Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple virus in Temp folders that keep coming back!


  • This topic is locked This topic is locked
26 replies to this topic

#1 AlexTamayo

AlexTamayo

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 03 August 2017 - 06:12 AM

As the title says, I've got multiple files in my temp folders which keep coming back regardless of how many times I erase them or how. I've been looking over the internet, but haven't found a permanent solution yet. I hope I can find it here.

 

I followed some instructions in the forum to first run FRST.exe and post the log here. I genuinely do not feel comfortable posting all this info here, but I really want to get rid of these virus and I don't know how.

Thank you in advance for your help.

 

Cheers!


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-07-2017
Ran by Alexander (administrator) on ALEXT (03-08-2017 07:01:04)
Running from C:\Users\Alexander\Downloads\_WindowsAndOS\_virus\BleepingComputer
Loaded Profiles: Alexander (Available Profiles: Alexander)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(N/A) C:\Users\Alexander\AppData\Local\Ephere\Ephere.Licensing.LicenseServer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() E:\Program Files\Everything\Everything.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Acresso) E:\Forza2.13SP2\upsMonitor.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Electronic Arts) E:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Sun Microsystems, Inc.) E:\Forza2.13SP2\jre\bin\javaw.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Apache Software Foundation) E:\Forza2.13SP2\tomcat\bin\tomcat7.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.8.0.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1706.1862.0_x64__8wekyb3d8bbwe\Calculator.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Spotify Ltd) C:\Users\Alexander\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Alexander\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Alexander\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Alexander\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Telegram Messenger LLP) C:\Users\Alexander\AppData\Roaming\Telegram Desktop\Telegram.exe
(Dominik Reichl) E:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Mozilla Corporation) E:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
() E:\Program Files\Everything\Everything.exe
() G:\Juegos\Nintendo\106_WiiU\Emulator\_downloads\_mapleSeed\MapleSeed.exe
(Spotify Ltd) C:\Users\Alexander\AppData\Roaming\Spotify\Spotify.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9037832 2016-10-21] (Realtek Semiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [Everything] => E:\Program Files\Everything\Everything.exe [2197608 2017-06-06] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-08-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => E:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3191728 2017-06-09] (Dominik Reichl)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-07-01] (Autodesk, Inc.)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe [1242816 2016-08-26] (CHENGDU Yiwo Tech Development Co., Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [Google Update] => C:\Users\Alexander\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (Google Inc.)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [ManicTime] => E:\Program Files (x86)\ManicTime\ManicTime.exe [249688 2012-10-24] (Finkit d.o.o.)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [CGFLoader] => E:\Program Files (x86)\Calibrize\CalibrizeLoader.exe [1961984 2007-11-26] (Colorjinn)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [CalibrizeResume] => E:\Program Files (x86)\Calibrize\CalibrizeResume.exe [413696 2007-11-26] (Eberhard Werle)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-01-23] (Autodesk, Inc.)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [Xvid] => E:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [gflauncher] => E:\Program Files (x86)\Crytek\GFACE Launcher\live\gflauncher.exe [46350968 2016-06-30] ()
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [f.lux] => C:\Users\Alexander\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (Flux Software LLC)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [Spotify Web Helper] => C:\Users\Alexander\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1579120 2017-07-20] (Spotify Ltd)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [psexe] => C:\Users\Alexander\AppData\Roaming\pxese.exe [1667072 2017-08-03] ()
HKU\S-1-5-18\...\Run: [psexe] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\pxese.exe
HKU\S-1-5-18\...\RunOnce: [AxGfMIQkjR] => C:\WINDOWS\system32\config\SYSTEM~1\AppData\Local\DSHCAJ~1\winsvc.exe
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Forza.lnk [2017-07-31]
ShortcutTarget: Forza.lnk -> E:\Forza2.13SP2\Forza.exe (Acresso)
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-05-07]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Alexander\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NowInStock.lnk [2017-05-07]
ShortcutTarget: NowInStock.lnk -> C:\Program Files (x86)\NowInStock.net Desktop Alerts\NowInStock.net Desktop Alerts.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2017-05-07]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-05-31]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2017-05-07]
ShortcutTarget: GoPro Importer.lnk -> E:\Program Files (x86)\GoPro\GoPro Studio\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2017-05-09]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (Andy OS, inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2017-05-07]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{1c23da45-1c74-4b66-a26f-8a7738abd0f2}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207650183142959&GUID=4CF3C11E-FC73-4517-A04D-EAC4D00A9A4C
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-xl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1277071745-3778731969-3839681893-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Free Download Manager -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> E:\Program Files\FreeDownloadManager.ORG\Free Download Manager\iebho.dll [2016-07-22] ()
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> E:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (Oracle Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File

FireFox:
========
FF DefaultProfile: 1eba5x4q.default
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default [2017-08-03]
FF Session Restore: Mozilla\Firefox\Profiles\1eba5x4q.default -> is enabled.
FF Extension: (Free Download Manager extension) - C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\fdm_ffext@freedownloadmanager.org [2016-08-16]
FF Extension: (DownThemAll! AntiContainer) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\anticontainer@downthemall.net.xpi [2017-05-10]
FF Extension: (Autofill Forms) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\autofillForms@blueimp.net.xpi [2017-05-10]
FF Extension: (Spanish (Venezuela) spell check dictionary) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\es-ve@dictionaries.addons.mozilla.org [2017-05-19]
FF Extension: (Ghostery) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\firefox@ghostery.com.xpi [2017-08-03]
FF Extension: (MEGA) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\firefox@mega.co.nz.xpi [2017-07-27]
FF Extension: (KeeFox) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\keefox@chris.tomlinson [2017-06-11]
FF Extension: (English (GB) Language Pack) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2017-06-23]
FF Extension: (Español (México) Language Pack) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\langpack-es-MX@firefox.mozilla.org.xpi [2017-06-23]
FF Extension: (Português (Portugal) Language Pack) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\langpack-pt-PT@firefox.mozilla.org.xpi [2017-06-23]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\marcoagpinto@mail.telepac.pt [2017-07-25]
FF Extension: (Brazilian Portuguese (Current Spelling)) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\pt-BR@dictionaries.addons.mozilla.org [2017-05-19]
FF Extension: (Task Manager) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\task-manager@TheLaGmAn.xpi [2017-06-25]
FF Extension: (YouTube Audio Sync Tool) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\{723de83c-d1e2-4e7a-8db8-03d8871cf2b0}.xpi [2017-06-25]
FF Extension: (Flash and Video Download) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-05-10]
FF Extension: (Block site) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2017-05-10]
FF Extension: (DownThemAll!) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2017-05-10]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-05-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-05-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=5.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2016-03-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Alexander\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [No File]
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: @talk.google.com/O1DPlugin -> C:\Users\Alexander\AppData\Roaming\Mozilla\plugins\npo1d.dll [No File]
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Alexander\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Alexander\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alexander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
StartMenuInternet: FIREFOX.EXE - E:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR DefaultSearchKeyword: Default -> google.com_
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default [2017-08-03]
CHR Extension: (Google Slides) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-16]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2017-03-03]
CHR Extension: (Google Docs) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-16]
CHR Extension: (Google Drive) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-16]
CHR Extension: (YouTube) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-16]
CHR Extension: (Session Buddy) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-07-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Block site) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-06-16]
CHR Extension: (Google Sheets) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-16]
CHR Extension: (Google Docs Offline) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-01-26]
CHR Extension: (Ghostery) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-08-01]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-16]
CHR Extension: (Chrome Media Router) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-09-11] (BitRaider, LLC)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-09] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-09] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-08-01] (Dropbox, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2017-03-11] (EasyAntiCheat Ltd)
R2 Ephere License Server; C:\Users\Alexander\AppData\Local\Ephere\Ephere.Licensing.LicenseServer.exe [43008 2017-07-22] (N/A) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 Everything; E:\Program Files\Everything\Everything.exe [2197608 2017-06-06] ()
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (Acresso Software Inc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2013-12-23] (Reprise Software Inc.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-08-11] (Futuremark)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-03-16] (Intel Corporation)
S3 mi-raysat_3dsmax2017_64; E:\Program Files\Autodesk\3ds Max 2017\raysat_3dsmax2017_64server.exe [86016 2011-09-15] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-18] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIA Corporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2700224 2016-05-30] ()
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-26] (Electronic Arts)
R2 Origin Web Helper Service; E:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-26] (Electronic Arts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-07-21] (@ByELDI) [File not signed]
S3 ShareItSvc; E:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREit Technologies Co.Ltd)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S3 Te.Service; E:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-15] (Microsoft Corporation) [File not signed]
R2 upsMonitor; E:\Forza2.13SP2\upsMonitor.exe [116224 2017-07-31] (Acresso) [File not signed]
R3 upsTomcat; E:\Forza2.13SP2\tomcat\bin\tomcat7.exe [80896 2013-12-19] (Apache Software Foundation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe [437392 2016-10-10] (Wondershare)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671696 2016-12-09] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-09-11] (BitRaider)
S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows ® Win 7 DDK provider)
S3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2015-11-14] (Windows ® Win 7 DDK provider)
R3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
S3 GPCIDrv; E:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2017-05-10] (Malwarebytes Corporation)
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] (cansoft@livewiredev.com) [File not signed]
S3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_24ddebfb518b5a55\nvlddmkm.sys [15668664 2017-07-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-26] (NVIDIA Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek                                            )
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2016-05-25] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
R3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 tapoas; C:\WINDOWS\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project) [File not signed]
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple, Inc.) [File not signed]
R3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [119448 2016-12-05] (Wacom Technology)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [106760 2017-04-08] (WIBU-SYSTEMS AG)
R2 WinisoCDBus; C:\WINDOWS\System32\drivers\WinisoCDBus.sys [204032 2016-10-20] (WinISO.com)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-03 06:59 - 2017-08-03 07:01 - 000000000 ____D C:\FRST
2017-08-03 02:27 - 2017-08-03 02:29 - 075743822 _____ C:\Users\Alexander\Downloads\Legend of Korra - Turf Wars Part 1 (English) GetComics.INFO.cbz
2017-08-03 01:52 - 2017-08-03 01:52 - 000936976 _____ C:\Users\Alexander\AppData\Roaming\E8504203DF6106C4F24EBACFAB3E97BA
2017-08-03 01:52 - 2017-08-03 01:52 - 000253456 _____ C:\Users\Alexander\AppData\Roaming\EC4A4388C459C7436E867ABD6F1A5CE2
2017-08-03 01:52 - 2017-08-03 01:52 - 000232464 _____ C:\Users\Alexander\AppData\Roaming\7D8013BFBD65F2C5A83C083E1FF74684
2017-08-03 01:52 - 2017-08-03 01:52 - 000047120 _____ C:\Users\Alexander\AppData\Roaming\A1EFF9703FF3D938AE9A5E46A43ED01E
2017-08-03 01:50 - 2017-08-03 06:58 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\tor
2017-08-03 01:48 - 2017-08-03 01:46 - 001667072 _____ C:\Users\Alexander\AppData\Roaming\pxese.exe
2017-08-02 22:38 - 2017-08-02 22:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-02 17:34 - 2017-08-03 03:40 - 000001404 _____ C:\Users\Alexander\Desktop\WiiU_USB_Helper.lnk
2017-08-02 04:35 - 2017-08-03 04:42 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\USB_HELPER
2017-08-02 04:32 - 2017-08-02 04:32 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WiiU_USB_Helper
2017-08-02 04:32 - 2017-08-02 04:32 - 000000000 ____D C:\Users\Alexander\AppData\Local\Hikari06
2017-08-02 03:55 - 2017-08-02 03:55 - 000002239 _____ C:\Users\Alexander\Downloads\BlockSiteList_20170801.txt
2017-08-01 14:53 - 2017-08-01 14:53 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-08-01 14:53 - 2017-08-01 14:53 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-08-01 14:53 - 2017-08-01 14:53 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-08-01 14:53 - 2017-08-01 14:53 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-08-01 00:07 - 2017-08-01 00:07 - 000000136 _____ C:\cerr.txt
2017-07-31 23:41 - 2017-07-31 23:42 - 000000000 ____D C:\Users\Alexander\Downloads\_UPS
2017-07-31 22:52 - 2017-07-31 22:52 - 000002700 _____ C:\Users\Alexander\Downloads\poyEdgetoCurve_v1.mel
2017-07-28 18:24 - 2017-07-28 18:24 - 000000000 ____D C:\WINDOWS\LastGood
2017-07-28 14:52 - 2017-07-28 14:52 - 002565692 _____ C:\Users\Alexander\Downloads\Invoice_20170708_001.pdf
2017-07-27 11:21 - 2017-07-27 11:21 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1277071745-3778731969-3839681893-1001
2017-07-27 01:06 - 2017-07-27 01:06 - 000001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Animate CC 2017.lnk
2017-07-27 01:05 - 2017-07-27 01:05 - 000001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-07-26 12:42 - 2017-07-26 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-07-26 12:42 - 2017-07-26 12:42 - 000000000 ____D C:\Program Files\iTunes
2017-07-26 12:42 - 2017-07-26 12:42 - 000000000 ____D C:\Program Files\iPod
2017-07-26 02:37 - 2017-07-26 02:37 - 000000000 ____D C:\Program Files\Chaos Group
2017-07-25 03:49 - 2017-07-25 03:49 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-07-25 03:49 - 2017-07-18 18:38 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-07-25 03:49 - 2017-03-10 17:17 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-07-25 03:49 - 2017-03-10 17:17 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-07-25 03:49 - 2017-03-10 17:17 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-07-25 03:49 - 2017-03-10 17:17 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-07-25 03:48 - 2017-07-25 03:48 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-07-25 03:47 - 2017-07-18 20:40 - 040239736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 035314296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 028960376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 013655672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 012133112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 011591576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 010487760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 009982968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 004163520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 003595896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438494.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438494.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 001278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 001276992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000996760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000995408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000972920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000617416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000584312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-07-24 16:25 - 2017-07-24 16:25 - 000000000 ____D C:\ProgramData\Ephere
2017-07-22 01:19 - 2017-08-01 00:54 - 000000000 ____D C:\Users\Alexander\AppData\Local\Ephere
2017-07-22 01:19 - 2017-07-22 01:19 - 000000290 _____ C:\Users\Alexander\AppData\Local\EphereLicensingLog.txt
2017-07-22 01:07 - 2017-07-28 05:55 - 000000009 _____ C:\Users\Alexander\AppData\Local\OrnatrixMayaLicenseServerIP.txt
2017-07-21 20:47 - 2017-07-28 03:01 - 000000074 _____ C:\Users\Alexander\AppData\Local\OrnatrixMayaSetupFilepath.txt
2017-07-12 22:25 - 2017-07-12 22:25 - 000260122 _____ C:\Users\Alexander\Downloads\massielCV.pdf
2017-07-12 22:03 - 2017-07-12 22:03 - 000473892 _____ C:\Users\Alexander\Downloads\AlexanderTamayo_CV_EN_A4.pdf
2017-07-12 22:02 - 2017-07-12 22:03 - 000478423 _____ C:\Users\Alexander\Downloads\AlexanderTamayo_CV_ES.pdf
2017-07-11 18:10 - 2017-07-07 10:00 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-11 18:10 - 2017-07-07 03:27 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-11 18:10 - 2017-07-07 03:27 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-11 18:10 - 2017-07-07 03:27 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-11 18:10 - 2017-07-07 03:26 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-11 18:10 - 2017-07-07 03:25 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-11 18:10 - 2017-07-07 03:24 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-11 18:10 - 2017-07-07 03:23 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-11 18:10 - 2017-07-07 03:22 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-11 18:10 - 2017-07-07 03:22 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-11 18:10 - 2017-07-07 03:21 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-11 18:10 - 2017-07-07 03:21 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-11 18:10 - 2017-07-07 03:20 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-11 18:10 - 2017-07-07 03:20 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-11 18:10 - 2017-07-07 03:20 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-11 18:10 - 2017-07-07 03:20 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-11 18:10 - 2017-07-07 03:15 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-11 18:10 - 2017-07-07 03:14 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-11 18:10 - 2017-07-07 03:14 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-11 18:10 - 2017-07-07 03:14 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-11 18:10 - 2017-07-07 03:14 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-11 18:10 - 2017-07-07 03:13 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-11 18:10 - 2017-07-07 03:13 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-11 18:10 - 2017-07-07 03:13 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-11 18:10 - 2017-07-07 03:12 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-11 18:10 - 2017-07-07 03:12 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-11 18:10 - 2017-07-07 03:11 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-11 18:10 - 2017-07-07 03:11 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-11 18:10 - 2017-07-07 03:10 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-11 18:10 - 2017-07-07 03:10 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-11 18:10 - 2017-07-07 03:10 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-11 18:10 - 2017-07-07 03:10 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-11 18:10 - 2017-07-07 03:10 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-11 18:10 - 2017-07-07 03:10 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-11 18:10 - 2017-07-07 03:09 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 001458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 000848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 000846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-11 18:10 - 2017-07-07 03:08 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 000672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 000399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-11 18:10 - 2017-07-07 03:07 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-11 18:10 - 2017-07-07 03:07 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-11 18:10 - 2017-07-07 02:57 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-11 18:10 - 2017-07-07 02:57 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-11 18:10 - 2017-07-07 02:40 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-11 18:10 - 2017-07-07 02:39 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-11 18:10 - 2017-07-07 02:39 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-11 18:10 - 2017-07-07 02:37 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-11 18:10 - 2017-07-07 02:37 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-11 18:10 - 2017-07-07 02:37 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-11 18:10 - 2017-07-07 02:31 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-11 18:10 - 2017-07-07 02:31 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-11 18:10 - 2017-07-07 02:31 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-11 18:10 - 2017-07-07 02:30 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-11 18:10 - 2017-07-07 02:30 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-11 18:10 - 2017-07-07 02:30 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-11 18:10 - 2017-07-07 02:29 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-11 18:10 - 2017-07-07 02:29 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-11 18:10 - 2017-07-07 02:27 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-11 18:10 - 2017-07-07 02:27 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-11 18:10 - 2017-07-07 02:27 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-11 18:10 - 2017-07-07 02:27 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-11 18:10 - 2017-07-07 02:27 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-11 18:10 - 2017-07-07 02:27 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-11 18:10 - 2017-07-07 02:26 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-11 18:10 - 2017-07-07 02:26 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-11 18:10 - 2017-07-07 02:26 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-11 18:10 - 2017-07-07 02:26 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-11 18:10 - 2017-07-07 02:26 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-11 18:10 - 2017-07-07 02:25 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-11 18:10 - 2017-07-07 02:25 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-11 18:10 - 2017-07-07 02:24 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-11 18:10 - 2017-07-07 02:23 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-11 18:10 - 2017-07-07 02:23 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-11 18:10 - 2017-07-07 02:23 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-11 18:10 - 2017-07-07 02:22 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-11 18:10 - 2017-07-07 02:22 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-11 18:10 - 2017-07-07 02:21 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-11 18:10 - 2017-07-07 02:20 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-11 18:10 - 2017-07-07 02:20 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-11 18:10 - 2017-07-07 02:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-11 18:10 - 2017-07-07 02:19 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-11 18:10 - 2017-07-07 02:19 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-11 18:10 - 2017-07-07 02:19 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-11 18:10 - 2017-07-07 02:19 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-11 18:10 - 2017-07-07 02:18 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-11 18:10 - 2017-07-07 02:18 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-11 18:10 - 2017-07-07 02:18 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-11 18:10 - 2017-07-07 02:18 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-11 18:10 - 2017-07-07 02:17 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-11 18:10 - 2017-07-07 02:17 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-11 18:10 - 2017-07-07 02:17 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-11 18:10 - 2017-07-07 02:17 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-11 18:10 - 2017-07-07 02:17 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-11 18:10 - 2017-07-07 02:16 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-11 18:10 - 2017-07-07 02:16 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-11 18:10 - 2017-07-07 02:16 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-11 18:10 - 2017-07-07 02:15 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-11 18:10 - 2017-07-07 02:15 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-11 18:10 - 2017-07-07 02:15 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2017-07-11 18:10 - 2017-07-07 02:14 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-11 18:10 - 2017-07-07 02:14 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-11 18:10 - 2017-07-07 02:14 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-11 18:10 - 2017-07-07 02:14 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-11 18:10 - 2017-07-07 02:14 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-11 18:10 - 2017-07-07 02:14 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-11 18:10 - 2017-07-07 02:14 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-11 18:10 - 2017-07-07 02:13 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-11 18:10 - 2017-07-07 02:13 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-11 18:10 - 2017-07-07 02:13 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-11 18:10 - 2017-07-07 02:12 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-11 18:10 - 2017-07-07 02:11 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-11 18:10 - 2017-07-07 02:11 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-11 18:10 - 2017-07-07 02:11 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-11 18:10 - 2017-07-07 02:11 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-11 18:10 - 2017-07-07 02:11 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-11 18:10 - 2017-07-07 02:11 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-11 18:10 - 2017-07-07 02:11 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-11 18:10 - 2017-07-07 02:10 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-11 18:10 - 2017-07-07 02:10 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-11 18:10 - 2017-07-07 02:10 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-11 18:10 - 2017-07-07 02:10 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-11 18:10 - 2017-07-07 02:10 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-11 18:10 - 2017-07-07 02:09 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-11 18:10 - 2017-07-07 02:09 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-11 18:10 - 2017-07-07 02:08 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-11 18:10 - 2017-07-07 02:07 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-11 18:10 - 2017-07-07 02:07 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-11 18:10 - 2017-07-07 02:06 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-11 18:10 - 2017-07-07 02:06 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-11 18:10 - 2017-07-07 02:06 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-11 18:10 - 2017-07-07 02:05 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-11 18:10 - 2017-07-07 02:05 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-11 18:10 - 2017-07-07 02:05 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-11 18:10 - 2017-07-07 02:05 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-11 18:10 - 2017-07-07 02:05 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-11 18:10 - 2017-07-07 02:05 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-11 18:10 - 2017-07-07 02:04 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 18:10 - 2017-07-07 02:04 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-11 18:10 - 2017-07-07 02:04 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-11 18:10 - 2017-07-07 02:04 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-11 18:10 - 2017-07-07 02:04 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-11 18:10 - 2017-07-07 02:04 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-11 18:10 - 2017-07-07 02:03 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-11 18:10 - 2017-07-07 02:03 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-11 18:10 - 2017-07-07 02:03 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-11 18:10 - 2017-07-07 02:03 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2017-07-11 18:10 - 2017-07-07 02:02 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-11 18:10 - 2017-07-07 02:02 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-11 18:10 - 2017-07-07 02:01 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-11 18:10 - 2017-07-07 02:01 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-11 18:10 - 2017-07-07 02:00 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-11 18:10 - 2017-07-07 02:00 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-11 18:10 - 2017-07-07 02:00 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-11 18:10 - 2017-07-07 02:00 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-11 18:10 - 2017-07-07 02:00 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-11 18:10 - 2017-07-07 02:00 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-11 18:10 - 2017-07-07 01:59 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-11 18:10 - 2017-07-07 01:59 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-11 18:10 - 2017-07-07 01:59 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-11 18:10 - 2017-07-07 01:59 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-11 18:10 - 2017-07-07 01:59 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-11 18:10 - 2017-07-07 01:58 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-11 18:10 - 2017-07-07 01:58 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-11 18:10 - 2017-07-07 01:58 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-11 18:10 - 2017-07-07 01:58 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-11 18:10 - 2017-07-07 01:55 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-11 18:10 - 2017-07-07 01:55 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-11 18:10 - 2017-07-07 01:53 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-11 18:10 - 2017-07-07 01:53 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-11 18:10 - 2017-07-01 18:52 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-11 18:10 - 2017-06-20 02:18 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-11 18:10 - 2017-06-20 02:17 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-11 18:10 - 2017-06-20 02:17 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-11 18:10 - 2017-06-20 02:17 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-11 18:10 - 2017-06-20 02:17 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-11 18:10 - 2017-06-20 02:16 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-11 18:10 - 2017-06-20 02:16 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-11 18:10 - 2017-06-20 02:15 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-11 18:10 - 2017-06-20 02:11 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-11 18:10 - 2017-06-20 02:11 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-11 18:10 - 2017-06-20 02:10 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-11 18:10 - 2017-06-20 02:10 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-11 18:10 - 2017-06-20 02:08 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-11 18:10 - 2017-06-20 02:06 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-11 18:10 - 2017-06-20 02:05 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-11 18:10 - 2017-06-20 02:04 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-11 18:10 - 2017-06-20 02:04 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-11 18:10 - 2017-06-20 02:03 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-11 18:10 - 2017-06-20 02:03 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-11 18:10 - 2017-06-20 02:02 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-11 18:10 - 2017-06-20 02:02 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-11 18:10 - 2017-06-20 02:00 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-11 18:10 - 2017-06-20 02:00 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-11 18:10 - 2017-06-20 02:00 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-11 18:10 - 2017-06-20 01:59 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-11 18:10 - 2017-06-20 01:59 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-11 18:10 - 2017-06-20 01:59 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-11 18:10 - 2017-06-20 01:59 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-11 18:10 - 2017-06-20 01:59 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-11 18:10 - 2017-06-20 01:58 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-11 18:10 - 2017-06-20 01:58 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-11 18:10 - 2017-06-20 01:57 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-11 18:10 - 2017-06-20 01:57 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-11 18:10 - 2017-06-20 01:34 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-11 18:10 - 2017-06-20 01:15 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-11 18:10 - 2017-06-20 01:15 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-11 18:10 - 2017-06-20 01:14 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-11 18:10 - 2017-06-20 01:13 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-11 18:10 - 2017-06-20 01:13 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-11 18:10 - 2017-06-20 01:12 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-11 18:10 - 2017-06-20 01:12 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-11 18:10 - 2017-06-20 01:12 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-11 18:10 - 2017-06-20 01:11 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-11 18:10 - 2017-06-20 01:11 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-11 18:10 - 2017-06-20 01:10 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-11 18:10 - 2017-06-20 01:10 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-11 18:10 - 2017-06-20 01:10 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-11 18:10 - 2017-06-20 01:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-11 18:10 - 2017-06-20 01:09 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-11 18:10 - 2017-06-20 01:08 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-07-11 18:10 - 2017-06-20 01:05 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-11 18:10 - 2017-06-20 01:05 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-11 18:10 - 2017-06-20 01:05 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-11 18:10 - 2017-06-20 01:05 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-11 18:10 - 2017-06-20 01:04 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-11 18:10 - 2017-06-20 01:03 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-11 18:10 - 2017-06-20 01:03 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-11 18:10 - 2017-06-20 01:03 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-11 18:10 - 2017-06-20 01:03 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-11 18:10 - 2017-06-20 01:03 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-11 18:10 - 2017-06-20 01:00 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-11 18:10 - 2017-06-20 01:00 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-11 18:10 - 2017-06-20 01:00 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-11 18:10 - 2017-06-20 00:59 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-11 18:10 - 2017-06-20 00:59 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-11 18:10 - 2017-06-20 00:59 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-11 18:10 - 2017-06-20 00:58 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-11 18:10 - 2017-06-20 00:56 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-11 18:10 - 2017-06-20 00:54 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-11 18:10 - 2017-06-20 00:49 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-11 18:10 - 2017-06-20 00:49 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-11 18:10 - 2017-06-20 00:46 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-11 18:10 - 2017-06-20 00:45 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-11 18:10 - 2017-06-20 00:45 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-11 18:10 - 2017-06-20 00:42 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-11 18:10 - 2017-06-20 00:42 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-11 18:10 - 2017-06-20 00:42 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-11 18:10 - 2017-06-20 00:42 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-11 18:10 - 2017-06-20 00:42 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-11 18:10 - 2017-06-20 00:42 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-11 18:10 - 2017-06-20 00:41 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-11 18:10 - 2017-06-20 00:41 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-11 18:10 - 2017-06-20 00:41 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-11 18:10 - 2017-06-20 00:41 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-11 18:10 - 2017-06-20 00:41 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-11 18:10 - 2017-06-20 00:40 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-07-11 18:10 - 2017-06-20 00:40 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-11 18:10 - 2017-06-20 00:40 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-11 18:10 - 2017-06-20 00:40 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-11 18:10 - 2017-06-20 00:40 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-11 18:10 - 2017-06-20 00:40 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-11 18:10 - 2017-06-20 00:40 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-11 18:10 - 2017-06-20 00:39 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-11 18:10 - 2017-06-20 00:39 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-11 18:10 - 2017-06-20 00:39 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-11 18:10 - 2017-06-20 00:39 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-11 18:10 - 2017-06-20 00:39 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-11 18:10 - 2017-06-20 00:39 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-11 18:10 - 2017-06-20 00:38 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-11 18:10 - 2017-06-20 00:38 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-11 18:10 - 2017-06-20 00:38 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-11 18:10 - 2017-06-20 00:38 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-11 18:10 - 2017-06-20 00:38 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-11 18:10 - 2017-06-20 00:38 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-11 18:10 - 2017-06-20 00:37 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-11 18:10 - 2017-06-20 00:36 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-11 18:10 - 2017-06-20 00:35 - 005141504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2017-07-11 18:10 - 2017-06-20 00:35 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-11 18:10 - 2017-06-20 00:35 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-11 18:10 - 2017-06-20 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-11 18:10 - 2017-06-20 00:34 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-11 18:10 - 2017-06-20 00:34 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-11 18:10 - 2017-06-20 00:34 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-11 18:10 - 2017-06-20 00:34 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-11 18:10 - 2017-06-20 00:34 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-11 18:10 - 2017-06-20 00:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-11 18:10 - 2017-06-20 00:30 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-11 18:10 - 2017-06-20 00:30 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-11 18:10 - 2017-06-20 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-11 18:10 - 2017-06-20 00:28 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-11 18:09 - 2017-07-07 03:27 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-11 18:09 - 2017-07-07 03:27 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-11 18:09 - 2017-07-07 03:22 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-11 18:09 - 2017-07-07 03:17 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-11 18:09 - 2017-07-07 03:13 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-11 18:09 - 2017-07-07 03:12 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-11 18:09 - 2017-07-07 03:08 - 001100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-11 18:09 - 2017-07-07 03:08 - 000992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-11 18:09 - 2017-07-07 03:08 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-11 18:09 - 2017-07-07 03:08 - 000506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-11 18:09 - 2017-07-07 02:27 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-11 18:09 - 2017-07-07 02:27 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-11 18:09 - 2017-07-07 02:27 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-11 18:09 - 2017-07-07 02:24 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-11 18:09 - 2017-07-07 02:23 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-11 18:09 - 2017-07-07 02:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-11 18:09 - 2017-07-07 02:21 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-11 18:09 - 2017-07-07 02:19 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-11 18:09 - 2017-07-07 02:18 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-11 18:09 - 2017-07-07 02:17 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-11 18:09 - 2017-07-07 02:17 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-11 18:09 - 2017-07-07 02:14 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-11 18:09 - 2017-07-07 02:12 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-11 18:09 - 2017-07-07 02:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-11 18:09 - 2017-07-07 02:07 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-11 18:09 - 2017-07-07 02:07 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-11 18:09 - 2017-07-07 02:05 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-11 18:09 - 2017-07-07 02:04 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-11 18:09 - 2017-07-07 02:04 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-11 18:09 - 2017-06-20 02:18 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-11 18:09 - 2017-06-20 02:17 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-11 18:09 - 2017-06-20 02:03 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-11 18:09 - 2017-06-20 02:02 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-11 18:09 - 2017-06-20 01:58 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-11 18:09 - 2017-06-20 01:16 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-11 18:09 - 2017-06-20 01:16 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-11 18:09 - 2017-06-20 01:14 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-11 18:09 - 2017-06-20 01:13 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-11 18:09 - 2017-06-20 01:13 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-11 18:09 - 2017-06-20 01:13 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-11 18:09 - 2017-06-20 01:12 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-11 18:09 - 2017-06-20 01:12 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-11 18:09 - 2017-06-20 01:10 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-11 18:09 - 2017-06-20 01:10 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-11 18:09 - 2017-06-20 01:09 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-11 18:09 - 2017-06-20 01:09 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-11 18:09 - 2017-06-20 01:09 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-11 18:09 - 2017-06-20 01:09 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-11 18:09 - 2017-06-20 01:08 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-11 18:09 - 2017-06-20 01:07 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-11 18:09 - 2017-06-20 01:07 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-11 18:09 - 2017-06-20 01:07 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-11 18:09 - 2017-06-20 01:06 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-11 18:09 - 2017-06-20 01:06 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-11 18:09 - 2017-06-20 01:06 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-11 18:09 - 2017-06-20 01:06 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-11 18:09 - 2017-06-20 01:05 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-11 18:09 - 2017-06-20 01:05 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-11 18:09 - 2017-06-20 01:05 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-11 18:09 - 2017-06-20 01:04 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-11 18:09 - 2017-06-20 01:02 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-11 18:09 - 2017-06-20 01:01 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-11 18:09 - 2017-06-20 01:01 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-11 18:09 - 2017-06-20 00:57 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-11 18:09 - 2017-06-20 00:57 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-11 18:09 - 2017-06-20 00:56 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-11 18:09 - 2017-06-20 00:56 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-10 02:08 - 2017-07-18 20:40 - 035844728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-07-10 02:08 - 2017-07-18 20:40 - 012451424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-07-10 02:08 - 2017-07-18 20:40 - 000689992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-07-10 02:08 - 2017-06-27 18:39 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438476.dll
2017-07-10 02:08 - 2017-06-27 18:39 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438476.dll
2017-07-10 02:08 - 2017-06-27 18:39 - 000045976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-07-10 02:08 - 2017-06-27 18:39 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-07-10 02:08 - 2017-06-27 18:39 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-07-10 02:05 - 2017-07-26 13:09 - 000146368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-07-09 12:31 - 2017-08-01 00:56 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-09 12:31 - 2017-07-09 12:31 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-07-08 20:44 - 2017-07-08 20:53 - 000000239 _____ C:\Users\Alexander\Documents\ClownfishVoiceChanger.ini
2017-07-08 20:44 - 2017-07-08 20:48 - 000000000 ____D C:\Users\Alexander\Documents\ClownfishSoundTemp
2017-07-08 20:44 - 2017-07-08 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClownfishVoiceChanger
2017-07-08 20:43 - 2017-07-08 20:43 - 000562888 _____ (Shark Labs) C:\Users\Alexander\Downloads\VoiceChanger64(0.66).exe
2017-07-06 19:48 - 2017-07-06 19:48 - 000000000 ____D C:\Users\Alexander\Documents\Vuze

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-03 06:59 - 2015-01-24 02:10 - 000000000 ____D C:\Users\Alexander\AppData\Local\CrashDumps
2017-08-03 06:55 - 2015-01-21 22:50 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Spotify
2017-08-03 06:44 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-03 04:12 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-03 04:07 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-03 04:07 - 2015-01-21 22:07 - 000000000 ____D C:\Users\Alexander\AppData\Local\Packages
2017-08-03 02:05 - 2017-05-22 11:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-03 00:58 - 2017-05-22 11:35 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-03 00:00 - 2015-01-23 22:38 - 000000000 ____D C:\ProgramData\Reprise
2017-08-02 22:54 - 2015-10-28 23:04 - 000000000 ____D C:\Users\Alexander\Downloads\Telegram Desktop
2017-08-02 22:39 - 2016-11-27 11:27 - 000000000 ____D C:\Users\Alexander\AppData\LocalLow\Mozilla
2017-08-02 22:38 - 2016-06-09 18:25 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-02 22:00 - 2017-03-12 23:02 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\WhatsApp
2017-08-02 22:00 - 2017-01-20 01:45 - 000000000 ____D C:\Users\Alexander\AppData\Local\Everything
2017-08-02 22:00 - 2016-10-14 21:10 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Everything
2017-08-02 22:00 - 2016-06-01 20:43 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\KeePass
2017-08-02 22:00 - 2015-01-22 15:34 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Telegram Desktop
2017-08-02 22:00 - 2015-01-21 22:51 - 000000000 ____D C:\Users\Alexander\AppData\Local\Spotify
2017-08-02 21:54 - 2015-01-21 22:38 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Azureus
2017-08-02 20:00 - 2015-03-29 21:25 - 000000000 ____D C:\Users\Alexander\Desktop\DISORGANISE
2017-08-02 17:40 - 2015-01-21 23:16 - 000007661 _____ C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
2017-08-02 16:49 - 2017-05-22 11:59 - 000005204 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ALEXT-Alexander AlexT
2017-08-01 22:09 - 2017-06-10 14:44 - 000000000 ____D C:\Users\Alexander\Downloads\_Jdownloader
2017-08-01 22:09 - 2015-03-29 18:37 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Audacity
2017-08-01 01:00 - 2017-05-22 11:35 - 001156862 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-01 00:59 - 2015-07-06 04:27 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\vlc
2017-08-01 00:56 - 2017-05-22 11:36 - 000000000 ____D C:\Users\Alexander
2017-08-01 00:54 - 2017-05-22 11:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-31 23:44 - 2016-12-16 16:23 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Forza2.13SP2
2017-07-30 09:05 - 2017-05-02 05:29 - 000000000 ____D C:\Users\Alexander\Documents\temp
2017-07-30 06:27 - 2017-03-18 07:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-07-30 06:25 - 2016-06-16 18:35 - 000000000 ____D C:\AdwCleaner
2017-07-30 05:49 - 2016-12-28 19:41 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-07-30 04:44 - 2015-01-21 23:16 - 000000000 ____D C:\Users\Alexander\AppData\Local\Cuevana
2017-07-29 07:14 - 2016-05-17 18:25 - 000000000 ____D C:\WINDOWS\pss
2017-07-29 07:11 - 2015-01-21 22:07 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Adobe
2017-07-28 18:24 - 2017-05-22 12:07 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-28 18:24 - 2017-05-22 11:35 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-28 18:24 - 2017-05-22 11:35 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-28 05:30 - 2015-01-21 23:20 - 000000132 _____ C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CC Prefs
2017-07-28 02:09 - 2017-06-21 20:33 - 000000000 ____D C:\Users\Alexander\Downloads\_Vuze
2017-07-27 11:21 - 2016-06-08 17:30 - 000002379 _____ C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-27 11:21 - 2015-08-22 04:17 - 000000000 __RDO C:\Users\Alexander\OneDrive
2017-07-27 03:43 - 2015-07-15 01:18 - 000000000 ____D C:\Users\Alexander\AppData\Local\My Family Tree
2017-07-27 01:06 - 2017-01-01 14:53 - 000000000 ____D C:\Program Files\Adobe
2017-07-27 01:06 - 2015-01-23 21:48 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-07-27 01:06 - 2015-01-21 23:16 - 000000000 ____D C:\Users\Alexander\AppData\Local\Adobe
2017-07-27 01:06 - 2015-01-21 22:51 - 000000000 ____D C:\ProgramData\Adobe
2017-07-27 01:05 - 2015-05-06 19:32 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-07-26 17:36 - 2015-01-21 22:38 - 000000000 ____D C:\Users\Alexander\Documents\Vuze Downloads
2017-07-26 13:09 - 2017-05-22 12:07 - 000179136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-07-26 13:09 - 2017-03-12 17:30 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-07-26 13:09 - 2017-02-01 06:04 - 000048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-07-26 13:09 - 2016-09-28 22:04 - 001922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-07-26 13:09 - 2016-09-28 22:04 - 001755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-07-26 13:09 - 2016-09-28 22:04 - 001505728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-07-26 13:09 - 2016-09-28 22:04 - 001317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-07-26 13:09 - 2016-09-28 22:04 - 000121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-07-26 09:40 - 2016-12-22 11:55 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-07-26 09:36 - 2017-05-22 11:35 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-07-26 05:34 - 2015-01-21 23:27 - 000000000 ____D C:\Users\Alexander\Documents\maya
2017-07-26 02:37 - 2015-07-21 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group
2017-07-26 02:33 - 2015-07-21 18:19 - 000000000 ____D C:\Program Files\Common Files\ChaosGroup
2017-07-25 03:49 - 2016-09-01 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-24 16:32 - 2015-01-21 22:40 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Skype
2017-07-24 14:27 - 2015-01-21 22:22 - 000000000 ____D C:\ProgramData\Oracle
2017-07-24 11:07 - 2015-01-21 22:23 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-07-24 11:07 - 2015-01-21 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-07-24 11:07 - 2015-01-21 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-24 11:07 - 2015-01-21 22:21 - 000000000 ____D C:\Program Files\Java
2017-07-22 06:17 - 2017-04-21 13:47 - 000000000 ____D C:\Users\Alexander\AppData\Local\AXNworks
2017-07-20 00:17 - 2015-01-24 01:12 - 000000000 ____D C:\ProgramData\Unity
2017-07-20 00:05 - 2016-09-05 00:03 - 000000000 ____D C:\Users\Alexander\AppData\LocalLow\DefaultCompany
2017-07-19 19:55 - 2017-03-12 23:02 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-07-19 19:55 - 2017-03-12 23:02 - 000000000 ____D C:\Users\Alexander\AppData\Local\WhatsApp
2017-07-19 19:55 - 2016-05-23 18:26 - 000000000 ____D C:\Users\Alexander\AppData\Local\SquirrelTemp
2017-07-18 20:40 - 2017-03-12 17:34 - 004210032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-07-18 20:40 - 2017-03-12 17:34 - 003711328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-07-18 20:40 - 2017-03-12 17:34 - 000046463 _____ C:\WINDOWS\system32\nvinfo.pb
2017-07-18 19:24 - 2017-05-22 11:35 - 006463608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-07-18 19:24 - 2017-05-22 11:35 - 002479040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-07-18 19:24 - 2017-05-22 11:35 - 001762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-07-18 19:24 - 2017-05-22 11:35 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-07-18 19:24 - 2017-05-22 11:35 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-07-18 19:24 - 2017-05-22 11:35 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-07-18 19:24 - 2017-05-22 11:35 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-07-18 01:30 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-16 18:30 - 2015-12-09 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-07-15 17:45 - 2017-06-02 17:12 - 000000000 ____D C:\Users\Alexander\Documents\_trabajos
2017-07-12 21:37 - 2017-05-22 11:35 - 008095171 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-07-12 20:24 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-07-12 17:50 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 02:19 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-12 02:19 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-07-11 23:11 - 2015-05-06 19:32 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 19:28 - 2016-04-27 02:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-11 19:06 - 2017-05-22 11:35 - 005800160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-11 18:14 - 2016-01-11 19:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-11 18:11 - 2016-01-11 19:23 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-09 12:59 - 2016-12-22 08:30 - 000000000 __SHD C:\Users\Alexander\IntelGraphicsProfiles
2017-07-09 12:31 - 2016-12-22 08:30 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-07-08 22:35 - 2015-01-21 23:23 - 000000000 ____D C:\Users\Alexander\Documents\Camtasia Studio
2017-07-08 20:50 - 2016-11-11 21:32 - 000000000 ____D C:\Users\Alexander\Documents\Sound recordings

==================== Files in the root of some directories =======

2017-08-03 01:52 - 2017-08-03 01:52 - 000232464 _____ () C:\Users\Alexander\AppData\Roaming\7D8013BFBD65F2C5A83C083E1FF74684
2017-08-03 01:52 - 2017-08-03 01:52 - 000047120 _____ () C:\Users\Alexander\AppData\Roaming\A1EFF9703FF3D938AE9A5E46A43ED01E
2016-07-21 19:17 - 2016-07-21 19:17 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe BMP Format CC Prefs
2015-03-24 02:10 - 2017-06-06 19:17 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe OpenEXR Format CC Prefs
2015-01-21 23:20 - 2017-07-28 05:30 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CC Prefs
2015-01-21 23:20 - 2014-05-01 22:30 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-21 23:20 - 2017-02-25 02:40 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe Targa Format CC Prefs
2017-08-03 01:52 - 2017-08-03 01:52 - 000936976 _____ () C:\Users\Alexander\AppData\Roaming\E8504203DF6106C4F24EBACFAB3E97BA
2017-08-03 01:52 - 2017-08-03 01:52 - 000253456 _____ () C:\Users\Alexander\AppData\Roaming\EC4A4388C459C7436E867ABD6F1A5CE2
2015-07-24 20:10 - 2015-07-24 20:10 - 000000867 _____ () C:\Users\Alexander\AppData\Roaming\MPQEditor.ini
2017-08-03 01:48 - 2017-08-03 01:46 - 001667072 _____ () C:\Users\Alexander\AppData\Roaming\pxese.exe
2015-05-06 19:52 - 2015-05-06 19:52 - 182564492 _____ () C:\Users\Alexander\AppData\Local\ACCCx3_0_0_74.zip.aamdownload
2015-05-06 19:52 - 2015-05-06 19:52 - 000002194 _____ () C:\Users\Alexander\AppData\Local\ACCCx3_0_0_74.zip.aamdownload.aamd
2015-03-21 19:28 - 2017-07-02 00:12 - 000001456 _____ () C:\Users\Alexander\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-21 04:08 - 2017-05-24 04:46 - 000004608 _____ () C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-22 01:19 - 2017-07-22 01:19 - 000000290 _____ () C:\Users\Alexander\AppData\Local\EphereLicensingLog.txt
2017-07-22 01:07 - 2017-07-28 05:55 - 000000009 _____ () C:\Users\Alexander\AppData\Local\OrnatrixMayaLicenseServerIP.txt
2017-07-21 20:47 - 2017-07-28 03:01 - 000000074 _____ () C:\Users\Alexander\AppData\Local\OrnatrixMayaSetupFilepath.txt
2015-01-21 23:16 - 2017-08-02 17:40 - 000007661 _____ () C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
2016-06-06 04:52 - 2017-06-06 16:13 - 000000043 _____ () C:\Users\Alexander\AppData\Local\Tempsleep.vbs
2016-08-01 18:34 - 2016-08-01 18:34 - 000000186 _____ () C:\Users\Alexander\AppData\Local\uts.ini
2015-04-27 19:16 - 2016-05-27 19:59 - 000000010 _____ () C:\ProgramData\6071IG75_9XH8_4821_HZ79_F875236454F5.data
2017-05-22 11:35 - 2017-05-22 11:35 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-22 00:31 - 2015-01-22 00:31 - 000000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-22 00:31 - 2016-06-08 18:25 - 000000182 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-12-22 11:55 - 2017-02-01 06:04 - 000005943 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-22 11:55 - 2017-01-20 04:08 - 000003355 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2016-02-26 23:42 - 2016-02-26 23:42 - 000001534 _____ () C:\ProgramData\ss.ini

Files to move or delete:
====================
C:\Users\Alexander\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat


Some files in TEMP:
====================
2017-08-02 21:54 - 2017-08-02 21:54 - 000000000 _____ () C:\Users\Alexander\AppData\Local\Temp\i4jd4614159999201154130.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-29 16:59

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:14 AM

Posted 03 August 2017 - 06:45 PM

Welcome. :)

  • Highlight the entire content of the quote box below.

Start::  
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Alexander\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [No File]
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: @talk.google.com/O1DPlugin -> C:\Users\Alexander\AppData\Roaming\Mozilla\plugins\npo1d.dll [No File]
2016-06-06 04:52 - 2017-06-06 16:13 - 000000043 _____ () C:\Users\Alexander\AppData\Local\Tempsleep.vbs
2017-08-02 21:54 - 2017-08-02 21:54 - 000000000 _____ () C:\Users\Alexander\AppData\Local\Temp\i4jd4614159999201154130.exe
2017-08-03 01:52 - 2017-08-03 01:52 - 000232464 _____ () C:\Users\Alexander\AppData\Roaming\7D8013BFBD65F2C5A83C083E1FF74684
2017-08-03 01:52 - 2017-08-03 01:52 - 000047120 _____ () C:\Users\Alexander\AppData\Roaming\A1EFF9703FF3D938AE9A5E46A43ED01E
2016-07-21 19:17 - 2016-07-21 19:17 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe BMP Format CC Prefs
2015-03-24 02:10 - 2017-06-06 19:17 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe OpenEXR Format CC Prefs
2015-01-21 23:20 - 2017-07-28 05:30 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CC Prefs
2015-01-21 23:20 - 2014-05-01 22:30 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-21 23:20 - 2017-02-25 02:40 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe Targa Format CC Prefs
2017-08-03 01:52 - 2017-08-03 01:52 - 000936976 _____ () C:\Users\Alexander\AppData\Roaming\E8504203DF6106C4F24EBACFAB3E97BA
2017-08-03 01:52 - 2017-08-03 01:52 - 000253456 _____ () C:\Users\Alexander\AppData\Roaming\EC4A4388C459C7436E867ABD6F1A5CE2
2015-07-24 20:10 - 2015-07-24 20:10 - 000000867 _____ () C:\Users\Alexander\AppData\Roaming\MPQEditor.ini
2017-08-03 01:48 - 2017-08-03 01:46 - 001667072 _____ () C:\Users\Alexander\AppData\Roaming\pxese.exe
2015-05-06 19:52 - 2015-05-06 19:52 - 182564492 _____ () C:\Users\Alexander\AppData\Local\ACCCx3_0_0_74.zip.aamdownload
2015-05-06 19:52 - 2015-05-06 19:52 - 000002194 _____ () C:\Users\Alexander\AppData\Local\ACCCx3_0_0_74.zip.aamdownload.aamd
2015-03-21 19:28 - 2017-07-02 00:12 - 000001456 _____ () C:\Users\Alexander\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-21 04:08 - 2017-05-24 04:46 - 000004608 _____ () C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-22 01:19 - 2017-07-22 01:19 - 000000290 _____ () C:\Users\Alexander\AppData\Local\EphereLicensingLog.txt
2017-07-22 01:07 - 2017-07-28 05:55 - 000000009 _____ () C:\Users\Alexander\AppData\Local\OrnatrixMayaLicenseServerIP.txt
2017-07-21 20:47 - 2017-07-28 03:01 - 000000074 _____ () C:\Users\Alexander\AppData\Local\OrnatrixMayaSetupFilepath.txt
2015-01-21 23:16 - 2017-08-02 17:40 - 000007661 _____ () C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
2016-06-06 04:52 - 2017-06-06 16:13 - 000000043 _____ () C:\Users\Alexander\AppData\Local\Tempsleep.vbs
2016-08-01 18:34 - 2016-08-01 18:34 - 000000186 _____ () C:\Users\Alexander\AppData\Local\uts.ini
2015-04-27 19:16 - 2016-05-27 19:59 - 000000010 _____ () C:\ProgramData\6071IG75_9XH8_4821_HZ79_F875236454F5.data
2017-05-22 11:35 - 2017-05-22 11:35 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-22 00:31 - 2015-01-22 00:31 - 000000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-22 00:31 - 2016-06-08 18:25 - 000000182 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-12-22 11:55 - 2017-02-01 06:04 - 000005943 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-22 11:55 - 2017-01-20 04:08 - 000003355 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2016-02-26 23:42 - 2016-02-26 23:42 - 000001534 _____ () C:\ProgramData\ss.ini
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • XP users: Double click the AdwCleaner icon to start the program.
  • Vista/7/8/10 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

65MBhLLb.png


  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be moved to Quarantine.
  • When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

adwcleaner_delete_restart.jpg


  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 AlexTamayo

AlexTamayo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 04 August 2017 - 01:57 AM

Hello JSntgRvr

 

Thank you for replying!

 

There was a file named pxese.exe I had to manually delete and has been the main culprit this past few weeks, because every time it runs itself it multiply itself for what seems to be thousands of times and eats up my CPU. I hope this isn't a problem for this process of eliminating it once and for all.

 

Also, I couldn't run adwcleaner. I've used it before without a problem, but this time, however, it kept giving me this error:

 

 

*** Caught unhandled unknown exception; terminating.

 

I tried multiple times, but I received the same error every time. I even clicked ok and left the program going for over 40 mins, but the progress bar didn't go any further than when it gave me the error. It made the file you told me, but the process never actually finished as it has done before.

 

Here are the results of what you asked me for.

 

Fixlog.txt:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Alexander (04-08-2017 01:11:22) Run:1
Running from C:\Users\Alexander\Downloads\_WindowsAndOS\_virus\BleepingComputer
Loaded Profiles: Alexander (Available Profiles: Alexander)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Alexander\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [No File]
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: @talk.google.com/O1DPlugin -> C:\Users\Alexander\AppData\Roaming\Mozilla\plugins\npo1d.dll [No File]
2016-06-06 04:52 - 2017-06-06 16:13 - 000000043 _____ () C:\Users\Alexander\AppData\Local\Tempsleep.vbs
2017-08-02 21:54 - 2017-08-02 21:54 - 000000000 _____ () C:\Users\Alexander\AppData\Local\Temp\i4jd4614159999201154130.exe
2017-08-03 01:52 - 2017-08-03 01:52 - 000232464 _____ () C:\Users\Alexander\AppData\Roaming\7D8013BFBD65F2C5A83C083E1FF74684
2017-08-03 01:52 - 2017-08-03 01:52 - 000047120 _____ () C:\Users\Alexander\AppData\Roaming\A1EFF9703FF3D938AE9A5E46A43ED01E
2016-07-21 19:17 - 2016-07-21 19:17 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe BMP Format CC Prefs
2015-03-24 02:10 - 2017-06-06 19:17 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe OpenEXR Format CC Prefs
2015-01-21 23:20 - 2017-07-28 05:30 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CC Prefs
2015-01-21 23:20 - 2014-05-01 22:30 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-21 23:20 - 2017-02-25 02:40 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe Targa Format CC Prefs
2017-08-03 01:52 - 2017-08-03 01:52 - 000936976 _____ () C:\Users\Alexander\AppData\Roaming\E8504203DF6106C4F24EBACFAB3E97BA
2017-08-03 01:52 - 2017-08-03 01:52 - 000253456 _____ () C:\Users\Alexander\AppData\Roaming\EC4A4388C459C7436E867ABD6F1A5CE2
2015-07-24 20:10 - 2015-07-24 20:10 - 000000867 _____ () C:\Users\Alexander\AppData\Roaming\MPQEditor.ini
2017-08-03 01:48 - 2017-08-03 01:46 - 001667072 _____ () C:\Users\Alexander\AppData\Roaming\pxese.exe
2015-05-06 19:52 - 2015-05-06 19:52 - 182564492 _____ () C:\Users\Alexander\AppData\Local\ACCCx3_0_0_74.zip.aamdownload
2015-05-06 19:52 - 2015-05-06 19:52 - 000002194 _____ () C:\Users\Alexander\AppData\Local\ACCCx3_0_0_74.zip.aamdownload.aamd
2015-03-21 19:28 - 2017-07-02 00:12 - 000001456 _____ () C:\Users\Alexander\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-01-21 04:08 - 2017-05-24 04:46 - 000004608 _____ () C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-07-22 01:19 - 2017-07-22 01:19 - 000000290 _____ () C:\Users\Alexander\AppData\Local\EphereLicensingLog.txt
2017-07-22 01:07 - 2017-07-28 05:55 - 000000009 _____ () C:\Users\Alexander\AppData\Local\OrnatrixMayaLicenseServerIP.txt
2017-07-21 20:47 - 2017-07-28 03:01 - 000000074 _____ () C:\Users\Alexander\AppData\Local\OrnatrixMayaSetupFilepath.txt
2015-01-21 23:16 - 2017-08-02 17:40 - 000007661 _____ () C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
2016-06-06 04:52 - 2017-06-06 16:13 - 000000043 _____ () C:\Users\Alexander\AppData\Local\Tempsleep.vbs
2016-08-01 18:34 - 2016-08-01 18:34 - 000000186 _____ () C:\Users\Alexander\AppData\Local\uts.ini
2015-04-27 19:16 - 2016-05-27 19:59 - 000000010 _____ () C:\ProgramData\6071IG75_9XH8_4821_HZ79_F875236454F5.data
2017-05-22 11:35 - 2017-05-22 11:35 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-22 00:31 - 2015-01-22 00:31 - 000000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-01-22 00:31 - 2016-06-08 18:25 - 000000182 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2016-12-22 11:55 - 2017-02-01 06:04 - 000005943 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-22 11:55 - 2017-01-20 04:08 - 000003355 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2016-02-26 23:42 - 2016-02-26 23:42 - 000001534 _____ () C:\ProgramData\ss.ini
HOSTS:
Removeproxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP:
Reboot:

*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\system32\GroupPolicy\User => moved successfully
HKLM\Software\Classes\PROTOCOLS\Handler\WSWSVCUchrome => key removed successfully
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin => key removed successfully
C:\Users\Alexander\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll => not found.
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\Software\MozillaPlugins\@talk.google.com/O1DPlugin => key removed successfully
C:\Users\Alexander\AppData\Roaming\Mozilla\plugins\npo1d.dll => not found.
C:\Users\Alexander\AppData\Local\Tempsleep.vbs => moved successfully
C:\Users\Alexander\AppData\Local\Temp\i4jd4614159999201154130.exe => moved successfully
C:\Users\Alexander\AppData\Roaming\7D8013BFBD65F2C5A83C083E1FF74684 => moved successfully
C:\Users\Alexander\AppData\Roaming\A1EFF9703FF3D938AE9A5E46A43ED01E => moved successfully
C:\Users\Alexander\AppData\Roaming\Adobe BMP Format CC Prefs => moved successfully
C:\Users\Alexander\AppData\Roaming\Adobe OpenEXR Format CC Prefs => moved successfully
C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CC Prefs => moved successfully
C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CS5 Prefs => moved successfully
C:\Users\Alexander\AppData\Roaming\Adobe Targa Format CC Prefs => moved successfully
C:\Users\Alexander\AppData\Roaming\E8504203DF6106C4F24EBACFAB3E97BA => moved successfully
C:\Users\Alexander\AppData\Roaming\EC4A4388C459C7436E867ABD6F1A5CE2 => moved successfully
C:\Users\Alexander\AppData\Roaming\MPQEditor.ini => moved successfully
"C:\Users\Alexander\AppData\Roaming\pxese.exe" => not found.
C:\Users\Alexander\AppData\Local\ACCCx3_0_0_74.zip.aamdownload => moved successfully
C:\Users\Alexander\AppData\Local\ACCCx3_0_0_74.zip.aamdownload.aamd => moved successfully
C:\Users\Alexander\AppData\Local\Adobe Save for Web 13.0 Prefs => moved successfully
C:\Users\Alexander\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
C:\Users\Alexander\AppData\Local\EphereLicensingLog.txt => moved successfully
C:\Users\Alexander\AppData\Local\OrnatrixMayaLicenseServerIP.txt => moved successfully
C:\Users\Alexander\AppData\Local\OrnatrixMayaSetupFilepath.txt => moved successfully
C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg => moved successfully
"C:\Users\Alexander\AppData\Local\Tempsleep.vbs" => not found.
C:\Users\Alexander\AppData\Local\uts.ini => moved successfully
C:\ProgramData\6071IG75_9XH8_4821_HZ79_F875236454F5.data => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc => moved successfully
C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc => moved successfully
C:\ProgramData\NvTelemetryContainer.log => moved successfully
C:\ProgramData\NvTelemetryContainer.log_backup1 => moved successfully
C:\ProgramData\ss.ini => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= netsh advfirewall reset =========

Ok.


========= End of CMD: =========


========= netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


========= netsh int ip reset C:\resettcpip.txt =========

Resetting Compartment Forwarding, OK!
Resetting Compartment, OK!
Resetting Control Protocol, OK!
Resetting Echo Sequence Request, OK!
Resetting Global, OK!
Resetting Interface, OK!
Resetting Anycast Address, OK!
Resetting Multicast Address, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Potential, OK!
Resetting Prefix Policy, OK!
Resetting Proxy Neighbor, OK!
Resetting Route, OK!
Resetting Site Prefix, OK!
Resetting Subinterface, OK!
Resetting Wakeup Pattern, OK!
Resetting Resolve Neighbor, OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========

Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.
Failed to clear log Microsoft-RMS-MSIPC/Debug. The instance name passed was not recognized as valid by a WMI data provider.
Failed to clear log Microsoft-Windows-LiveId/Analytic. Access is denied.
Failed to clear log Microsoft-Windows-LiveId/Operational. Access is denied.

========= End of CMD: =========


========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {51E07959-9502-403F-BE3D-F5049110E042}.
{E09D9AC0-06DD-413B-A826-90D80923E793} canceled.
1 out of 2 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7888896 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 149393587 B
Java, Flash, Steam htmlcache => 211328860 B
Windows/system/drivers => 5460581 B
Edge => 371258957 B
Chrome => 590844017 B
Firefox => 762341465 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 13595 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 560 B
LocalService => 13122 B
NetworkService => 0 B
Alexander => 220446497 B

RecycleBin => 3377381 B
EmptyTemp: => 2.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 01:11:56 ====

JRT.txt:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Pro x64
Ran by Alexander (Administrator) on 04/08/2017 at  1:26:46.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/08/2017 at  1:28:27.87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

AdwCleaner[S5].txt:

 

 

# AdwCleaner 7.0.1.0 - Logfile created on Fri Aug 04 06:31:16 2017
# Updated on 2017/05/08 by Malwarebytes
# Database: 08-03-2017.1
# Running on Windows 10 Pro (X64)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Adware.Heuristic, C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
PUP.Adware.Heuristic, C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7


***** [ Files ] *****

PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\appdata\local\installationconfiguration.xml


***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[C1].txt - [4094 B] - [2016/6/16 22:44:46]
C:/AdwCleaner/AdwCleaner[C2].txt - [3649 B] - [2016/12/23 22:2:56]
C:/AdwCleaner/AdwCleaner[C3].txt - [3484 B] - [2017/5/7 23:13:37]
C:/AdwCleaner/AdwCleaner[S1].txt - [356 B] - [2016/6/16 22:36:28]
C:/AdwCleaner/AdwCleaner[S2].txt - [4764 B] - [2016/6/16 22:40:17]
C:/AdwCleaner/AdwCleaner[S3].txt - [4023 B] - [2016/12/23 22:0:38]
C:/AdwCleaner/AdwCleaner[S4].txt - [2520 B] - [2017/5/7 23:8:23]
C:/AdwCleaner/AdwCleaner[S5].txt - [1688 B] - [2017/5/7 23:44:52]


########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt ##########


Edited by AlexTamayo, 04 August 2017 - 01:58 AM.


#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:14 AM

Posted 04 August 2017 - 10:04 AM

  • Highlight the entire content of the quote box below.

Quote

Start::
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [psexe] => C:\Users\Alexander\AppData\Roaming\pxese.exe [1667072 2017-08-03] ()
HKU\S-1-5-18\...\Run: [psexe] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\pxese.exe
HKU\S-1-5-18\...\RunOnce: [AxGfMIQkjR] => C:\WINDOWS\system32\config\SYSTEM~1\AppData\Local\DSHCAJ~1\winsvc.exe
C:\WINDOWS\system32\config\SYSTEM~1\AppData\Local\DSHCAJ~1\winsvc.exe
C:\Users\Alexander\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat
2017-08-02 21:54 - 2017-08-02 21:54 - 000000000 _____ () C:\Users\Alexander\AppData\Local\Temp\i4jd4614159999201154130.exe
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

Re-Scan with AwCleaner and click on the Clean button to remove what was found during the scan.

 

How is the computer doing?


Edited by JSntgRvr, 04 August 2017 - 10:20 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 AlexTamayo

AlexTamayo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 04 August 2017 - 07:38 PM

Hey there JSntgRvr,

 

I tried AwCleaner once again and it gave me the same error message I mentioned before.

 

Thus far it looks fine, but I'd like to leave this post open for a few days to see if they come back. After I have deleted these files, they usually take a few days to come back.

 

Fixlog.txt:

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 31-07-2017
Ran by Alexander (04-08-2017 19:47:56) Run:2
Running from C:\Users\Alexander\Downloads\_WindowsAndOS\_virus\BleepingComputer
Loaded Profiles: Alexander (Available Profiles: Alexander)
Boot Mode: Normal
==============================================

fixlist content:
*****************

HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [psexe] => C:\Users\Alexander\AppData\Roaming\pxese.exe [1667072 2017-08-03] ()
HKU\S-1-5-18\...\Run: [psexe] => "C:\WINDOWS\system32\config\systemprofile\AppData\Roaming\pxese.exe
HKU\S-1-5-18\...\RunOnce: [AxGfMIQkjR] => C:\WINDOWS\system32\config\SYSTEM~1\AppData\Local\DSHCAJ~1\winsvc.exe
C:\WINDOWS\system32\config\SYSTEM~1\AppData\Local\DSHCAJ~1\winsvc.exe
C:\Users\Alexander\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat
2017-08-02 21:54 - 2017-08-02 21:54 - 000000000 _____ () C:\Users\Alexander\AppData\Local\Temp\i4jd4614159999201154130.exe

*****************

HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\Software\Microsoft\Windows\CurrentVersion\Run\\psexe => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\psexe => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AxGfMIQkjR => value not found.
"C:\WINDOWS\system32\config\SYSTEM~1\AppData\Local\DSHCAJ~1\winsvc.exe" => not found.
C:\Users\Alexander\{58C482E3-0C46-43EC-8EE5-C7230FFBC3D6}.dat => moved successfully
"C:\Users\Alexander\AppData\Local\Temp\i4jd4614159999201154130.exe" => not found.

==== End of Fixlog 19:47:56 ====



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:14 AM

Posted 04 August 2017 - 07:42 PM

Very well. You let me know.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 AlexTamayo

AlexTamayo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 06 August 2017 - 10:26 PM

Hey JSntgRvr,

 

So, they're back again...



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:14 AM

Posted 07 August 2017 - 12:00 AM

Re scan with FRST and post a new set of logs.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 AlexTamayo

AlexTamayo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 07 August 2017 - 06:55 PM

First of all, I want to thank you for your help, time and patience. Thank you so much! O muchísimas gracias, como prefieras. :D

 

Some of the files FRST quarantined previously were preferences and settings for some of the softwares I use for work. I took them out and put them back, I know for a fact that those files are good and trustworthy. Here's a list of the files that usually pop up in my Temp folders and I've got no idea where they're coming from, but it's always the same ones:

 

 

c0gbs4.exe
pxese.exe (Haven't re-appeared since we deleted it last time yet)
kd4lr.exe
bh4sd.exe
jnv52.exe



 

 

 

FRST.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06-08-2017
Ran by Alexander (administrator) on ALEXT (07-08-2017 19:41:19)
Running from C:\Users\Alexander\Downloads\_WindowsAndOS\_virus\BleepingComputer
Loaded Profiles: Alexander (Available Profiles: Alexander)
Platform: Windows 10 Pro Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Windows\System32\nvwmi64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(N/A) C:\Users\Alexander\AppData\Local\Ephere\Ephere.Licensing.LicenseServer.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
() E:\Program Files\Everything\Everything.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe
(Electronic Arts) E:\Program Files (x86)\Origin\OriginWebHelperService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Reprise Software Inc.) C:\Program Files (x86)\The Foundry\LicensingTools7.0\bin\RLM\rlm.foundry.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() E:\Program Files\Everything\Everything.exe
(Eberhard Werle) E:\Program Files (x86)\Calibrize\CalibrizeResume.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
() E:\Program Files\Everything\Everything.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATII4E.EXE
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe
(Adobe Systems Inc.) E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Samsung Electronics Co. Ltd.) E:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Finkit d.o.o.) E:\Program Files (x86)\ManicTime\ManicTime.exe
(Dominik Reichl) E:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Finkit d.o.o.) E:\Program Files (x86)\ManicTime\ManicTimeClient.exe
(Azureus Software, Inc) E:\Program Files\Vuze\Azureus.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(WhatsApp) C:\Users\Alexander\AppData\Local\WhatsApp\app-0.2.4240\WhatsApp.exe
(WhatsApp) C:\Users\Alexander\AppData\Local\WhatsApp\app-0.2.4240\WhatsApp.exe
(WhatsApp) C:\Users\Alexander\AppData\Local\WhatsApp\app-0.2.4240\WhatsApp.exe
(WhatsApp) C:\Users\Alexander\AppData\Local\WhatsApp\app-0.2.4240\WhatsApp.exe
(Telegram Messenger LLP) C:\Users\Alexander\AppData\Roaming\Telegram Desktop\Telegram.exe
(Spotify Ltd) C:\Users\Alexander\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Alexander\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Alexander\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Alexander\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\Alexander\AppData\Roaming\Spotify\Spotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (MicrosoftCorporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9037832 2016-10-21] (RealtekSemiconductor)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (IntelCorporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (AdobeSystemsIncorporated)
HKLM\...\Run: [Everything] => E:\Program Files\Everything\Everything.exe [2197608 2017-06-06] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-07-14] (AppleInc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX,LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKOEPSONCORPORATION)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3486520 2017-08-03] (Dropbox,Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => E:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [3191728 2017-06-09] (DominikReichl)
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [721856 2016-07-01] (Autodesk,Inc.)
HKLM-x32\...\Run: [EaseUS Cleanup] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\CleanUpUI.exe [1242816 2016-08-26] (CHENGDUYiwoTechDevelopmentCo.,Ltd.)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 11.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-05-16] (AdobeSystemsIncorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3499640 2017-03-28] (AdobeSystemsInc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (OracleCorporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (AdobeSystemsIncorporated)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [Google Update] => C:\Users\Alexander\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-27] (GoogleInc.)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [ManicTime] => E:\Program Files (x86)\ManicTime\ManicTime.exe [249688 2012-10-24] (Finkitd.o.o.)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [CGFLoader] => E:\Program Files (x86)\Calibrize\CalibrizeLoader.exe [1961984 2007-11-26] (Colorjinn)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [CalibrizeResume] => E:\Program Files (x86)\Calibrize\CalibrizeResume.exe [413696 2007-11-26] (EberhardWerle)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1193352 2014-01-23] (Autodesk,Inc.)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [Xvid] => E:\Program Files (x86)\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [gflauncher] => E:\Program Files (x86)\Crytek\GFACE Launcher\live\gflauncher.exe [46350968 2016-06-30] ()
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [f.lux] => C:\Users\Alexander\AppData\Local\FluxSoftware\Flux\flux.exe [1024240 2016-12-05] (FluxSoftwareLLC)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE [283232 2012-02-28] (SEIKOEPSONCORPORATION)
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\...\Run: [Spotify Web Helper] => C:\Users\Alexander\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-03] (SpotifyLtd)
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017-05-07]
ShortcutTarget: MEGAsync.lnk -> C:\Users\Alexander\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NowInStock.lnk [2017-05-07]
ShortcutTarget: NowInStock.lnk -> C:\Program Files (x86)\NowInStock.net Desktop Alerts\NowInStock.net Desktop Alerts.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2017-05-07]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE OC_GURU.lnk [2017-05-31]
ShortcutTarget: GIGABYTE OC_GURU.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2017-05-07]
ShortcutTarget: GoPro Importer.lnk -> E:\Program Files (x86)\GoPro\GoPro Studio\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HandyAndy.lnk [2017-05-09]
ShortcutTarget: HandyAndy.lnk -> C:\Program Files\Andy\HandyAndy.exe (Andy OS, inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk [2017-05-07]
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{1c23da45-1c74-4b66-a26f-8a7738abd0f2}: [DhcpNameServer] 10.0.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131207650183142959&GUID=4CF3C11E-FC73-4517-A04D-EAC4D00A9A4C
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/es-xl/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1277071745-3778731969-3839681893-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Free Download Manager -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> E:\Program Files\FreeDownloadManager.ORG\Free Download Manager\iebho.dll [2016-07-22] ()
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (MicrosoftCorporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_141\bin\ssv.dll [2017-07-24] (OracleCorporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (AdobeSystemsIncorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (MicrosoftCorporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> E:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (MicrosoftCorporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-24] (OracleCorporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (AdobeSystemsIncorporated)
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKOEPSONCORPORATION)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (MicrosoftCorporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (AdobeSystemsIncorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (MicrosoftCorporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (MicrosoftCorporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (AdobeSystemsIncorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-04-23] (AdobeSystemsIncorporated)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKOEPSONCORPORATION)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-04-23] (AdobeSystemsIncorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (MicrosoftCorporation)

FireFox:
========
FF DefaultProfile: 1eba5x4q.default
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default [2017-08-07]
FF Session Restore: Mozilla\Firefox\Profiles\1eba5x4q.default -> is enabled.
FF Extension: (Free Download Manager extension) - C:\Users\Alexander\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\fdm_ffext@freedownloadmanager.org [2016-08-16]
FF Extension: (DownThemAll! AntiContainer) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\anticontainer@downthemall.net.xpi [2017-05-10]
FF Extension: (Autofill Forms) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\autofillForms@blueimp.net.xpi [2017-05-10]
FF Extension: (Spanish (Venezuela) spell check dictionary) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\es-ve@dictionaries.addons.mozilla.org [2017-05-19]
FF Extension: (Ghostery) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\firefox@ghostery.com.xpi [2017-08-03]
FF Extension: (MEGA) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\firefox@mega.co.nz.xpi [2017-07-27]
FF Extension: (KeeFox) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\keefox@chris.tomlinson [2017-06-11]
FF Extension: (English (GB) Language Pack) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\langpack-en-GB@firefox.mozilla.org.xpi [2017-06-23]
FF Extension: (Español (México) Language Pack) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\langpack-es-MX@firefox.mozilla.org.xpi [2017-06-23]
FF Extension: (Português (Portugal) Language Pack) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\langpack-pt-PT@firefox.mozilla.org.xpi [2017-06-23]
FF Extension: (British English Dictionary (Marco Pinto)) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\marcoagpinto@mail.telepac.pt [2017-07-25]
FF Extension: (Brazilian Portuguese (Current Spelling)) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\pt-BR@dictionaries.addons.mozilla.org [2017-05-19]
FF Extension: (Task Manager) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\task-manager@TheLaGmAn.xpi [2017-06-25]
FF Extension: (YouTube Audio Sync Tool) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\{723de83c-d1e2-4e7a-8db8-03d8871cf2b0}.xpi [2017-06-25]
FF Extension: (Flash and Video Download) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2017-05-10]
FF Extension: (Block site) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2017-05-10]
FF Extension: (DownThemAll!) - C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\1eba5x4q.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2017-05-10]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-05-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2017-05-29]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-24] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\Program Files\Microsoft Office\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> E:\Program Files\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-10] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=5.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2016-03-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-07-18] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> E:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Acrobat -> E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2017-03-28] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Alexander\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Alexander\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-27] (Google Inc.)
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alexander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1277071745-3778731969-3839681893-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
StartMenuInternet: FIREFOX.EXE - E:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR DefaultSearchKeyword: Default -> google.com_
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default [2017-08-07]
CHR Extension: (Google Slides) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-16]
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2017-03-03]
CHR Extension: (Google Docs) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-16]
CHR Extension: (Google Drive) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-16]
CHR Extension: (YouTube) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-16]
CHR Extension: (Session Buddy) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-07-04]
CHR Extension: (Adobe Acrobat) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-03]
CHR Extension: (Block site) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiimnmioipafcokbfikbljfdeojpcgbh [2016-06-16]
CHR Extension: (Google Sheets) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-16]
CHR Extension: (Google Docs Offline) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-01-26]
CHR Extension: (Ghostery) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2017-08-01]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-07-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-16]
CHR Extension: (Chrome Media Router) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKU\S-1-5-21-1277071745-3778731969-3839681893-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - E:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2017-03-28]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (AdobeSystemsIncorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (AdobeSystems,Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (AppleInc.)
S3 BRSptStub; C:\ProgramData\BitRaider\BRSptStub.exe [363208 2016-09-11] (BitRaider,LLC)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-09] (Dropbox,Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-06-09] (Dropbox,Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-08-03] (Dropbox,Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2017-03-11] (EasyAntiCheatLtd)
R2 Ephere License Server; C:\Users\Alexander\AppData\Local\Ephere\Ephere.Licensing.LicenseServer.exe [43008 2017-07-22] (N/A) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (SeikoEpsonCorporation)
R2 Everything; E:\Program Files\Everything\Everything.exe [2197608 2017-06-06] ()
S2 Foundry FLEXlm Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\FLEXlm\lmgrd.foundry.exe [1392016 2012-10-30] (AcressoSoftwareInc.)
R2 Foundry License Server; C:\Program Files (x86)\The Foundry\\LicensingTools7.0\bin\RLM\rlm.foundry.exe [1474560 2013-12-23] (RepriseSoftwareInc.) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (MicrosoftCorporation) [File not signed]
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-08-11] (Futuremark)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (IntelCorporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (MacrovisionCorporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (IntelCorporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel®Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2016-03-02] (IntelCorporation) [File not signed]
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (MicrosoftCorporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [8704 2016-03-02] (IntelCorporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [209184 2016-03-16] (IntelCorporation)
S3 mi-raysat_3dsmax2017_64; E:\Program Files\Autodesk\3ds Max 2017\raysat_3dsmax2017_64server.exe [86016 2011-09-15] () [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIACorporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [512960 2017-07-26] (NVIDIACorporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-07-18] (NVIDIACorporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-07-26] (NVIDIACorporation)
R2 NVWMI; C:\Windows\system32\nvwmi64.exe [2700224 2016-05-30] ()
S3 Origin Client Service; E:\Program Files (x86)\Origin\OriginClientService.exe [2123240 2017-03-26] (ElectronicArts)
R2 Origin Web Helper Service; E:\Program Files (x86)\Origin\OriginWebHelperService.exe [2184688 2017-03-26] (ElectronicArts)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-18] (MicrosoftCorporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [985280 2015-07-21] (@ByELDI) [File not signed]
S3 ShareItSvc; E:\Program Files (x86)\SHAREit\SHAREit\Shareit.Service.exe [33224 2016-04-15] (SHAREitTechnologiesCo.Ltd)
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURUCo.,LTD.)
S3 Te.Service; E:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-15] (MicrosoftCorporation) [File not signed]
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (MicrosoftCorporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (MicrosoftCorporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (MicrosoftCorporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.1\WsAppService.exe [437392 2016-10-10] (Wondershare)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [671696 2016-12-09] (WacomTechnology,Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BRDriver64_1_3_3_E02B25FC; C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [78088 2016-09-11] (BitRaider)
S3 DFX11_1; C:\WINDOWS\system32\drivers\dfx11_1x64.sys [28008 2015-08-31] (Windows®Win7DDKprovider)
S3 DFX12; C:\WINDOWS\system32\drivers\dfx12x64.sys [39048 2015-11-14] (Windows®Win7DDKprovider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (SamsungElectronicsCo.,Ltd.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [24056 2016-01-14] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [21496 2016-01-14] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [10848 2016-07-11] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [10208 2016-07-11] ()
R3 GEARAspiWDM; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [33240 2012-08-21] (GEARSoftwareInc.)
S3 GPCIDrv; E:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys [14376 2014-08-28] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2017-05-10] (MalwarebytesCorporation)
S1 mbmiodrvr; C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] (cansoft@livewiredev.com) [File not signed]
R1 MpKsl4f7e7fe7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{38C023CF-4921-4D42-9B50-C8BA70199E04}\MpKsl4f7e7fe7.sys [44928 2017-08-06] (MicrosoftCorporation)
S3 MTsensor; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [17280 2013-05-17] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_24ddebfb518b5a55\nvlddmkm.sys [15668664 2017-07-19] (NVIDIACorporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-07-26] (NVIDIACorporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIACorporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-07-26] (NVIDIACorporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [937728 2016-05-17] (Realtek)
S3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2016-05-25] (Scarlet.CrushProductions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (MicrosoftCorporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (SamsungElectronicsCo.,Ltd.)
S3 tapoas; C:\WINDOWS\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (TheOpenVPNProject) [File not signed]
S3 USBAAPL64; C:\WINDOWS\System32\Drivers\usbaapl64.sys [54784 2014-08-15] (Apple,Inc.) [File not signed]
S0 vsmraid; C:\WINDOWS\System32\drivers\vsmraid.sys [166816 2017-03-18] (VIATechnologiesInc.,Ltd)
R3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [119448 2016-12-05] (WacomTechnology)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (MicrosoftCorporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (MicrosoftCorporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (MicrosoftCorporation)
R2 WIBUKEY; C:\WINDOWS\System32\DRIVERS\WibuKey64.sys [106760 2017-04-08] (WIBU-SYSTEMSAG)
R2 WinisoCDBus; C:\WINDOWS\System32\drivers\WinisoCDBus.sys [204032 2016-10-20] (WinISO.com)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (IntelCorporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-05 16:55 - 2017-08-05 16:57 - 085916232 _____ C:\Users\Alexander\Downloads\CINEBENCHR15.038.zip
2017-08-04 21:42 - 2017-08-04 21:42 - 005753524 _____ C:\Users\Alexander\Downloads\cemuhook_190c_0532.zip
2017-08-04 19:17 - 2017-08-04 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-04 19:15 - 2017-08-04 19:15 - 000000095 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-08-04 19:15 - 2017-08-04 19:15 - 000000089 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc
2017-08-04 01:14 - 2017-08-04 01:12 - 000565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-03 21:43 - 2017-08-03 21:43 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-08-03 21:43 - 2017-08-03 21:43 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-08-03 21:43 - 2017-08-03 21:43 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-08-03 21:43 - 2017-08-03 21:43 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-08-03 08:01 - 2017-08-03 08:01 - 000245264 _____ C:\Users\Alexander\AppData\Roaming\CADB4DC5C90A159CA37D503B1B563EB0
2017-08-03 06:59 - 2017-08-07 19:41 - 000000000 ____D C:\FRST
2017-08-03 02:27 - 2017-08-03 02:29 - 075743822 _____ C:\Users\Alexander\Downloads\Legend of Korra - Turf Wars Part 1 (English) GetComics.INFO.cbz
2017-08-03 01:50 - 2017-08-04 00:43 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\tor
2017-08-02 17:34 - 2017-08-04 21:03 - 000001404 _____ C:\Users\Alexander\Desktop\WiiU_USB_Helper.lnk
2017-08-02 04:35 - 2017-08-04 21:04 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\USB_HELPER
2017-08-02 04:32 - 2017-08-02 04:32 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WiiU_USB_Helper
2017-08-02 04:32 - 2017-08-02 04:32 - 000000000 ____D C:\Users\Alexander\AppData\Local\Hikari06
2017-08-02 03:55 - 2017-08-02 03:55 - 000002239 _____ C:\Users\Alexander\Downloads\BlockSiteList_20170801.txt
2017-08-01 00:07 - 2017-08-01 00:07 - 000000136 _____ C:\cerr.txt
2017-07-31 23:41 - 2017-07-31 23:42 - 000000000 ____D C:\Users\Alexander\Downloads\_UPS
2017-07-31 22:52 - 2017-07-31 22:52 - 000002700 _____ C:\Users\Alexander\Downloads\poyEdgetoCurve_v1.mel
2017-07-28 18:24 - 2017-07-28 18:24 - 000000000 ____D C:\WINDOWS\LastGood
2017-07-28 14:52 - 2017-07-28 14:52 - 002565692 _____ C:\Users\Alexander\Downloads\Invoice_20170708_001.pdf
2017-07-27 11:21 - 2017-07-27 11:21 - 000003366 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1277071745-3778731969-3839681893-1001
2017-07-27 01:06 - 2017-07-27 01:06 - 000001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Animate CC 2017.lnk
2017-07-27 01:05 - 2017-07-27 01:05 - 000001302 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-07-26 12:42 - 2017-07-26 12:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-07-26 12:42 - 2017-07-26 12:42 - 000000000 ____D C:\Program Files\iTunes
2017-07-26 12:42 - 2017-07-26 12:42 - 000000000 ____D C:\Program Files\iPod
2017-07-26 02:37 - 2017-07-26 02:37 - 000000000 ____D C:\Program Files\Chaos Group
2017-07-25 03:49 - 2017-07-25 03:49 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-07-25 03:49 - 2017-07-18 18:38 - 000135800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-07-25 03:49 - 2017-03-10 17:17 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-07-25 03:49 - 2017-03-10 17:17 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-07-25 03:49 - 2017-03-10 17:17 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-07-25 03:49 - 2017-03-10 17:17 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-07-25 03:48 - 2017-07-25 03:48 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-07-25 03:47 - 2017-07-18 20:40 - 040239736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 035314296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 028960376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 013655672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 012133112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 011591576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 010487760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 009982968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 004163520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 003595896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438494.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438494.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 001278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 001276992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000996760 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000995408 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000972920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000618744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000617416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000609912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000584312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-07-25 03:47 - 2017-07-18 20:40 - 000499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-07-24 16:25 - 2017-07-24 16:25 - 000000000 ____D C:\ProgramData\Ephere
2017-07-22 01:19 - 2017-08-04 21:01 - 000000000 ____D C:\Users\Alexander\AppData\Local\Ephere
2017-07-22 01:19 - 2017-07-22 01:19 - 000000290 _____ C:\Users\Alexander\AppData\Local\EphereLicensingLog.txt
2017-07-22 01:07 - 2017-07-28 05:55 - 000000009 _____ C:\Users\Alexander\AppData\Local\OrnatrixMayaLicenseServerIP.txt
2017-07-21 20:47 - 2017-07-28 03:01 - 000000074 _____ C:\Users\Alexander\AppData\Local\OrnatrixMayaSetupFilepath.txt
2017-07-12 22:25 - 2017-07-12 22:25 - 000260122 _____ C:\Users\Alexander\Downloads\massielCV.pdf
2017-07-12 22:03 - 2017-07-12 22:03 - 000473892 _____ C:\Users\Alexander\Downloads\AlexanderTamayo_CV_EN_A4.pdf
2017-07-12 22:02 - 2017-07-12 22:03 - 000478423 _____ C:\Users\Alexander\Downloads\AlexanderTamayo_CV_ES.pdf
2017-07-11 18:10 - 2017-07-07 10:00 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-11 18:10 - 2017-07-07 03:27 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-11 18:10 - 2017-07-07 03:27 - 001024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-11 18:10 - 2017-07-07 03:27 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-11 18:10 - 2017-07-07 03:26 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-11 18:10 - 2017-07-07 03:25 - 000899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-11 18:10 - 2017-07-07 03:24 - 000117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-11 18:10 - 2017-07-07 03:23 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-11 18:10 - 2017-07-07 03:22 - 008318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-11 18:10 - 2017-07-07 03:22 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-11 18:10 - 2017-07-07 03:21 - 032688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-11 18:10 - 2017-07-07 03:21 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-11 18:10 - 2017-07-07 03:20 - 002021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-11 18:10 - 2017-07-07 03:20 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-11 18:10 - 2017-07-07 03:20 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-11 18:10 - 2017-07-07 03:20 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-11 18:10 - 2017-07-07 03:15 - 002444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-11 18:10 - 2017-07-07 03:14 - 007325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-11 18:10 - 2017-07-07 03:14 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-11 18:10 - 2017-07-07 03:14 - 001760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-11 18:10 - 2017-07-07 03:14 - 001171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-11 18:10 - 2017-07-07 03:13 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-11 18:10 - 2017-07-07 03:13 - 000554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-11 18:10 - 2017-07-07 03:13 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-11 18:10 - 2017-07-07 03:12 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-11 18:10 - 2017-07-07 03:12 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-11 18:10 - 2017-07-07 03:11 - 007904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-11 18:10 - 2017-07-07 03:11 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-11 18:10 - 2017-07-07 03:10 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-11 18:10 - 2017-07-07 03:10 - 001670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-11 18:10 - 2017-07-07 03:10 - 001337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-11 18:10 - 2017-07-07 03:10 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-11 18:10 - 2017-07-07 03:10 - 000372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-11 18:10 - 2017-07-07 03:10 - 000254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-11 18:10 - 2017-07-07 03:09 - 000041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 002229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 001854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 001693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 001458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 000848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 000846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-11 18:10 - 2017-07-07 03:08 - 000844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 000699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 000672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-11 18:10 - 2017-07-07 03:08 - 000399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-11 18:10 - 2017-07-07 03:07 - 001106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-11 18:10 - 2017-07-07 03:07 - 000058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-11 18:10 - 2017-07-07 02:57 - 000626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-11 18:10 - 2017-07-07 02:57 - 000125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-11 18:10 - 2017-07-07 02:40 - 023677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-11 18:10 - 2017-07-07 02:39 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-11 18:10 - 2017-07-07 02:39 - 000096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-11 18:10 - 2017-07-07 02:37 - 031652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-11 18:10 - 2017-07-07 02:37 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-11 18:10 - 2017-07-07 02:37 - 001339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-11 18:10 - 2017-07-07 02:31 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-11 18:10 - 2017-07-07 02:31 - 001518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-11 18:10 - 2017-07-07 02:31 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-11 18:10 - 2017-07-07 02:30 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-11 18:10 - 2017-07-07 02:30 - 000949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-11 18:10 - 2017-07-07 02:30 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-11 18:10 - 2017-07-07 02:29 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-11 18:10 - 2017-07-07 02:29 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-11 18:10 - 2017-07-07 02:27 - 006759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-11 18:10 - 2017-07-07 02:27 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-11 18:10 - 2017-07-07 02:27 - 001050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-11 18:10 - 2017-07-07 02:27 - 000557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-11 18:10 - 2017-07-07 02:27 - 000443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-11 18:10 - 2017-07-07 02:27 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-11 18:10 - 2017-07-07 02:26 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-11 18:10 - 2017-07-07 02:26 - 017364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-11 18:10 - 2017-07-07 02:26 - 001529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-11 18:10 - 2017-07-07 02:26 - 001195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-11 18:10 - 2017-07-07 02:26 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-11 18:10 - 2017-07-07 02:25 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-11 18:10 - 2017-07-07 02:25 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-11 18:10 - 2017-07-07 02:24 - 001517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-11 18:10 - 2017-07-07 02:23 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-11 18:10 - 2017-07-07 02:23 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-11 18:10 - 2017-07-07 02:23 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-11 18:10 - 2017-07-07 02:22 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-11 18:10 - 2017-07-07 02:22 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-11 18:10 - 2017-07-07 02:21 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-11 18:10 - 2017-07-07 02:20 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-11 18:10 - 2017-07-07 02:20 - 008331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-11 18:10 - 2017-07-07 02:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-11 18:10 - 2017-07-07 02:19 - 007149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-11 18:10 - 2017-07-07 02:19 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-11 18:10 - 2017-07-07 02:19 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-11 18:10 - 2017-07-07 02:19 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-11 18:10 - 2017-07-07 02:18 - 007336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-11 18:10 - 2017-07-07 02:18 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-11 18:10 - 2017-07-07 02:18 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-11 18:10 - 2017-07-07 02:18 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-11 18:10 - 2017-07-07 02:17 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-11 18:10 - 2017-07-07 02:17 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-11 18:10 - 2017-07-07 02:17 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-11 18:10 - 2017-07-07 02:17 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-11 18:10 - 2017-07-07 02:17 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-11 18:10 - 2017-07-07 02:16 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-11 18:10 - 2017-07-07 02:16 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-11 18:10 - 2017-07-07 02:16 - 000545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-11 18:10 - 2017-07-07 02:15 - 008238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-11 18:10 - 2017-07-07 02:15 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-11 18:10 - 2017-07-07 02:15 - 000498176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2017-07-11 18:10 - 2017-07-07 02:14 - 008211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-11 18:10 - 2017-07-07 02:14 - 003784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-11 18:10 - 2017-07-07 02:14 - 002956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-11 18:10 - 2017-07-07 02:14 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-11 18:10 - 2017-07-07 02:14 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-11 18:10 - 2017-07-07 02:14 - 000790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-11 18:10 - 2017-07-07 02:14 - 000570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-11 18:10 - 2017-07-07 02:13 - 013839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-11 18:10 - 2017-07-07 02:13 - 005892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-11 18:10 - 2017-07-07 02:13 - 000840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 004730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 002499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-11 18:10 - 2017-07-07 02:12 - 001420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 001142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-11 18:10 - 2017-07-07 02:12 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-11 18:10 - 2017-07-07 02:11 - 003139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-11 18:10 - 2017-07-07 02:11 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-11 18:10 - 2017-07-07 02:11 - 002649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-11 18:10 - 2017-07-07 02:11 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-11 18:10 - 2017-07-07 02:11 - 001888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-11 18:10 - 2017-07-07 02:11 - 001812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-11 18:10 - 2017-07-07 02:11 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-11 18:10 - 2017-07-07 02:10 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-11 18:10 - 2017-07-07 02:10 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-11 18:10 - 2017-07-07 02:10 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-11 18:10 - 2017-07-07 02:10 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-11 18:10 - 2017-07-07 02:10 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-11 18:10 - 2017-07-07 02:09 - 020504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-11 18:10 - 2017-07-07 02:09 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-11 18:10 - 2017-07-07 02:08 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-11 18:10 - 2017-07-07 02:07 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-11 18:10 - 2017-07-07 02:07 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-11 18:10 - 2017-07-07 02:06 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-11 18:10 - 2017-07-07 02:06 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-11 18:10 - 2017-07-07 02:06 - 000205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-11 18:10 - 2017-07-07 02:05 - 019335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-11 18:10 - 2017-07-07 02:05 - 011870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-11 18:10 - 2017-07-07 02:05 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-11 18:10 - 2017-07-07 02:05 - 005719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-11 18:10 - 2017-07-07 02:05 - 000502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-11 18:10 - 2017-07-07 02:05 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-11 18:10 - 2017-07-07 02:04 - 005961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-11 18:10 - 2017-07-07 02:04 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-11 18:10 - 2017-07-07 02:04 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-11 18:10 - 2017-07-07 02:04 - 000506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-11 18:10 - 2017-07-07 02:04 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-11 18:10 - 2017-07-07 02:04 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-11 18:10 - 2017-07-07 02:03 - 006123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-11 18:10 - 2017-07-07 02:03 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-11 18:10 - 2017-07-07 02:03 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-11 18:10 - 2017-07-07 02:03 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2017-07-11 18:10 - 2017-07-07 02:02 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-11 18:10 - 2017-07-07 02:02 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-11 18:10 - 2017-07-07 02:01 - 006287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-11 18:10 - 2017-07-07 02:01 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-11 18:10 - 2017-07-07 02:00 - 007596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-11 18:10 - 2017-07-07 02:00 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-11 18:10 - 2017-07-07 02:00 - 002588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-11 18:10 - 2017-07-07 02:00 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-11 18:10 - 2017-07-07 02:00 - 001565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-11 18:10 - 2017-07-07 02:00 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-11 18:10 - 2017-07-07 01:59 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-11 18:10 - 2017-07-07 01:59 - 003656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-11 18:10 - 2017-07-07 01:59 - 001494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-11 18:10 - 2017-07-07 01:59 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-11 18:10 - 2017-07-07 01:59 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-11 18:10 - 2017-07-07 01:58 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-11 18:10 - 2017-07-07 01:58 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-11 18:10 - 2017-07-07 01:58 - 002298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-11 18:10 - 2017-07-07 01:58 - 001237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-11 18:10 - 2017-07-07 01:55 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-11 18:10 - 2017-07-07 01:55 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-11 18:10 - 2017-07-07 01:53 - 001301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-11 18:10 - 2017-07-07 01:53 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-11 18:10 - 2017-07-01 18:52 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-11 18:10 - 2017-06-20 02:18 - 001564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-11 18:10 - 2017-06-20 02:17 - 000629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-11 18:10 - 2017-06-20 02:17 - 000544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-11 18:10 - 2017-06-20 02:17 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-11 18:10 - 2017-06-20 02:17 - 000034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-11 18:10 - 2017-06-20 02:16 - 001214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-11 18:10 - 2017-06-20 02:16 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-11 18:10 - 2017-06-20 02:15 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-11 18:10 - 2017-06-20 02:11 - 001395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-11 18:10 - 2017-06-20 02:11 - 000411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-11 18:10 - 2017-06-20 02:10 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-11 18:10 - 2017-06-20 02:10 - 001930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-11 18:10 - 2017-06-20 02:08 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-11 18:10 - 2017-06-20 02:06 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-11 18:10 - 2017-06-20 02:05 - 001057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-11 18:10 - 2017-06-20 02:04 - 004847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-11 18:10 - 2017-06-20 02:04 - 000472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-11 18:10 - 2017-06-20 02:03 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-11 18:10 - 2017-06-20 02:03 - 000102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-11 18:10 - 2017-06-20 02:02 - 002645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-11 18:10 - 2017-06-20 02:02 - 001055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-11 18:10 - 2017-06-20 02:00 - 000558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-11 18:10 - 2017-06-20 02:00 - 000255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-11 18:10 - 2017-06-20 02:00 - 000142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-11 18:10 - 2017-06-20 01:59 - 006554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-11 18:10 - 2017-06-20 01:59 - 001220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-11 18:10 - 2017-06-20 01:59 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-11 18:10 - 2017-06-20 01:59 - 000583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-11 18:10 - 2017-06-20 01:59 - 000467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-11 18:10 - 2017-06-20 01:58 - 000833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-11 18:10 - 2017-06-20 01:58 - 000406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-11 18:10 - 2017-06-20 01:57 - 002681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-11 18:10 - 2017-06-20 01:57 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-11 18:10 - 2017-06-20 01:34 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-11 18:10 - 2017-06-20 01:15 - 001620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-11 18:10 - 2017-06-20 01:15 - 000455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-11 18:10 - 2017-06-20 01:14 - 001150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-11 18:10 - 2017-06-20 01:13 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-11 18:10 - 2017-06-20 01:13 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-11 18:10 - 2017-06-20 01:12 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-11 18:10 - 2017-06-20 01:12 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-11 18:10 - 2017-06-20 01:12 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-11 18:10 - 2017-06-20 01:11 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-11 18:10 - 2017-06-20 01:11 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-11 18:10 - 2017-06-20 01:10 - 000722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-11 18:10 - 2017-06-20 01:10 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-11 18:10 - 2017-06-20 01:10 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-11 18:10 - 2017-06-20 01:10 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-11 18:10 - 2017-06-20 01:09 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-11 18:10 - 2017-06-20 01:09 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 004469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-11 18:10 - 2017-06-20 01:08 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-11 18:10 - 2017-06-20 01:08 - 000251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 002475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-11 18:10 - 2017-06-20 01:07 - 000138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-11 18:10 - 2017-06-20 01:06 - 000278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 005776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-07-11 18:10 - 2017-06-20 01:05 - 004447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 000585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-11 18:10 - 2017-06-20 01:05 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-11 18:10 - 2017-06-20 01:05 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-11 18:10 - 2017-06-20 01:05 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-11 18:10 - 2017-06-20 01:05 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 001818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 001425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-11 18:10 - 2017-06-20 01:04 - 001178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 001177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 001077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 000400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 000181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-11 18:10 - 2017-06-20 01:04 - 000049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-11 18:10 - 2017-06-20 01:03 - 005806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-11 18:10 - 2017-06-20 01:03 - 002077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-11 18:10 - 2017-06-20 01:03 - 001396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-11 18:10 - 2017-06-20 01:03 - 000864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-11 18:10 - 2017-06-20 01:03 - 000443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 003204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 002804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 001121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 000681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-11 18:10 - 2017-06-20 01:02 - 000354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 004536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 003803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 003332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 001076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-11 18:10 - 2017-06-20 01:01 - 000176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-11 18:10 - 2017-06-20 01:00 - 003057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-11 18:10 - 2017-06-20 01:00 - 002597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-11 18:10 - 2017-06-20 01:00 - 002171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-11 18:10 - 2017-06-20 00:59 - 002938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-11 18:10 - 2017-06-20 00:59 - 001674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-11 18:10 - 2017-06-20 00:59 - 001357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-11 18:10 - 2017-06-20 00:58 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-11 18:10 - 2017-06-20 00:56 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-11 18:10 - 2017-06-20 00:54 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-11 18:10 - 2017-06-20 00:49 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-11 18:10 - 2017-06-20 00:49 - 000331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-11 18:10 - 2017-06-20 00:46 - 000132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-11 18:10 - 2017-06-20 00:45 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-11 18:10 - 2017-06-20 00:45 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-11 18:10 - 2017-06-20 00:43 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-11 18:10 - 2017-06-20 00:42 - 000641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-11 18:10 - 2017-06-20 00:42 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-11 18:10 - 2017-06-20 00:42 - 000338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-11 18:10 - 2017-06-20 00:42 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-11 18:10 - 2017-06-20 00:42 - 000226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-11 18:10 - 2017-06-20 00:42 - 000121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-11 18:10 - 2017-06-20 00:41 - 000734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-11 18:10 - 2017-06-20 00:41 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-11 18:10 - 2017-06-20 00:41 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-11 18:10 - 2017-06-20 00:41 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-11 18:10 - 2017-06-20 00:41 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-11 18:10 - 2017-06-20 00:40 - 004544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-07-11 18:10 - 2017-06-20 00:40 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-11 18:10 - 2017-06-20 00:40 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-11 18:10 - 2017-06-20 00:40 - 000342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-11 18:10 - 2017-06-20 00:40 - 000247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-11 18:10 - 2017-06-20 00:40 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-11 18:10 - 2017-06-20 00:40 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-11 18:10 - 2017-06-20 00:39 - 002814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-11 18:10 - 2017-06-20 00:39 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-11 18:10 - 2017-06-20 00:39 - 000969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-11 18:10 - 2017-06-20 00:39 - 000646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-11 18:10 - 2017-06-20 00:39 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-11 18:10 - 2017-06-20 00:39 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-11 18:10 - 2017-06-20 00:38 - 001451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-11 18:10 - 2017-06-20 00:38 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-11 18:10 - 2017-06-20 00:38 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-11 18:10 - 2017-06-20 00:38 - 000663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-11 18:10 - 2017-06-20 00:38 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-11 18:10 - 2017-06-20 00:38 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-11 18:10 - 2017-06-20 00:37 - 002008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-11 18:10 - 2017-06-20 00:36 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-11 18:10 - 2017-06-20 00:35 - 005141504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2017-07-11 18:10 - 2017-06-20 00:35 - 002679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-11 18:10 - 2017-06-20 00:35 - 002132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-11 18:10 - 2017-06-20 00:35 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-11 18:10 - 2017-06-20 00:34 - 004056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-11 18:10 - 2017-06-20 00:34 - 002750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-11 18:10 - 2017-06-20 00:34 - 002211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-11 18:10 - 2017-06-20 00:34 - 001492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-11 18:10 - 2017-06-20 00:34 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-11 18:10 - 2017-06-20 00:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-11 18:10 - 2017-06-20 00:30 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-11 18:10 - 2017-06-20 00:30 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-11 18:10 - 2017-06-20 00:30 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-11 18:10 - 2017-06-20 00:28 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-11 18:09 - 2017-07-07 03:27 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-11 18:09 - 2017-07-07 03:27 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-11 18:09 - 2017-07-07 03:22 - 000119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-11 18:09 - 2017-07-07 03:17 - 001017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-11 18:09 - 2017-07-07 03:13 - 000147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-11 18:09 - 2017-07-07 03:12 - 000228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-11 18:09 - 2017-07-07 03:08 - 001100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-11 18:09 - 2017-07-07 03:08 - 000992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-11 18:09 - 2017-07-07 03:08 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-11 18:09 - 2017-07-07 03:08 - 000506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-11 18:09 - 2017-07-07 02:27 - 001640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-11 18:09 - 2017-07-07 02:27 - 000859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-11 18:09 - 2017-07-07 02:27 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-11 18:09 - 2017-07-07 02:24 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-11 18:09 - 2017-07-07 02:23 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-11 18:09 - 2017-07-07 02:23 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-11 18:09 - 2017-07-07 02:21 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-11 18:09 - 2017-07-07 02:19 - 000137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-11 18:09 - 2017-07-07 02:18 - 000563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-11 18:09 - 2017-07-07 02:17 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-11 18:09 - 2017-07-07 02:17 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-11 18:09 - 2017-07-07 02:14 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-11 18:09 - 2017-07-07 02:12 - 001713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-11 18:09 - 2017-07-07 02:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-11 18:09 - 2017-07-07 02:07 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-11 18:09 - 2017-07-07 02:07 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-11 18:09 - 2017-07-07 02:05 - 000370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-11 18:09 - 2017-07-07 02:04 - 001703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-11 18:09 - 2017-07-07 02:04 - 001403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-11 18:09 - 2017-06-20 02:18 - 000096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-11 18:09 - 2017-06-20 02:17 - 000136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-11 18:09 - 2017-06-20 02:03 - 000179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-11 18:09 - 2017-06-20 02:02 - 000426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-11 18:09 - 2017-06-20 01:58 - 000203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-11 18:09 - 2017-06-20 01:16 - 000970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-11 18:09 - 2017-06-20 01:16 - 000417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-11 18:09 - 2017-06-20 01:14 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-11 18:09 - 2017-06-20 01:13 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-11 18:09 - 2017-06-20 01:13 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-11 18:09 - 2017-06-20 01:13 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-11 18:09 - 2017-06-20 01:12 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-11 18:09 - 2017-06-20 01:12 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-11 18:09 - 2017-06-20 01:10 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-11 18:09 - 2017-06-20 01:10 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-11 18:09 - 2017-06-20 01:09 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-11 18:09 - 2017-06-20 01:09 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-11 18:09 - 2017-06-20 01:09 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-11 18:09 - 2017-06-20 01:09 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-11 18:09 - 2017-06-20 01:08 - 000791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-11 18:09 - 2017-06-20 01:07 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-11 18:09 - 2017-06-20 01:07 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-11 18:09 - 2017-06-20 01:07 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-11 18:09 - 2017-06-20 01:06 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-11 18:09 - 2017-06-20 01:06 - 000335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-11 18:09 - 2017-06-20 01:06 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-11 18:09 - 2017-06-20 01:06 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-11 18:09 - 2017-06-20 01:05 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-11 18:09 - 2017-06-20 01:05 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-11 18:09 - 2017-06-20 01:05 - 000696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-11 18:09 - 2017-06-20 01:04 - 000802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-11 18:09 - 2017-06-20 01:02 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-11 18:09 - 2017-06-20 01:01 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-11 18:09 - 2017-06-20 01:01 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-11 18:09 - 2017-06-20 00:57 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-11 18:09 - 2017-06-20 00:57 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-11 18:09 - 2017-06-20 00:56 - 000600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-11 18:09 - 2017-06-20 00:56 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-10 02:08 - 2017-07-18 20:40 - 035844728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-07-10 02:08 - 2017-07-18 20:40 - 012451424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-07-10 02:08 - 2017-07-18 20:40 - 000689992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-07-10 02:08 - 2017-06-27 18:39 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438476.dll
2017-07-10 02:08 - 2017-06-27 18:39 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438476.dll
2017-07-10 02:08 - 2017-06-27 18:39 - 000045976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-07-10 02:08 - 2017-06-27 18:39 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-07-10 02:08 - 2017-06-27 18:39 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-07-10 02:05 - 2017-07-26 13:09 - 000146368 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-07-09 12:31 - 2017-08-04 21:02 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-09 12:31 - 2017-07-09 12:31 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-07-08 20:44 - 2017-07-08 20:53 - 000000239 _____ C:\Users\Alexander\Documents\ClownfishVoiceChanger.ini
2017-07-08 20:44 - 2017-07-08 20:48 - 000000000 ____D C:\Users\Alexander\Documents\ClownfishSoundTemp
2017-07-08 20:44 - 2017-07-08 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClownfishVoiceChanger
2017-07-08 20:43 - 2017-07-08 20:43 - 000562888 _____ (Shark Labs) C:\Users\Alexander\Downloads\VoiceChanger64(0.66).exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-07 19:41 - 2015-01-21 22:38 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Azureus
2017-08-07 19:40 - 2016-11-27 11:27 - 000000000 ____D C:\Users\Alexander\AppData\LocalLow\Mozilla
2017-08-07 19:29 - 2017-05-22 11:35 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-07 19:29 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-07 19:28 - 2015-01-21 22:51 - 000000000 ____D C:\Users\Alexander\AppData\Local\Spotify
2017-08-07 19:28 - 2015-01-21 22:50 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Spotify
2017-08-07 09:16 - 2017-05-22 11:35 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-07 00:00 - 2015-01-23 22:38 - 000000000 ____D C:\ProgramData\Reprise
2017-08-06 23:36 - 2017-05-22 11:59 - 000005204 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for ALEXT-Alexander AlexT
2017-08-06 23:17 - 2015-01-21 23:20 - 000001515 _____ C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Batman Arkham Origins.lnk
2017-08-06 23:12 - 2017-03-12 23:02 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\WhatsApp
2017-08-06 05:35 - 2015-01-21 23:16 - 000000000 ____D C:\Users\Alexander\AppData\Local\Cuevana
2017-08-05 22:43 - 2015-07-06 04:27 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\vlc
2017-08-05 16:22 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-05 16:20 - 2015-01-24 02:10 - 000000000 ____D C:\Users\Alexander\AppData\Local\CrashDumps
2017-08-05 04:15 - 2017-05-22 11:59 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-04 23:52 - 2015-01-22 15:34 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Telegram Desktop
2017-08-04 21:07 - 2017-05-22 11:35 - 001217398 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-04 21:04 - 2017-05-22 11:36 - 000000000 ____D C:\Users\Alexander
2017-08-04 21:01 - 2017-05-22 11:59 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-04 21:01 - 2017-03-18 07:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-08-04 20:51 - 2017-01-20 01:45 - 000000000 ____D C:\Users\Alexander\AppData\Local\Everything
2017-08-04 20:51 - 2016-10-14 21:10 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Everything
2017-08-04 20:51 - 2016-06-01 20:43 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\KeePass
2017-08-04 20:00 - 2016-06-16 18:35 - 000000000 ____D C:\AdwCleaner
2017-08-04 19:17 - 2016-06-09 18:25 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-04 01:37 - 2016-12-22 16:29 - 000000000 ____D C:\Program Files\KMSpico
2017-08-04 01:13 - 2017-05-22 12:04 - 000000008 __RSH C:\Users\Alexander\ntuser.pol
2017-08-04 01:13 - 2015-09-24 21:05 - 000000008 __RSH C:\ProgramData\ntuser.pol
2017-08-04 01:11 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-08-04 01:11 - 2017-03-18 07:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-08-04 01:11 - 2015-01-21 23:20 - 000000000 ____D C:\Users\Alexander\AppData\LocalLow\Temp
2017-08-04 01:11 - 2013-08-22 11:36 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-08-04 01:05 - 2016-12-28 19:41 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-08-03 23:32 - 2015-03-29 21:25 - 000000000 ____D C:\Users\Alexander\Desktop\DISORGANISE
2017-08-03 23:11 - 2015-01-21 23:27 - 000000000 ____D C:\Users\Alexander\Documents\maya
2017-08-03 06:44 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-03 04:07 - 2015-01-21 22:07 - 000000000 ____D C:\Users\Alexander\AppData\Local\Packages
2017-08-02 22:54 - 2015-10-28 23:04 - 000000000 ____D C:\Users\Alexander\Downloads\Telegram Desktop
2017-08-01 22:09 - 2017-06-10 14:44 - 000000000 ____D C:\Users\Alexander\Downloads\_Jdownloader
2017-08-01 22:09 - 2015-03-29 18:37 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Audacity
2017-07-30 09:05 - 2017-05-02 05:29 - 000000000 ____D C:\Users\Alexander\Documents\temp
2017-07-29 07:14 - 2016-05-17 18:25 - 000000000 ____D C:\WINDOWS\pss
2017-07-29 07:11 - 2015-01-21 22:07 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Adobe
2017-07-28 18:24 - 2017-05-22 12:07 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:59 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-07-28 18:24 - 2017-05-22 11:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-28 18:24 - 2017-05-22 11:35 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-28 18:24 - 2017-05-22 11:35 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-28 05:30 - 2015-01-21 23:20 - 000000132 _____ C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CC Prefs
2017-07-28 02:09 - 2017-06-21 20:33 - 000000000 ____D C:\Users\Alexander\Downloads\_Vuze
2017-07-27 11:21 - 2016-06-08 17:30 - 000002379 _____ C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-07-27 11:21 - 2015-08-22 04:17 - 000000000 __RDO C:\Users\Alexander\OneDrive
2017-07-27 03:43 - 2015-07-15 01:18 - 000000000 ____D C:\Users\Alexander\AppData\Local\My Family Tree
2017-07-27 01:06 - 2017-01-01 14:53 - 000000000 ____D C:\Program Files\Adobe
2017-07-27 01:06 - 2015-01-23 21:48 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-07-27 01:06 - 2015-01-21 23:16 - 000000000 ____D C:\Users\Alexander\AppData\Local\Adobe
2017-07-27 01:06 - 2015-01-21 22:51 - 000000000 ____D C:\ProgramData\Adobe
2017-07-27 01:05 - 2015-05-06 19:32 - 000000000 ____D C:\Program Files (x86)\Adobe
2017-07-26 17:36 - 2015-01-21 22:38 - 000000000 ____D C:\Users\Alexander\Documents\Vuze Downloads
2017-07-26 13:09 - 2017-05-22 12:07 - 000179136 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-07-26 13:09 - 2017-03-12 17:30 - 000057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-07-26 13:09 - 2017-02-01 06:04 - 000048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-07-26 13:09 - 2016-09-28 22:04 - 001922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-07-26 13:09 - 2016-09-28 22:04 - 001755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-07-26 13:09 - 2016-09-28 22:04 - 001505728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-07-26 13:09 - 2016-09-28 22:04 - 001317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-07-26 13:09 - 2016-09-28 22:04 - 000121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-07-26 09:40 - 2016-12-22 11:55 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-07-26 09:36 - 2017-05-22 11:35 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-07-26 02:37 - 2015-07-21 18:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Chaos Group
2017-07-26 02:33 - 2015-07-21 18:19 - 000000000 ____D C:\Program Files\Common Files\ChaosGroup
2017-07-25 03:49 - 2016-09-01 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-07-24 16:32 - 2015-01-21 22:40 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Skype
2017-07-24 14:27 - 2015-01-21 22:22 - 000000000 ____D C:\ProgramData\Oracle
2017-07-24 11:07 - 2015-01-21 22:23 - 000110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-07-24 11:07 - 2015-01-21 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-07-24 11:07 - 2015-01-21 22:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-07-24 11:07 - 2015-01-21 22:21 - 000000000 ____D C:\Program Files\Java
2017-07-22 06:17 - 2017-04-21 13:47 - 000000000 ____D C:\Users\Alexander\AppData\Local\AXNworks
2017-07-20 00:17 - 2015-01-24 01:12 - 000000000 ____D C:\ProgramData\Unity
2017-07-20 00:05 - 2016-09-05 00:03 - 000000000 ____D C:\Users\Alexander\AppData\LocalLow\DefaultCompany
2017-07-19 19:55 - 2017-03-12 23:02 - 000000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-07-19 19:55 - 2017-03-12 23:02 - 000000000 ____D C:\Users\Alexander\AppData\Local\WhatsApp
2017-07-19 19:55 - 2016-05-23 18:26 - 000000000 ____D C:\Users\Alexander\AppData\Local\SquirrelTemp
2017-07-18 20:40 - 2017-03-12 17:34 - 004210032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-07-18 20:40 - 2017-03-12 17:34 - 003711328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-07-18 20:40 - 2017-03-12 17:34 - 000046463 _____ C:\WINDOWS\system32\nvinfo.pb
2017-07-18 19:24 - 2017-05-22 11:35 - 006463608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-07-18 19:24 - 2017-05-22 11:35 - 002479040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-07-18 19:24 - 2017-05-22 11:35 - 001762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-07-18 19:24 - 2017-05-22 11:35 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-07-18 19:24 - 2017-05-22 11:35 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-07-18 19:24 - 2017-05-22 11:35 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-07-18 19:24 - 2017-05-22 11:35 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-07-18 01:30 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-16 18:30 - 2015-12-09 20:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON Software
2017-07-15 17:45 - 2017-06-02 17:12 - 000000000 ____D C:\Users\Alexander\Documents\_trabajos
2017-07-12 21:37 - 2017-05-22 11:35 - 008095171 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-07-12 20:24 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-07-12 17:50 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 02:19 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-12 02:19 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-07-11 23:11 - 2015-05-06 19:32 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-07-11 19:28 - 2016-04-27 02:42 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-07-11 19:06 - 2017-05-22 11:35 - 005800160 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ___SD C:\WINDOWS\system32\F12
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ___RD C:\Program Files\Windows Defender
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\migwiz
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\appraiser
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-11 19:05 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-11 18:14 - 2016-01-11 19:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-07-11 18:11 - 2016-01-11 19:23 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-09 12:59 - 2016-12-22 08:30 - 000000000 __SHD C:\Users\Alexander\IntelGraphicsProfiles
2017-07-09 12:31 - 2016-12-22 08:30 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-07-08 22:35 - 2015-01-21 23:23 - 000000000 ____D C:\Users\Alexander\Documents\Camtasia Studio
2017-07-08 20:50 - 2016-11-11 21:32 - 000000000 ____D C:\Users\Alexander\Documents\Sound recordings

==================== Files in the root of some directories =======

2016-07-21 19:17 - 2016-07-21 19:17 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe BMP Format CC Prefs
2015-03-24 02:10 - 2017-06-06 19:17 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe OpenEXR Format CC Prefs
2015-01-21 23:20 - 2017-07-28 05:30 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CC Prefs
2015-01-21 23:20 - 2014-05-01 22:30 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe PNG Format CS5 Prefs
2015-01-21 23:20 - 2017-02-25 02:40 - 000000132 _____ () C:\Users\Alexander\AppData\Roaming\Adobe Targa Format CC Prefs
2017-08-03 08:01 - 2017-08-03 08:01 - 000245264 _____ () C:\Users\Alexander\AppData\Roaming\CADB4DC5C90A159CA37D503B1B563EB0
2017-07-22 01:19 - 2017-07-22 01:19 - 000000290 _____ () C:\Users\Alexander\AppData\Local\EphereLicensingLog.txt
2017-07-22 01:07 - 2017-07-28 05:55 - 000000009 _____ () C:\Users\Alexander\AppData\Local\OrnatrixMayaLicenseServerIP.txt
2017-07-21 20:47 - 2017-07-28 03:01 - 000000074 _____ () C:\Users\Alexander\AppData\Local\OrnatrixMayaSetupFilepath.txt
2017-08-04 19:15 - 2017-08-04 19:15 - 000000095 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-08-04 19:15 - 2017-08-04 19:15 - 000000089 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-29 16:59

==================== End of FRST.txt ============================



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:14 AM

Posted 07 August 2017 - 08:01 PM

Those logs are clear. Le me see the contents of the temp folder:

 

  • Highlight the entire content of the quote box below.

Quote

Start::  
CMD: Dir /a C:\Users\Alexander\AppData\Local\Temp
End::

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 AlexTamayo

AlexTamayo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 07 August 2017 - 08:44 PM

I've put both the Temp folder you requested (%LOCALAPPDATA%\Temp) and the other problematic one (C:\Windows\Temp). The files appear in both folders, but in this case they're only in the Windows one.

 

 

%LOCALAPPDATA%\Temp

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-08-2017
Ran by Alexander (07-08-2017 21:33:29) Run:3
Running from C:\Users\Alexander\Downloads\_WindowsAndOS\_virus\BleepingComputer
Loaded Profiles: Alexander (Available Profiles: Alexander)
Boot Mode: Normal
==============================================

fixlist content:
*****************
 
CMD: Dir /a C:\Users\Alexander\AppData\Local\Temp

*****************


========= Dir /a C:\Users\Alexander\AppData\Local\Temp =========

 Volume in drive C has no label.
 Volume Serial Number is C0F7-FDA6

 Directory of C:\Users\Alexander\AppData\Local\Temp

07/08/2017  21:30    <DIR>          .
07/08/2017  21:30    <DIR>          ..
04/08/2017  23:52           221,184 52BC.tmp.node
04/08/2017  23:52           486,400 531B.tmp.node
04/08/2017  23:52           486,400 5618.tmp.node
07/08/2017  09:05             3,155 AdobeARM.log
06/08/2017  04:47    <DIR>          Cuevana Storm
04/08/2017  21:04    <DIR>          e4jA2DD.tmp_dir1501895076
06/08/2017  23:12    <DIR>          EPSDNAVI_Temp
06/08/2017  23:12    <DIR>          EPSON
04/08/2017  21:04    <DIR>          hsperfdata_Alexander
07/08/2017  19:34               756 jusched.log
07/08/2017  20:02    <DIR>          MicroThemePackDir
07/08/2017  19:40    <DIR>          mozilla-temp-files
04/08/2017  01:14    <DIR>          NVIDIA Corporation
05/08/2017  21:02    <DIR>          PotUpdate
07/08/2017  20:40    <DIR>          scoped_dir11284_30061
06/08/2017  23:12    <DIR>          SoftwareUpdate_Temp
06/08/2017  23:17    <DIR>          UCDebugger
12/07/2017  21:02               387 wct6ACF.tmp
12/07/2017  21:02               387 wctF3E7.tmp
04/08/2017  19:15    <DIR>          WhatsApp Crashes
04/08/2017  21:03    <DIR>          _MEI165882
04/08/2017  21:04            16,384 ~DFE6889B854C20ABB0.TMP
               8 File(s)      1,215,053 bytes
              16 Dir(s)  144,308,817,920 bytes free

========= End of CMD: =========


==== End of Fixlog 21:33:29 ====

 

C:\Windows\Temp

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06-08-2017
Ran by Alexander (07-08-2017 21:43:28) Run:4
Running from C:\Users\Alexander\Downloads\_WindowsAndOS\_virus\BleepingComputer
Loaded Profiles: Alexander (Available Profiles: Alexander)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CMD: Dir /a C:\Windows\Temp

*****************


========= Dir /a C:\Windows\Temp =========

 Volume in drive C has no label.
 Volume Serial Number is C0F7-FDA6

 Directory of C:\Windows\Temp

07/08/2017  21:31    <DIR>          .
07/08/2017  21:31    <DIR>          ..
06/08/2017  23:36    <DIR>          4585FBD2-409A-D7E0-2B89-6EC9201FC4F9
06/08/2017  23:22    <DIR>          8419250F-2BFC-447D-A24C-0FA0DFCFFA99-Sigs
05/08/2017  04:15               560 AdobeARM.log
07/08/2017  21:31            88,365 adobegc.log
04/08/2017  20:56    <DIR>          B48BAD0A-2B79-3F93-C28B-D12D4A7B8AB1
07/08/2017  20:01    <DIR>          BE373466-6548-AB18-9CC7-37D9FB095BF8
07/08/2017  20:46            42,638 bh4sd.exe
04/08/2017  03:00               918 BootClean.log
30/07/2017  05:57    <DIR>          CreativeCloud
05/08/2017  22:57    <DIR>          E9DFA25E-9F11-E868-B256-4B5055233602
04/08/2017  01:14                 0 FXSAPIDebugLogFile.txt
04/08/2017  01:14                 0 FXSTIFFDebugLogFile.txt
04/08/2017  19:57    <DIR>          hsperfdata_ALEXT$
07/08/2017  20:47            42,638 jnv52.exe
07/08/2017  20:47         2,554,368 kd4lr.exe
07/08/2017  20:02            42,832 MpCmdRun.log
06/08/2017  23:22            52,636 MpSigStub.log
04/08/2017  01:13    <DIR>          NVIDIA Corporation
07/08/2017  09:05               910 ScheduledHeartbeat.log
              11 File(s)      2,825,865 bytes
              10 Dir(s)  144,288,296,960 bytes free

========= End of CMD: =========


==== End of Fixlog 21:43:28 ====



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:14 AM

Posted 08 August 2017 - 11:13 AM

I would like to see those files.

 

The following script will create a zip folder on the desktop as Date_Time.zip.

 

  • Highlight the entire content of the quote box below.

 

Start::
Zip: C:\Users\Alexander\AppData\Local\Temp\52BC.tmp.node;C:\Users\Alexander\AppData\Local\Temp\531B.tmp.node;C:\Users\Alexander\AppData\Local\Temp\5618.tmp.node;C:\Users\Alexander\AppData\Local\Temp\wct6ACF.tmp;C:\Users\Alexander\AppData\Local\Temp\wctF3E7.tmp;C:\Windows\Temp\bh4sd.exe;C:\Windows\Temp\jnv52.exe;C:\Windows\Temp\kd4lr.exe
End::

 

 

  • Right click on the highlighted text and select Copy.
  • Start FRST (FRST64) with Administrator privileges
  • Press the Fix button.
  • When finished, a zip folder ( Date_Time.zip ) will be created and saved on the desktop.

 

Have that folder uploaded here.


Edited by JSntgRvr, 08 August 2017 - 11:14 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 AlexTamayo

AlexTamayo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 08 August 2017 - 09:39 PM

I've uploaded the zip file.

 

I'll wait for your reply.

Cheers!



#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,410 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:06:14 AM

Posted 08 August 2017 - 10:28 PM

Sorry, I gave you the wrong channel.

 

Upload the zipped folder here.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 AlexTamayo

AlexTamayo
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:14 AM

Posted 08 August 2017 - 10:43 PM

Done! :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users