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-24 17:38 - 2016-11-22 22:10 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-24 17:25 - 2017-01-22 15:27 - 00125728 _____ C:\Windows\system32\vulkaninfo.exe
2017-05-24 17:25 - 2017-01-22 15:27 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-05-24 17:25 - 2016-12-15 17:33 - 00111392 _____ C:\Windows\SysWOW64\vulkaninfo-1-1-0-37-0.exe
2017-05-24 17:25 - 2016-12-15 17:32 - 00125728 _____ C:\Windows\system32\vulkaninfo-1-1-0-37-0.exe
2017-05-23 18:36 - 2016-04-10 18:44 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\Audacity
2017-05-22 12:21 - 2016-07-16 03:35 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\vlc
2017-05-17 16:27 - 2016-04-14 01:03 - 00000000 ____D C:\VstPlugins
2017-05-17 12:56 - 2017-03-22 03:07 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-05-17 12:56 - 2017-03-22 03:07 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-05-17 12:56 - 2017-03-22 03:07 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-05-17 12:56 - 2016-11-19 08:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-05-17 12:55 - 2017-04-06 09:57 - 00048944 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-05-15 09:10 - 2016-09-13 10:28 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\foobar2000
2017-05-14 10:08 - 2017-02-25 15:53 - 00000000 ____D C:\Program Files (x86)\vShare Helper
2017-05-14 10:07 - 2017-02-25 15:54 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\vShare Helper.lnk
2017-05-13 16:08 - 2017-03-09 15:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-05-13 16:08 - 2016-04-10 07:39 - 00000000 ____D C:\ProgramData\Skype
2017-05-13 15:47 - 2017-04-05 11:34 - 00000000 ____D C:\Users\nvmr\AppData\Local\id Software
2017-05-11 04:26 - 2016-10-23 00:03 - 00037888 ___SH C:\Users\nvmr\Documents\Thumbs.db
2017-05-10 17:34 - 2016-06-02 05:35 - 00004434 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-05-10 17:34 - 2016-06-02 05:35 - 00004312 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2017-05-10 17:34 - 2016-04-12 10:23 - 00803320 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-05-10 17:34 - 2016-04-12 10:23 - 00144888 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-10 17:34 - 2016-04-12 10:23 - 00000000 ____D C:\Windows\system32\Macromed
2017-05-10 15:44 - 2016-05-26 21:34 - 00000000 ____D C:\Users\nvmr\AppData\Local\gtk-2.0
2017-05-10 11:22 - 2016-06-06 11:09 - 00000000 ____D C:\Users\nvmr\Documents\Electronic Arts
2017-05-10 08:25 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2017-05-10 03:10 - 2009-07-13 21:45 - 04887296 _____ C:\Windows\system32\FNTCACHE.DAT
2017-05-10 03:07 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-05-09 06:31 - 2016-04-20 10:38 - 00000000 ____D C:\Users\nvmr\Documents\My Games
2017-05-07 10:55 - 2016-04-09 23:25 - 00000000 ____D C:\Users\nvmr
2017-05-07 10:51 - 2016-09-13 10:28 - 00001117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2017-05-07 10:51 - 2016-09-13 10:27 - 00000000 ____D C:\Program Files (x86)\foobar2000
2017-05-06 15:06 - 2017-03-21 02:04 - 00000000 ____D C:\Program Files (x86)\Overwatch Test
2017-05-05 21:54 - 2016-11-19 18:21 - 00000132 _____ C:\Users\nvmr\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-05-05 11:56 - 2016-10-26 21:46 - 00000000 ____D C:\Users\nvmr\AppData\Roaming\FileZilla
2017-05-05 11:56 - 2016-10-26 08:47 - 00000000 ____D C:\Games
2017-05-05 09:26 - 2016-07-26 17:20 - 00000000 ____D C:\Users\nvmr\Documents\Native Instruments
2017-05-05 09:24 - 2016-07-26 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2017-05-05 09:24 - 2016-07-26 17:12 - 00000000 ____D C:\Program Files\Native Instruments
2017-05-05 08:02 - 2017-01-02 20:03 - 00000000 ____D C:\Users\nvmr\Desktop\illustrate dBpowerAMP Music Converter 16.1 Reference Edition + Portable
2017-05-05 05:51 - 2017-02-25 15:54 - 00000000 ___HD C:\Users\nvmr\Documents\vShare
2017-05-03 13:21 - 2016-08-29 15:53 - 01893496 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-05-03 13:21 - 2016-08-29 15:53 - 01755256 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-05-03 13:21 - 2016-08-29 15:53 - 01477240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-05-03 13:21 - 2016-08-29 15:53 - 01317496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-05-03 13:21 - 2016-08-29 15:53 - 00121464 _____ C:\Windows\system32\NvRtmpStreamer64.dll
 
==================== Files in the root of some directories =======
 
2016-07-15 17:49 - 2016-07-15 17:49 - 0001128 _____ () C:\Program Files (x86)\Diablo III - Shortcut.lnk
2017-03-10 23:16 - 2017-03-10 23:18 - 0000132 _____ () C:\Users\nvmr\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-11-19 18:21 - 2017-05-05 21:54 - 0000132 _____ () C:\Users\nvmr\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-05-02 05:18 - 2016-05-02 05:18 - 0114935 _____ () C:\Users\nvmr\AppData\Roaming\data01.db
2016-05-02 02:08 - 2016-05-02 02:08 - 0215846 _____ () C:\Users\nvmr\AppData\Roaming\data02.db
2016-09-24 23:31 - 2017-03-10 17:21 - 0004023 _____ () C:\Users\nvmr\AppData\Roaming\VoiceMeeterDefault.xml
2016-09-25 01:00 - 2016-09-25 01:00 - 0000600 _____ () C:\Users\nvmr\AppData\Roaming\winscp.rnd
2017-02-11 23:21 - 2017-02-11 23:21 - 0000054 _____ () C:\Users\nvmr\AppData\Roaming\~SiMPLEX.ini
2017-02-17 17:23 - 2017-02-17 17:23 - 0003584 _____ () C:\Users\nvmr\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-11-14 01:34 - 2017-02-25 17:09 - 0000170 _____ () C:\Users\nvmr\AppData\Local\package.nw.new
2016-05-07 10:47 - 2017-05-29 01:02 - 0000600 _____ () C:\Users\nvmr\AppData\Local\PUTTY.RND
2017-05-10 19:10 - 2017-05-10 19:10 - 0000824 _____ () C:\Users\nvmr\AppData\Local\recently-used.xbel
2016-08-08 15:35 - 2017-02-11 20:54 - 0007591 _____ () C:\Users\nvmr\AppData\Local\Resmon.ResmonCfg
2016-06-06 14:34 - 2016-06-06 14:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-06-16 01:37 - 2017-02-08 19:40 - 0000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
2017-05-29 18:09 - 2017-05-29 18:09 - 0000180 _____ () C:\Users\nvmr\AppData\Local\Temp\6699d3ee8dd9cf775caae782c8f44f03.dll
2017-05-29 18:10 - 2017-05-29 18:10 - 0000060 _____ () C:\Users\nvmr\AppData\Local\Temp\a9f46ed3d53fe38514d1c26d18f60d36.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-05-23 00:53
 
==================== End of FRST.txt ============================

Edited by brdsgn, 30 May 2017 - 08:50 AM.


BC AdBot (Login to Remove)

 


#2 brdsgn

brdsgn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:04 AM

Posted 30 May 2017 - 08:52 AM

Forgot to attach Addition.txt originally so here it is.

Attached Files



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:04 PM

Posted 31 May 2017 - 07:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Updater (AOL Inc.) (HKLM-x32\...\SoftwareUpdUtility) (Version: - AOL Inc.) <==== ATTENTION
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
Wireshark 2.0.3 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.0.3 - The Wireshark developer community, hxxps://www.wireshark.org)

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:


(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\Run: [AdobeBridge] => [X]
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF user.js: detected! => C:\Users\nvmr\AppData\Roaming\Mozilla\Firefox\Profiles\xmo4hzqu.default\user.js [2016-08-24]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Flash Video Downloader) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-25]
CHR Extension: (Tampermonkey) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2017-02-08] (@ByELDI) [File not signed]
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S3 cpuz140; \??\C:\Users\nvmr\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Task: {5FE33693-139A-4FB1-92BA-75609EDA2365} - System32\Tasks\ASC Task (One-Time) => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCPromote.exe
Task: {E3C622E2-1188-4923-A1AC-70C57FAE7EEA} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2017-02-08] (@ByELDI)
AlternateDataStreams: C:\Users\nvmr\Downloads\poosy.ppk:com.dropbox.attributes [168]
MSCONFIG\startupreg: Itibiti.exe => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{756BE506-870B-4235-8D5B-436C14CC5EA8}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{2F9686B5-D488-4701-8AA8-E8C6F34F54C0}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
C:\Windows\System32\Tasks\ASC Task (One-Time)
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCPromote.exe
C:\Windows\System32\Tasks\AutoPico Daily Restart
C:\Program Files\KMSpico

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882

If still present after these updates remove these old version(s) via the Control Panel > Programs > Programs and Features.
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
==

Please let me know what problem persists with this computer.

#4 brdsgn

brdsgn
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:04 AM

Posted 31 May 2017 - 08:05 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-05-2017
Ran by nvmr (31-05-2017 15:39:50) Run:1
Running from C:\Users\nvmr\Downloads
Loaded Profiles: nvmr (Available Profiles: nvmr)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
 
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Skype Technologies) C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\...\Run: [AdobeBridge] => [X]
GroupPolicy: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
FF user.js: detected! => C:\Users\nvmr\AppData\Roaming\Mozilla\Firefox\Profiles\xmo4hzqu.default\user.js [2016-08-24]
FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\netsight@nielsen.xpi => not found
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR Extension: (Flash Video Downloader) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-25]
CHR Extension: (Tampermonkey) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-12]
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2017-02-08] (@ByELDI) [File not signed]
S3 AppObserver; \??\C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\appobserver64.sys [X]
S3 cpuz140; \??\C:\Users\nvmr\AppData\Local\Temp\cpuz140\cpuz140_x64.sys [X] <==== ATTENTION
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
Task: {5FE33693-139A-4FB1-92BA-75609EDA2365} - System32\Tasks\ASC Task (One-Time) => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCPromote.exe
Task: {E3C622E2-1188-4923-A1AC-70C57FAE7EEA} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2017-02-08] (@ByELDI)
AlternateDataStreams: C:\Users\nvmr\Downloads\poosy.ppk:com.dropbox.attributes [168]
MSCONFIG\startupreg: Itibiti.exe => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{756BE506-870B-4235-8D5B-436C14CC5EA8}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{2F9686B5-D488-4701-8AA8-E8C6F34F54C0}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
C:\Windows\System32\Tasks\ASC Task (One-Time)
C:\Program Files (x86)\IObit\Advanced SystemCare\ASCPromote.exe
C:\Windows\System32\Tasks\AutoPico Daily Restart
C:\Program Files\KMSpico
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
[3276] C:\Program Files\KMSpico\Service_KMS.exe => process closed successfully.
[10072] C:\Program Files (x86)\Skype\Browser\SkypeBrowserHost.exe => process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key removed successfully
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value removed successfully
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKU\S-1-5-21-2527488993-3859118049-2027114840-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key removed successfully
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key removed successfully
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => key not found. 
C:\Users\nvmr\AppData\Roaming\Mozilla\Firefox\Profiles\xmo4hzqu.default\user.js => moved successfully
C:\Users\nvmr\AppData\Roaming\Mozilla\Firefox\Profiles\xmo4hzqu.default\user.js => not found.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\netsight@nielsen.com => value removed successfully
HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2 => key removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE => key removed successfully
C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc => moved successfully
C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo => moved successfully
C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\nvmr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
HKLM\System\CurrentControlSet\Services\Service KMSELDI => key removed successfully
Service KMSELDI => service removed successfully
HKLM\System\CurrentControlSet\Services\AppObserver => key removed successfully
AppObserver => service removed successfully
HKLM\System\CurrentControlSet\Services\cpuz140 => key removed successfully
cpuz140 => service removed successfully
HKLM\System\CurrentControlSet\Services\dbx => key removed successfully
dbx => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully
VGPU => service removed successfully
HKLM\System\CurrentControlSet\Services\xhunter1 => key removed successfully
xhunter1 => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5FE33693-139A-4FB1-92BA-75609EDA2365} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FE33693-139A-4FB1-92BA-75609EDA2365} => key removed successfully
C:\Windows\System32\Tasks\ASC Task (One-Time) => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC Task (One-Time) => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3C622E2-1188-4923-A1AC-70C57FAE7EEA} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3C622E2-1188-4923-A1AC-70C57FAE7EEA} => key removed successfully
C:\Windows\System32\Tasks\AutoPico Daily Restart => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart => key removed successfully
C:\Users\nvmr\Downloads\poosy.ppk => ":com.dropbox.attributes" ADS removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Itibiti.exe => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{756BE506-870B-4235-8D5B-436C14CC5EA8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2F9686B5-D488-4701-8AA8-E8C6F34F54C0} => value removed successfully
"C:\Windows\System32\Tasks\ASC Task (One-Time)" => not found.
"C:\Program Files (x86)\IObit\Advanced SystemCare\ASCPromote.exe" => not found.
"C:\Windows\System32\Tasks\AutoPico Daily Restart" => not found.
C:\Program Files\KMSpico => moved successfully
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3507854 B
Java, Flash, Steam htmlcache => 458083280 B
Windows/system/drivers => 248154025 B
Edge => 0 B
Chrome => 729589850 B
Firefox => 35267554 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58575441 B
systemprofile32 => 56530235 B
LocalService => 66228 B
NetworkService => 397640 B
nvmr => 745983873 B
 
RecycleBin => 35660044657 B
EmptyTemp: => 35.4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:51:42 ====


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,936 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:04 PM

Posted 01 June 2017 - 06:57 AM

Has your problem been solved?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users