Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Hack or Spyware Attack Possibly Using dlls, isatap adapter, iSCSI


  • This topic is locked This topic is locked
32 replies to this topic

#1 Hishima

Hishima

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 19 August 2017 - 01:19 AM

Hello everybody,

 

Recently my computer has been possibly hacked, and I have been trying to find a way to remove this Trojan or spyware tools off my computer. There have been symptoms that my computer has been showing lately to which I have been on the forum asking for help. They have giving me a lot of advice and tips and have told me to come over here for help. I will post in the following links of my post and the symptoms that my computer have been showing from other people I've been researching with similar symptoms. If you can please help me I would greatly appreciate it. I will post both the log files of FRST-64 and any other information that you may think is helpful.

 

My Post:

 

Possible Hacking, Trojan, and Spyware (Using Tunnel Adapter isatap. & iSCSI?)

https://www.bleepingcomputer.com/forums/t/653905/possible-hacking-trojan-and-spyware-using-tunnel-adapter-isatap-iscsi/ 

 

From other post that has shown similar symptoms of hacking:

 

Possible Trojan or Hack??

https://www.bleepingcomputer.com/forums/t/526447/possible-trojan-or-hack/

 

I'm pretty sure I have been hacked

https://www.bleepingcomputer.com/forums/t/626137/im-pretty-sure-i-have-been-hacked/



BC AdBot (Login to Remove)

 


#2 Hishima

Hishima
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 19 August 2017 - 01:22 AM

This is the FRST.txt log from 8/19/2017

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-08-2017
Ran by Ismael (administrator) on DESKTOP-JKPPNNN (19-08-2017 14:08:19)
Running from C:\Users\Ismael\Desktop\Maintenance
Loaded Profiles: Ismael (Available Profiles: defaultuser0 & Ismael)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120633.inf_amd64_8f63242758b1a817\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120633.inf_amd64_8f63242758b1a817\IntelCpHDCPSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
() C:\Program Files\TrueColor\TrueColorALS.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120633.inf_amd64_8f63242758b1a817\igfxext.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_6\mcapexe.exe
(McAfee, Inc.) C:\Program Files\mcafee\MfeAV\MfeAVSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel® Corporation) C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\McCSPServiceHost.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Online Connect\ioc.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(McAfee, Inc.) C:\Program Files\mcafee\VUL\McVulCtr.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120633.inf_amd64_8f63242758b1a817\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k120633.inf_amd64_8f63242758b1a817\igfxEM.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Entertainment Experience) C:\Program Files\TrueColor\TrueColorUI.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Users\Ismael\Desktop\Maintenance\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-19] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198080 2017-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1483264 2017-01-26] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [946136 2017-01-16] (Waves Audio Ltd.)
HKLM\...\Run: [TrueColor UI] => C:\Program Files\TrueColor\TrueColorUI.exe [19638160 2016-12-29] (Entertainment Experience)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [7017072 2016-09-23] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2017-01-06] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-26] (Adobe Systems Incorporated)
HKU\S-1-5-21-2798118346-3746725340-1217027447-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-2798118346-3746725340-1217027447-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [5094080 2017-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-2798118346-3746725340-1217027447-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 164.124.101.2 203.248.252.2
Tcpip\..\Interfaces\{0adc363b-bc10-40e9-8c99-479e9dcc5ddc}: [DhcpNameServer] 164.124.101.2 203.248.252.2
Tcpip\..\Interfaces\{f74a660c-85b8-460c-b99e-cd4595cd1e55}: [DhcpNameServer] 164.124.101.2 203.248.252.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2798118346-3746725340-1217027447-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2798118346-3746725340-1217027447-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-08-17] (Microsoft Corporation)
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-08-17] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-08-17] (Microsoft Corporation)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-08-17] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-17] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-08-17] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-08-17] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-08-17] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-08-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-08-17] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-07-25] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2017-05-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2017-05-31] (McAfee, Inc.)

FireFox:
========
FF DefaultProfile: 4x883q7w.default
FF ProfilePath: C:\Users\Ismael\AppData\Roaming\Mozilla\Firefox\Profiles\4x883q7w.default [2017-08-19]
FF Homepage: Mozilla\Firefox\Profiles\4x883q7w.default -> about:home
FF Extension: (Adblock Plus) - C:\Users\Ismael\AppData\Roaming\Mozilla\Firefox\Profiles\4x883q7w.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-08-12]
FF Extension: (Click-to-Play staged rollout) - C:\Program Files\Mozilla Firefox\browser\features\clicktoplay-rollout@mozilla.org.xpi [2017-08-17] [not signed]
FF Extension: (Follow-on Search Telemetry) - C:\Program Files\Mozilla Firefox\browser\features\followonsearch@mozilla.com.xpi [2017-08-10] [not signed]
FF Extension: (Shield Recipe Client) - C:\Program Files\Mozilla Firefox\browser\features\shield-recipe-client@mozilla.org.xpi [2017-08-17] [not signed]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-20]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2017-08-14] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_26_0_0_151.dll [2017-08-12] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-08-17] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-03-09] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_151.dll [2017-08-12] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2017-05-31] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-08-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-08-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-12] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-26] (Wacom)

Chrome:
=======
CHR Profile: C:\Users\Ismael\AppData\Local\Google\Chrome\User Data\Default [2017-08-18]
CHR Extension: (Google Docs) - C:\Users\Ismael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-12]
CHR Extension: (Google Drive) - C:\Users\Ismael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-12]
CHR Extension: (YouTube) - C:\Users\Ismael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-12]
CHR Extension: (Google Sheets) - C:\Users\Ismael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-12]
CHR Extension: (McAfee® WebAdvisor) - C:\Users\Ismael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2017-08-12]
CHR Extension: (Google Docs Offline) - C:\Users\Ismael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Ismael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-12]
CHR Extension: (Gmail) - C:\Users\Ismael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-12]
CHR Extension: (Chrome Media Router) - C:\Users\Ismael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-12]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424392 2017-08-10] (Microsoft Corporation)
R3 ClientAnalyticsService; C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe [1752992 2017-03-29] (Intel Security)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\k120633.inf_amd64_8f63242758b1a817\IntelCpHeciSvc.exe [285168 2017-02-07] (Intel Corporation)
R2 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\k120633.inf_amd64_8f63242758b1a817\IntelCpHDCPSvc.exe [462832 2017-02-07] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-08-11] (Dropbox, Inc.)
R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [208760 2017-07-27] (Dell Inc.)
R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3294584 2017-07-27] (Dell Inc.)
R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [217464 2017-07-27] (Dell Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-10] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-12] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-23] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [119336 2017-06-16] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2017-05-02] (Dell Inc.)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2289856 2017-07-03] (Disc Soft Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2210424 2016-12-28] (Intel Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-06-15] (NVIDIA Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-01-06] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\k120633.inf_amd64_8f63242758b1a817\igfxCUIService.exe [324592 2017-02-07] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-27] (Intel® Corporation)
R3 Intel® Online Connect; C:\Program Files\Intel\Intel® Online Connect\ioc.exe [25824 2016-10-05] (Intel Corporation)
S2 Intel® Online Connect Helper; C:\Program Files\Intel\Intel® Online Connect\iocHelperService.exe [22752 2016-10-05] (Intel Corporation)
S3 Intel® Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-09-30] (Intel Corporation)
R2 Intel® TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel® Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-06] (Intel® Corporation)
R2 Intel® TechnologyAccessService; C:\Program Files\Intel\Intel® Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-06] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-10-20] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [590880 2017-07-25] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe [984480 2017-06-03] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [419096 2016-04-02] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe [2139832 2017-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [241656 2017-04-30] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [390656 2017-04-30] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [343544 2017-04-30] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1543248 2017-05-31] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [641520 2017-02-22] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-11-29] ()
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-12-30] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-15] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1042288 2017-05-22] (Intel Security, Inc.)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-07] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [320512 2017-01-26] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [53208 2017-08-04] (Dell Inc.)
R2 TrueColorALS; C:\Program Files\TrueColor\TrueColorALS.exe [93072 2016-12-13] ()
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [416728 2017-01-16] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-19] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-11] (Microsoft Corporation)
S3 wmiApSrv; C:\WINDOWS\system32\wbem\WmiApSrv.exe [199168 2017-03-19] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [692680 2017-06-29] (Wacom Technology, Corp.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-11-29] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [76824 2017-05-02] (McAfee, Inc.)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32960 2017-07-27] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32568 2017-07-27] (Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [72576 2016-12-28] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [67968 2016-12-28] (Intel Corporation)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-08-12] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-08-12] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [355200 2016-12-28] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54816 2016-10-29] (Intel Corporation)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [209608 2017-05-31] (McAfee, Inc.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [253184 2016-11-20] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\k120633.inf_amd64_8f63242758b1a817\igdkmd64.sys [11058136 2017-02-07] (Intel Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [476176 2017-05-02] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [353808 2017-05-02] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [84536 2017-05-02] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [504336 2017-05-02] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [918544 2017-05-02] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [495632 2017-04-07] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [107544 2017-04-07] (McAfee, Inc.)
R3 mfeplk; C:\WINDOWS\System32\drivers\mfeplk.sys [109072 2017-05-02] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [111608 2017-02-14] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [252432 2017-05-02] (McAfee, Inc.)
R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-14] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7910144 2016-12-13] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_17fcac180e18187d\nvlddmkm.sys [14232624 2017-01-18] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56376 2016-08-05] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [955416 2016-11-30] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [418784 2016-08-05] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-19] ()
S3 WacHidRouterPro; C:\WINDOWS\System32\drivers\wachidrouter.sys [122512 2017-04-29] (Wacom Technology)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-19] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-19] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-19 10:31 - 2017-08-19 10:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2017-08-19 00:16 - 2017-08-19 00:16 - 000000218 _____ C:\Users\Ismael\AppData\Local\recently-used.xbel
2017-08-18 17:04 - 2017-08-18 17:30 - 000000000 ____D C:\Users\Ismael\Downloads\Snowfall.S01E07.720p.HDTV.x264-AVS[rarbg]
2017-08-18 16:55 - 2017-08-18 16:56 - 000109466 _____ C:\TDSSKiller.3.1.0.15_18.08.2017_16.55.46_log.txt
2017-08-18 16:49 - 2017-08-18 16:49 - 000000000 ___HD C:\OneDriveTemp
2017-08-18 15:30 - 2017-08-18 15:30 - 000000000 ____D C:\Windows.old
2017-08-18 15:29 - 2017-08-18 15:29 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-18 15:29 - 2017-08-18 15:29 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-18 15:29 - 2017-08-18 15:29 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-18 15:29 - 2017-08-18 15:29 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-18 15:29 - 2017-08-18 15:29 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-18 15:29 - 2017-08-18 15:29 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-18 15:29 - 2017-08-18 15:29 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-18 15:29 - 2017-08-18 15:29 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-18 15:25 - 2017-08-18 15:25 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2017-08-18 15:25 - 2017-08-17 22:32 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2017-08-18 15:24 - 2017-08-18 15:24 - 000000000 ____D C:\Program Files\Reference Assemblies
2017-08-18 15:24 - 2017-08-18 15:24 - 000000000 ____D C:\Program Files\MSBuild
2017-08-18 15:24 - 2017-08-18 15:24 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-08-18 15:24 - 2017-08-18 15:24 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-08-18 15:24 - 2017-02-11 04:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-08-18 15:24 - 2017-02-11 04:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-08-18 15:24 - 2017-02-11 04:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-08-18 15:24 - 2017-02-11 04:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-08-18 15:24 - 2017-02-11 04:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-08-18 15:24 - 2017-02-11 04:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-08-18 10:26 - 2017-08-18 10:26 - 000000000 ____D C:\Users\Ismael\AppData\Local\DBG
2017-08-17 22:45 - 2017-08-17 22:45 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2017-08-17 22:43 - 2017-08-17 22:43 - 000000020 ___SH C:\Users\Ismael\ntuser.ini
2017-08-17 22:41 - 2017-08-17 22:41 - 000000000 ____D C:\ProgramData\USOShared
2017-08-17 22:40 - 2017-08-17 22:40 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2017-08-17 22:40 - 2017-08-17 22:40 - 000011433 _____ C:\WINDOWS\diagerr.xml
2017-08-17 22:38 - 2017-08-19 13:35 - 000004034 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2017-08-17 22:38 - 2017-08-19 09:55 - 000004222 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2017-08-17 22:38 - 2017-08-18 12:07 - 000003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-08-17 22:38 - 2017-08-17 22:46 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2798118346-3746725340-1217027447-1001
2017-08-17 22:38 - 2017-08-17 22:38 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-08-17 22:38 - 2017-08-17 22:38 - 000003814 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-08-17 22:38 - 2017-08-17 22:38 - 000003448 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-08-17 22:38 - 2017-08-17 22:38 - 000003446 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-08-17 22:38 - 2017-08-17 22:38 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-17 22:38 - 2017-08-17 22:38 - 000003280 _____ C:\WINDOWS\System32\Tasks\MyDefrag v4.3.1 Monthly
2017-08-17 22:38 - 2017-08-17 22:38 - 000003256 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2017-08-17 22:38 - 2017-08-17 22:38 - 000003224 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2017-08-17 22:38 - 2017-08-17 22:38 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-17 22:38 - 2017-08-17 22:38 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2017-08-17 22:38 - 2017-08-17 22:38 - 000003098 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2017-08-17 22:38 - 2017-08-17 22:38 - 000003074 _____ C:\WINDOWS\System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7
2017-08-17 22:38 - 2017-08-17 22:38 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2017-08-17 22:38 - 2017-08-17 22:38 - 000002984 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2017-08-17 22:38 - 2017-08-17 22:38 - 000002776 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-JKPPNNN-Ismael
2017-08-17 22:38 - 2017-08-17 22:38 - 000002708 _____ C:\WINDOWS\System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon
2017-08-17 22:38 - 2017-08-17 22:38 - 000002596 _____ C:\WINDOWS\System32\Tasks\MyDefrag v4.3.1 Daily
2017-08-17 22:38 - 2017-08-17 22:38 - 000002470 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2017-08-17 22:38 - 2017-08-17 22:38 - 000002410 _____ C:\WINDOWS\System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-08-17 22:38 - 2017-08-17 22:38 - 000002382 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)
2017-08-17 22:38 - 2017-08-17 22:38 - 000002318 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2017-08-17 22:38 - 2017-08-17 22:38 - 000002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-08-17 22:38 - 2017-08-17 22:38 - 000002060 _____ C:\WINDOWS\System32\Tasks\Dell Cleanup
2017-08-17 22:38 - 2017-08-17 22:38 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-08-17 22:38 - 2017-08-17 22:38 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2017-08-17 22:37 - 2017-08-18 10:28 - 000933738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-08-17 22:36 - 2017-08-17 22:36 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-08-17 22:36 - 2017-08-17 22:36 - 000000000 ____D C:\Users\Default\AppData\Roaming\Waves Audio
2017-08-17 22:36 - 2017-08-17 22:36 - 000000000 ____D C:\Users\Default User\AppData\Roaming\Waves Audio
2017-08-17 22:34 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Ismael
2017-08-17 22:34 - 2017-08-17 22:38 - 000000000 ____D C:\Users\defaultuser0
2017-08-17 22:34 - 2017-08-17 22:37 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-08-17 22:34 - 2017-08-17 22:35 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-08-17 22:34 - 2017-08-17 22:34 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2017-08-17 22:34 - 2017-08-17 22:34 - 000000000 ____D C:\WINDOWS\system32\RTCOM
2017-08-17 22:34 - 2017-03-19 05:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-08-17 22:33 - 2017-08-17 22:37 - 000000000 ____D C:\ProgramData\NVIDIA
2017-08-17 22:33 - 2017-08-17 22:35 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-08-17 22:33 - 2017-08-17 22:35 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-08-17 22:33 - 2017-08-17 22:35 - 000000000 ____D C:\Program Files\Intel
2017-08-17 22:33 - 2017-08-17 22:35 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-17 22:33 - 2017-08-17 22:35 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-08-17 22:33 - 2017-08-17 22:35 - 000000000 ____D C:\Program Files (x86)\Intel
2017-08-17 22:33 - 2017-08-17 22:34 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2017-08-17 22:33 - 2017-08-17 22:33 - 000001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves MaxxAudioPro.lnk
2017-08-17 22:33 - 2017-08-17 22:33 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2017-08-17 22:33 - 2017-08-17 22:33 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2017-08-17 22:33 - 2017-08-17 22:33 - 000000000 ____D C:\WINDOWS\system32\Intel
2017-08-17 22:33 - 2017-08-17 22:33 - 000000000 ____D C:\Program Files\Waves
2017-08-17 22:33 - 2017-08-17 22:33 - 000000000 ____D C:\Program Files\Realtek
2017-08-17 22:33 - 2017-08-17 22:33 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2017-08-17 22:33 - 2017-02-07 01:09 - 000122368 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2017-08-17 22:33 - 2017-02-07 01:09 - 000104448 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2017-08-17 22:33 - 2016-12-30 15:53 - 006386232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-08-17 22:33 - 2016-12-30 15:53 - 002477624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-08-17 22:33 - 2016-12-30 15:53 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-08-17 22:33 - 2016-12-30 15:53 - 000546752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-08-17 22:33 - 2016-12-30 15:53 - 000393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-08-17 22:33 - 2016-12-30 15:53 - 000083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-08-17 22:33 - 2016-12-30 15:53 - 000069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-08-17 22:33 - 2016-12-30 15:49 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-17 22:33 - 2016-12-20 08:01 - 007651057 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-08-17 22:33 - 2016-11-23 09:23 - 000271648 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-08-17 22:33 - 2016-11-23 09:23 - 000110880 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-08-17 22:33 - 2016-11-23 09:22 - 000265504 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-08-17 22:33 - 2016-11-23 09:22 - 000125216 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-08-17 22:32 - 2017-08-19 00:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-08-17 22:32 - 2017-08-17 22:37 - 000217000 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-17 22:19 - 2017-08-17 22:19 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2017-08-17 22:09 - 2017-08-17 22:09 - 000295588 _____ C:\TDSSKiller.3.1.0.15_17.08.2017_22.09.22_log.txt
2017-08-17 22:08 - 2017-08-17 22:09 - 000000000 ____D C:\Users\Ismael\Documents\tdsskiller
2017-08-17 22:08 - 2017-08-17 22:08 - 000000436 _____ C:\TDSSKiller.3.1.0.11_17.08.2017_22.08.10_log.txt
2017-08-17 10:47 - 2017-08-17 11:18 - 000000000 ____D C:\Users\Ismael\Downloads\Samurai.Jack.S05E07.720p.HDTV.x264-W4F[ettv]
2017-08-17 10:43 - 2017-08-18 17:01 - 000000000 ___DC C:\WINDOWS\Panther
2017-08-16 12:19 - 2017-08-16 12:19 - 000295422 _____ C:\TDSSKiller.3.1.0.15_16.08.2017_12.19.11_log.txt
2017-08-16 12:18 - 2017-08-16 12:18 - 000067446 _____ C:\TDSSKiller.3.1.0.15_16.08.2017_12.18.42_log.txt
2017-08-16 12:18 - 2017-08-16 12:18 - 000000436 _____ C:\TDSSKiller.3.1.0.11_16.08.2017_12.18.26_log.txt
2017-08-15 20:03 - 2017-08-15 20:49 - 000000000 ____D C:\Users\Ismael\Downloads\Samurai.Jack.S05E06.720p.WEB-DL.H264-FUM[ettv]
2017-08-15 19:35 - 2017-08-15 19:35 - 009791816 _____ (Piriform Ltd) C:\Users\Ismael\Downloads\ccsetup533.exe
2017-08-15 19:09 - 2017-08-15 19:09 - 000000000 ____D C:\Users\Ismael\AppData\Local\Steam
2017-08-15 19:07 - 2017-08-19 09:50 - 000000000 ____D C:\Program Files (x86)\Steam
2017-08-15 19:07 - 2017-08-17 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-08-15 19:07 - 2017-08-15 19:07 - 001446792 _____ C:\Users\Ismael\Downloads\SteamSetup.exe
2017-08-15 19:07 - 2017-08-15 19:07 - 000001038 _____ C:\Users\Public\Desktop\Steam.lnk
2017-08-15 17:53 - 2017-08-15 18:55 - 000000000 ____D C:\Users\Ismael\Downloads\Samurai.Jack.S05E05.720p.WEB-DL.H264-FUM[ettv]
2017-08-15 15:00 - 2017-08-15 15:01 - 000299440 _____ C:\TDSSKiller.3.1.0.15_15.08.2017_15.00.34_log.txt
2017-08-15 14:59 - 2017-08-15 14:59 - 000000436 _____ C:\TDSSKiller.3.1.0.11_15.08.2017_14.59.32_log.txt
2017-08-15 13:19 - 2017-08-15 13:37 - 000000000 ____D C:\Users\Ismael\Desktop\Drawing
2017-08-15 01:28 - 2017-08-15 09:16 - 1322267667 _____ C:\Users\Ismael\Downloads\Game.of.Thrones.S07E05.720p.WEB.h264-TBS[eztv].mkv
2017-08-15 01:06 - 2017-08-15 01:06 - 000000000 ____D C:\ProgramData\81dd53f5-4ce9-4ed0-b6a4-e85f5e1ee97c
2017-08-15 00:37 - 2017-08-15 00:37 - 000000000 ____D C:\ProgramData\SupportAssist
2017-08-15 00:33 - 2017-08-15 00:33 - 000000000 ____D C:\Users\Ismael\AppData\Local\CEF
2017-08-15 00:32 - 2017-08-15 00:34 - 000298786 _____ C:\TDSSKiller.3.1.0.11_15.08.2017_00.32.43_log.txt
2017-08-15 00:31 - 2017-08-15 00:32 - 000000436 _____ C:\TDSSKiller.3.1.0.11_15.08.2017_00.31.54_log.txt
2017-08-14 13:42 - 2017-08-14 13:42 - 000000000 ____D C:\Users\Ismael\Documents\Custom Office Templates
2017-08-14 13:40 - 2017-08-14 13:40 - 000000000 ____D C:\ProgramData\PC-Doctor, Inc
2017-08-14 12:03 - 2017-08-14 12:03 - 000002119 _____ C:\Users\Public\Desktop\SupportAssist.lnk
2017-08-14 12:03 - 2017-08-14 12:03 - 000000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-08-14 12:03 - 2017-08-14 12:03 - 000000000 ____D C:\Program Files\Dell Support Center
2017-08-14 12:02 - 2017-08-14 13:40 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\PCDr
2017-08-14 01:06 - 2017-08-15 10:23 - 000000000 ____D C:\Users\Ismael\Downloads\Power.2014.S04E08.Its.Done.720p.AHDTV.x264-CRiMSON[ettv]
2017-08-13 22:31 - 2017-08-13 23:18 - 000000000 ____D C:\Users\Ismael\Downloads\Samurai.Jack.S05E04.720p.HDTV.x264-W4F[ettv]
2017-08-13 18:22 - 2017-08-13 18:28 - 000000000 ____D C:\Users\Ismael\Downloads\Snowfall.S01E06.720p.HDTV.x264-KILLERS[rarbg]
2017-08-13 18:09 - 2017-08-19 14:08 - 000000000 ____D C:\FRST
2017-08-13 18:03 - 2017-08-13 22:24 - 000000000 ____D C:\Users\Ismael\Documents\Results
2017-08-13 17:33 - 2017-08-13 17:40 - 000000000 ____D C:\Users\Ismael\Documents\TCPView
2017-08-13 10:43 - 2017-08-13 10:43 - 000000982 _____ C:\Users\Ismael\Documents\esetresult_1.txt
2017-08-12 23:48 - 2017-08-19 00:16 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\deluge
2017-08-12 15:32 - 2017-08-12 15:32 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\Macromedia
2017-08-12 15:32 - 2017-08-11 23:32 - 000000000 ____D C:\Users\Ismael\AppData\Local\MicrosoftEdge
2017-08-12 15:30 - 2017-08-19 09:50 - 000000000 ___RD C:\Users\Ismael\OneDrive
2017-08-12 15:30 - 2017-08-17 22:46 - 000002372 _____ C:\Users\Ismael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-08-12 15:30 - 2017-08-12 15:30 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\Intel Corporation
2017-08-12 15:29 - 2017-08-12 15:29 - 000000000 ____D C:\Users\Ismael\Dropbox
2017-08-12 15:29 - 2017-08-12 15:29 - 000000000 ____D C:\Users\Ismael\AppData\Local\NVIDIA Corporation
2017-08-12 15:29 - 2017-08-12 15:29 - 000000000 ____D C:\Users\Ismael\AppData\Local\DropboxOEM
2017-08-12 15:29 - 2017-08-11 23:43 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\DropboxOEM
2017-08-12 15:28 - 2017-08-19 09:50 - 000000000 __SHD C:\Users\Ismael\IntelGraphicsProfiles
2017-08-12 15:28 - 2017-08-18 13:03 - 000000000 ____D C:\Users\Ismael\AppData\Local\Packages
2017-08-12 15:28 - 2017-08-17 22:45 - 000000000 ____D C:\Users\Ismael\AppData\Local\ConnectedDevicesPlatform
2017-08-12 15:28 - 2017-08-12 15:28 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\Intel
2017-08-12 15:28 - 2017-08-12 15:28 - 000000000 ____D C:\Users\Ismael\AppData\Local\VirtualStore
2017-08-12 15:28 - 2017-08-12 15:28 - 000000000 ____D C:\Users\Ismael\AppData\Local\TileDataLayer
2017-08-12 15:28 - 2017-08-12 15:28 - 000000000 ____D C:\Users\Ismael\AppData\Local\Publishers
2017-08-12 15:28 - 2017-08-12 15:28 - 000000000 ____D C:\Users\Ismael\AppData\Local\NVIDIA
2017-08-12 15:28 - 2017-08-12 15:28 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\DropboxOEM
2017-08-12 15:28 - 2017-08-12 15:28 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\DropboxOEM
2017-08-12 15:28 - 2017-08-12 02:35 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\Adobe
2017-08-12 15:27 - 2017-08-17 22:34 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2017-08-12 15:27 - 2017-08-12 15:27 - 000000000 __SHD C:\Users\defaultuser0\IntelGraphicsProfiles
2017-08-12 15:27 - 2017-08-12 15:27 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\Intel
2017-08-12 15:27 - 2017-08-12 15:27 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\VirtualStore
2017-08-12 15:27 - 2017-08-12 15:27 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\TileDataLayer
2017-08-12 15:27 - 2017-08-12 15:27 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\NVIDIA Corporation
2017-08-12 15:27 - 2017-08-12 15:27 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\ConnectedDevicesPlatform
2017-08-12 15:25 - 2017-08-12 15:25 - 000000000 _SHDL C:\Documents and Settings
2017-08-12 09:28 - 2017-08-15 15:41 - 000000000 ____D C:\Users\Ismael\AppData\Local\ESET
2017-08-12 03:08 - 2017-08-14 12:19 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\Waves Audio
2017-08-12 03:06 - 2017-08-12 03:06 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\SYSTEMAX Software Development
2017-08-12 03:06 - 2017-08-12 03:06 - 000000000 ____D C:\ProgramData\SYSTEMAX Software Development
2017-08-12 03:02 - 2017-08-12 03:06 - 000000000 ____D C:\PaintToolSAI
2017-08-12 03:02 - 2017-08-12 03:02 - 000000622 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PaintTool SAI Ver.1.lnk
2017-08-12 02:47 - 2017-08-17 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2017-08-12 02:47 - 2017-08-16 12:58 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\vlc
2017-08-12 02:47 - 2017-08-12 02:47 - 000000000 ____D C:\Users\Ismael\AppData\LocalLow\Adobe
2017-08-12 02:46 - 2017-08-12 02:46 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2017-08-12 02:35 - 2017-08-17 22:37 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2017-08-12 02:35 - 2017-08-12 02:35 - 000001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk
2017-08-12 02:35 - 2017-08-12 02:35 - 000000000 ____D C:\Users\Ismael\Documents\Adobe
2017-08-12 02:35 - 2017-08-12 02:35 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\NVIDIA
2017-08-12 02:34 - 2017-08-12 02:34 - 000001621 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk
2017-08-12 02:33 - 2017-08-13 15:43 - 000000000 ____D C:\ProgramData\Adobe
2017-08-12 02:33 - 2017-08-12 02:35 - 000000000 ____D C:\Program Files\Common Files\Adobe
2017-08-12 02:33 - 2017-08-12 02:33 - 000000000 ____D C:\Program Files\Adobe
2017-08-12 02:32 - 2017-08-19 11:22 - 000000000 ____D C:\Users\Ismael\AppData\Local\Adobe
2017-08-12 02:25 - 2017-08-12 02:25 - 000000000 ____D C:\Users\Ismael\AppData\Local\Disc_Soft_Ltd
2017-08-12 02:22 - 2017-08-17 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2017-08-12 02:22 - 2017-08-12 02:22 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-08-12 02:22 - 2017-08-12 02:22 - 000002463 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk
2017-08-12 02:22 - 2017-08-12 02:22 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2017-08-12 02:22 - 2017-08-12 02:22 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-08-12 02:22 - 2017-08-12 02:22 - 000002452 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-08-12 02:22 - 2017-08-12 02:22 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk
2017-08-12 02:22 - 2017-08-12 02:22 - 000002416 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-08-12 02:22 - 2017-08-12 02:22 - 000002415 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-08-12 02:22 - 2017-08-12 02:22 - 000002409 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-08-12 02:22 - 2017-08-12 02:22 - 000002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-08-12 02:22 - 2017-08-12 02:22 - 000002395 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-08-12 02:21 - 2017-08-17 22:18 - 000000000 ____D C:\Program Files\Microsoft Office
2017-08-12 02:21 - 2017-08-12 02:21 - 000000000 ____D C:\Program Files\Microsoft Office 15
2017-08-12 02:16 - 2017-08-12 02:16 - 000000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2017-08-12 02:15 - 2017-08-17 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2017-08-12 02:15 - 2017-08-12 02:27 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\DAEMON Tools Lite
2017-08-12 02:15 - 2017-08-12 02:15 - 000047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2017-08-12 02:15 - 2017-08-12 02:15 - 000030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2017-08-12 02:15 - 2017-08-12 02:15 - 000000000 ____D C:\ProgramData\DAEMON Tools Lite
2017-08-12 02:15 - 2017-08-12 02:15 - 000000000 ____D C:\Program Files\DAEMON Tools Lite
2017-08-12 01:56 - 2017-08-12 01:56 - 000000000 ____D C:\Users\Ismael\AppData\Local\UNP
2017-08-12 01:45 - 2017-08-18 18:43 - 000000000 ____D C:\Users\Ismael\AppData\Local\CrashDumps
2017-08-12 01:32 - 2017-08-19 09:50 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\WTablet
2017-08-12 01:32 - 2017-08-12 01:32 - 000000000 ____D C:\Users\Ismael\AppData\Local\Wacom
2017-08-12 01:32 - 2017-08-12 01:32 - 000000000 ____D C:\Users\Ismael\.android
2017-08-12 01:29 - 2017-08-17 22:37 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom Tablet
2017-08-12 01:29 - 2017-08-12 01:30 - 000000000 ____D C:\Program Files\TabletPlugins
2017-08-12 01:29 - 2017-08-12 01:29 - 000000000 ____D C:\Program Files\Tablet
2017-08-12 01:29 - 2017-08-12 01:29 - 000000000 ____D C:\Program Files (x86)\TabletPlugins
2017-08-12 01:29 - 2017-06-29 08:43 - 002289096 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Tablet.dll
2017-08-12 01:29 - 2017-06-29 08:43 - 002282440 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wacom_Touch_Tablet.dll
2017-08-12 01:29 - 2017-06-29 08:43 - 002188744 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\WacomMT.dll
2017-08-12 01:29 - 2017-06-29 08:43 - 002126792 _____ (Wacom Technology, Corp.) C:\WINDOWS\system32\Wintab32.dll
2017-08-12 01:29 - 2017-06-29 08:43 - 001805768 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Tablet.dll
2017-08-12 01:29 - 2017-06-29 08:43 - 001798600 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wacom_Touch_Tablet.dll
2017-08-12 01:29 - 2017-06-29 08:43 - 001690568 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\WacomMT.dll
2017-08-12 01:29 - 2017-06-29 08:43 - 001650632 _____ (Wacom Technology, Corp.) C:\WINDOWS\SysWOW64\Wintab32.dll
2017-08-12 01:29 - 2017-04-29 08:21 - 001804688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdfcoinstaller01011.dll
2017-08-12 01:29 - 2017-04-29 08:21 - 000122512 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wachidrouter.sys
2017-08-12 01:29 - 2017-04-12 03:23 - 000024040 _____ (Wacom Technology) C:\WINDOWS\system32\Drivers\wacomrouterfilter.sys
2017-08-12 01:29 - 2012-12-12 07:12 - 001721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wdfcoinstaller01009.dll
2017-08-12 01:19 - 2017-05-31 13:06 - 000209608 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2017-08-12 01:11 - 2017-08-18 10:38 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-12 01:04 - 2017-08-18 17:02 - 000000000 ____D C:\Users\Ismael\Documents\CCleaner Reg Files
2017-08-12 00:58 - 2017-08-17 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyDefrag v4.3.1
2017-08-12 00:58 - 2017-08-17 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2017-08-12 00:58 - 2017-08-12 00:58 - 000000000 ____D C:\Program Files\MyDefrag v4.3.1
2017-08-12 00:58 - 2017-08-12 00:58 - 000000000 ____D C:\Program Files\CDisplayEx
2017-08-12 00:58 - 2010-05-21 12:11 - 001147392 _____ (J.C. Kessels) C:\WINDOWS\system32\MyDefragScreenSaver_v4.3.1.exe
2017-08-12 00:58 - 2010-05-21 12:11 - 000485376 _____ (J.C. Kessels) C:\WINDOWS\system32\MyDefragScreenSaver_v4.3.1.scr
2017-08-12 00:56 - 2017-08-17 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-08-12 00:55 - 2017-08-18 20:29 - 000002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-12 00:55 - 2017-08-12 00:56 - 000000000 ____D C:\Users\Ismael\AppData\Local\Google
2017-08-12 00:55 - 2017-08-12 00:56 - 000000000 ____D C:\Program Files\CCleaner
2017-08-12 00:55 - 2017-08-12 00:55 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-12 00:50 - 2017-08-12 00:50 - 000000000 ____D C:\Program Files\Malwarebytes
2017-08-12 00:37 - 2017-08-19 14:08 - 000000000 ____D C:\Users\Ismael\Desktop\Maintenance
2017-08-12 00:37 - 2017-08-15 14:46 - 000000000 ____D C:\Users\Ismael\Desktop\Masters Program
2017-08-12 00:35 - 2016-10-28 10:41 - 000013313 _____ C:\Users\Ismael\Desktop\Muscle Bulk Excercise Log V2.xlsx
2017-08-12 00:34 - 2017-08-13 17:59 - 000000000 ____D C:\Users\Ismael\Downloads\Downloaded Programs
2017-08-12 00:31 - 2017-08-19 14:03 - 000000000 ____D C:\Users\Ismael\AppData\LocalLow\Mozilla
2017-08-12 00:31 - 2017-08-17 22:00 - 000000000 ____D C:\Program Files\Mozilla Firefox
2017-08-12 00:31 - 2017-08-17 22:00 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-08-12 00:31 - 2017-08-12 01:39 - 000000000 ____D C:\Users\Ismael\AppData\Local\Mozilla
2017-08-12 00:31 - 2017-08-12 00:31 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-08-12 00:31 - 2017-08-12 00:31 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\Mozilla
2017-08-12 00:28 - 2017-08-17 22:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2017-08-12 00:27 - 2017-08-12 00:28 - 000000000 ____D C:\Program Files (x86)\Deluge
2017-08-12 00:26 - 2017-08-12 00:26 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2017-08-12 00:20 - 2017-08-12 00:20 - 000000000 ____D C:\Users\Ismael\AppData\Roaming\Skype
2017-08-12 00:14 - 2017-08-12 00:16 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2017-08-12 00:02 - 2017-08-12 12:30 - 000000000 ____D C:\Program Files\rempl
2017-08-11 23:57 - 2017-08-17 22:37 - 000000000 ____D C:\WINDOWS\system32\UNP
2017-08-11 23:57 - 2017-08-11 23:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-11 23:57 - 2017-08-11 23:58 - 000000000 ____D C:\Program Files\UNP
2017-08-11 23:57 - 2017-08-11 23:57 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-11 23:54 - 2017-03-28 14:37 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DdcWnsListener.dll
2017-08-11 23:54 - 2017-03-04 15:26 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-08-11 23:54 - 2017-03-04 15:18 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-08-11 23:45 - 2017-08-12 02:53 - 000000000 ____D C:\Users\Ismael\AppData\Local\Comms
2017-08-11 23:37 - 2017-08-11 23:37 - 000000084 _____ C:\WINDOWS\SysWOW64\DLC_Debug_log.txt
2017-08-11 23:36 - 2017-08-11 23:36 - 000000000 ____D C:\ProgramData\d9074c3f-1f60-4f61-a697-c283f06b653a
2017-08-11 23:36 - 2017-08-11 23:36 - 000000000 ____D C:\ProgramData\5631f5bd-5482-48bc-8a7b-6099d3933ca6
2017-08-11 23:36 - 2017-08-11 23:36 - 000000000 ____D C:\Program Files (x86)\Dell Update
2017-08-11 23:32 - 2017-08-11 23:32 - 000000000 ____D C:\Users\Ismael\AppData\Local\NetworkTiles
2017-08-11 23:32 - 2017-08-11 23:32 - 000000000 ____D C:\Users\Ismael\AppData\Local\Dell
2017-08-11 23:17 - 2017-08-11 23:20 - 000000000 ____D C:\tmp
2017-07-27 10:52 - 2017-07-27 10:52 - 000032960 _____ (Dell Inc.) C:\WINDOWS\system32\Drivers\DDDriver64Dcsa.sys
2017-07-27 10:52 - 2017-07-27 10:52 - 000032568 _____ (Dell Computer Corporation) C:\WINDOWS\system32\Drivers\DellProf.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-08-19 09:53 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-08-19 00:19 - 2017-03-19 06:01 - 000000000 ____D C:\WINDOWS\INF
2017-08-18 18:10 - 2017-03-19 05:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-18 16:49 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-08-18 15:32 - 2017-03-19 06:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-08-18 15:30 - 2017-03-19 06:06 - 000000000 ____D C:\WINDOWS\Setup
2017-08-18 15:30 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-18 15:30 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-18 15:30 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-18 15:30 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-18 15:30 - 2017-03-19 06:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-18 15:30 - 2017-03-19 06:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-18 13:03 - 2017-03-19 06:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-08-18 10:29 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\appcompat
2017-08-17 22:44 - 2017-03-19 06:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-17 22:43 - 2017-03-30 13:28 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-17 22:41 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-17 22:41 - 2017-03-19 06:03 - 000000000 ____D C:\ProgramData\USOPrivate
2017-08-17 22:40 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-08-17 22:40 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\Registration
2017-08-17 22:40 - 2017-03-18 20:40 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2017-08-17 22:39 - 2017-03-19 06:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-08-17 22:39 - 2016-07-16 20:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-08-17 22:38 - 2017-03-19 11:31 - 000000000 ____D C:\WINDOWS\HoloShell
2017-08-17 22:38 - 2017-03-19 06:03 - 000000000 __RHD C:\Users\Public\Libraries
2017-08-17 22:37 - 2017-03-30 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-08-17 22:37 - 2017-03-30 13:20 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-08-17 22:37 - 2017-03-30 13:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueColor
2017-08-17 22:37 - 2017-03-30 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-08-17 22:37 - 2017-03-18 20:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-08-17 22:35 - 2017-03-30 13:21 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2017-08-17 22:35 - 2017-03-30 13:18 - 000000000 ____D C:\WINDOWS\SysWOW64\oem
2017-08-17 22:35 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-08-17 22:35 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\system32\spool
2017-08-17 22:35 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-17 22:35 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-08-17 22:35 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\system32\Macromed
2017-08-17 22:35 - 2017-03-19 06:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2017-08-17 22:34 - 2017-03-18 20:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2017-08-17 22:33 - 2017-03-19 06:03 - 000000000 ____D C:\WINDOWS\Help
2017-08-17 22:18 - 2017-07-11 15:54 - 000000000 ___HD C:\$WINDOWS.~BT
2017-08-17 21:57 - 2017-03-30 13:24 - 000000000 ____D C:\ProgramData\McAfee
2017-08-17 21:57 - 2017-03-30 13:24 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-08-15 08:41 - 2017-03-30 13:18 - 000000000 __HDC C:\ProgramData\{423CE5CB-22CB-40B0-ABB2-FC8387A15102}
2017-08-15 01:06 - 2017-03-30 13:24 - 000000000 ____D C:\ProgramData\Dell
2017-08-15 00:37 - 2017-03-30 13:18 - 000000000 ____D C:\Program Files\Dell
2017-08-15 00:13 - 2017-03-30 13:18 - 000000000 ____D C:\ProgramData\PCDr
2017-08-14 23:54 - 2017-03-30 13:19 - 000000000 ____D C:\ProgramData\Package Cache
2017-08-14 23:34 - 2017-03-30 13:24 - 000000000 ____D C:\Program Files\mcafee
2017-08-14 23:34 - 2017-03-30 13:24 - 000000000 ____D C:\Program Files\Common Files\McAfee
2017-08-12 14:57 - 2017-03-30 13:24 - 000000000 ____D C:\Program Files\Common Files\AV
2017-08-12 02:20 - 2017-03-30 13:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2017-08-12 00:24 - 2017-03-30 13:20 - 000000000 ____D C:\ProgramData\Intel
2017-08-12 00:18 - 2017-03-30 13:24 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-08-12 00:18 - 2017-03-30 13:24 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2017-08-11 23:43 - 2017-03-30 13:24 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB.lnk
2017-08-11 23:43 - 2017-03-30 13:24 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-11 23:37 - 2017-03-30 13:19 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-08-01 00:15 - 2017-03-19 06:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-08-01 00:15 - 2017-03-19 06:06 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2017-08-19 00:16 - 2017-08-19 00:16 - 000000218 _____ () C:\Users\Ismael\AppData\Local\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-08-17 22:32

==================== End of FRST.txt ============================



#3 Hishima

Hishima
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 19 August 2017 - 01:23 AM

The Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-08-2017
Ran by Ismael (19-08-2017 14:08:48)
Running from C:\Users\Ismael\Desktop\Maintenance
Windows 10 Home Version 1703 (X64) (2017-08-17 13:41:36)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2798118346-3746725340-1217027447-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2798118346-3746725340-1217027447-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2798118346-3746725340-1217027447-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-2798118346-3746725340-1217027447-501 - Limited - Disabled)
Ismael (S-1-5-21-2798118346-3746725340-1217027447-1001 - Administrator - Enabled) => C:\Users\Ismael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee VirusScan (Disabled - Up to date) {8BCDACFA-D264-3528-5EF8-E94FD0BC1FBC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501}
FW: McAfee Firewall (Disabled) {B3F62DDF-980B-3470-75A7-407A2E6F58C7}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.151 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.33 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version:  - Progdigy Software S.A.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.6.0.0275 - Disc Soft Ltd)
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{99B7C4B5-DC14-441D-A5B6-7340F682BC81}) (Version: 3.1.1117.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{E8669F4E-F2BE-48A9-B5A5-0BC12CA4CB4F}) (Version: 2.4.18.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\InstallShield_{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 2.0.6875.402 - Dell)
Dell SupportAssist Remediation (HKLM\...\{8F663BAC-2B6F-4B86-86F4-8067F4B71ACC}) (Version: 3.0.1.2905 - Dell Inc.) Hidden
Dell SupportAssist Remediation (HKLM-x32\...\{8aa806c2-2787-490f-ac75-cd8f4d50585f}) (Version: 3.0.1.2905 - Dell Inc.)
Dell SupportAssistAgent (HKLM\...\{E1AA62F7-B32A-4090-814E-83BC7C3DF1FB}) (Version: 2.0.2.21 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{EEA45885-F3E3-4E7D-8435-E9C21D36C141}) (Version: 3.0.0.2840 - Dell Inc.)
Dell Update (HKLM-x32\...\{F91263FA-BE4D-439D-9C0A-2E7204E0E9E3}) (Version: 1.9.20.0 - Dell Inc.)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version:  - )
Dropbox 20 GB (HKLM-x32\...\{84D8451D-2ED6-3A59-ABA5-2A447F7C6310}) (Version: 4.1.2.0 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.101 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11002.3418 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.1.318 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1036 - Intel Corporation)
Intel® Online Connect Software Asset Manager (HKLM-x32\...\{AE956AB9-CD98-4F1E-8B9E-C3C66E290D64}) (Version: 3.4.2072 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4574 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.7.1042 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{C2E85BBA-6F67-413B-AD39-3E12CEC8EE97}) (Version: 19.30.1649.0953 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{041d205e-2cff-4b85-9320-cbe31995c3ac}) (Version: 19.30.0 - Intel Corporation)
KB4023057 (HKLM\...\{0339C035-CB0E-4AA1-8A94-6C306982BD86}) (Version: 2.1.0.0 - Microsoft Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.7.9045.0 - Waves Audio Ltd.) Hidden
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 16.0.1 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.149 - McAfee, Inc.)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProplusRetail - en-us) (Version: 16.0.8326.2073 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2798118346-3746725340-1217027447-1001\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Project Professional 2016 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 16.0.8326.2073 - Microsoft Corporation)
Microsoft Visio Professional 2016 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 16.0.8326.2073 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 55.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 55.0.2 (x64 en-US)) (Version: 55.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.1 - Mozilla)
MyDefrag v4.3.1 (HKLM\...\MyDefrag v4.3.1_is1) (Version: 4.0.0.0 - J.C. Kessels)
NVIDIA GeForce Experience 2.11.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.0 - NVIDIA Corporation)
NVIDIA Graphics Driver 376.56 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 376.56 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8326.2073 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8326.2073 - Microsoft Corporation) Hidden
PaintTool SAI Ver.1 (HKLM-x32\...\PaintToolSAI) (Version:  - )
Product Registration (HKLM\...\{48114909-3C3B-43E6-BF98-AE9C396500A3}) (Version: 3.0.127.0 - Dell Inc.) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.6.0 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.12.1007.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8051 - Realtek Semiconductor Corp.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
True Color (HKLM\...\{843D1B75-7A4E-4C8C-8348-BDF6C6EC3333}) (Version: 1.0.1.1 - Entertainment Experience LLC) Hidden
True Color (HKLM-x32\...\{c38d939e-31d4-44fa-a07a-d28915046b7d}) (Version: 7.9.0.0 - Entertainment Experience)
True Color XML Tables (HKLM\...\{EAE8B515-AC0E-46A8-AA41-CAD18E4094CD}) (Version: 7.10.0.0 - Entertainment Experience LLC) Hidden
TrueColorXMLTables (HKLM-x32\...\{bf377b78-c440-4ce9-a962-2fde04e6d4cd}) (Version: 7.10.0.0 - Entertainment Experience)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.23-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2798118346-3746725340-1217027447-1001_Classes\CLSID\{a9872fee-5a55-4ecb-9b0f-b06fedcf14d1}\localserver32 -> C:\Program Files\Waves\MaxxAudio\MaxxAudioPro.exe (Waves Audio Ltd)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\k120633.inf_amd64_8f63242758b1a817\igfxDTCM.dll [2017-02-07] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2016-12-30] (NVIDIA Corporation)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\Program Files\mcafee\msc\McCtxMenuFrmWrk.dll [2017-05-31] (McAfee, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {060C68E1-A42E-4277-A209-3DBE93866366} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {06828045-9520-460D-930B-F5BD3273831E} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
Task: {07863656-8FC0-4CDD-AA71-E1814B772D14} - System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-JKPPNNN-Ismael => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-26] (Adobe Systems Incorporated)
Task: {0885D0EF-555E-454D-8C4E-0AD81AE9D2D2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-10] (Microsoft Corporation)
Task: {08F4366B-8852-4C1A-A838-E5507A3FC021} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-30] (Intel Corporation)
Task: {09E0B439-D1D3-4F13-A72A-2B6C0D78352D} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-08-14] (McAfee, Inc.)
Task: {10881886-64FB-4A20-A6ED-67C00AF1C1A2} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssist.exe [2017-08-04] (Dell Inc.)
Task: {17569CE4-E699-4863-872B-B7A727C76A04} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.50.1291.1\mcdatrep.exe [2017-08-14] (McAfee, Inc.)
Task: {332172B9-C255-42A4-8EA5-45D07536A3FE} - System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2016-06-15] (NVIDIA Corporation)
Task: {35CF9500-8ED9-4AF4-8502-BEDC4F26AD4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-08-12] (Adobe Systems Incorporated)
Task: {41B56110-9FE4-42C5-AC81-3144BC81EBB7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-12] (Google Inc.)
Task: {4310C291-EC89-42ED-AF15-8D4DAFCA037E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-08-17] (Microsoft Corporation)
Task: {431329E2-5AC4-4925-B6C7-8C07DDB27BA0} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {54E875A7-8C96-486D-A0E8-975577E633C7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-08-03] (Piriform Ltd)
Task: {56F29CB5-8552-4FFF-B2F7-4BB6A3BB65B1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-08-10] (Microsoft Corporation)
Task: {6109E1B3-0E7C-4E84-BCC8-829728538B5A} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [2016-09-15] ()
Task: {6703F102-992C-4E09-B642-70893943E9FD} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-08-11] (Dropbox, Inc.)
Task: {7768942B-ED78-4DF9-83DD-C1AF311E6810} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2017-05-31] (McAfee, Inc.)
Task: {89EC4CC8-9410-4117-86F8-C39EDC520808} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-08-17] (Microsoft Corporation)
Task: {8B7FE412-172F-4366-93A1-88644CFC541F} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-08-11] (Dropbox, Inc.)
Task: {90CF53B2-3B00-4422-B1FD-727DDDCE93CA} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {A43ED2BC-390C-44F4-947D-D21AA5FA8C82} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {C2F94C68-5257-4BC0-8C56-700EF7F4B5B0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-12] (Google Inc.)
Task: {C66BE21B-D280-4D8E-9B12-44E012410C35} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-17] ()
Task: {C9A31180-F53B-41D3-AAD5-EB98AFE8448F} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-12-01] (DropboxOEM)
Task: {D9FADA9F-36CD-4AD8-8768-C23136243F4C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-05-29] (PC-Doctor, Inc.)
Task: {DEA33CA7-B0CA-478D-AF40-17F64803F3C1} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {E2DB8350-1C34-49DD-A493-68FB9FA2713A} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe [2017-04-12] (McAfee, Inc.)
Task: {E6260D4B-CF95-4EE2-9DFD-BB6231DC3E93} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel® Online Connect Access\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-30] (Intel Corporation)
Task: {EEB15D24-98D1-4012-9B69-4000DEF6528E} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {F0D43BD1-C9B9-4C4E-B278-1FD5700F9895} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-27] (Intel® Corporation)
Task: {F14A1AFF-C187-4CFD-B071-B8073BA23DD4} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {F86A1B45-B941-4CC3-808E-23A3335E2D46} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-08-17] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2016-10-06 04:15 - 2016-10-06 04:15 - 000107752 _____ () C:\Program Files\Intel\Intel® Online Connect Access\libglog.dll
2016-10-06 04:15 - 2016-10-06 04:15 - 000412904 _____ () C:\Program Files\Intel\Intel® Online Connect Access\JsonCpp.dll
2016-12-13 08:57 - 2016-12-13 08:57 - 000093072 _____ () C:\Program Files\TrueColor\TrueColorALS.exe
2017-08-14 23:31 - 2017-06-11 13:00 - 000583160 _____ () C:\Program Files\McAfee\MfeAV\RealProtectAMScanIf.dll
2017-08-14 23:31 - 2017-06-11 12:59 - 000574352 _____ () C:\Program Files\McAfee\MfeAV\AMEngineScan.dll
2017-08-14 23:31 - 2017-06-11 13:00 - 000571240 _____ () C:\Program Files\McAfee\MfeAV\RepairModule.dll
2016-10-05 09:09 - 2016-10-05 09:09 - 000253664 _____ () C:\Program Files\Intel\Intel® Online Connect\CSLibWrapper.dll
2016-05-18 13:31 - 2016-05-18 13:31 - 000140288 _____ () C:\WINDOWS\system32\DPPPlugin.dll
2017-08-17 22:33 - 2016-12-30 15:53 - 000134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-19 05:58 - 2017-03-19 05:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-08-12 02:21 - 2017-08-17 22:15 - 008929480 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2017-08-12 01:29 - 2017-06-29 08:43 - 001658312 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-03-19 05:59 - 2017-03-19 11:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-08-12 02:21 - 2017-08-17 22:14 - 000241352 _____ () C:\Program Files\Microsoft Office\root\Office16\JitV.dll
2017-08-13 16:48 - 2017-08-13 17:57 - 000852798 _____ () C:\Users\Ismael\Desktop\Maintenance\SecurityCheck.exe
2017-08-16 13:06 - 2017-08-16 13:06 - 000054272 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-09-10 00:32 - 2016-09-10 00:32 - 000134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2016-05-03 06:46 - 2016-05-03 06:46 - 000134008 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2017-05-02 04:27 - 2017-05-02 04:27 - 000133992 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-10-20 17:28 - 2016-10-20 17:28 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-03-30 13:23 - 2016-06-15 22:03 - 000018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-08-15 19:08 - 2017-05-17 10:54 - 000678176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-08-15 19:08 - 2017-07-18 09:33 - 002497824 _____ () C:\Program Files (x86)\Steam\video.dll
2017-08-15 19:08 - 2016-09-01 10:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-08-15 19:08 - 2016-01-27 16:49 - 000491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-08-15 19:08 - 2016-01-27 16:49 - 000332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-08-15 19:08 - 2016-01-27 16:49 - 002549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-08-15 19:08 - 2016-01-27 16:49 - 000442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-08-15 19:08 - 2016-01-27 16:49 - 000485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-08-15 19:08 - 2016-09-01 10:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-08-15 19:08 - 2016-09-01 10:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-08-15 19:08 - 2017-07-18 09:33 - 000884512 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-08-15 19:08 - 2016-07-05 07:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2017-08-15 19:08 - 2017-05-17 10:54 - 000678176 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2017-08-15 19:08 - 2017-07-07 02:58 - 073088800 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-08-15 19:08 - 2017-07-18 09:33 - 000384288 _____ () C:\Program Files (x86)\Steam\steam.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 20:47 - 2016-07-16 20:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2798118346-3746725340-1217027447-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Ismael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 164.124.101.2 - 203.248.252.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{37D7E800-CAA8-4DEB-A13B-4C110B8C5D3C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{00035FCB-798C-44C0-9CDC-8F36C088BCAA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{E489BA81-6AA2-4B87-8387-F1BE0E05D797}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2F759A97-89AC-403B-A04E-8F47B55DAD7C}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{6763DE8E-63E0-49DD-841F-03CACC44B450}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A7F1D483-4A1C-4A8D-ABCF-5363A3BE416A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F6C5F91D-C690-4CA5-BDE8-3B7BD81F9D33}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9BB78A55-24EA-4CED-8C80-B5B9AD17CED5}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{ACBC26C3-0F6F-4D57-B4AB-0B9020C7B795}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{59B50DEE-765D-419A-AFDB-328B87CFF799}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0DF11AC6-05BD-488F-8253-AD108D226CF1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{D2B3DA1C-2F03-4849-B71B-4260D59531B6}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{9C801DF0-39C2-4D45-8503-8848E3C75382}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D60B5848-607F-470B-8E68-9132F7ABFC2C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7BE536DC-C013-4B7A-B18D-CFC70DB5B64B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{76BBC39F-86B7-4338-BDB7-D9A2253405B3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{4B3A1F88-5AD5-454F-A60E-2CA8A0794BEA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B4A073DA-3B2A-46EE-91B9-66D1DB9D2629}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{F796D20B-875C-4699-8423-973DAB09928A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/18/2017 06:43:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinStore.App.exe, version: 11706.1001.26.0, time stamp: 0x59712c94
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.540, time stamp: 0xd330c8c8
Exception code: 0xc000027b
Fault offset: 0x00000000004434af
Faulting process id: 0x1a28
Faulting application start time: 0x01d318067350e6aa
Faulting application path: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 6ad9e3f1-0d63-45bd-a9b1-7e0c511cdd7b
Faulting package full name: Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (08/18/2017 06:42:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinStore.App.exe, version: 11706.1001.26.0, time stamp: 0x59712c94
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.540, time stamp: 0xd330c8c8
Exception code: 0xc000027b
Fault offset: 0x00000000004434af
Faulting process id: 0xa14
Faulting application start time: 0x01d3180631959dd2
Faulting application path: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 7dec6e5c-eff5-4b6c-a7ef-f66b927143b9
Faulting package full name: Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (08/18/2017 06:41:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: WinStore.App.exe, version: 11706.1001.26.0, time stamp: 0x59712c94
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.15063.540, time stamp: 0xd330c8c8
Exception code: 0xc000027b
Fault offset: 0x00000000004434af
Faulting process id: 0x3d58
Faulting application start time: 0x01d317f945cca5b2
Faulting application path: C:\Program Files\WindowsApps\Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe\WinStore.App.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 1fd88e9a-1384-492b-8c7c-b5b47d604a1d
Faulting package full name: Microsoft.WindowsStore_11706.1001.26.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (08/18/2017 12:08:04 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="6JYNQH2" SMBIOSMajVer="3" SMBIOSMinVer="0" SMBIOSBIOSVer="1.0.0" SMBIOSPresent="True" Rel_Date="20170210000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5577" Ident_Num="DESKTOP-JKPPNNN" TimeZone="(UTC+09:00) Seoul" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.0.3</HostIP></Exception>

Error: (08/18/2017 12:08:03 PM) (Source: Dell System Detect) (EventID: 0) (User: )
Description: <Exception><Type>System.Xml.XmlException</Type><Message><![CDATA[The '/' character, hexadecimal value 0x2F, cannot be included in a name.]]></Message><Source><![CDATA[System.Xml]]></Source><StackTrace><![CDATA[   at System.Xml.XmlDocument.CheckName(String name)
   at System.Xml.XmlElement..ctor(XmlName name, Boolean empty, XmlDocument doc)
   at System.Xml.XmlDocument.CreateElement(String prefix, String localName, String namespaceURI)
   at System.Xml.XmlDocument.CreateElement(String name)
   at eSupport.Common.Client.Core.LastUpdatedHelper.SetLastUpdatedValue(String type, String value)]]></StackTrace><SysInfo STag="6JYNQH2" SMBIOSMajVer="3" SMBIOSMinVer="0" SMBIOSBIOSVer="1.0.0" SMBIOSPresent="True" Rel_Date="20170210000000.000000+000" DSDVersion="" Vendor="Dell Inc." PName="Inspiron 5577" Ident_Num="DESKTOP-JKPPNNN" TimeZone="(UTC+09:00) Seoul" OSName="Microsoft Windows 10 Home"/><Method>UpdateLastUpdatedConfig</Method><HostIP>192.168.0.3</HostIP></Exception>

Error: (08/18/2017 10:26:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RuntimeBroker.exe, version: 10.0.15063.0, time stamp: 0x782fe8f8
Faulting module name: windows.storage.dll, version: 10.0.15063.502, time stamp: 0xded631f2
Exception code: 0xc0000005
Fault offset: 0x000000000010986e
Faulting process id: 0x2ac8
Faulting application start time: 0x01d317c1021329f4
Faulting application path: C:\Windows\System32\RuntimeBroker.exe
Faulting module path: C:\WINDOWS\System32\windows.storage.dll
Report Id: 32c9bfb5-6e58-4a85-81de-d0837a9bbdd8
Faulting package full name:
Faulting package-relative application ID:

Error: (08/18/2017 10:26:01 AM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel® Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (08/18/2017 10:26:01 AM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel® Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (08/17/2017 10:45:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-JKPPNNN)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/17/2017 10:45:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-JKPPNNN)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (08/19/2017 09:50:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/19/2017 09:50:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/18/2017 11:19:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/18/2017 06:53:52 PM) (Source: Netwtw04) (EventID: 5010) (User: )
Description: \Device\NDMP4Intel® Dual Band Wireless-AC 3165

Error: (08/18/2017 06:53:15 PM) (Source: Netwtw04) (EventID: 5010) (User: )
Description: \Device\NDMP4Intel® Dual Band Wireless-AC 3165

Error: (08/18/2017 04:58:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Content Protection HECI Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/18/2017 04:49:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/18/2017 04:49:21 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/18/2017 10:27:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (08/18/2017 10:27:26 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 45%
Total physical RAM: 8053.96 MB
Available physical RAM: 4407.41 MB
Total Virtual: 9973.96 MB
Available Virtual: 5798.46 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:105.48 GB) (Free:37.15 GB) NTFS
Drive d: (DATA) (Fixed) (Total:931.39 GB) (Free:881.89 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: 2913CCEA)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 430F9527)

Partition: GPT.

==================== End of Addition.txt ============================



#4 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 22 August 2017 - 03:40 PM

Greetings Hishima!

 

 

I would be helping you on this topic. Kindly allow me a bit of time to go over your logs and get back to you :)

 

 

Have a nice day!
 

Regards,

Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#5 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 24 August 2017 - 03:11 AM

Hi Hishima!

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and that may have been the route the malware used to infect your computer. Do not use any P2P software until we conclude your topic.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

Let's begin!
 

Going over your logs I noticed that you have Deluge installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall Deluge, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.
If you wish to keep it, please do not use it until your computer is cleaned.

 

I don't see any signs of infection as per the logs submitted by you. The flashing of a CMD could be because of these tasks -

Task: {06828045-9520-460D-930B-F5BD3273831E} - System32\Tasks\MyDefrag v4.3.1 Daily => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticDaily.MyD [2010-05-21] ()
Task: {431329E2-5AC4-4925-B6C7-8C07DDB27BA0} - System32\Tasks\MyDefrag v4.3.1 Monthly => C:\Program Files\MyDefrag v4.3.1\Scripts\AutomaticMonthly.MyD [2010-05-21] ()
Task: {6109E1B3-0E7C-4E84-BCC8-829728538B5A} - System32\Tasks\Dell Cleanup => c:\windows\system32\oem\startmenufix.vbs [2016-09-15] ()


 
I see that System Restore has been disabled. Could you please follow this guide and turn it on?

 
Let's make sure that there isn't anything malicious on the system by using ESET Online Scanner.

ESET Online Scanner:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be read here.

  • Please go here, download the ESET Smart Installer, and save it to your desktop.
  • Double-click on the esetimage.png you just downloaded.
  • Place a checkmark next to "YES, I accept the Terms of Use" and click the shieldstart.png button.
  • Click "Yes" to the UAC (User Account Control) warning, then ESET will download its components, register itself, and start itself.
  • In the new window that opens, tick the radio button next to Enable detection of potentially unwanted applications.
  • Then click "Advanced settings", and make sure there is a checkmark next to only the following items (uncheck everything else):
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Now click on: start.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. ...The scan may appear to be finished sometimes...if there is a progress bar visible, it is still scanning!
  • When the scan completes, click List Found Threats (only if anything is found).
  • Then click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click back.png, then click finish.png to exit ESET Online Scanner.

Don't forget to re-enable your antivirus when finished!

 


Let me know how it goes!

Have a nice day!

Regards,
Pranav


Edited by blueelvis, 24 August 2017 - 03:14 AM.
It's always the formatting

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#6 Hishima

Hishima
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 25 August 2017 - 10:24 PM

Hey,

 

I followed what you said and I uninstalled Deluge.

 

This is what I found because I also saved it as a txt name.

 

C:\Users\Ismael\Downloads\Downloaded Programs\ccsetup532.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Users\Ismael\Downloads\Downloaded Programs\ccsetup533.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    
C:\Users\Ismael\Downloads\Downloaded Programs\CDisplayExWin64v1.10.29.exe    Win32/FusionCore.I potentially unwanted application    
C:\Users\Ismael\Downloads\Downloaded Programs\Microsoft Office Professional Plus 2016 + Activation Tool [danhuk]\Disc Image\Office_2016_x86_x64_EN_16.0.6769.2040.iso    a variant of Win32/HackTool.KMSAuto.E potentially unsafe application    
 



#7 Hishima

Hishima
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 25 August 2017 - 10:28 PM

What I've noticed recently is that my taskbar (with my pinned programs) has been glitching its like its indicating that a USB or a Virtual Drive is being installed forcibly into my computer. When I move files or delete files its continues to glitch in and out like it looks like its flashing. I do not think this is a normal symptom of a computer. I never seen this before with my other computers.



#8 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 27 August 2017 - 01:43 PM

Hey Hishima!

 

 

The threats don't seem to be harmful. Does this happen only while moving/deleting files? And does the whole window flash or only part of it?

 

Let's try running JRT.

 

 

96jfrSi.png Please download Junkware Removal Tool to your desktop.

 

  • Shut down your protection software now to avoid potential conflicts.

  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

  • The tool will open and start scanning your system.

  • Please be patient as this can take a while to complete depending on your system's specifications.

  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

  • Post the contents of JRT.txt into your next message.

 

 

-Pranav


Edited by blueelvis, 27 August 2017 - 01:44 PM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#9 Hishima

Hishima
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 30 August 2017 - 08:38 PM

Yes. The windows will flash every time I moving or deleting a file like its tracking every move I make. And also I've seen a recent decrease in my internet service as well. It feels like someone is piggybacking on my computer seeing everything I do.



#10 Hishima

Hishima
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 30 August 2017 - 08:50 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Ismael (Administrator) on Thu 08/31/2017 at 10:45:04.93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)



Registry: 1

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\0079131504143054mcinstcleanup (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 08/31/2017 at 10:46:30.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#11 Hishima

Hishima
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 30 August 2017 - 08:53 PM

It looks like I had some junkware on my computer then. I've seen this when I'm closing my computer these tasks will show up on my task manger.



#12 Hishima

Hishima
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 31 August 2017 - 11:03 AM

The symptoms are still there. I believe we have solved a partial part of this hack, but I think there are still more to this. Is there any other advice you can give? I appreciate the help.



#13 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 01 September 2017 - 04:36 AM

Hi Hishima!

 

 

The JRT log looks clean. Please follow the below instructions and record the screen for me so that I can see what is happening since this is a very strange behavior -

  1. Please go to https://getsharex.com/
  2. Click on the Download Button and then install the software. During the installation, uncheck the tick boxes except "Create a desktop shortcut".
  3. Once the software has been installed, open it by double clicking on the icon on desktop. In case you receive a warning for hotkey, please click on OK.
  4. Now, click on Capture -> Screen Recording (GIF). In case it asks you to download FFMPEG, please do so.
  5. Now you would be presented with a grid on your screen.
  6. Click on the top left and then drag it till bottom right to cover the entire screen. It will start recording.
  7. Now, reproduce the issue where you say that your screen is flashing.
  8. Once you are done, you would find a Red Dot icon in the taskbar's notification area, click on it to stop recording.
  9. Depending on the length of the recording, it will take some time for the software to encode the recording.
  10. By default, the recordings are stored under C:\Users\{User_Name}\ShareX\Screenshots\{Date_Of_Recording}\ . The username and date of recording would be different for each user.
  11. Now, please upload the GIF file over here.

 

 

a6csRll.pngMalwarebytes Anti-Rootkit Beta
  • Click on Next, and then on the Update button to let it update its database. Once the database has been successfully updated, click on Next;
  • Make sure all the checkboxes are checked, then click on the Scan button, and let it completes its scan (this can take a while);
  • Once the scan is done, make sure that every item is checked, and click on the Cleanup button (a reboot might be required)
  • After that (and the reboot, if one was required), go back in the mbar folder and look for a text file called mbar-log-TODAY'S-DATE.txt
  • Copy/paste the content of that log in your next reply
 
 
Let me know how it goes!
 
Regards,
Pranav

Edited by blueelvis, 01 September 2017 - 04:38 AM.

Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/

#14 Hishima

Hishima
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:08:34 AM

Posted 01 September 2017 - 06:52 PM

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.09.01.09
  rootkit: v2017.08.02.01

Windows 10 x64 NTFS
Internet Explorer 11.540.15063.0
Ismael :: DESKTOP-JKPPNNN [administrator]

9/2/2017 8:40:39 AM
mbar-log-2017-09-02 (08-40-39).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 304445
Time elapsed: 6 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)



#15 blueelvis

blueelvis

    Bleep Blop Bleep


  • Malware Response Team
  • 1,666 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:04 PM

Posted 02 September 2017 - 02:36 PM

Hello Hishima!

 

 

I have viewed the clip which you uploaded multiple times and I did not find anything odd with the taskbar or anything at all. I also ran the video in slow motion to ensure that I don't miss anything. Any chance that your monitor is acting up?

 

The MBAR log looks clear to me and I believe that you don't have any infection on your system.

 

 

Regards,

Pranav


Member of the Bleeping Computer A.I.I. early response team!


In case I have been helping you and you haven't received a reply from me in 48 hours, please feel free to PM me. Anything else? Still feel free to PM me :)

Did you read this? http://omgdebugging.com/5-tips-for-getting-the-best-bang-for-the-buck-at-fast-food-joints/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users