Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware infection - keep getting redirected in Google Chrome


  • This topic is locked This topic is locked
34 replies to this topic

#1 doryon

doryon

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 02 July 2018 - 03:04 PM

Hi everyone,

 

Something weird started to happen a few weeks ago. I was browsing as always and suddenly I'm getting redirected to some landing page with a fake message of me winning and iPhone or a S9 because 'I was a loyal user of Google Chrome' or something like that.

Didn't make much of this at first, as I thought it was some kind of ad format opening a new tab (since I open several when reading news), but then I noticed that I actually got redirected once or twice a day from different websites.

 

I tried Malwarebytes and AdwCleaner with no luck so far.

 

Here are amy logs. Thanks in advance!!!

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by doryo (administrator) on VAIO (02-07-2018 16:56:22)
Running from D:\Cositas
Loaded Profiles: doryo (Available Profiles: doryo)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Spotify Ltd) C:\Users\doryo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\EXCEL.EXE
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [Google Update] => C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [1023664 2016-03-25] (Samsung)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [GoogleChromeAutoLaunch_5EED4FD486233C4C3DD6EE9C0C139F49] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568 2018-06-22] (Google Inc.)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [Spotify Web Helper] => C:\Users\doryo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-14] (Spotify Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 site.darriens.localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a3a1b25f-0f40-4673-ba2d-1ded653623fe}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{bcbebfbc-3322-43c1-8151-24d4badd002e}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{bcbebfbc-3322-43c1-8151-24d4badd002e}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-60989047-3131939895-948155456-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-04-11] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-04-11] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2016-10-18] (Sun Microsystems, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2016-10-18] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-60989047-3131939895-948155456-1001: @tools.google.com/Google Update;version=3 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-60989047-3131939895-948155456-1001: @tools.google.com/Google Update;version=9 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default [2018-07-02]
CHR Extension: (Slides) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-14]
CHR Extension: (Brushed) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2016-12-21]
CHR Extension: (iPad Simulator) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\biamdeofchcbekmcakjcfnpdipmkmkbb [2016-05-14]
CHR Extension: (YouTube) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-14]
CHR Extension: (Google Play Music) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-05-09]
CHR Extension: (Sheets) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2016-05-14]
CHR Extension: (Cablevisión Flow) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbnbmbkemlokfckhdoaakhjogffkinc [2017-06-14]
CHR Extension: (Google Docs Offline) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-14]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-05-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-17]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-14]
CHR Extension: (Chrome Media Router) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-12]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-02-22]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-07-02]
CHR Extension: (Slides) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-07]
CHR Extension: (Docs) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-07]
CHR Extension: (Google Drive) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-05]
CHR Extension: (IBM Security Rapport) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-15]
CHR Extension: (YourTV Chrome extension) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bdlhpbalhdjobabgbacbgclpjjelainj [2018-02-22]
CHR Extension: (YouTube) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-05]
CHR Extension: (Adobe Acrobat) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Sheets) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-05]
CHR Extension: (Summer Holidays) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfecfgangbaamlkdcebkbngncpabddea [2017-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-05]
CHR Extension: (Chrome Media Router) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-12]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-06-28]
CHR Extension: (Slides) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-17]
CHR Extension: (Docs) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-17]
CHR Extension: (Google Drive) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08]
CHR Extension: (YouTube) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
CHR Extension: (Adobe Acrobat) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-08]
CHR Extension: (Sheets) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-17]
CHR Extension: (Google Docs Offline) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-17]
CHR Extension: (Gmail) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-17]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\System Profile [2018-06-28]
CHR HKU\S-1-5-21-60989047-3131939895-948155456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-60989047-3131939895-948155456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bdlhpbalhdjobabgbacbgclpjjelainj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] ()
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [320472 2018-01-02] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-01-17] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257624 2016-11-29] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-28] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-28] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2018-01-17] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [226560 2017-07-26] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [232936 2017-05-19] (Intel Corporation)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3521032 2017-11-08] (Intel Corporation)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [64088 2016-11-29] (Synaptics Incorporated)
R3 SOWS; C:\WINDOWS\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102664 2014-02-10] ()
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25992 2014-02-10] ()
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [700424 2014-02-10] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-28] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-28] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-28] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-02 16:17 - 2018-07-02 16:56 - 000000000 ____D C:\FRST
2018-06-28 10:10 - 2018-06-28 10:11 - 000000000 ____D C:\AdwCleaner
2018-06-28 10:02 - 2018-06-28 10:02 - 000000000 ____D C:\Program Files\HitmanPro
2018-06-28 10:01 - 2018-06-28 10:07 - 000000000 ____D C:\ProgramData\HitmanPro
2018-06-23 15:03 - 2018-06-23 15:03 - 000000000 ____D C:\Users\doryo\Desktop\Brian
2018-06-12 21:17 - 2018-06-08 06:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-12 21:17 - 2018-06-08 06:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-12 21:16 - 2018-06-08 16:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-06-12 21:16 - 2018-06-08 16:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-12 21:16 - 2018-06-08 16:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-12 21:16 - 2018-06-08 16:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-12 21:16 - 2018-06-08 16:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-06-12 21:16 - 2018-06-08 16:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-12 21:16 - 2018-06-08 16:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-06-12 21:16 - 2018-06-08 15:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-12 21:16 - 2018-06-08 15:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-12 21:16 - 2018-06-08 15:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-12 21:16 - 2018-06-08 15:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-12 21:16 - 2018-06-08 15:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-12 21:16 - 2018-06-08 15:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-06-12 21:16 - 2018-06-08 15:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-12 21:16 - 2018-06-08 15:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-06-12 21:16 - 2018-06-08 15:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-06-12 21:16 - 2018-06-08 15:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-12 21:16 - 2018-06-08 15:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-12 21:16 - 2018-06-08 15:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-12 21:16 - 2018-06-08 15:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-12 21:16 - 2018-06-08 15:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-12 21:16 - 2018-06-08 15:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-12 21:16 - 2018-06-08 15:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-12 21:16 - 2018-06-08 15:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-12 21:16 - 2018-06-08 15:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-06-12 21:16 - 2018-06-08 15:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-06-12 21:16 - 2018-06-08 14:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-12 21:16 - 2018-06-08 13:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-12 21:16 - 2018-06-08 13:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-06-12 21:16 - 2018-06-08 13:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-12 21:16 - 2018-06-08 13:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-06-12 21:16 - 2018-06-08 13:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-12 21:16 - 2018-06-08 13:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-12 21:16 - 2018-06-08 13:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-06-12 21:16 - 2018-06-08 13:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-12 21:16 - 2018-06-08 13:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-12 21:16 - 2018-06-08 13:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-06-12 21:16 - 2018-06-08 13:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-12 21:16 - 2018-06-08 13:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-12 21:16 - 2018-06-08 13:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-12 21:16 - 2018-06-08 13:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-12 21:16 - 2018-06-08 11:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-12 21:16 - 2018-06-08 11:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-12 21:16 - 2018-06-08 07:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-12 21:16 - 2018-06-08 07:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-12 21:16 - 2018-06-08 07:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-12 21:16 - 2018-06-08 07:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-12 21:16 - 2018-06-08 07:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-12 21:16 - 2018-06-08 07:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-12 21:16 - 2018-06-08 07:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-12 21:16 - 2018-06-08 07:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-12 21:16 - 2018-06-08 07:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-12 21:16 - 2018-06-08 07:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-12 21:16 - 2018-06-08 06:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-12 21:16 - 2018-06-08 06:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-12 21:16 - 2018-06-08 06:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-12 21:16 - 2018-06-08 06:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-12 21:16 - 2018-06-08 06:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-12 21:16 - 2018-06-08 06:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-12 21:16 - 2018-06-08 06:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-12 21:16 - 2018-06-08 06:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-12 21:16 - 2018-06-08 06:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-06-12 21:16 - 2018-06-08 06:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-12 21:16 - 2018-06-08 06:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-12 21:16 - 2018-06-08 06:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-12 21:16 - 2018-06-08 06:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-12 21:16 - 2018-06-08 06:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-06-12 21:16 - 2018-06-08 06:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-12 21:16 - 2018-06-08 06:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-12 21:16 - 2018-06-08 06:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-12 21:16 - 2018-06-08 06:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-12 21:16 - 2018-06-08 06:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-12 21:16 - 2018-06-08 06:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-12 21:16 - 2018-06-08 06:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-12 21:16 - 2018-06-08 06:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-12 21:16 - 2018-06-08 06:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-12 21:16 - 2018-06-08 06:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-12 21:16 - 2018-06-08 06:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-12 21:16 - 2018-06-08 06:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-06-12 21:16 - 2018-06-08 06:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-12 21:16 - 2018-06-08 06:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-06-12 21:16 - 2018-06-08 06:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-12 21:16 - 2018-06-08 06:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-06-12 21:16 - 2018-06-08 06:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-06-12 21:16 - 2018-06-08 06:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-12 21:16 - 2018-06-08 06:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-12 21:16 - 2018-06-08 06:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-12 21:16 - 2018-06-08 06:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-06-12 21:16 - 2018-06-08 06:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-12 21:16 - 2018-06-08 05:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-06-12 21:16 - 2018-06-08 05:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-12 21:16 - 2018-06-08 05:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-06-12 21:16 - 2018-06-08 05:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-06-12 21:16 - 2018-06-08 05:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-12 21:16 - 2018-06-08 05:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-12 21:16 - 2018-06-08 05:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-06-12 21:16 - 2018-06-08 05:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-06-12 21:16 - 2018-06-08 05:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-06-12 21:16 - 2018-06-08 05:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-12 21:16 - 2018-06-08 04:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-12 21:16 - 2018-06-06 15:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-12 21:16 - 2018-06-06 01:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-12 21:16 - 2018-06-01 20:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-12 21:16 - 2018-06-01 19:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-12 21:16 - 2018-05-25 00:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-06-12 21:16 - 2018-05-20 16:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-12 21:16 - 2018-05-20 16:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-12 21:16 - 2018-05-20 16:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-12 21:16 - 2018-05-20 16:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-12 21:16 - 2018-05-20 16:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-12 21:16 - 2018-05-20 16:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-12 21:16 - 2018-05-20 16:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-12 21:16 - 2018-05-20 16:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-12 21:16 - 2018-05-20 16:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-12 21:16 - 2018-05-20 16:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-12 21:16 - 2018-05-20 16:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-12 21:16 - 2018-05-20 16:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-12 21:16 - 2018-05-20 15:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-12 21:16 - 2018-05-20 15:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-12 21:16 - 2018-05-20 15:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-12 21:16 - 2018-05-20 15:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-12 21:16 - 2018-05-20 15:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-12 21:16 - 2018-05-20 14:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-12 21:16 - 2018-05-20 14:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-12 21:16 - 2018-05-20 13:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-12 21:16 - 2018-05-20 13:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-12 21:16 - 2018-05-20 13:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-12 21:16 - 2018-05-20 13:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-12 21:16 - 2018-05-20 13:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-12 21:16 - 2018-05-20 11:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-12 21:16 - 2018-05-20 09:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-12 21:16 - 2018-05-20 08:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-12 21:16 - 2018-05-20 08:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-12 21:16 - 2018-05-20 08:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-12 21:16 - 2018-05-20 08:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-12 21:16 - 2018-05-20 08:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-12 21:16 - 2018-05-20 08:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-12 21:16 - 2018-05-20 08:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-12 21:16 - 2018-05-20 08:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-12 21:16 - 2018-05-20 08:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-12 21:16 - 2018-05-20 08:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-12 21:16 - 2018-05-20 08:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-12 21:16 - 2018-05-20 08:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-12 21:16 - 2018-05-20 08:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-12 21:16 - 2018-05-20 08:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-12 21:16 - 2018-05-20 08:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-12 21:16 - 2018-05-20 08:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-12 21:16 - 2018-05-20 08:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-12 21:16 - 2018-05-20 08:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-12 21:16 - 2018-05-20 08:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-12 21:16 - 2018-05-20 08:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-12 21:16 - 2018-05-20 08:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-12 21:16 - 2018-05-20 08:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-12 21:16 - 2018-05-20 08:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-12 21:16 - 2018-05-20 08:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-12 21:16 - 2018-05-20 08:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-12 21:16 - 2018-05-20 08:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-12 21:16 - 2018-05-20 08:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-12 21:16 - 2018-05-20 08:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-12 21:16 - 2018-05-20 08:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-12 21:16 - 2018-05-20 08:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-12 21:16 - 2018-05-20 08:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-12 21:16 - 2018-05-20 08:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-12 21:16 - 2018-05-20 08:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-12 21:16 - 2018-05-20 08:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-12 21:16 - 2018-05-20 08:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-12 21:16 - 2018-05-20 08:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-12 21:16 - 2018-05-20 08:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-12 21:16 - 2018-05-20 08:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-12 21:16 - 2018-05-20 08:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-12 21:16 - 2018-05-20 05:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-12 21:16 - 2018-05-18 14:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-06-12 19:29 - 2018-06-12 19:58 - 000000000 ____D C:\Users\doryo\Desktop\fotos taller abuelos
2018-06-09 13:42 - 2018-06-09 13:42 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-09 13:42 - 2018-06-09 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-09 13:42 - 2018-06-09 13:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-09 13:42 - 2018-06-09 13:42 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-09 13:42 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-05 20:40 - 2018-06-05 20:40 - 000000000 ____D C:\Users\doryo\AppData\Local\D3DSCache
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-02 16:45 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-02 16:45 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-02 16:45 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-02 16:45 - 2017-10-19 11:53 - 000000000 ____D C:\Users\doryo\AppData\Local\Packages
2018-07-02 16:31 - 2016-05-16 09:23 - 000000000 ____D C:\Users\doryo\AppData\Roaming\uTorrent
2018-07-02 15:32 - 2018-05-01 12:03 - 000004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1933E47A-0F08-41FC-AB27-8F5C523F4B1C}
2018-07-02 08:01 - 2018-05-01 11:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-02 06:30 - 2016-05-19 17:43 - 000000000 ____D C:\Users\doryo\AppData\Local\Adobe
2018-07-01 18:14 - 2016-05-16 10:08 - 000000000 ____D C:\Users\doryo\Documents\Outlook Files
2018-06-30 14:53 - 2017-09-28 19:08 - 000000000 ____D C:\Users\doryo\Desktop\Néstor
2018-06-28 10:29 - 2018-05-01 16:50 - 000782398 _____ C:\WINDOWS\system32\perfh00A.dat
2018-06-28 10:29 - 2018-05-01 16:50 - 000152222 _____ C:\WINDOWS\system32\perfc00A.dat
2018-06-28 10:29 - 2018-05-01 12:02 - 001762872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-28 10:29 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2018-06-28 10:23 - 2018-05-01 12:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-28 10:23 - 2018-04-11 18:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-06-28 10:23 - 2018-03-31 12:09 - 000000000 ____D C:\Temp
2018-06-28 10:23 - 2016-05-14 13:05 - 000000000 __SHD C:\Users\doryo\IntelGraphicsProfiles
2018-06-28 10:12 - 2016-05-16 09:45 - 000000000 ____D C:\Users\doryo\AppData\Roaming\Skype
2018-06-28 07:12 - 2018-02-14 03:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 09:54 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-25 18:38 - 2016-05-14 19:28 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-25 18:38 - 2016-05-14 19:28 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-23 20:24 - 2018-05-01 12:03 - 000003350 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-60989047-3131939895-948155456-1001
2018-06-23 20:24 - 2018-05-01 11:57 - 000002359 _____ C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-23 20:24 - 2016-05-14 12:39 - 000000000 ___RD C:\Users\doryo\OneDrive
2018-06-17 10:35 - 2017-03-08 10:05 - 000002472 _____ C:\Users\doryo\Desktop\Admin Ideas2 - Chrome.lnk
2018-06-17 10:34 - 2017-03-05 21:43 - 000002472 _____ C:\Users\doryo\Desktop\Marina Jazmín - Chrome.lnk
2018-06-12 21:43 - 2016-05-16 14:02 - 000000000 ___RD C:\Users\doryo\3D Objects
2018-06-12 21:43 - 2016-02-13 10:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-12 21:42 - 2018-05-01 11:56 - 005099288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-12 21:42 - 2018-04-11 18:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-12 21:37 - 2016-05-14 12:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-12 21:35 - 2017-10-10 19:05 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-12 21:35 - 2016-05-14 12:57 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-12 21:30 - 2015-10-30 04:24 - 000000167 _____ C:\WINDOWS\win.ini
2018-06-12 21:19 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-09 13:47 - 2017-08-11 09:32 - 000000000 ____D C:\Program Files\AutoCAD 2009
2018-06-08 06:17 - 2015-10-30 05:13 - 000407558 __RSH C:\bootmgr
2018-06-05 20:29 - 2018-04-11 20:41 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 20:29 - 2018-04-11 20:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-05 19:44 - 2016-08-12 20:21 - 000000000 ____D C:\Users\doryo\Desktop\IIBB JAZ
 
==================== Files in the root of some directories =======
 
2016-12-26 11:36 - 2016-12-26 11:36 - 000000132 _____ () C:\Users\doryo\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2016-06-10 11:56 - 2018-05-03 12:29 - 000000132 _____ () C:\Users\doryo\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-01 11:56
 
==================== End of FRST.txt ============================
 
 
 
ADDITION
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by doryo (02-07-2018 16:57:03)
Running from D:\Cositas
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-01 15:04:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-60989047-3131939895-948155456-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-60989047-3131939895-948155456-503 - Limited - Disabled)
doryo (S-1-5-21-60989047-3131939895-948155456-1001 - Administrator - Enabled) => C:\Users\doryo
Guest (S-1-5-21-60989047-3131939895-948155456-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-60989047-3131939895-948155456-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AdWords Editor (HKLM-x32\...\{C5614EF0-5555-11E8-9B61-480FCF5D6515}) (Version: 12.3.3.0 - Google)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
ChromePlayerPlugin (HKLM-x32\...\{3F8C7A30-89B0-44F9-886E-D8E0C8C39282}) (Version: 3.23 - MinervaNetworks Inc.)
Google Chrome (HKLM-x32\...\{61D1D65D-76AF-37E3-A2AC-006AACB51587}) (Version: 67.0.3396.99 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 2.0.1.0 - Google LLC.)
HandBrake 1.0.0 (HKLM-x32\...\HandBrake) (Version: 1.0.0 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HL-1210W series (HKLM-x32\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
inSSIDer 2.0 (HKLM-x32\...\{6133183D-FA87-4924-8D50-1777222C05EA}) (Version: 2.0.3 - MetaGeek)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000030-0200-1034-84C8-B8D95FA3C8C3}) (Version: 20.30.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1b3fcb8d-3d2b-4477-b722-0b3e2c1195ba}) (Version: 20.30.1 - Intel Corporation)
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
K-Lite Mega Codec Pack 14.0.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.4 - KLCP)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.2.116.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Paragon Hard Disk Manager™ 14 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
VBA (2627.01) (HKLM-x32\...\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2627.4) (HKLM-x32\...\{5545EEE9-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WhatsApp (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\WhatsApp) (Version: 0.2.1061 - WhatsApp)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Driver Package - Silicon Laboratories (WinUSB) USB  (04/08/2013 4.0.0.0) (HKLM\...\ECCA79E3941154C28F5B308B576703BD8253BAB1) (Version: 04/08/2013 4.0.0.0 - Silicon Laboratories)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (06/18/2012 8.0.2.4) (HKLM\...\54DCDF5F20965812FBF3C1C44CE2E9E620585DE9) (Version: 06/18/2012 8.0.2.4 - Sony Corporation)
Windows Driver Package - Sony Croporation (SOWS) HIDClass  (06/11/2012 1.0.0.06110) (HKLM\...\5478D63468C46333F277779BC2B1EBAEA89C153D) (Version: 06/11/2012 1.0.0.06110 - Sony Croporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
YAMB (HKLM-x32\...\YAMB) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-01-02] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {003C0296-0189-4A41-B9EC-8F0573624061} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {060FAC03-AD67-4E24-A26A-A09C39EA8F0C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {09BB4F3D-F7C3-4077-9195-22471306450E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {0EC60CD0-4232-448B-9036-AF7DABC4703E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-10-11] (Microsoft Corporation)
Task: {18C6A765-3146-40B4-9435-0D3D25BBED3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-14] (Google Inc.)
Task: {1C92EC3C-3005-4C20-996B-27AF6596CE7D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-60989047-3131939895-948155456-1001UA => C:\Users\doryo\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {2457DA14-3C19-4A5E-A28F-B2E36BF2BD1C} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [2017-10-11] (Microsoft)
Task: {2B495949-BF13-4AEF-911E-403B5FEA4D61} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-doryon2004@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {30306294-3C35-4EF4-9032-7D5C121077B0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-10-11] (Microsoft Corporation)
Task: {3C2C1522-3D26-496E-B2DD-B6CE76D42498} - System32\Tasks\S-1-5-21-60989047-3131939895-948155456-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {3CCF9419-0906-4563-9E1D-098C66653CA3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-10-11] (Microsoft Corporation)
Task: {40E0387E-3406-4CB5-9A89-9A7093E86A89} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-10-11] (Microsoft Corporation)
Task: {4F77D1A1-B20B-4452-B2F4-816ECAB26311} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {5AD9DFEE-4825-4BE0-9CF8-8343395FADB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {66BD8886-8A89-4929-AB32-2DAFA24F452D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {66C1CCA6-4815-4AC5-BAB5-E88E7F4CC785} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-60989047-3131939895-948155456-1001Core => C:\Users\doryo\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {6DC47CCA-FB41-47DF-AE3F-859A202DE9E3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
Task: {8B84C353-213F-4980-B284-FCF4A8EA2DD9} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-doryon2004@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {8D93300C-E5CD-4428-9876-D0E10E91699F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {A3938491-00B9-4428-B83F-EF4FDFA148C0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {C16B59B4-812D-4F94-81E2-58D080322F71} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {CC37C225-F792-42FD-81AE-47290D034ECE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-14] (Google Inc.)
Task: {CD7325D1-2283-48A5-B00F-929F30477185} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {DF30238D-6840-4549-93E5-12CA5F111D77} - System32\Tasks\{F449DB48-8ECD-49D1-802D-1AC11F58B4EE} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.23.0.105&LastError=12002
Task: {E32BACF2-1C71-4154-AC67-4A2E54EF6C32} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2017-10-11] (Microsoft)
Task: {EF88A564-F3B1-4916-AD87-4F5530000F08} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-02-19] ()
Task: {F27C7F81-2B8A-4761-9648-8506F45DDDBE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\doryo\Desktop\Admin Ideas2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\doryo\Desktop\Marina Jazmín - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\doryo\Desktop\Pablo J - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\doryo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> /high-dpi-support=1 /force-device-scale-factor=1
ShortcutWithArgument: C:\Users\doryo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Marina Jazmín - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-26 04:58 - 2017-07-26 04:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2018-04-11 20:34 - 2018-04-11 20:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-02-22 23:56 - 2017-02-22 23:56 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-23 11:18 - 2018-05-23 11:19 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-17 07:46 - 2018-04-17 07:48 - 001922232 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-05-30 11:03 - 2018-05-30 11:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-06-28 10:24 - 2018-06-28 10:24 - 000113152 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\_ctypes.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000080896 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\bz2.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 001585152 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\_hashlib.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000128512 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32api.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000137728 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\pywintypes27.dll
2018-06-28 10:24 - 2018-06-28 10:24 - 000548864 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\pythoncom27.dll
2018-06-28 10:24 - 2018-06-28 10:24 - 000689664 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\unicodedata.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000438784 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32com.shell.shell.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 001489408 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\wx._core_.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 001007104 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\wx._gdi_.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 001039872 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\wx._windows_.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 001325056 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\wx._controls_.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000916992 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\wx._misc_.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 001084416 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\pysqlite2._sqlite.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000149504 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32file.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000136192 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32security.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000007680 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\hashobjs_ext.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000020992 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\thumbnails_ext.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000118784 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\usb_ext.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000047616 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\_socket.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 002224640 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\_ssl.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000014848 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\common.time34.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000023040 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32event.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000034304 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\windows.conditional.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000020480 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\windows.winwrap.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000110080 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\windows.volumes.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000223232 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32gui.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000173568 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\_elementtree.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000169472 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\pyexpat.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000048128 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32inet.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000103424 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\wx._html2.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000046080 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\_psutil_windows.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000633272 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\windows._cacheinvalidation.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000011776 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32crypt.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000301568 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\PIL._imaging.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000032256 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\_multiprocessing.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 005458944 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\cello.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000026112 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\_yappi.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000044032 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32process.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000027648 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32pipe.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000010752 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\select.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000029696 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32pdh.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000038400 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\windows.connectivity.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000073216 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\windows.device_monitor.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000020480 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32profile.pyd
2018-06-28 10:24 - 2018-06-28 10:24 - 000026624 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI112042\win32ts.pyd
2018-06-25 18:38 - 2018-06-22 16:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-25 18:38 - 2018-06-22 16:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-06-09 15:06 - 2018-06-09 15:07 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-09 15:06 - 2018-06-09 15:07 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 06:23 - 2017-10-05 06:24 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-04 17:16 - 2018-05-04 17:27 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-05 08:06 - 2018-04-05 08:13 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-06-09 15:06 - 2018-06-09 15:07 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-09 15:06 - 2018-06-09 15:07 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-06-09 15:06 - 2018-06-09 15:07 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 000103424 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-04-05 08:06 - 2018-04-05 08:13 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2014-04-07 11:31 - 2014-04-07 11:31 - 000172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2018-04-19 11:48 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-04-19 11:48 - 2018-01-18 15:39 - 000519168 _____ () C:\Program Files (x86)\Browny02\BrMonitor.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 04:24 - 2016-07-15 18:04 - 000000857 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 site.darriens.localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-60989047-3131939895-948155456-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\StartupApproved\Run: => "AirDroid 3"
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\StartupApproved\Run: => "Kies3PDLR.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C66A32FB-3C15-4FAF-80F4-DD09E4FF2BAF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{E3A0AD07-F2A2-4412-A20D-0CBA92B36E83}C:\program files\windowsapps\xbmcfoundation.kodi_17.4.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.4.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [TCP Query User{6F67E496-A5BE-47A3-B8AF-393AFBDF88DF}C:\program files\windowsapps\xbmcfoundation.kodi_17.4.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.4.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [UDP Query User{354ECB70-5069-4F95-B672-A6120F25C43F}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [TCP Query User{0ADB92F0-4E30-46D3-A10D-6E5CD7BFBDFD}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{1DA02B4B-15E7-446D-82B7-5ED005FD2379}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{F8A58B26-FDFF-486D-8C65-67609E200BD7}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{126EC30E-96A5-4442-B454-EC30559FDB84}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{8D0AB6A7-1643-4A45-9843-4EE2A866829A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [UDP Query User{C31F0F48-B3A0-4486-A299-12B9EC7E2053}C:\users\doryo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\doryo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BCC5805C-CF52-4207-B480-C37DC06A4A1E}C:\users\doryo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\doryo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{286D6C36-E73D-48F4-A59E-8BD956DDF70F}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{9B3C317C-2F9A-43A0-AEFC-96F52126E3F0}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{EB886680-80E6-47C3-9760-7F018A9505B1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{17CACB84-5F77-407D-B3B5-286318CBE644}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{8B634F36-7A3A-4AF8-86F7-B6E24A195B3E}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5144F8FC-C34D-4444-B0F2-8C0E15602C23}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED335A90-F6EA-41F5-8A12-FD7A7CEBCFB4}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F8398A30-F5B1-4678-AAE4-DE857FE5EA26}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1FBEB042-7D19-4B20-9E8D-399F7BB82F0D}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{314F36D0-A562-4F73-AF71-706A8F37C636}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FD01F1F9-952F-4509-9A95-CB8132F2521C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3931563E-002D-40A3-A27E-DFFA8BA7CBBA}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{B02FDC29-1035-4F68-A799-D8D1E98D2BF7}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{7C523620-837A-4520-9F80-FA55C25D728E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{8C141655-DE00-46DD-A5B0-0F2329C51061}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [TCP Query User{BAA88CD9-102D-4C49-BCB1-DA87D9A93ECC}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{96603254-2586-4B94-9B4D-1F6FF8BB9B93}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{9393E3BF-FFE3-458D-905F-87BD28B5F299}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5230391B-115E-4E42-957B-8933CE29D741}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{99BF027F-BE6F-4AAB-9B3F-961FF0003AB6}C:\wamp\bin\apache\apache2.4.18\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.18\bin\httpd.exe
FirewallRules: [UDP Query User{08A36B42-4324-4A3C-8FCA-B8AFE6FBFF2E}C:\wamp\bin\apache\apache2.4.18\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.18\bin\httpd.exe
FirewallRules: [TCP Query User{A5B758F8-6139-43DF-BA46-617A3273302E}C:\programdata\minervanetworks\pluginpnacl\browserpluginhelper.exe] => (Allow) C:\programdata\minervanetworks\pluginpnacl\browserpluginhelper.exe
FirewallRules: [UDP Query User{E54E0EC4-C9FE-40E1-BCF4-10D22F08197A}C:\programdata\minervanetworks\pluginpnacl\browserpluginhelper.exe] => (Allow) C:\programdata\minervanetworks\pluginpnacl\browserpluginhelper.exe
FirewallRules: [TCP Query User{4E3A3680-F060-461B-A112-C3CBEB4CB01E}C:\programdata\minervanetworks\chromeplayerplugin\browserpluginhelper.exe] => (Allow) C:\programdata\minervanetworks\chromeplayerplugin\browserpluginhelper.exe
FirewallRules: [UDP Query User{2609F01A-0BDB-44C3-9EAB-6E64A929422A}C:\programdata\minervanetworks\chromeplayerplugin\browserpluginhelper.exe] => (Allow) C:\programdata\minervanetworks\chromeplayerplugin\browserpluginhelper.exe
FirewallRules: [{C9D38CA8-D868-4B1D-93E8-4897764143CE}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{32167CD4-0C10-46FD-936C-5AF736BCF079}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B2220EAC-BE7D-461A-9FA4-EA1B0C835EDE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
12-06-2018 20:22:05 Windows Update
20-06-2018 15:44:41 Scheduled Checkpoint
30-06-2018 14:24:22 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/01/2018 10:51:30 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/16/2018 02:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AGSService.exe, version: 4.5.0.814, time stamp: 0x5a4f2d48
Faulting module name: ntdll.dll, version: 10.0.17134.1, time stamp: 0xc8733c73
Exception code: 0xc0000005
Fault offset: 0x00022df9
Faulting process id: 0xe3c
Faulting application start time: 0x01d3e7d5d53c3f26
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 69914321-0ed2-4ccf-9bad-59b4b8974594
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/14/2018 06:34:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18031.15820.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 18e0
 
Start Time: 01d3eb6510ad5016
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: a4289ed4-4148-4111-a0f2-c5099b3879f6
 
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (05/11/2018 03:20:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18031.15820.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 968
 
Start Time: 01d3e952f6969a61
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: f126e9fb-a65e-4b4d-80a7-e8b5bec46981
 
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (05/01/2018 12:01:39 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Error: (05/01/2018 12:01:39 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Error: (05/01/2018 12:01:39 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelWLANEvent" whose target class "CIntelWLANEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Error: (05/01/2018 12:01:39 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
 
System errors:
=============
Error: (07/02/2018 06:37:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/02/2018 06:30:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/01/2018 03:55:24 PM) (Source: DCOM) (EventID: 10016) (User: VAIO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user VAIO\doryo SID (S-1-5-21-60989047-3131939895-948155456-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/01/2018 12:06:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/01/2018 11:58:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/01/2018 11:55:50 AM) (Source: DCOM) (EventID: 10016) (User: VAIO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user VAIO\doryo SID (S-1-5-21-60989047-3131939895-948155456-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/30/2018 01:26:41 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/30/2018 09:14:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-06-08 13:13:13.875
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7AEE71C6-FFA3-45F4-A41E-42542F138106}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-31 19:23:39.384
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3B6CEFD8-F020-4585-9695-DA58FFC9BBD8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-26 08:34:44.210
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.1961.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2018-06-28 09:19:30.961
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-09 13:42:44.445
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 32%
Total physical RAM: 16266.35 MB
Available physical RAM: 11019.27 MB
Total Virtual: 16466.35 MB
Available Virtual: 11024.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:231.58 GB) (Free:42.62 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Harley) (Fixed) (Total:698.64 GB) (Free:94.35 GB) NTFS
Drive e: (24GB SSD) (Fixed) (Total:22.36 GB) (Free:10.6 GB) NTFS
 
\\?\Volume{ae625731-0000-0000-0000-30043a000000}\ () (Fixed) (Total:0.82 GB) (Free:0.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: AE625731)
Partition 1: (Active) - (Size=231.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=838 MB) - (Type=27)
 
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: AB0F1A1C)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: DDC4E5CD)
Partition 2: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 AM

Posted 03 July 2018 - 07:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
CloseProcesses:

CHR Extension: (iPad Simulator) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\biamdeofchcbekmcakjcfnpdipmkmkbb [2016-05-14]

Task: {4F77D1A1-B20B-4452-B2F4-816ECAB26311} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {DF30238D-6840-4549-93E5-12CA5F111D77} - System32\Tasks\{F449DB48-8ECD-49D1-802D-1AC11F58B4EE} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.23.0.105&LastError=12002
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
C:\Windows\System32\Tasks\AutoKMS
C:\Windows\AutoKMS
C:\Windows\System32\Tasks\{F449DB48-8ECD-49D1-802D-1AC11F58B4EE}

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If Malwarebytes and or AdwCleaner are always reporting the same entries and cannot be removed please post the logs for my review.

Let me know if the redirects issue is solved.

#3 doryon

doryon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 03 July 2018 - 08:10 AM

Hi nasdaq, thanks a lot.

 

Malwarebytes didn't find anything and AdwCleaner find a few issues the first time I ran it, but it haven't find anything since and the issue was still happening.

I'll wait for a day or two then to see if it's gone (I already got one earlier today) and I'll let you know.

 

Fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by doryo (03-07-2018 10:03:09) Run:1
Running from D:\Cositas
Loaded Profiles: doryo (Available Profiles: doryo)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
CHR Extension: (iPad Simulator) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\biamdeofchcbekmcakjcfnpdipmkmkbb [2016-05-14]
 
Task: {4F77D1A1-B20B-4452-B2F4-816ECAB26311} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe
Task: {DF30238D-6840-4549-93E5-12CA5F111D77} - System32\Tasks\{F449DB48-8ECD-49D1-802D-1AC11F58B4EE} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://www.skype.com/go/downloading?source=lightinstaller&ver=7.23.0.105&LastError=12002
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
C:\Windows\System32\Tasks\AutoKMS
C:\Windows\AutoKMS
C:\Windows\System32\Tasks\{F449DB48-8ECD-49D1-802D-1AC11F58B4EE}
 
Reboot:
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
CHR Extension: (iPad Simulator) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\biamdeofchcbekmcakjcfnpdipmkmkbb [2016-05-14] => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{4F77D1A1-B20B-4452-B2F4-816ECAB26311}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4F77D1A1-B20B-4452-B2F4-816ECAB26311}" => removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF30238D-6840-4549-93E5-12CA5F111D77}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF30238D-6840-4549-93E5-12CA5F111D77}" => removed successfully
C:\WINDOWS\System32\Tasks\{F449DB48-8ECD-49D1-802D-1AC11F58B4EE} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F449DB48-8ECD-49D1-802D-1AC11F58B4EE}" => removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
"C:\Windows\System32\Tasks\AutoKMS" => not found
C:\Windows\AutoKMS => moved successfully
"C:\Windows\System32\Tasks\{F449DB48-8ECD-49D1-802D-1AC11F58B4EE}" => not found
 
 
The system needed a reboot.
 
==== End of Fixlog 10:03:24 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 AM

Posted 03 July 2018 - 01:17 PM

Hi,

If reported by Malwarebytes and or Adwcleaner and it's not removed it may be a Sync issue.

Chrome Secure Preferences detection always comes back

https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/
===========

#5 doryon

doryon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 03 July 2018 - 05:59 PM

Hi,

Wow, I didn't know that.

I used to have this and another PC with the same account, but I haven't been using the other one in months, so I don't think that it could be the issue, but I'll keep that in mind in and try that in case it appears again tomorrow.

So far, so good, but I'm still waiting.

Thanks again,



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 AM

Posted 04 July 2018 - 07:31 AM

Glad we could help.

#7 doryon

doryon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 04 July 2018 - 09:16 AM

Hi!

Well, it's back :(

I ran Malwarebytes and ADWCleaner and neither found a thing.

Here are new FRST logs in case it helps:

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by doryo (administrator) on VAIO (04-07-2018 11:11:37)
Running from D:\Cositas
Loaded Profiles: doryo (Available Profiles: doryo)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Spotify Ltd) C:\Users\doryo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [Google Update] => C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [1023664 2016-03-25] (Samsung)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [GoogleChromeAutoLaunch_5EED4FD486233C4C3DD6EE9C0C139F49] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568 2018-06-22] (Google Inc.)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [Spotify Web Helper] => C:\Users\doryo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-14] (Spotify Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 site.darriens.localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a3a1b25f-0f40-4673-ba2d-1ded653623fe}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{bcbebfbc-3322-43c1-8151-24d4badd002e}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{bcbebfbc-3322-43c1-8151-24d4badd002e}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-60989047-3131939895-948155456-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-04-11] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-04-11] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2016-10-18] (Sun Microsystems, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2016-10-18] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-60989047-3131939895-948155456-1001: @tools.google.com/Google Update;version=3 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-60989047-3131939895-948155456-1001: @tools.google.com/Google Update;version=9 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default [2018-07-04]
CHR Extension: (Slides) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-14]
CHR Extension: (Brushed) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2016-12-21]
CHR Extension: (iPad Simulator) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\biamdeofchcbekmcakjcfnpdipmkmkbb [2016-05-14]
CHR Extension: (YouTube) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-14]
CHR Extension: (Google Play Music) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-05-09]
CHR Extension: (Sheets) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2016-05-14]
CHR Extension: (Cablevisión Flow) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbnbmbkemlokfckhdoaakhjogffkinc [2017-06-14]
CHR Extension: (Google Docs Offline) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-14]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-05-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-17]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-14]
CHR Extension: (Chrome Media Router) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-12]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-02-22]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-07-04]
CHR Extension: (Slides) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-07]
CHR Extension: (Docs) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-07]
CHR Extension: (Google Drive) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-05]
CHR Extension: (IBM Security Rapport) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-15]
CHR Extension: (YourTV Chrome extension) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bdlhpbalhdjobabgbacbgclpjjelainj [2018-02-22]
CHR Extension: (YouTube) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-05]
CHR Extension: (Adobe Acrobat) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Sheets) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-05]
CHR Extension: (Summer Holidays) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfecfgangbaamlkdcebkbngncpabddea [2017-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-05]
CHR Extension: (Chrome Media Router) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-12]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-06-28]
CHR Extension: (Slides) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-17]
CHR Extension: (Docs) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-17]
CHR Extension: (Google Drive) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08]
CHR Extension: (YouTube) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
CHR Extension: (Adobe Acrobat) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-08]
CHR Extension: (Sheets) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-17]
CHR Extension: (Google Docs Offline) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-17]
CHR Extension: (Gmail) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-17]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\System Profile [2018-06-28]
CHR HKU\S-1-5-21-60989047-3131939895-948155456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-60989047-3131939895-948155456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bdlhpbalhdjobabgbacbgclpjjelainj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] ()
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [320472 2018-01-02] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-01-17] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257624 2016-11-29] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-28] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-28] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2018-01-17] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [226560 2017-07-26] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [232936 2017-05-19] (Intel Corporation)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3521032 2017-11-08] (Intel Corporation)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [64088 2016-11-29] (Synaptics Incorporated)
R3 SOWS; C:\WINDOWS\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102664 2014-02-10] ()
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25992 2014-02-10] ()
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [700424 2014-02-10] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-28] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-28] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-28] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-02 16:17 - 2018-07-04 11:11 - 000000000 ____D C:\FRST
2018-06-28 10:10 - 2018-06-28 10:11 - 000000000 ____D C:\AdwCleaner
2018-06-28 10:02 - 2018-06-28 10:02 - 000000000 ____D C:\Program Files\HitmanPro
2018-06-28 10:01 - 2018-06-28 10:07 - 000000000 ____D C:\ProgramData\HitmanPro
2018-06-23 15:03 - 2018-06-23 15:03 - 000000000 ____D C:\Users\doryo\Desktop\Brian
2018-06-12 21:17 - 2018-06-08 06:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-12 21:17 - 2018-06-08 06:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-12 21:16 - 2018-06-08 16:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-06-12 21:16 - 2018-06-08 16:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-12 21:16 - 2018-06-08 16:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-12 21:16 - 2018-06-08 16:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-12 21:16 - 2018-06-08 16:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-06-12 21:16 - 2018-06-08 16:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-12 21:16 - 2018-06-08 16:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-06-12 21:16 - 2018-06-08 15:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-12 21:16 - 2018-06-08 15:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-12 21:16 - 2018-06-08 15:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-12 21:16 - 2018-06-08 15:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-12 21:16 - 2018-06-08 15:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-12 21:16 - 2018-06-08 15:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-06-12 21:16 - 2018-06-08 15:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-12 21:16 - 2018-06-08 15:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-06-12 21:16 - 2018-06-08 15:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-06-12 21:16 - 2018-06-08 15:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-12 21:16 - 2018-06-08 15:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-12 21:16 - 2018-06-08 15:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-12 21:16 - 2018-06-08 15:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-12 21:16 - 2018-06-08 15:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-12 21:16 - 2018-06-08 15:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-12 21:16 - 2018-06-08 15:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-12 21:16 - 2018-06-08 15:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-12 21:16 - 2018-06-08 15:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-06-12 21:16 - 2018-06-08 15:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-06-12 21:16 - 2018-06-08 14:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-12 21:16 - 2018-06-08 13:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-12 21:16 - 2018-06-08 13:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-06-12 21:16 - 2018-06-08 13:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-12 21:16 - 2018-06-08 13:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-06-12 21:16 - 2018-06-08 13:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-12 21:16 - 2018-06-08 13:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-12 21:16 - 2018-06-08 13:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-06-12 21:16 - 2018-06-08 13:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-12 21:16 - 2018-06-08 13:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-12 21:16 - 2018-06-08 13:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-06-12 21:16 - 2018-06-08 13:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-12 21:16 - 2018-06-08 13:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-12 21:16 - 2018-06-08 13:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-12 21:16 - 2018-06-08 13:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-12 21:16 - 2018-06-08 11:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-12 21:16 - 2018-06-08 11:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-12 21:16 - 2018-06-08 07:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-12 21:16 - 2018-06-08 07:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-12 21:16 - 2018-06-08 07:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-12 21:16 - 2018-06-08 07:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-12 21:16 - 2018-06-08 07:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-12 21:16 - 2018-06-08 07:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-12 21:16 - 2018-06-08 07:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-12 21:16 - 2018-06-08 07:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-12 21:16 - 2018-06-08 07:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-12 21:16 - 2018-06-08 07:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-12 21:16 - 2018-06-08 06:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-12 21:16 - 2018-06-08 06:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-12 21:16 - 2018-06-08 06:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-12 21:16 - 2018-06-08 06:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-12 21:16 - 2018-06-08 06:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-12 21:16 - 2018-06-08 06:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-12 21:16 - 2018-06-08 06:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-12 21:16 - 2018-06-08 06:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-12 21:16 - 2018-06-08 06:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-06-12 21:16 - 2018-06-08 06:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-12 21:16 - 2018-06-08 06:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-12 21:16 - 2018-06-08 06:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-12 21:16 - 2018-06-08 06:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-12 21:16 - 2018-06-08 06:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-06-12 21:16 - 2018-06-08 06:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-12 21:16 - 2018-06-08 06:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-12 21:16 - 2018-06-08 06:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-12 21:16 - 2018-06-08 06:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-12 21:16 - 2018-06-08 06:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-12 21:16 - 2018-06-08 06:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-12 21:16 - 2018-06-08 06:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-12 21:16 - 2018-06-08 06:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-12 21:16 - 2018-06-08 06:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-12 21:16 - 2018-06-08 06:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-12 21:16 - 2018-06-08 06:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-12 21:16 - 2018-06-08 06:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-06-12 21:16 - 2018-06-08 06:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-12 21:16 - 2018-06-08 06:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-06-12 21:16 - 2018-06-08 06:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-12 21:16 - 2018-06-08 06:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-06-12 21:16 - 2018-06-08 06:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-06-12 21:16 - 2018-06-08 06:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-12 21:16 - 2018-06-08 06:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-12 21:16 - 2018-06-08 06:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-12 21:16 - 2018-06-08 06:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-06-12 21:16 - 2018-06-08 06:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-12 21:16 - 2018-06-08 05:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-06-12 21:16 - 2018-06-08 05:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-12 21:16 - 2018-06-08 05:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-06-12 21:16 - 2018-06-08 05:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-06-12 21:16 - 2018-06-08 05:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-12 21:16 - 2018-06-08 05:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-12 21:16 - 2018-06-08 05:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-06-12 21:16 - 2018-06-08 05:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-06-12 21:16 - 2018-06-08 05:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-06-12 21:16 - 2018-06-08 05:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-12 21:16 - 2018-06-08 04:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-12 21:16 - 2018-06-06 15:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-12 21:16 - 2018-06-06 01:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-12 21:16 - 2018-06-01 20:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-12 21:16 - 2018-06-01 19:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-12 21:16 - 2018-05-25 00:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-06-12 21:16 - 2018-05-20 16:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-12 21:16 - 2018-05-20 16:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-12 21:16 - 2018-05-20 16:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-12 21:16 - 2018-05-20 16:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-12 21:16 - 2018-05-20 16:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-12 21:16 - 2018-05-20 16:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-12 21:16 - 2018-05-20 16:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-12 21:16 - 2018-05-20 16:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-12 21:16 - 2018-05-20 16:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-12 21:16 - 2018-05-20 16:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-12 21:16 - 2018-05-20 16:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-12 21:16 - 2018-05-20 16:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-12 21:16 - 2018-05-20 15:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-12 21:16 - 2018-05-20 15:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-12 21:16 - 2018-05-20 15:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-12 21:16 - 2018-05-20 15:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-12 21:16 - 2018-05-20 15:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-12 21:16 - 2018-05-20 14:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-12 21:16 - 2018-05-20 14:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-12 21:16 - 2018-05-20 13:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-12 21:16 - 2018-05-20 13:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-12 21:16 - 2018-05-20 13:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-12 21:16 - 2018-05-20 13:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-12 21:16 - 2018-05-20 13:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-12 21:16 - 2018-05-20 11:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-12 21:16 - 2018-05-20 09:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-12 21:16 - 2018-05-20 08:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-12 21:16 - 2018-05-20 08:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-12 21:16 - 2018-05-20 08:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-12 21:16 - 2018-05-20 08:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-12 21:16 - 2018-05-20 08:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-12 21:16 - 2018-05-20 08:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-12 21:16 - 2018-05-20 08:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-12 21:16 - 2018-05-20 08:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-12 21:16 - 2018-05-20 08:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-12 21:16 - 2018-05-20 08:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-12 21:16 - 2018-05-20 08:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-12 21:16 - 2018-05-20 08:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-12 21:16 - 2018-05-20 08:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-12 21:16 - 2018-05-20 08:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-12 21:16 - 2018-05-20 08:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-12 21:16 - 2018-05-20 08:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-12 21:16 - 2018-05-20 08:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-12 21:16 - 2018-05-20 08:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-12 21:16 - 2018-05-20 08:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-12 21:16 - 2018-05-20 08:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-12 21:16 - 2018-05-20 08:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-12 21:16 - 2018-05-20 08:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-12 21:16 - 2018-05-20 08:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-12 21:16 - 2018-05-20 08:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-12 21:16 - 2018-05-20 08:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-12 21:16 - 2018-05-20 08:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-12 21:16 - 2018-05-20 08:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-12 21:16 - 2018-05-20 08:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-12 21:16 - 2018-05-20 08:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-12 21:16 - 2018-05-20 08:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-12 21:16 - 2018-05-20 08:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-12 21:16 - 2018-05-20 08:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-12 21:16 - 2018-05-20 08:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-12 21:16 - 2018-05-20 08:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-12 21:16 - 2018-05-20 08:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-12 21:16 - 2018-05-20 08:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-12 21:16 - 2018-05-20 08:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-12 21:16 - 2018-05-20 08:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-12 21:16 - 2018-05-20 08:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-12 21:16 - 2018-05-20 05:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-12 21:16 - 2018-05-18 14:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-06-12 19:29 - 2018-06-12 19:58 - 000000000 ____D C:\Users\doryo\Desktop\fotos taller abuelos
2018-06-09 13:42 - 2018-06-09 13:42 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-09 13:42 - 2018-06-09 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-09 13:42 - 2018-06-09 13:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-09 13:42 - 2018-06-09 13:42 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-09 13:42 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-05 20:40 - 2018-06-05 20:40 - 000000000 ____D C:\Users\doryo\AppData\Local\D3DSCache
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-04 11:01 - 2016-05-16 09:23 - 000000000 ____D C:\Users\doryo\AppData\Roaming\uTorrent
2018-07-04 10:39 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-04 10:33 - 2016-05-19 17:43 - 000000000 ____D C:\Users\doryo\AppData\Local\Adobe
2018-07-04 09:35 - 2018-05-01 12:03 - 000004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1933E47A-0F08-41FC-AB27-8F5C523F4B1C}
2018-07-03 21:32 - 2018-05-01 11:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-03 18:17 - 2016-05-16 10:08 - 000000000 ____D C:\Users\doryo\Documents\Outlook Files
2018-07-03 10:42 - 2017-10-19 11:53 - 000000000 ____D C:\Users\doryo\AppData\Local\Packages
2018-07-03 10:08 - 2018-05-01 16:50 - 000782398 _____ C:\WINDOWS\system32\perfh00A.dat
2018-07-03 10:08 - 2018-05-01 16:50 - 000152222 _____ C:\WINDOWS\system32\perfc00A.dat
2018-07-03 10:08 - 2018-05-01 12:02 - 001762872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-03 10:08 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-03 10:08 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-03 10:08 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-03 10:04 - 2018-05-01 12:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-03 10:04 - 2018-03-31 12:09 - 000000000 ____D C:\Temp
2018-07-03 10:04 - 2016-05-14 13:05 - 000000000 __SHD C:\Users\doryo\IntelGraphicsProfiles
2018-07-03 10:03 - 2018-04-11 18:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-06-30 14:53 - 2017-09-28 19:08 - 000000000 ____D C:\Users\doryo\Desktop\Néstor
2018-06-28 10:12 - 2016-05-16 09:45 - 000000000 ____D C:\Users\doryo\AppData\Roaming\Skype
2018-06-28 07:12 - 2018-02-14 03:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 09:54 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-25 18:38 - 2016-05-14 19:28 - 000002299 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-25 18:38 - 2016-05-14 19:28 - 000002258 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-23 20:24 - 2018-05-01 12:03 - 000003350 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-60989047-3131939895-948155456-1001
2018-06-23 20:24 - 2018-05-01 11:57 - 000002359 _____ C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-23 20:24 - 2016-05-14 12:39 - 000000000 ___RD C:\Users\doryo\OneDrive
2018-06-17 10:35 - 2017-03-08 10:05 - 000002472 _____ C:\Users\doryo\Desktop\Admin Ideas2 - Chrome.lnk
2018-06-17 10:34 - 2017-03-05 21:43 - 000002472 _____ C:\Users\doryo\Desktop\Marina Jazmín - Chrome.lnk
2018-06-12 21:43 - 2016-05-16 14:02 - 000000000 ___RD C:\Users\doryo\3D Objects
2018-06-12 21:43 - 2016-02-13 10:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-12 21:42 - 2018-05-01 11:56 - 005099288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-12 21:42 - 2018-04-11 18:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-12 21:37 - 2016-05-14 12:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-12 21:35 - 2017-10-10 19:05 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-12 21:35 - 2016-05-14 12:57 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-12 21:30 - 2015-10-30 04:24 - 000000167 _____ C:\WINDOWS\win.ini
2018-06-12 21:19 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-09 13:47 - 2017-08-11 09:32 - 000000000 ____D C:\Program Files\AutoCAD 2009
2018-06-08 06:17 - 2015-10-30 05:13 - 000407558 __RSH C:\bootmgr
2018-06-05 20:29 - 2018-04-11 20:41 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 20:29 - 2018-04-11 20:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-05 19:44 - 2016-08-12 20:21 - 000000000 ____D C:\Users\doryo\Desktop\IIBB JAZ
 
==================== Files in the root of some directories =======
 
2016-12-26 11:36 - 2016-12-26 11:36 - 000000132 _____ () C:\Users\doryo\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2016-06-10 11:56 - 2018-05-03 12:29 - 000000132 _____ () C:\Users\doryo\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-01 11:56
 
==================== End of FRST.txt ============================
 
 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by doryo (04-07-2018 11:12:18)
Running from D:\Cositas
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-01 15:04:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-60989047-3131939895-948155456-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-60989047-3131939895-948155456-503 - Limited - Disabled)
doryo (S-1-5-21-60989047-3131939895-948155456-1001 - Administrator - Enabled) => C:\Users\doryo
Guest (S-1-5-21-60989047-3131939895-948155456-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-60989047-3131939895-948155456-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AdWords Editor (HKLM-x32\...\{C5614EF0-5555-11E8-9B61-480FCF5D6515}) (Version: 12.3.3.0 - Google)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
ChromePlayerPlugin (HKLM-x32\...\{3F8C7A30-89B0-44F9-886E-D8E0C8C39282}) (Version: 3.23 - MinervaNetworks Inc.)
Google Chrome (HKLM-x32\...\{61D1D65D-76AF-37E3-A2AC-006AACB51587}) (Version: 67.0.3396.99 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 2.0.1.0 - Google LLC.)
HandBrake 1.0.0 (HKLM-x32\...\HandBrake) (Version: 1.0.0 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HL-1210W series (HKLM-x32\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
inSSIDer 2.0 (HKLM-x32\...\{6133183D-FA87-4924-8D50-1777222C05EA}) (Version: 2.0.3 - MetaGeek)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000030-0200-1034-84C8-B8D95FA3C8C3}) (Version: 20.30.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1b3fcb8d-3d2b-4477-b722-0b3e2c1195ba}) (Version: 20.30.1 - Intel Corporation)
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
K-Lite Mega Codec Pack 14.0.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.4 - KLCP)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.2.116.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Paragon Hard Disk Manager™ 14 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
VBA (2627.01) (HKLM-x32\...\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2627.4) (HKLM-x32\...\{5545EEE9-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WhatsApp (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\WhatsApp) (Version: 0.2.1061 - WhatsApp)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Driver Package - Silicon Laboratories (WinUSB) USB  (04/08/2013 4.0.0.0) (HKLM\...\ECCA79E3941154C28F5B308B576703BD8253BAB1) (Version: 04/08/2013 4.0.0.0 - Silicon Laboratories)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (06/18/2012 8.0.2.4) (HKLM\...\54DCDF5F20965812FBF3C1C44CE2E9E620585DE9) (Version: 06/18/2012 8.0.2.4 - Sony Corporation)
Windows Driver Package - Sony Croporation (SOWS) HIDClass  (06/11/2012 1.0.0.06110) (HKLM\...\5478D63468C46333F277779BC2B1EBAEA89C153D) (Version: 06/11/2012 1.0.0.06110 - Sony Croporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
YAMB (HKLM-x32\...\YAMB) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-01-02] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {003C0296-0189-4A41-B9EC-8F0573624061} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {060FAC03-AD67-4E24-A26A-A09C39EA8F0C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {09BB4F3D-F7C3-4077-9195-22471306450E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {0EC60CD0-4232-448B-9036-AF7DABC4703E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-10-11] (Microsoft Corporation)
Task: {18C6A765-3146-40B4-9435-0D3D25BBED3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-14] (Google Inc.)
Task: {1C92EC3C-3005-4C20-996B-27AF6596CE7D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-60989047-3131939895-948155456-1001UA => C:\Users\doryo\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {2457DA14-3C19-4A5E-A28F-B2E36BF2BD1C} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [2017-10-11] (Microsoft)
Task: {2B495949-BF13-4AEF-911E-403B5FEA4D61} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-doryon2004@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {30306294-3C35-4EF4-9032-7D5C121077B0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-10-11] (Microsoft Corporation)
Task: {3C2C1522-3D26-496E-B2DD-B6CE76D42498} - System32\Tasks\S-1-5-21-60989047-3131939895-948155456-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {3CCF9419-0906-4563-9E1D-098C66653CA3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-10-11] (Microsoft Corporation)
Task: {40E0387E-3406-4CB5-9A89-9A7093E86A89} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-10-11] (Microsoft Corporation)
Task: {5AD9DFEE-4825-4BE0-9CF8-8343395FADB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {66BD8886-8A89-4929-AB32-2DAFA24F452D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {66C1CCA6-4815-4AC5-BAB5-E88E7F4CC785} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-60989047-3131939895-948155456-1001Core => C:\Users\doryo\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {6DC47CCA-FB41-47DF-AE3F-859A202DE9E3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
Task: {8B84C353-213F-4980-B284-FCF4A8EA2DD9} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-doryon2004@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {8D93300C-E5CD-4428-9876-D0E10E91699F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {A3938491-00B9-4428-B83F-EF4FDFA148C0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {C16B59B4-812D-4F94-81E2-58D080322F71} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {CC37C225-F792-42FD-81AE-47290D034ECE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-14] (Google Inc.)
Task: {CD7325D1-2283-48A5-B00F-929F30477185} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {E32BACF2-1C71-4154-AC67-4A2E54EF6C32} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2017-10-11] (Microsoft)
Task: {EF88A564-F3B1-4916-AD87-4F5530000F08} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-02-19] ()
Task: {F27C7F81-2B8A-4761-9648-8506F45DDDBE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\doryo\Desktop\Admin Ideas2 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\doryo\Desktop\Marina Jazmín - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\Users\doryo\Desktop\Pablo J - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
ShortcutWithArgument: C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\doryo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> /high-dpi-support=1 /force-device-scale-factor=1
ShortcutWithArgument: C:\Users\doryo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Marina Jazmín - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-26 04:58 - 2017-07-26 04:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2018-04-11 20:34 - 2018-04-11 20:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-02-22 23:56 - 2017-02-22 23:56 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-23 11:18 - 2018-05-23 11:19 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-17 07:46 - 2018-04-17 07:48 - 001922232 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-05-30 11:03 - 2018-05-30 11:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-07-03 10:04 - 2018-07-03 10:04 - 000113152 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\_ctypes.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000080896 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\bz2.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 001585152 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\_hashlib.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000128512 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32api.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000137728 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\pywintypes27.dll
2018-07-03 10:04 - 2018-07-03 10:04 - 000548864 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\pythoncom27.dll
2018-07-03 10:04 - 2018-07-03 10:04 - 000689664 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\unicodedata.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000438784 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32com.shell.shell.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 001489408 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\wx._core_.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 001007104 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\wx._gdi_.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 001039872 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\wx._windows_.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 001325056 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\wx._controls_.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000916992 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\wx._misc_.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 001084416 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\pysqlite2._sqlite.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000149504 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32file.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000136192 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32security.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000007680 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\hashobjs_ext.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000020992 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\thumbnails_ext.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000118784 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\usb_ext.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000047616 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\_socket.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 002224640 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\_ssl.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000014848 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\common.time34.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000023040 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32event.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000034304 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\windows.conditional.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000020480 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\windows.winwrap.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000110080 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\windows.volumes.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000223232 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32gui.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000173568 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\_elementtree.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000169472 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\pyexpat.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000048128 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32inet.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000103424 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\wx._html2.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000046080 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\_psutil_windows.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000633272 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\windows._cacheinvalidation.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000011776 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32crypt.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000301568 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\PIL._imaging.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000032256 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\_multiprocessing.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 005458944 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\cello.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000026112 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\_yappi.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000044032 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32process.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000027648 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32pipe.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000010752 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\select.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000029696 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32pdh.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000038400 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\windows.connectivity.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000073216 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\windows.device_monitor.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000020480 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32profile.pyd
2018-07-03 10:04 - 2018-07-03 10:04 - 000026624 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI109642\win32ts.pyd
2018-06-09 15:06 - 2018-06-09 15:07 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-09 15:06 - 2018-06-09 15:07 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 06:23 - 2017-10-05 06:24 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-04 17:16 - 2018-05-04 17:27 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-05 08:06 - 2018-04-05 08:13 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-06-09 15:06 - 2018-06-09 15:07 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-09 15:06 - 2018-06-09 15:07 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-06-09 15:06 - 2018-06-09 15:07 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2018-05-17 08:19 - 2018-05-17 08:19 - 004193792 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-05-03 04:30 - 2018-05-03 04:30 - 000634880 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2014-04-07 11:31 - 2014-04-07 11:31 - 000172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2018-04-19 11:48 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-04-19 11:48 - 2018-01-18 15:39 - 000519168 _____ () C:\Program Files (x86)\Browny02\BrMonitor.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 04:24 - 2016-07-15 18:04 - 000000857 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 site.darriens.localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-60989047-3131939895-948155456-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\StartupApproved\Run: => "AirDroid 3"
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\StartupApproved\Run: => "Kies3PDLR.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C66A32FB-3C15-4FAF-80F4-DD09E4FF2BAF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [UDP Query User{E3A0AD07-F2A2-4412-A20D-0CBA92B36E83}C:\program files\windowsapps\xbmcfoundation.kodi_17.4.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.4.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [TCP Query User{6F67E496-A5BE-47A3-B8AF-393AFBDF88DF}C:\program files\windowsapps\xbmcfoundation.kodi_17.4.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.4.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [UDP Query User{354ECB70-5069-4F95-B672-A6120F25C43F}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [TCP Query User{0ADB92F0-4E30-46D3-A10D-6E5CD7BFBDFD}C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.0.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{1DA02B4B-15E7-446D-82B7-5ED005FD2379}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{F8A58B26-FDFF-486D-8C65-67609E200BD7}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{126EC30E-96A5-4442-B454-EC30559FDB84}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{8D0AB6A7-1643-4A45-9843-4EE2A866829A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [UDP Query User{C31F0F48-B3A0-4486-A299-12B9EC7E2053}C:\users\doryo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\doryo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BCC5805C-CF52-4207-B480-C37DC06A4A1E}C:\users\doryo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\doryo\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{286D6C36-E73D-48F4-A59E-8BD956DDF70F}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{9B3C317C-2F9A-43A0-AEFC-96F52126E3F0}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{EB886680-80E6-47C3-9760-7F018A9505B1}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{17CACB84-5F77-407D-B3B5-286318CBE644}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{8B634F36-7A3A-4AF8-86F7-B6E24A195B3E}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5144F8FC-C34D-4444-B0F2-8C0E15602C23}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED335A90-F6EA-41F5-8A12-FD7A7CEBCFB4}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F8398A30-F5B1-4678-AAE4-DE857FE5EA26}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1FBEB042-7D19-4B20-9E8D-399F7BB82F0D}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{314F36D0-A562-4F73-AF71-706A8F37C636}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FD01F1F9-952F-4509-9A95-CB8132F2521C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3931563E-002D-40A3-A27E-DFFA8BA7CBBA}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{B02FDC29-1035-4F68-A799-D8D1E98D2BF7}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{7C523620-837A-4520-9F80-FA55C25D728E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{8C141655-DE00-46DD-A5B0-0F2329C51061}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [TCP Query User{BAA88CD9-102D-4C49-BCB1-DA87D9A93ECC}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [UDP Query User{96603254-2586-4B94-9B4D-1F6FF8BB9B93}C:\program files (x86)\airdroid\airdroid.exe] => (Allow) C:\program files (x86)\airdroid\airdroid.exe
FirewallRules: [{9393E3BF-FFE3-458D-905F-87BD28B5F299}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5230391B-115E-4E42-957B-8933CE29D741}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{99BF027F-BE6F-4AAB-9B3F-961FF0003AB6}C:\wamp\bin\apache\apache2.4.18\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.18\bin\httpd.exe
FirewallRules: [UDP Query User{08A36B42-4324-4A3C-8FCA-B8AFE6FBFF2E}C:\wamp\bin\apache\apache2.4.18\bin\httpd.exe] => (Allow) C:\wamp\bin\apache\apache2.4.18\bin\httpd.exe
FirewallRules: [TCP Query User{A5B758F8-6139-43DF-BA46-617A3273302E}C:\programdata\minervanetworks\pluginpnacl\browserpluginhelper.exe] => (Allow) C:\programdata\minervanetworks\pluginpnacl\browserpluginhelper.exe
FirewallRules: [UDP Query User{E54E0EC4-C9FE-40E1-BCF4-10D22F08197A}C:\programdata\minervanetworks\pluginpnacl\browserpluginhelper.exe] => (Allow) C:\programdata\minervanetworks\pluginpnacl\browserpluginhelper.exe
FirewallRules: [TCP Query User{4E3A3680-F060-461B-A112-C3CBEB4CB01E}C:\programdata\minervanetworks\chromeplayerplugin\browserpluginhelper.exe] => (Allow) C:\programdata\minervanetworks\chromeplayerplugin\browserpluginhelper.exe
FirewallRules: [UDP Query User{2609F01A-0BDB-44C3-9EAB-6E64A929422A}C:\programdata\minervanetworks\chromeplayerplugin\browserpluginhelper.exe] => (Allow) C:\programdata\minervanetworks\chromeplayerplugin\browserpluginhelper.exe
FirewallRules: [{C9D38CA8-D868-4B1D-93E8-4897764143CE}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{32167CD4-0C10-46FD-936C-5AF736BCF079}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B2220EAC-BE7D-461A-9FA4-EA1B0C835EDE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
20-06-2018 15:44:41 Scheduled Checkpoint
30-06-2018 14:24:22 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/03/2018 10:03:27 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (07/03/2018 10:03:09 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c8ccff4f-182d-41a0-8bbc-7ac3a3f48a20}
 
Error: (06/01/2018 10:51:30 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/16/2018 02:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AGSService.exe, version: 4.5.0.814, time stamp: 0x5a4f2d48
Faulting module name: ntdll.dll, version: 10.0.17134.1, time stamp: 0xc8733c73
Exception code: 0xc0000005
Fault offset: 0x00022df9
Faulting process id: 0xe3c
Faulting application start time: 0x01d3e7d5d53c3f26
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 69914321-0ed2-4ccf-9bad-59b4b8974594
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/14/2018 06:34:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18031.15820.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 18e0
 
Start Time: 01d3eb6510ad5016
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: a4289ed4-4148-4111-a0f2-c5099b3879f6
 
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (05/11/2018 03:20:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18031.15820.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 968
 
Start Time: 01d3e952f6969a61
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: f126e9fb-a65e-4b4d-80a7-e8b5bec46981
 
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (05/01/2018 12:01:39 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Error: (05/01/2018 12:01:39 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
 
System errors:
=============
Error: (07/04/2018 09:35:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/03/2018 03:11:05 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/03/2018 10:32:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/03/2018 10:28:11 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (07/03/2018 10:28:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk3\DR3.
 
Error: (07/03/2018 10:14:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/03/2018 10:06:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/03/2018 10:06:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-07-04 10:34:09.623
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F5B35352-08B1-4D9A-808D-DD8CD3279590}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-08 13:13:13.875
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7AEE71C6-FFA3-45F4-A41E-42542F138106}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-31 19:23:39.384
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3B6CEFD8-F020-4585-9695-DA58FFC9BBD8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-26 08:34:44.210
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.1961.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2018-06-28 09:19:30.961
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-09 13:42:44.445
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 16%
Total physical RAM: 16266.35 MB
Available physical RAM: 13649 MB
Total Virtual: 16466.35 MB
Available Virtual: 13847.02 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:231.58 GB) (Free:45.86 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Harley) (Fixed) (Total:698.64 GB) (Free:87.77 GB) NTFS
Drive e: (24GB SSD) (Fixed) (Total:22.36 GB) (Free:10.6 GB) NTFS
 
\\?\Volume{ae625731-0000-0000-0000-30043a000000}\ () (Fixed) (Total:0.82 GB) (Free:0.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: AE625731)
Partition 1: (Active) - (Size=231.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=838 MB) - (Type=27)
 
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: AB0F1A1C)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: DDC4E5CD)
Partition 2: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
Thanks again!


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 AM

Posted 04 July 2018 - 01:16 PM

Hi,
===

All that was previously remove has come back.

Let get a new Chrome.

:step1: Remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other defices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en

:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
====

Let me know if and when to the problem returns.

#9 doryon

doryon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 05 July 2018 - 06:46 AM

Hi!

I did this late last night.

I hope it this won't come back now!

I'll keep you posted.

Thanks a lot!



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 AM

Posted 05 July 2018 - 07:16 AM

Keep Me posted.

This topic will be closed in 6 days.

#11 doryon

doryon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 09 July 2018 - 05:19 PM

Hey!

I'm back to report that sadly it's back. I'ts been all good until today.

I have only my mobile, one nvidia shield TV (no chrome on it) and a chromecast linked to my google account, other than this laptop, so I'm truly lost about where chrome could be syncing from to keep getting infected other than my laptop. Could it be my phone?

Please let me know if I should post FRST logs again.

Thanks!



#12 doryon

doryon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 09 July 2018 - 06:55 PM

Went ahead and run FRST just in case.

Logs:

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by doryo (administrator) on VAIO (09-07-2018 20:53:04)
Running from D:\Cositas
Loaded Profiles: doryo (Available Profiles: doryo)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Spotify Ltd) C:\Users\doryo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [Google Update] => C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-18] (Google Inc.)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [1023664 2016-03-25] (Samsung)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [Spotify Web Helper] => C:\Users\doryo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-14] (Spotify Ltd)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [GoogleChromeAutoLaunch_5EED4FD486233C4C3DD6EE9C0C139F49] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568 2018-06-22] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 site.darriens.localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a3a1b25f-0f40-4673-ba2d-1ded653623fe}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{bcbebfbc-3322-43c1-8151-24d4badd002e}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{bcbebfbc-3322-43c1-8151-24d4badd002e}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-60989047-3131939895-948155456-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-04-11] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-04-11] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2016-10-18] (Sun Microsystems, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2016-10-18] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-10] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\S-1-5-21-60989047-3131939895-948155456-1001: @tools.google.com/Google Update;version=3 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin HKU\S-1-5-21-60989047-3131939895-948155456-1001: @tools.google.com/Google Update;version=9 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default [2018-07-09]
CHR Extension: (Slides) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12]
CHR Extension: (Docs) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12]
CHR Extension: (Google Drive) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-14]
CHR Extension: (Brushed) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2016-12-21]
CHR Extension: (iPad Simulator) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\biamdeofchcbekmcakjcfnpdipmkmkbb [2016-05-14]
CHR Extension: (YouTube) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-14]
CHR Extension: (Google Play Music) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-05-09]
CHR Extension: (Sheets) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2016-05-14]
CHR Extension: (Cablevisión Flow) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbnbmbkemlokfckhdoaakhjogffkinc [2018-07-08]
CHR Extension: (Google Docs Offline) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-14]
CHR Extension: (Tag Assistant (by Google)) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kejbdjndbnbjgmefkgdddjlbokphdefk [2018-05-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-08-17]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-07-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Gmail) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-14]
CHR Extension: (Chrome Media Router) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-12]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-07-04]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1 [2018-07-09]
CHR Extension: (Slides) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-07]
CHR Extension: (Docs) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-07]
CHR Extension: (Google Drive) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-05]
CHR Extension: (IBM Security Rapport) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2018-03-15]
CHR Extension: (YourTV Chrome extension) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bdlhpbalhdjobabgbacbgclpjjelainj [2018-07-08]
CHR Extension: (YouTube) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-05]
CHR Extension: (Adobe Acrobat) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-05]
CHR Extension: (Sheets) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-07]
CHR Extension: (Google Docs Offline) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-05]
CHR Extension: (Summer Holidays) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\mfecfgangbaamlkdcebkbngncpabddea [2017-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-05]
CHR Extension: (Chrome Media Router) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-12]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2 [2018-07-04]
CHR Extension: (Slides) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-17]
CHR Extension: (Docs) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-17]
CHR Extension: (Google Drive) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-08]
CHR Extension: (YouTube) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-08]
CHR Extension: (Adobe Acrobat) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-08]
CHR Extension: (Sheets) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-17]
CHR Extension: (Google Docs Offline) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-17]
CHR Extension: (Gmail) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-08]
CHR Extension: (Chrome Media Router) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-17]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\System Profile [2018-07-04]
CHR HKU\S-1-5-21-60989047-3131939895-948155456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-60989047-3131939895-948155456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bdlhpbalhdjobabgbacbgclpjjelainj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] ()
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [320472 2018-01-02] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-01-17] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257624 2016-11-29] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-28] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-28] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2018-01-17] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [226560 2017-07-26] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [232936 2017-05-19] (Intel Corporation)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R1 MpKsl343184dc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B279A535-90A3-41DE-82BD-9543E32B0B4B}\MpKsl343184dc.sys [58120 2018-07-09] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3521032 2017-11-08] (Intel Corporation)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [64088 2016-11-29] (Synaptics Incorporated)
R3 SOWS; C:\WINDOWS\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102664 2014-02-10] ()
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25992 2014-02-10] ()
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [700424 2014-02-10] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-28] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-28] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-28] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-09 20:52 - 2018-07-09 20:52 - 000143277 _____ C:\Users\doryo\Desktop\TDSSKiller report.txt
2018-07-09 20:50 - 2018-07-09 20:51 - 000286644 _____ C:\TDSSKiller.3.1.0.17_09.07.2018_20.50.03_log.txt
2018-07-09 19:03 - 2018-07-09 19:03 - 000000000 ____D C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AdWords Editor
2018-07-04 20:03 - 2018-07-04 20:03 - 000002369 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-04 20:03 - 2018-07-04 20:03 - 000002328 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-02 16:17 - 2018-07-09 20:53 - 000000000 ____D C:\FRST
2018-06-28 10:10 - 2018-06-28 10:11 - 000000000 ____D C:\AdwCleaner
2018-06-28 10:02 - 2018-06-28 10:02 - 000000000 ____D C:\Program Files\HitmanPro
2018-06-28 10:01 - 2018-06-28 10:07 - 000000000 ____D C:\ProgramData\HitmanPro
2018-06-12 21:17 - 2018-06-08 06:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-12 21:17 - 2018-06-08 06:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-12 21:16 - 2018-06-08 16:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-06-12 21:16 - 2018-06-08 16:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-12 21:16 - 2018-06-08 16:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-12 21:16 - 2018-06-08 16:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-12 21:16 - 2018-06-08 16:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-06-12 21:16 - 2018-06-08 16:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-12 21:16 - 2018-06-08 16:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-06-12 21:16 - 2018-06-08 15:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-12 21:16 - 2018-06-08 15:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-12 21:16 - 2018-06-08 15:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-12 21:16 - 2018-06-08 15:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-12 21:16 - 2018-06-08 15:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-12 21:16 - 2018-06-08 15:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-06-12 21:16 - 2018-06-08 15:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-12 21:16 - 2018-06-08 15:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-06-12 21:16 - 2018-06-08 15:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-06-12 21:16 - 2018-06-08 15:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-12 21:16 - 2018-06-08 15:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-12 21:16 - 2018-06-08 15:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-12 21:16 - 2018-06-08 15:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-12 21:16 - 2018-06-08 15:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-12 21:16 - 2018-06-08 15:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-12 21:16 - 2018-06-08 15:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-12 21:16 - 2018-06-08 15:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-12 21:16 - 2018-06-08 15:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-12 21:16 - 2018-06-08 15:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-12 21:16 - 2018-06-08 15:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-06-12 21:16 - 2018-06-08 15:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-06-12 21:16 - 2018-06-08 14:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-12 21:16 - 2018-06-08 13:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-12 21:16 - 2018-06-08 13:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-06-12 21:16 - 2018-06-08 13:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-12 21:16 - 2018-06-08 13:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-06-12 21:16 - 2018-06-08 13:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-12 21:16 - 2018-06-08 13:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-12 21:16 - 2018-06-08 13:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-12 21:16 - 2018-06-08 13:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-06-12 21:16 - 2018-06-08 13:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-12 21:16 - 2018-06-08 13:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-12 21:16 - 2018-06-08 13:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-06-12 21:16 - 2018-06-08 13:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-12 21:16 - 2018-06-08 13:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-12 21:16 - 2018-06-08 13:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-12 21:16 - 2018-06-08 13:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-12 21:16 - 2018-06-08 11:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-12 21:16 - 2018-06-08 11:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-12 21:16 - 2018-06-08 07:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-12 21:16 - 2018-06-08 07:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-12 21:16 - 2018-06-08 07:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-12 21:16 - 2018-06-08 07:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-12 21:16 - 2018-06-08 07:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-12 21:16 - 2018-06-08 07:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-12 21:16 - 2018-06-08 07:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-12 21:16 - 2018-06-08 07:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-12 21:16 - 2018-06-08 07:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-12 21:16 - 2018-06-08 07:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-12 21:16 - 2018-06-08 06:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-12 21:16 - 2018-06-08 06:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-12 21:16 - 2018-06-08 06:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-12 21:16 - 2018-06-08 06:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-12 21:16 - 2018-06-08 06:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-12 21:16 - 2018-06-08 06:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-12 21:16 - 2018-06-08 06:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-12 21:16 - 2018-06-08 06:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-12 21:16 - 2018-06-08 06:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-06-12 21:16 - 2018-06-08 06:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-12 21:16 - 2018-06-08 06:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-12 21:16 - 2018-06-08 06:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-12 21:16 - 2018-06-08 06:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-12 21:16 - 2018-06-08 06:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-06-12 21:16 - 2018-06-08 06:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-12 21:16 - 2018-06-08 06:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-12 21:16 - 2018-06-08 06:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-12 21:16 - 2018-06-08 06:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-12 21:16 - 2018-06-08 06:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-12 21:16 - 2018-06-08 06:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-12 21:16 - 2018-06-08 06:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-12 21:16 - 2018-06-08 06:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-06-12 21:16 - 2018-06-08 06:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-12 21:16 - 2018-06-08 06:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-12 21:16 - 2018-06-08 06:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-12 21:16 - 2018-06-08 06:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-12 21:16 - 2018-06-08 06:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-12 21:16 - 2018-06-08 06:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-12 21:16 - 2018-06-08 06:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-06-12 21:16 - 2018-06-08 06:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-12 21:16 - 2018-06-08 06:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-06-12 21:16 - 2018-06-08 06:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-12 21:16 - 2018-06-08 06:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-12 21:16 - 2018-06-08 06:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-06-12 21:16 - 2018-06-08 06:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-12 21:16 - 2018-06-08 06:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-06-12 21:16 - 2018-06-08 06:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-06-12 21:16 - 2018-06-08 06:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-12 21:16 - 2018-06-08 06:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-12 21:16 - 2018-06-08 06:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-06-12 21:16 - 2018-06-08 06:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-12 21:16 - 2018-06-08 06:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-06-12 21:16 - 2018-06-08 06:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-12 21:16 - 2018-06-08 06:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-12 21:16 - 2018-06-08 05:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-06-12 21:16 - 2018-06-08 05:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-12 21:16 - 2018-06-08 05:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-12 21:16 - 2018-06-08 05:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-12 21:16 - 2018-06-08 05:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-06-12 21:16 - 2018-06-08 05:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-06-12 21:16 - 2018-06-08 05:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-12 21:16 - 2018-06-08 05:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-12 21:16 - 2018-06-08 05:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-12 21:16 - 2018-06-08 05:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-06-12 21:16 - 2018-06-08 05:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-12 21:16 - 2018-06-08 05:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-06-12 21:16 - 2018-06-08 05:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-12 21:16 - 2018-06-08 05:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-06-12 21:16 - 2018-06-08 05:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-12 21:16 - 2018-06-08 05:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-12 21:16 - 2018-06-08 04:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-12 21:16 - 2018-06-06 15:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-12 21:16 - 2018-06-06 01:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-12 21:16 - 2018-06-01 20:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-12 21:16 - 2018-06-01 19:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-12 21:16 - 2018-05-25 00:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-06-12 21:16 - 2018-05-20 16:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-12 21:16 - 2018-05-20 16:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-12 21:16 - 2018-05-20 16:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-12 21:16 - 2018-05-20 16:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-12 21:16 - 2018-05-20 16:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-12 21:16 - 2018-05-20 16:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-12 21:16 - 2018-05-20 16:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-12 21:16 - 2018-05-20 16:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-12 21:16 - 2018-05-20 16:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-12 21:16 - 2018-05-20 16:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-12 21:16 - 2018-05-20 16:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-12 21:16 - 2018-05-20 16:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-12 21:16 - 2018-05-20 15:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-12 21:16 - 2018-05-20 15:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-12 21:16 - 2018-05-20 15:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-12 21:16 - 2018-05-20 15:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-12 21:16 - 2018-05-20 15:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-12 21:16 - 2018-05-20 14:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-12 21:16 - 2018-05-20 14:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-12 21:16 - 2018-05-20 13:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-12 21:16 - 2018-05-20 13:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-12 21:16 - 2018-05-20 13:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-12 21:16 - 2018-05-20 13:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-12 21:16 - 2018-05-20 13:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-12 21:16 - 2018-05-20 11:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-12 21:16 - 2018-05-20 09:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-12 21:16 - 2018-05-20 08:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-12 21:16 - 2018-05-20 08:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-12 21:16 - 2018-05-20 08:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-12 21:16 - 2018-05-20 08:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-12 21:16 - 2018-05-20 08:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-12 21:16 - 2018-05-20 08:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-12 21:16 - 2018-05-20 08:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-12 21:16 - 2018-05-20 08:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-12 21:16 - 2018-05-20 08:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-12 21:16 - 2018-05-20 08:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-12 21:16 - 2018-05-20 08:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-12 21:16 - 2018-05-20 08:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-12 21:16 - 2018-05-20 08:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-12 21:16 - 2018-05-20 08:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-12 21:16 - 2018-05-20 08:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-12 21:16 - 2018-05-20 08:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-12 21:16 - 2018-05-20 08:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-12 21:16 - 2018-05-20 08:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-12 21:16 - 2018-05-20 08:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-12 21:16 - 2018-05-20 08:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-12 21:16 - 2018-05-20 08:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-12 21:16 - 2018-05-20 08:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-12 21:16 - 2018-05-20 08:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-12 21:16 - 2018-05-20 08:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-12 21:16 - 2018-05-20 08:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-12 21:16 - 2018-05-20 08:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-12 21:16 - 2018-05-20 08:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-12 21:16 - 2018-05-20 08:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-12 21:16 - 2018-05-20 08:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-12 21:16 - 2018-05-20 08:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-12 21:16 - 2018-05-20 08:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-12 21:16 - 2018-05-20 08:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-12 21:16 - 2018-05-20 08:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-12 21:16 - 2018-05-20 08:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-12 21:16 - 2018-05-20 08:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-12 21:16 - 2018-05-20 08:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-12 21:16 - 2018-05-20 08:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-12 21:16 - 2018-05-20 08:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-12 21:16 - 2018-05-20 08:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-12 21:16 - 2018-05-20 08:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-12 21:16 - 2018-05-20 08:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-12 21:16 - 2018-05-20 08:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-12 21:16 - 2018-05-20 08:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-12 21:16 - 2018-05-20 08:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-12 21:16 - 2018-05-20 05:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-12 21:16 - 2018-05-18 14:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-06-12 19:29 - 2018-06-12 19:58 - 000000000 ____D C:\Users\doryo\Desktop\fotos taller abuelos
2018-06-09 13:42 - 2018-06-09 13:42 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-06-09 13:42 - 2018-06-09 13:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-06-09 13:42 - 2018-06-09 13:42 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-09 13:42 - 2018-06-09 13:42 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-09 13:42 - 2018-05-24 06:55 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-09 20:03 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-09 20:02 - 2018-05-01 16:50 - 000782398 _____ C:\WINDOWS\system32\perfh00A.dat
2018-07-09 20:02 - 2018-05-01 16:50 - 000152222 _____ C:\WINDOWS\system32\perfc00A.dat
2018-07-09 20:02 - 2018-05-01 12:02 - 001762872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-09 20:02 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-09 19:54 - 2018-03-31 12:09 - 000000000 ____D C:\Temp
2018-07-09 19:54 - 2016-05-16 10:08 - 000000000 ____D C:\Users\doryo\Documents\Outlook Files
2018-07-09 19:54 - 2016-05-14 13:05 - 000000000 __SHD C:\Users\doryo\IntelGraphicsProfiles
2018-07-09 19:53 - 2018-05-01 12:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-09 19:53 - 2018-04-11 18:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-07-09 19:51 - 2016-05-16 09:23 - 000000000 ____D C:\Users\doryo\AppData\Roaming\uTorrent
2018-07-09 19:49 - 2018-05-01 12:03 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-09 19:48 - 2016-05-19 17:43 - 000000000 ____D C:\Users\doryo\AppData\Local\Adobe
2018-07-09 19:06 - 2018-05-01 12:03 - 000004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1933E47A-0F08-41FC-AB27-8F5C523F4B1C}
2018-07-09 10:53 - 2018-05-01 11:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-08 20:53 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-08 20:53 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-06 21:52 - 2016-08-12 20:21 - 000000000 ____D C:\Users\doryo\Desktop\IIBB JAZ
2018-07-04 20:03 - 2016-05-14 19:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-04 19:38 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-04 19:38 - 2016-05-20 20:59 - 000000000 ____D C:\Users\doryo\AppData\Roaming\MPC-HC
2018-07-03 10:42 - 2017-10-19 11:53 - 000000000 ____D C:\Users\doryo\AppData\Local\Packages
2018-06-30 14:53 - 2017-09-28 19:08 - 000000000 ____D C:\Users\doryo\Desktop\Néstor
2018-06-28 10:12 - 2016-05-16 09:45 - 000000000 ____D C:\Users\doryo\AppData\Roaming\Skype
2018-06-28 07:12 - 2018-02-14 03:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 09:54 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-23 20:24 - 2018-05-01 12:03 - 000003350 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-60989047-3131939895-948155456-1001
2018-06-23 20:24 - 2018-05-01 11:57 - 000002359 _____ C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-23 20:24 - 2016-05-14 12:39 - 000000000 ___RD C:\Users\doryo\OneDrive
2018-06-12 21:43 - 2016-05-16 14:02 - 000000000 ___RD C:\Users\doryo\3D Objects
2018-06-12 21:43 - 2016-02-13 10:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-12 21:42 - 2018-05-01 11:56 - 005099288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-12 21:42 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-12 21:42 - 2018-04-11 20:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-12 21:42 - 2018-04-11 18:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-12 21:37 - 2016-05-14 12:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-12 21:35 - 2017-10-10 19:05 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-12 21:35 - 2016-05-14 12:57 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-12 21:30 - 2015-10-30 04:24 - 000000167 _____ C:\WINDOWS\win.ini
2018-06-12 21:19 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-09 13:47 - 2017-08-11 09:32 - 000000000 ____D C:\Program Files\AutoCAD 2009
 
==================== Files in the root of some directories =======
 
2016-12-26 11:36 - 2016-12-26 11:36 - 000000132 _____ () C:\Users\doryo\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2016-06-10 11:56 - 2018-05-03 12:29 - 000000132 _____ () C:\Users\doryo\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-01 11:56
 
==================== End of FRST.txt ============================
 
 
 
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by doryo (09-07-2018 20:53:43)
Running from D:\Cositas
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-01 15:04:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-60989047-3131939895-948155456-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-60989047-3131939895-948155456-503 - Limited - Disabled)
doryo (S-1-5-21-60989047-3131939895-948155456-1001 - Administrator - Enabled) => C:\Users\doryo
Guest (S-1-5-21-60989047-3131939895-948155456-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-60989047-3131939895-948155456-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
AdWords Editor (HKLM-x32\...\{9845C140-7F11-11E8-86AF-DC4A3E998CF6}) (Version: 12.4.1.0 - Google)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
Bonjour (HKLM-x32\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
ChromePlayerPlugin (HKLM-x32\...\{DA24A3B5-32B3-42BE-8770-AA3B6785ED06}) (Version: 3.26 - MinervaNetworks Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 2.0.1.0 - Google LLC.)
HandBrake 1.0.0 (HKLM-x32\...\HandBrake) (Version: 1.0.0 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HL-1210W series (HKLM-x32\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
inSSIDer 2.0 (HKLM-x32\...\{6133183D-FA87-4924-8D50-1777222C05EA}) (Version: 2.0.3 - MetaGeek)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000030-0200-1034-84C8-B8D95FA3C8C3}) (Version: 20.30.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1b3fcb8d-3d2b-4477-b722-0b3e2c1195ba}) (Version: 20.30.1 - Intel Corporation)
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
K-Lite Mega Codec Pack 14.0.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.4 - KLCP)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.2.116.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.3.2 - Notepad++ Team)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Paragon Hard Disk Manager™ 14 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-0011-0000-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-00C1-0000-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB4022155) 64-Bit Edition (HKLM\...\{90160000-012B-0409-1000-0000000FF1CE}_Office16.PROPLUS_{FEE6D778-E4F9-412C-B2E4-EFF82BB67809}) (Version:  - Microsoft)
VBA (2627.01) (HKLM-x32\...\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2627.4) (HKLM-x32\...\{5545EEE9-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WhatsApp (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\WhatsApp) (Version: 0.2.1061 - WhatsApp)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Driver Package - Silicon Laboratories (WinUSB) USB  (04/08/2013 4.0.0.0) (HKLM\...\ECCA79E3941154C28F5B308B576703BD8253BAB1) (Version: 04/08/2013 4.0.0.0 - Silicon Laboratories)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (06/18/2012 8.0.2.4) (HKLM\...\54DCDF5F20965812FBF3C1C44CE2E9E620585DE9) (Version: 06/18/2012 8.0.2.4 - Sony Corporation)
Windows Driver Package - Sony Croporation (SOWS) HIDClass  (06/11/2012 1.0.0.06110) (HKLM\...\5478D63468C46333F277779BC2B1EBAEA89C153D) (Version: 06/11/2012 1.0.0.06110 - Sony Croporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\doryo\AppData\Local\Google\Update\1.3.33.17\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2016-05-17] ()
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-01-02] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {003C0296-0189-4A41-B9EC-8F0573624061} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {060FAC03-AD67-4E24-A26A-A09C39EA8F0C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {09BB4F3D-F7C3-4077-9195-22471306450E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {0EC60CD0-4232-448B-9036-AF7DABC4703E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-10-11] (Microsoft Corporation)
Task: {18C6A765-3146-40B4-9435-0D3D25BBED3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-14] (Google Inc.)
Task: {1C92EC3C-3005-4C20-996B-27AF6596CE7D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-60989047-3131939895-948155456-1001UA => C:\Users\doryo\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {2457DA14-3C19-4A5E-A28F-B2E36BF2BD1C} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [2017-10-11] (Microsoft)
Task: {2B495949-BF13-4AEF-911E-403B5FEA4D61} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-doryon2004@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {30306294-3C35-4EF4-9032-7D5C121077B0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-10-11] (Microsoft Corporation)
Task: {3C2C1522-3D26-496E-B2DD-B6CE76D42498} - System32\Tasks\S-1-5-21-60989047-3131939895-948155456-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {3CCF9419-0906-4563-9E1D-098C66653CA3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-10-11] (Microsoft Corporation)
Task: {40E0387E-3406-4CB5-9A89-9A7093E86A89} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-10-11] (Microsoft Corporation)
Task: {56A04785-0098-4492-BE53-CADA1E9E2A50} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {5AD9DFEE-4825-4BE0-9CF8-8343395FADB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {66BD8886-8A89-4929-AB32-2DAFA24F452D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {66C1CCA6-4815-4AC5-BAB5-E88E7F4CC785} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-60989047-3131939895-948155456-1001Core => C:\Users\doryo\AppData\Local\Google\Update\GoogleUpdate.exe [2017-01-23] (Google Inc.)
Task: {6DC47CCA-FB41-47DF-AE3F-859A202DE9E3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
Task: {8B84C353-213F-4980-B284-FCF4A8EA2DD9} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-doryon2004@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {A3938491-00B9-4428-B83F-EF4FDFA148C0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {C16B59B4-812D-4F94-81E2-58D080322F71} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {CC37C225-F792-42FD-81AE-47290D034ECE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-14] (Google Inc.)
Task: {CD7325D1-2283-48A5-B00F-929F30477185} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {E32BACF2-1C71-4154-AC67-4A2E54EF6C32} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2017-10-11] (Microsoft)
Task: {EF88A564-F3B1-4916-AD87-4F5530000F08} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-02-19] ()
Task: {F27C7F81-2B8A-4761-9648-8506F45DDDBE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Play Music.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\doryo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> /high-dpi-support=1 /force-device-scale-factor=1
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-26 04:58 - 2017-07-26 04:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2018-04-11 20:34 - 2018-04-11 20:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-02-22 23:56 - 2017-02-22 23:56 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2016-05-17 19:42 - 2016-05-17 19:42 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-06-12 21:16 - 2018-06-08 05:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-23 11:18 - 2018-05-23 11:19 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-17 07:46 - 2018-04-17 07:48 - 001922232 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-05-30 11:03 - 2018-05-30 11:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-07-09 19:54 - 2018-07-09 19:54 - 000113152 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\_ctypes.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000080896 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\bz2.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 001585152 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\_hashlib.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000128512 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32api.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000137728 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\pywintypes27.dll
2018-07-09 19:54 - 2018-07-09 19:54 - 000548864 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\pythoncom27.dll
2018-07-09 19:54 - 2018-07-09 19:54 - 000689664 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\unicodedata.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000438784 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32com.shell.shell.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 001489408 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\wx._core_.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 001007104 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\wx._gdi_.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 001039872 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\wx._windows_.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 001325056 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\wx._controls_.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000916992 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\wx._misc_.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 001084416 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\pysqlite2._sqlite.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000149504 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32file.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000136192 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32security.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000007680 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\hashobjs_ext.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000020992 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\thumbnails_ext.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000118784 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\usb_ext.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000047616 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\_socket.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 002224640 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\_ssl.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000014848 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\common.time34.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000023040 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32event.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000034304 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\windows.conditional.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000020480 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\windows.winwrap.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000110080 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\windows.volumes.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000223232 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32gui.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000173568 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\_elementtree.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000169472 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\pyexpat.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000048128 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32inet.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000103424 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\wx._html2.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000046080 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\_psutil_windows.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000633272 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\windows._cacheinvalidation.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000011776 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32crypt.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000301568 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\PIL._imaging.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000032256 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\_multiprocessing.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 005458944 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\cello.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000026112 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\_yappi.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000044032 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32process.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000027648 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32pipe.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000010752 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\select.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000029696 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32pdh.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000038400 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\windows.connectivity.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000073216 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\windows.device_monitor.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000020480 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32profile.pyd
2018-07-09 19:54 - 2018-07-09 19:54 - 000026624 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI104202\win32ts.pyd
2018-06-09 15:06 - 2018-06-09 15:07 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-09 15:06 - 2018-06-09 15:07 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-10-05 06:23 - 2017-10-05 06:24 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-04 17:16 - 2018-05-04 17:27 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-05 08:06 - 2018-04-05 08:13 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-06-09 15:06 - 2018-06-09 15:07 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-09 15:06 - 2018-06-09 15:07 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 09:11 - 2018-05-30 09:12 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-06-09 15:06 - 2018-06-09 15:07 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2018-05-17 08:19 - 2018-05-17 08:19 - 004193792 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-05-03 04:30 - 2018-05-03 04:30 - 000634880 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1805.1201.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-07-04 20:03 - 2018-06-22 16:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-07-04 20:03 - 2018-06-22 16:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2014-04-07 11:31 - 2014-04-07 11:31 - 000172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2018-04-19 11:48 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-04-19 11:48 - 2018-01-18 15:39 - 000519168 _____ () C:\Program Files (x86)\Browny02\BrMonitor.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 04:24 - 2016-07-15 18:04 - 000000857 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 site.darriens.localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-60989047-3131939895-948155456-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\StartupApproved\Run: => "AirDroid 3"
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\StartupApproved\Run: => "Kies3PDLR.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C66A32FB-3C15-4FAF-80F4-DD09E4FF2BAF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1DA02B4B-15E7-446D-82B7-5ED005FD2379}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{F8A58B26-FDFF-486D-8C65-67609E200BD7}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{126EC30E-96A5-4442-B454-EC30559FDB84}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{8D0AB6A7-1643-4A45-9843-4EE2A866829A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [UDP Query User{C31F0F48-B3A0-4486-A299-12B9EC7E2053}C:\users\doryo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\doryo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BCC5805C-CF52-4207-B480-C37DC06A4A1E}C:\users\doryo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\doryo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8B634F36-7A3A-4AF8-86F7-B6E24A195B3E}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5144F8FC-C34D-4444-B0F2-8C0E15602C23}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED335A90-F6EA-41F5-8A12-FD7A7CEBCFB4}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F8398A30-F5B1-4678-AAE4-DE857FE5EA26}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1FBEB042-7D19-4B20-9E8D-399F7BB82F0D}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{314F36D0-A562-4F73-AF71-706A8F37C636}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FD01F1F9-952F-4509-9A95-CB8132F2521C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3931563E-002D-40A3-A27E-DFFA8BA7CBBA}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{B02FDC29-1035-4F68-A799-D8D1E98D2BF7}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{7C523620-837A-4520-9F80-FA55C25D728E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{8C141655-DE00-46DD-A5B0-0F2329C51061}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{9393E3BF-FFE3-458D-905F-87BD28B5F299}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5230391B-115E-4E42-957B-8933CE29D741}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C9D38CA8-D868-4B1D-93E8-4897764143CE}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{32167CD4-0C10-46FD-936C-5AF736BCF079}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD7D5CB4-D5A2-4B3F-B60F-5BAA37E52C8C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{6E2A7E9D-E82A-4E68-BBD7-967EAEE3A609}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{365377D5-7031-48E5-B919-53FA05D14425}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{7CBA5863-C7D0-417E-8A2C-86F48E573EDD}C:\programdata\minervanetworks\chromeplayerplugin\browserpluginhelper.exe] => (Allow) C:\programdata\minervanetworks\chromeplayerplugin\browserpluginhelper.exe
FirewallRules: [UDP Query User{0C5F139D-BDC0-448F-8B9B-AAF1BDCABAE7}C:\programdata\minervanetworks\chromeplayerplugin\browserpluginhelper.exe] => (Allow) C:\programdata\minervanetworks\chromeplayerplugin\browserpluginhelper.exe
 
==================== Restore Points =========================
 
20-06-2018 15:44:41 Scheduled Checkpoint
30-06-2018 14:24:22 Scheduled Checkpoint
04-07-2018 19:22:02 Removed Google Chrome
04-07-2018 19:40:26 Removed ChromePlayerPlugin
08-07-2018 20:56:43 Installed ChromePlayerPlugin
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/03/2018 10:03:27 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (07/03/2018 10:03:09 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c8ccff4f-182d-41a0-8bbc-7ac3a3f48a20}
 
Error: (06/01/2018 10:51:30 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/16/2018 02:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AGSService.exe, version: 4.5.0.814, time stamp: 0x5a4f2d48
Faulting module name: ntdll.dll, version: 10.0.17134.1, time stamp: 0xc8733c73
Exception code: 0xc0000005
Fault offset: 0x00022df9
Faulting process id: 0xe3c
Faulting application start time: 0x01d3e7d5d53c3f26
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 69914321-0ed2-4ccf-9bad-59b4b8974594
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/14/2018 06:34:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18031.15820.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 18e0
 
Start Time: 01d3eb6510ad5016
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: a4289ed4-4148-4111-a0f2-c5099b3879f6
 
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (05/11/2018 03:20:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18031.15820.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 968
 
Start Time: 01d3e952f6969a61
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: f126e9fb-a65e-4b4d-80a7-e8b5bec46981
 
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (05/01/2018 12:01:39 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelQosEvent" whose target class "CIntelQosEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
Error: (05/01/2018 12:01:39 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider IntelWLANEventProvider attempted to register query "select * from CIntelDot1xEvent" whose target class "CIntelDot1xEvent" in //./root/DEFAULT namespace does not exist. The query will be ignored.
 
 
System errors:
=============
Error: (07/09/2018 08:18:11 PM) (Source: DCOM) (EventID: 10016) (User: VAIO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user VAIO\doryo SID (S-1-5-21-60989047-3131939895-948155456-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/09/2018 08:06:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/09/2018 08:04:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/09/2018 07:55:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/09/2018 07:55:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/09/2018 07:54:38 PM) (Source: DCOM) (EventID: 10016) (User: VAIO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user VAIO\doryo SID (S-1-5-21-60989047-3131939895-948155456-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/09/2018 07:54:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/09/2018 07:54:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-07-09 20:07:51.746
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1525E44C-377A-45FB-BC90-1C9925BB055F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-04 12:58:55.664
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {41EA708D-11DE-426F-AB32-1E6A870F71AA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-04 10:34:09.623
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F5B35352-08B1-4D9A-808D-DD8CD3279590}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-08 13:13:13.875
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {7AEE71C6-FFA3-45F4-A41E-42542F138106}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-05-31 19:23:39.384
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {3B6CEFD8-F020-4585-9695-DA58FFC9BBD8}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-26 08:34:44.210
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.1961.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2018-06-28 09:19:30.961
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-09 13:42:44.445
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 18%
Total physical RAM: 16266.35 MB
Available physical RAM: 13287.91 MB
Total Virtual: 16466.35 MB
Available Virtual: 13426.3 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:231.58 GB) (Free:48.42 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Harley) (Fixed) (Total:698.64 GB) (Free:116.91 GB) NTFS
Drive e: (24GB SSD) (Fixed) (Total:22.36 GB) (Free:10.6 GB) NTFS
 
\\?\Volume{ae625731-0000-0000-0000-30043a000000}\ () (Fixed) (Total:0.82 GB) (Free:0.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: AE625731)
Partition 1: (Active) - (Size=231.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=838 MB) - (Type=27)
 
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: AB0F1A1C)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: DDC4E5CD)
Partition 2: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 
Thanks again!


#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 AM

Posted 10 July 2018 - 06:27 AM



Hi,

Open the Chrome Setting and under Extension remove this one.

CHR Extension: (iPad Simulator) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\biamdeofchcbekmcakjcfnpdipmkmkbb [2016-05-14] => Error: No automatic fix found for this entry.


===

Nothing else looks suspicious on your computer.

Remove and reinstall Chrome. This time make sure you take care of the Sync issue.

:step1: Remove Chrome from your Computer and reinstall a fresh copy later.

:step2: Before you remove Chrome Export your Bookmarks
Chrome will export your bookmarks as a HTML file, which you can then import into another browser.

How To: http://ccm.net/faq/31791-how-to-backup-your-google-chrome-bookmarks

:step3: If you sync you account you must remove it before you save your bookmarks etc...
Delete Your Google Chrome Browser Sync Data if you sync with other defices. <- Important ...
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/


:step4: Clear your Chrome cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en


:step5: Remove Chrome using the the instructions on this page.
https://support.google.com/chrome/answer/95319?hl=en

:step6: Re-install Chrome and the Bookmarks.
====

Restart the computer normally.

Do not resync chrome for a day or two.
Work with the computer and then decide if you wish to resync.

#14 doryon

doryon
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:12:42 PM

Posted 13 July 2018 - 07:33 AM

Hi again!
Yeah, it's back  :(.

Hope there's still something else to try.

Thanks again!

 

 

Here are my logs:

 

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by doryo (administrator) on VAIO (13-07-2018 09:18:43)
Running from D:\Cositas
Loaded Profiles: doryo (Available Profiles: doryo)
Platform: Windows 10 Home Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Motorola) C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
() C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Motorola Mobility LLC) C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\MKCHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Spotify Ltd) C:\Users\doryo\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Samsung Electronics Co. Ltd.) C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2976256 2018-01-19] (Brother Industries, Ltd.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [Kies3PDLR.exe] => C:\Program Files (x86)\Samsung\Kies3\FirmwareUpdate\Kies3PDLR.exe [1023664 2016-03-25] (Samsung)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [Spotify Web Helper] => C:\Users\doryo\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-05-14] (Spotify Ltd)
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 site.darriens.localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a3a1b25f-0f40-4673-ba2d-1ded653623fe}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{bcbebfbc-3322-43c1-8151-24d4badd002e}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{bcbebfbc-3322-43c1-8151-24d4badd002e}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-60989047-3131939895-948155456-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2018-04-11] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2018-04-11] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-05-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2016-10-18] (Sun Microsystems, Inc.)
Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll [2016-10-18] (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default [2018-07-13]
CHR Extension: (Slides) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-11]
CHR Extension: (Docs) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-11]
CHR Extension: (Google Drive) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-11]
CHR Extension: (Brushed) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2018-07-11]
CHR Extension: (YouTube) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-11]
CHR Extension: (Google Play Music) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-07-11]
CHR Extension: (Sheets) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-11]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2018-07-11]
CHR Extension: (Google Docs Offline) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-11]
CHR Extension: (Gmail) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-11]
CHR Extension: (Chrome Media Router) - C:\Users\doryo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-11]
CHR Profile: C:\Users\doryo\AppData\Local\Google\Chrome\User Data\System Profile [2018-07-11]
CHR HKU\S-1-5-21-60989047-3131939895-948155456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-60989047-3131939895-948155456-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [314368 2018-01-18] (Brother Industries, Ltd.) [File not signed]
R2 HuaweiHiSuiteService64.exe; C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe [192200 2017-07-26] ()
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [183448 2017-05-19] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [320472 2018-01-02] (Intel Corporation)
S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R2 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2014-04-08] (Motorola Mobility LLC)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268968 2018-01-17] ()
R2 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-02] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [257624 2016-11-29] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-28] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-28] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3758760 2018-01-17] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ew_usbccgpfilter; C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys [18944 2017-07-26] (Huawei Technologies Co., Ltd.)
S3 HWHandSet; C:\WINDOWS\system32\DRIVERS\hw_quusbmdm.sys [226560 2017-07-26] (Huawei Technologies Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [232936 2017-05-19] (Intel Corporation)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3521032 2017-11-08] (Intel Corporation)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [64088 2016-11-29] (Synaptics Incorporated)
R3 SOWS; C:\WINDOWS\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102664 2014-02-10] ()
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25992 2014-02-10] ()
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [700424 2014-02-10] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-28] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-28] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-28] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-11 11:50 - 2018-07-11 11:50 - 000097848 _____ C:\Users\doryo\Desktop\Resumen_no_emitido (1).pdf
2018-07-11 11:49 - 2018-07-11 11:49 - 000097848 _____ C:\Users\doryo\Desktop\Resumen_no_emitido.pdf
2018-07-11 11:48 - 2018-07-11 11:48 - 000000000 ____D C:\ProgramData\Packages
2018-07-11 08:19 - 2018-07-11 08:19 - 000000000 ____D C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome
2018-07-11 08:15 - 2018-07-11 08:15 - 000002367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-11 08:15 - 2018-07-11 08:15 - 000002326 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-11 06:55 - 2018-07-06 11:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-11 06:55 - 2018-07-06 11:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-11 06:55 - 2018-07-06 11:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-11 06:55 - 2018-07-06 11:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-11 06:55 - 2018-07-06 11:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-11 06:55 - 2018-07-06 11:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-11 06:55 - 2018-07-06 11:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-11 06:55 - 2018-07-06 11:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-11 06:55 - 2018-07-06 11:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-11 06:55 - 2018-07-06 11:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-11 06:55 - 2018-07-06 11:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-11 06:55 - 2018-07-06 10:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-11 06:55 - 2018-07-06 10:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-11 06:55 - 2018-07-06 10:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-11 06:55 - 2018-07-06 10:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-11 06:55 - 2018-07-06 10:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-11 06:55 - 2018-07-06 10:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-11 06:55 - 2018-07-06 10:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-11 06:55 - 2018-07-06 10:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-11 06:55 - 2018-07-06 10:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-11 06:55 - 2018-07-06 10:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-11 06:55 - 2018-07-06 10:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-11 06:55 - 2018-07-06 10:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-11 06:55 - 2018-07-06 10:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-11 06:55 - 2018-07-06 09:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-11 06:55 - 2018-07-06 08:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-11 06:55 - 2018-07-06 08:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-11 06:55 - 2018-07-06 08:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-11 06:55 - 2018-07-06 08:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-11 06:55 - 2018-07-06 08:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-11 06:55 - 2018-07-06 08:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-11 06:55 - 2018-07-06 08:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-11 06:55 - 2018-07-06 08:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-11 06:55 - 2018-07-06 08:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-11 06:55 - 2018-07-06 08:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-11 06:55 - 2018-07-06 08:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-11 06:55 - 2018-07-06 08:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-11 06:55 - 2018-07-06 04:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-11 06:55 - 2018-07-06 04:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-11 06:55 - 2018-07-06 04:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-11 06:55 - 2018-07-06 04:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-11 06:55 - 2018-07-06 04:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-11 06:55 - 2018-07-06 04:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-11 06:55 - 2018-07-06 04:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-11 06:55 - 2018-07-06 04:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-11 06:55 - 2018-07-06 04:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-11 06:55 - 2018-07-06 04:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-11 06:55 - 2018-07-06 04:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-11 06:55 - 2018-07-06 04:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-11 06:55 - 2018-07-06 04:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-11 06:55 - 2018-07-06 04:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-11 06:55 - 2018-07-06 04:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-11 06:55 - 2018-07-06 04:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-11 06:55 - 2018-07-06 04:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-11 06:55 - 2018-07-06 04:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-11 06:55 - 2018-07-06 04:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-11 06:55 - 2018-07-06 04:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-11 06:55 - 2018-07-06 04:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-11 06:55 - 2018-07-06 04:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-11 06:55 - 2018-07-06 04:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-11 06:55 - 2018-07-06 04:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-11 06:55 - 2018-07-06 04:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-11 06:55 - 2018-07-06 04:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-11 06:55 - 2018-07-06 04:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-11 06:55 - 2018-07-06 04:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-11 06:55 - 2018-07-06 04:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-11 06:55 - 2018-07-06 04:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-11 06:55 - 2018-07-06 04:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-11 06:55 - 2018-07-06 04:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-11 06:55 - 2018-07-06 04:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-11 06:55 - 2018-07-06 04:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-11 06:55 - 2018-07-06 04:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-11 06:55 - 2018-07-06 04:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-11 06:55 - 2018-07-06 04:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-11 06:55 - 2018-07-06 04:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-11 06:55 - 2018-07-06 04:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-11 06:55 - 2018-07-06 04:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-11 06:55 - 2018-07-06 04:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-11 06:55 - 2018-07-06 04:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-11 06:55 - 2018-07-06 04:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-11 06:55 - 2018-07-06 04:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-11 06:55 - 2018-07-06 04:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-11 06:55 - 2018-07-06 04:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-11 06:55 - 2018-07-06 04:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-11 06:55 - 2018-07-06 04:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-11 06:55 - 2018-07-06 04:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-11 06:55 - 2018-07-06 04:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-11 06:55 - 2018-07-06 04:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-11 06:55 - 2018-07-06 04:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-11 06:55 - 2018-07-06 04:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-11 06:55 - 2018-07-06 04:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-11 06:55 - 2018-07-06 03:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-11 06:55 - 2018-07-06 03:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-11 06:55 - 2018-07-06 03:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-11 06:55 - 2018-07-06 03:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-11 06:55 - 2018-07-06 03:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-11 06:55 - 2018-07-06 03:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-11 06:55 - 2018-07-06 03:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-11 06:55 - 2018-07-06 03:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-11 06:55 - 2018-07-06 03:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-11 06:55 - 2018-07-06 03:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-11 06:55 - 2018-07-06 03:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-11 06:55 - 2018-07-06 03:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-11 06:55 - 2018-07-06 03:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-11 06:55 - 2018-07-06 03:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-11 06:55 - 2018-07-06 03:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-11 06:55 - 2018-07-06 03:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-11 06:55 - 2018-07-06 03:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-11 06:55 - 2018-07-06 03:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-11 06:55 - 2018-07-06 03:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-11 06:55 - 2018-07-06 03:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-11 06:55 - 2018-07-06 03:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-11 06:55 - 2018-07-06 03:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-11 06:55 - 2018-07-06 03:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-11 06:55 - 2018-07-06 03:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-11 06:55 - 2018-07-06 03:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-11 06:55 - 2018-07-06 03:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-11 06:55 - 2018-07-06 03:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-11 06:55 - 2018-07-06 03:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-11 06:55 - 2018-07-06 03:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-11 06:55 - 2018-07-06 03:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-11 06:55 - 2018-07-06 03:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-11 06:55 - 2018-07-06 03:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-11 06:55 - 2018-07-06 03:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-11 06:55 - 2018-07-06 03:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-11 06:55 - 2018-07-06 03:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-11 06:55 - 2018-07-06 03:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-11 06:55 - 2018-07-06 03:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-11 06:55 - 2018-07-06 03:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-11 06:55 - 2018-07-06 03:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-11 06:55 - 2018-07-06 02:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-11 06:55 - 2018-06-29 01:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-11 06:55 - 2018-06-15 14:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-11 06:55 - 2018-06-15 14:53 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-11 06:55 - 2018-06-15 14:53 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-11 06:55 - 2018-06-15 14:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-11 06:55 - 2018-06-15 14:49 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-11 06:55 - 2018-06-15 14:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-11 06:55 - 2018-06-15 14:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-11 06:55 - 2018-06-15 14:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-11 06:55 - 2018-06-15 14:34 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-11 06:55 - 2018-06-15 14:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-11 06:55 - 2018-06-15 14:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-11 06:55 - 2018-06-15 14:33 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-11 06:55 - 2018-06-15 14:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-11 06:55 - 2018-06-15 14:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-11 06:55 - 2018-06-15 14:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-11 06:55 - 2018-06-15 14:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-11 06:55 - 2018-06-15 14:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-11 06:55 - 2018-06-15 14:31 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-11 06:55 - 2018-06-15 14:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-11 06:55 - 2018-06-15 14:31 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-11 06:55 - 2018-06-15 14:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-11 06:55 - 2018-06-15 14:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-11 06:55 - 2018-06-15 14:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-11 06:55 - 2018-06-15 14:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-11 06:55 - 2018-06-15 14:29 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-11 06:55 - 2018-06-15 14:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-11 06:55 - 2018-06-15 14:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-11 06:55 - 2018-06-15 14:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-11 06:55 - 2018-06-15 14:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-11 06:55 - 2018-06-15 14:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-11 06:55 - 2018-06-15 14:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-11 06:55 - 2018-06-15 14:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-11 06:55 - 2018-06-15 12:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-11 06:55 - 2018-06-15 12:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-11 06:55 - 2018-06-15 12:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-11 06:55 - 2018-06-15 12:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-11 06:55 - 2018-06-15 12:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-11 06:55 - 2018-06-15 12:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-11 06:55 - 2018-06-15 12:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-11 06:55 - 2018-06-15 12:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-11 06:55 - 2018-06-15 12:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-11 06:55 - 2018-06-15 12:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-11 06:55 - 2018-06-15 12:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-11 06:55 - 2018-06-15 12:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-11 06:55 - 2018-06-15 12:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-11 06:55 - 2018-06-15 10:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-11 06:55 - 2018-06-15 04:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-11 06:55 - 2018-06-15 04:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-11 06:55 - 2018-06-15 04:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-11 06:55 - 2018-06-15 02:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-11 06:55 - 2018-06-15 02:21 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-11 06:55 - 2018-06-15 02:19 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-11 06:55 - 2018-06-15 02:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-11 06:55 - 2018-06-15 02:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-11 06:55 - 2018-06-15 02:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-11 06:55 - 2018-06-15 02:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-11 06:55 - 2018-06-15 02:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-11 06:55 - 2018-06-15 02:15 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-11 06:55 - 2018-06-15 02:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-11 06:55 - 2018-06-15 02:13 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-11 06:55 - 2018-06-15 02:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-11 06:55 - 2018-06-15 02:12 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-11 06:55 - 2018-06-15 02:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-11 06:55 - 2018-06-15 02:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-11 06:55 - 2018-06-15 02:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-11 06:55 - 2018-06-15 02:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-11 06:55 - 2018-06-15 02:11 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-11 06:55 - 2018-06-15 02:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-11 06:55 - 2018-06-15 02:10 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-11 06:55 - 2018-06-15 02:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-11 06:55 - 2018-06-15 02:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-11 06:55 - 2018-06-15 02:09 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-11 06:55 - 2018-06-15 02:09 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-11 06:55 - 2018-06-15 02:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-11 06:55 - 2018-06-15 02:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-11 06:55 - 2018-06-15 02:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-11 06:55 - 2018-06-15 02:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-11 06:55 - 2018-06-15 02:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-11 06:55 - 2018-06-15 02:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-11 06:55 - 2018-06-15 02:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-11 06:55 - 2018-06-15 02:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-11 06:55 - 2018-06-15 02:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-11 06:55 - 2018-06-15 02:08 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-11 06:55 - 2018-06-15 02:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-11 06:55 - 2018-06-15 02:08 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-11 06:55 - 2018-06-15 02:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-11 06:55 - 2018-06-15 02:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-11 06:55 - 2018-06-15 02:08 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-11 06:55 - 2018-06-15 02:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-11 06:55 - 2018-06-15 02:08 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-11 06:55 - 2018-06-15 02:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-11 06:55 - 2018-06-15 02:08 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-11 06:55 - 2018-06-15 02:08 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-11 06:55 - 2018-06-15 02:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-11 06:55 - 2018-06-15 02:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-11 06:55 - 2018-06-15 02:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-11 06:55 - 2018-06-15 02:08 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-07-11 06:55 - 2018-06-15 02:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-11 06:55 - 2018-06-15 02:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-11 06:55 - 2018-06-15 02:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-11 06:55 - 2018-06-15 02:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-11 06:55 - 2018-06-15 02:07 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-11 06:55 - 2018-06-15 02:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-11 06:55 - 2018-06-15 02:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-11 06:55 - 2018-06-15 02:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-11 06:55 - 2018-06-15 02:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-11 06:55 - 2018-06-15 02:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-11 06:55 - 2018-06-15 02:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-11 06:55 - 2018-06-15 02:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-11 06:55 - 2018-06-15 02:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-11 06:55 - 2018-06-15 02:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-11 06:55 - 2018-06-15 02:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-11 06:55 - 2018-06-15 02:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-11 06:55 - 2018-06-15 01:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-11 06:55 - 2018-06-15 01:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-11 06:55 - 2018-06-15 01:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-11 06:55 - 2018-06-15 01:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-11 06:55 - 2018-06-15 01:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-11 06:55 - 2018-06-15 01:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-11 06:55 - 2018-06-15 01:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-11 06:55 - 2018-06-15 01:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-11 06:55 - 2018-06-15 01:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-11 06:55 - 2018-06-15 01:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-11 06:55 - 2018-06-15 01:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-11 06:55 - 2018-06-15 01:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-11 06:55 - 2018-06-15 01:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 06:55 - 2018-06-15 01:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-11 06:55 - 2018-06-15 01:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-11 06:55 - 2018-06-15 01:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-11 06:55 - 2018-06-15 01:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-07-11 06:55 - 2018-06-15 01:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-11 06:55 - 2018-06-15 01:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-11 06:55 - 2018-06-15 01:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-11 06:55 - 2018-06-15 01:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-11 06:55 - 2018-06-15 01:44 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-11 06:55 - 2018-06-15 01:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-11 06:55 - 2018-06-15 01:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-11 06:55 - 2018-06-15 01:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-11 06:55 - 2018-06-15 01:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-11 06:55 - 2018-06-15 01:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-11 06:55 - 2018-06-15 01:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-11 06:55 - 2018-06-15 01:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-11 06:55 - 2018-06-15 01:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-11 06:55 - 2018-06-15 01:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-11 06:55 - 2018-06-15 01:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-11 06:55 - 2018-06-15 01:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-11 06:55 - 2018-06-15 01:43 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-11 06:55 - 2018-06-15 01:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-11 06:55 - 2018-06-15 01:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-11 06:55 - 2018-06-15 01:43 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-11 06:55 - 2018-06-15 01:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-11 06:55 - 2018-06-15 01:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-11 06:55 - 2018-06-15 01:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-11 06:55 - 2018-06-15 01:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-11 06:55 - 2018-06-15 01:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-11 06:55 - 2018-06-15 01:42 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-11 06:55 - 2018-06-15 01:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-11 06:55 - 2018-06-15 01:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-11 06:55 - 2018-06-15 01:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-11 06:55 - 2018-06-15 01:42 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-11 06:55 - 2018-06-15 01:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-11 06:55 - 2018-06-15 01:42 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-11 06:55 - 2018-06-15 01:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-11 06:55 - 2018-06-15 01:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-11 06:55 - 2018-06-15 01:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-11 06:55 - 2018-06-15 01:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-11 06:55 - 2018-06-15 01:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 06:55 - 2018-06-15 01:41 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-11 06:55 - 2018-06-15 01:41 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-11 06:55 - 2018-06-15 01:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-11 06:55 - 2018-06-15 01:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-11 06:55 - 2018-06-15 01:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-11 06:55 - 2018-06-15 01:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-11 06:55 - 2018-06-15 01:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-11 06:55 - 2018-06-15 01:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-11 06:55 - 2018-06-15 01:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-11 06:55 - 2018-06-15 01:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-11 06:55 - 2018-06-15 01:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-11 06:55 - 2018-06-15 01:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-11 06:55 - 2018-06-15 01:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-11 06:55 - 2018-06-15 01:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-11 06:55 - 2018-06-15 01:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-11 06:55 - 2018-06-15 01:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-11 06:55 - 2018-06-15 01:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-11 06:55 - 2018-06-15 01:39 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-11 06:55 - 2018-06-15 01:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-11 06:55 - 2018-06-15 01:39 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-11 06:55 - 2018-06-15 01:39 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-11 06:55 - 2018-06-15 01:39 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-11 06:55 - 2018-06-15 01:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-11 06:55 - 2018-06-15 01:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-11 06:55 - 2018-06-15 01:38 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-11 06:55 - 2018-06-15 01:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-11 06:55 - 2018-06-15 01:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-11 06:55 - 2018-06-15 01:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-11 06:55 - 2018-06-15 01:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-11 06:55 - 2018-06-15 01:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-11 06:55 - 2018-06-15 01:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-11 06:55 - 2018-06-15 01:38 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-11 06:55 - 2018-06-15 01:37 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-11 06:55 - 2018-06-15 01:37 - 001069056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-07-11 06:55 - 2018-06-15 01:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-11 06:55 - 2018-06-15 01:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-11 06:55 - 2018-06-01 02:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-11 06:55 - 2018-05-20 08:53 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-07-11 06:55 - 2018-05-20 08:52 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-07-10 09:50 - 2018-07-13 01:26 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-07-10 09:50 - 2018-07-10 09:50 - 000002848 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-07-10 09:50 - 2018-07-10 09:50 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-07-10 09:50 - 2018-07-10 09:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-07-10 09:50 - 2018-07-10 09:50 - 000000000 ____D C:\Program Files\CCleaner
2018-07-09 20:52 - 2018-07-09 20:52 - 000143277 _____ C:\Users\doryo\Desktop\TDSSKiller report.txt
2018-07-09 20:50 - 2018-07-09 20:51 - 000286644 _____ C:\TDSSKiller.3.1.0.17_09.07.2018_20.50.03_log.txt
2018-07-02 16:17 - 2018-07-13 09:18 - 000000000 ____D C:\FRST
2018-06-28 10:10 - 2018-06-28 10:11 - 000000000 ____D C:\AdwCleaner
2018-06-28 10:02 - 2018-06-28 10:02 - 000000000 ____D C:\Program Files\HitmanPro
2018-06-28 10:01 - 2018-07-11 11:27 - 000000000 ____D C:\ProgramData\HitmanPro
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-13 09:13 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-13 09:12 - 2016-05-19 17:43 - 000000000 ____D C:\Users\doryo\AppData\Local\Adobe
2018-07-13 09:10 - 2018-05-01 12:03 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-07-13 09:10 - 2016-06-06 12:26 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-07-13 09:09 - 2018-05-01 11:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-13 01:39 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-13 01:28 - 2018-05-01 12:03 - 000004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1933E47A-0F08-41FC-AB27-8F5C523F4B1C}
2018-07-13 01:26 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-12 18:16 - 2016-05-16 10:08 - 000000000 ____D C:\Users\doryo\Documents\Outlook Files
2018-07-12 10:13 - 2016-05-16 09:23 - 000000000 ____D C:\Users\doryo\AppData\Roaming\uTorrent
2018-07-11 11:48 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-11 11:48 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-11 11:41 - 2018-05-01 16:50 - 000782398 _____ C:\WINDOWS\system32\perfh00A.dat
2018-07-11 11:41 - 2018-05-01 16:50 - 000152222 _____ C:\WINDOWS\system32\perfc00A.dat
2018-07-11 11:41 - 2018-05-01 12:02 - 001762872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-11 11:32 - 2018-05-01 12:03 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-11 11:32 - 2018-04-11 18:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-07-11 11:32 - 2018-03-31 12:09 - 000000000 ____D C:\Temp
2018-07-11 11:32 - 2016-05-14 13:05 - 000000000 __SHD C:\Users\doryo\IntelGraphicsProfiles
2018-07-11 11:22 - 2018-05-01 11:56 - 005099288 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-11 11:22 - 2016-05-16 14:02 - 000000000 ___RD C:\Users\doryo\3D Objects
2018-07-11 11:22 - 2016-02-13 10:20 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-11 11:21 - 2018-04-12 06:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-11 11:21 - 2018-04-11 20:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-11 11:21 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-11 11:21 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-07-11 11:21 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-11 11:21 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-11 11:21 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-11 08:15 - 2018-05-01 11:57 - 000000000 ____D C:\Users\doryo\AppData\Local\Google
2018-07-11 08:15 - 2016-05-14 19:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-11 07:03 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-11 07:02 - 2016-05-14 12:57 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-11 07:01 - 2016-05-14 12:57 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-11 06:59 - 2018-04-11 20:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-07-11 06:48 - 2016-05-20 20:59 - 000000000 ____D C:\Users\doryo\AppData\Roaming\MPC-HC
2018-07-10 13:11 - 2015-10-30 04:24 - 000000167 _____ C:\WINDOWS\win.ini
2018-07-10 10:07 - 2016-05-31 17:41 - 000000000 ____D C:\Users\doryo\AppData\Roaming\Notepad++
2018-07-10 10:07 - 2016-05-31 17:41 - 000000000 ____D C:\Program Files (x86)\Notepad++
2018-07-10 10:07 - 2016-05-16 16:59 - 000000000 ____D C:\Users\doryo\AppData\Roaming\WhatsApp
2018-07-10 10:07 - 2016-05-16 16:59 - 000000000 ____D C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-07-10 10:07 - 2016-05-16 16:59 - 000000000 ____D C:\Users\doryo\AppData\Local\WhatsApp
2018-07-10 10:06 - 2017-10-19 11:53 - 000000000 ____D C:\Users\doryo\AppData\Local\Packages
2018-07-06 21:52 - 2016-08-12 20:21 - 000000000 ____D C:\Users\doryo\Desktop\IIBB JAZ
2018-07-06 04:14 - 2015-10-30 05:13 - 000407560 __RSH C:\bootmgr
2018-07-04 19:38 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-30 14:53 - 2017-09-28 19:08 - 000000000 ____D C:\Users\doryo\Desktop\Néstor
2018-06-28 22:13 - 2018-04-11 20:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-28 22:13 - 2018-04-11 20:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-28 10:12 - 2016-05-16 09:45 - 000000000 ____D C:\Users\doryo\AppData\Roaming\Skype
2018-06-28 07:12 - 2018-02-14 03:12 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-23 20:24 - 2018-05-01 12:03 - 000003350 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-60989047-3131939895-948155456-1001
2018-06-23 20:24 - 2018-05-01 11:57 - 000002359 _____ C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-23 20:24 - 2016-05-14 12:39 - 000000000 ___RD C:\Users\doryo\OneDrive
 
==================== Files in the root of some directories =======
 
2016-12-26 11:36 - 2016-12-26 11:36 - 000000132 _____ () C:\Users\doryo\AppData\Roaming\Prefs. de formato BMP de Adobe CS6
2016-06-10 11:56 - 2018-05-03 12:29 - 000000132 _____ () C:\Users\doryo\AppData\Roaming\Prefs. de formato PNG de Adobe CS6
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-01 11:56
 
==================== End of FRST.txt ============================
 
 
 
 
 
 
 
Addition:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by doryo (13-07-2018 09:19:55)
Running from D:\Cositas
Windows 10 Home Version 1803 17134.165 (X64) (2018-05-01 15:04:02)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-60989047-3131939895-948155456-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-60989047-3131939895-948155456-503 - Limited - Disabled)
doryo (S-1-5-21-60989047-3131939895-948155456-1001 - Administrator - Enabled) => C:\Users\doryo
Guest (S-1-5-21-60989047-3131939895-948155456-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-60989047-3131939895-948155456-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20055 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Backup and Sync from Google (HKLM\...\{AEFBDB5B-899F-4AE6-B789-BA56A652A476}) (Version: 3.42.9858.3671 - Google, Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.44 - Piriform)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 2.0.1.0 - Google LLC.)
HandBrake 1.0.0 (HKLM-x32\...\HandBrake) (Version: 1.0.0 - )
Herramientas de corrección de Microsoft Office 2016: español (HKLM\...\{90160000-001F-0C0A-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
HiSuite (HKLM-x32\...\Hi Suite) (Version: 1.0 - Huawei Technologies Co.,Ltd)
HL-1210W series (HKLM-x32\...\{75E38F04-1BAF-4054-A059-57F831688943}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
inSSIDer 2.0 (HKLM-x32\...\{6133183D-FA87-4924-8D50-1777222C05EA}) (Version: 2.0.3 - MetaGeek)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4885 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{00000030-0200-1034-84C8-B8D95FA3C8C3}) (Version: 20.30.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1b3fcb8d-3d2b-4477-b722-0b3e2c1195ba}) (Version: 20.30.1 - Intel Corporation)
Java™ 6 Update 29 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216029FF}) (Version: 6.0.290 - Oracle)
K-Lite Mega Codec Pack 14.0.4 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 14.0.4 - KLCP)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 3.2.116.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 (HKLM\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Motorola Device Manager (HKLM-x32\...\{28DB8373-C1BB-444F-A427-A55585A12ED7}) (Version: 2.5.4 - Motorola Mobility)
Motorola Device Software Update (HKLM-x32\...\{894AB83D-A9AF-4E54-BFF3-A7262A0A6C13}) (Version: 13.09.3001 - Motorola Mobility) Hidden
Motorola Mobile Drivers Installation 6.4.0 (HKLM\...\{27986EDD-C9EC-4B52-B92F-06D073F0AA52}) (Version: 6.4.0 - Motorola Mobility LLC)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM\...\{90160000-001F-040C-1000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Paragon Hard Disk Manager™ 14 Suite (HKLM\...\{29258311-EA49-11DE-967C-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Settings CS6 (HKLM-x32\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.9 - Power Software Ltd)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8004 - Realtek Semiconductor Corp.)
Samsung Kies3 (HKLM-x32\...\{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16084.2 - Samsung Electronics Co., Ltd.)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 5.0.0.790 - Samsung Electronics)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
SketchUp 2017 (HKLM\...\{E59BD84C-169B-4F3F-AC5D-85127CF67051}) (Version: 17.2.2555 - Trimble, Inc.)
Skype™ 7.41 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.41.101 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
VBA (2627.01) (HKLM-x32\...\{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2627.4) (HKLM-x32\...\{5545EEE9-FA36-4F76-B6BE-5696E7F4E2D6}) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17384 - Microsoft Corporation)
Windows Driver Package - Silicon Laboratories (WinUSB) USB  (04/08/2013 4.0.0.0) (HKLM\...\ECCA79E3941154C28F5B308B576703BD8253BAB1) (Version: 04/08/2013 4.0.0.0 - Silicon Laboratories)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (06/18/2012 8.0.2.4) (HKLM\...\54DCDF5F20965812FBF3C1C44CE2E9E620585DE9) (Version: 06/18/2012 8.0.2.4 - Sony Corporation)
Windows Driver Package - Sony Croporation (SOWS) HIDClass  (06/11/2012 1.0.0.06110) (HKLM\...\5478D63468C46333F277779BC2B1EBAEA89C153D) (Version: 06/11/2012 1.0.0.06110 - Sony Croporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-60989047-3131939895-948155456-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} =>  -> No File
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers1: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu64.dll [2018-05-30] (Google)
ContextMenuHandlers4: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2018-01-02] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [PowerISO] -> {967B2D40-8B7D-4127-9049-61EA0C2C6DCE} => C:\Program Files\PowerISO\PWRISOSH.DLL [2017-06-06] (Power Software Ltd)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {003C0296-0189-4A41-B9EC-8F0573624061} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {0264EAD8-E7A8-47E1-885A-6D3EBB777ADC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-06-24] (Piriform Ltd)
Task: {060FAC03-AD67-4E24-A26A-A09C39EA8F0C} - System32\Tasks\Motorola Device Manager Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {09BB4F3D-F7C3-4077-9195-22471306450E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {0D37AE6F-CB13-4301-A210-5B7804469737} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-03-21] (Adobe Systems Incorporated)
Task: {0EC60CD0-4232-448B-9036-AF7DABC4703E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-10-11] (Microsoft Corporation)
Task: {18C6A765-3146-40B4-9435-0D3D25BBED3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-14] (Google Inc.)
Task: {2457DA14-3C19-4A5E-A28F-B2E36BF2BD1C} - System32\Tasks\Microsoft_MKC_Logon_Task_ceip.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ceip.exe [2017-10-11] (Microsoft)
Task: {2B495949-BF13-4AEF-911E-403B5FEA4D61} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-doryon2004@outlook.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {30306294-3C35-4EF4-9032-7D5C121077B0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-10-11] (Microsoft Corporation)
Task: {3B4CDF6F-D975-41C1-8128-504634FA1EDE} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-06-24] (Piriform Ltd)
Task: {3C2C1522-3D26-496E-B2DD-B6CE76D42498} - System32\Tasks\S-1-5-21-60989047-3131939895-948155456-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {3CCF9419-0906-4563-9E1D-098C66653CA3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2017-10-11] (Microsoft Corporation)
Task: {40E0387E-3406-4CB5-9A89-9A7093E86A89} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2017-10-11] (Microsoft Corporation)
Task: {5AD9DFEE-4825-4BE0-9CF8-8343395FADB2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {66BD8886-8A89-4929-AB32-2DAFA24F452D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-28] (Microsoft Corporation)
Task: {6DC47CCA-FB41-47DF-AE3F-859A202DE9E3} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe [2016-11-23] (Samsung Electronics Co. Ltd.)
Task: {8B84C353-213F-4980-B284-FCF4A8EA2DD9} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-doryon2004@outlook.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {A3938491-00B9-4428-B83F-EF4FDFA148C0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {C16B59B4-812D-4F94-81E2-58D080322F71} - System32\Tasks\Motorola Device Manager Initial Update => C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe [2014-10-30] ()
Task: {CC37C225-F792-42FD-81AE-47290D034ECE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-14] (Google Inc.)
Task: {CD7325D1-2283-48A5-B00F-929F30477185} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-07-31] (Microsoft Corporation)
Task: {E32BACF2-1C71-4154-AC67-4A2E54EF6C32} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2017-10-11] (Microsoft)
Task: {EF88A564-F3B1-4916-AD87-4F5530000F08} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2018-02-19] ()
Task: {F27C7F81-2B8A-4761-9648-8506F45DDDBE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicaciones de Chrome\Google Play Música.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi
ShortcutWithArgument: C:\Users\doryo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> /high-dpi-support=1 /force-device-scale-factor=1
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-07-26 04:58 - 2017-07-26 04:58 - 000192200 _____ () C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
2018-04-11 20:34 - 2018-04-11 20:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-02-22 23:56 - 2017-02-22 23:56 - 008911560 _____ () C:\Program Files\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-11 06:55 - 2018-07-06 03:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-23 11:18 - 2018-05-23 11:19 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-23 11:18 - 2018-05-23 11:19 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-05-30 11:03 - 2018-05-30 11:03 - 046281248 _____ () C:\Program Files\Google\Drive\googledrivesync.exe
2018-07-11 11:33 - 2018-07-11 11:33 - 000113152 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\_ctypes.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000080896 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\bz2.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 001585152 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\_hashlib.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000128512 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32api.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000137728 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\pywintypes27.dll
2018-07-11 11:33 - 2018-07-11 11:33 - 000548864 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\pythoncom27.dll
2018-07-11 11:33 - 2018-07-11 11:33 - 000689664 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\unicodedata.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000438784 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32com.shell.shell.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 001489408 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\wx._core_.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 001007104 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\wx._gdi_.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 001039872 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\wx._windows_.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 001325056 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\wx._controls_.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000916992 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\wx._misc_.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 001084416 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\pysqlite2._sqlite.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000149504 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32file.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000136192 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32security.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000007680 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\hashobjs_ext.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000020992 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\thumbnails_ext.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000118784 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\usb_ext.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000047616 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\_socket.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 002224640 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\_ssl.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000014848 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\common.time34.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000023040 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32event.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000034304 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\windows.conditional.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000020480 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\windows.winwrap.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000110080 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\windows.volumes.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000223232 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32gui.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000173568 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\_elementtree.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000169472 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\pyexpat.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000048128 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32inet.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000103424 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\wx._html2.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000046080 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\_psutil_windows.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000633272 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\windows._cacheinvalidation.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000011776 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32crypt.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000301568 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\PIL._imaging.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000032256 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\_multiprocessing.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 005458944 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\cello.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000026112 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\_yappi.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000044032 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32process.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000027648 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32pipe.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000010752 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\select.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000029696 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32pdh.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000038400 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\windows.connectivity.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000073216 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\windows.device_monitor.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000020480 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32profile.pyd
2018-07-11 11:33 - 2018-07-11 11:33 - 000026624 _____ () C:\Users\doryo\AppData\Local\Temp\_MEI100762\win32ts.pyd
2018-07-11 11:48 - 2018-07-11 11:48 - 001922224 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-07-11 08:15 - 2018-06-22 16:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-07-11 08:15 - 2018-06-22 16:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2014-04-07 11:31 - 2014-04-07 11:31 - 000172032 _____ () C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\css_core.dll
2018-04-19 11:48 - 2009-02-27 16:38 - 000139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2018-04-19 11:48 - 2018-01-18 15:39 - 000519168 _____ () C:\Program Files (x86)\Browny02\BrMonitor.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 04:24 - 2016-07-15 18:04 - 000000857 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 site.darriens.localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-60989047-3131939895-948155456-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\doryo\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\StartupApproved\Run: => "AirDroid 3"
HKU\S-1-5-21-60989047-3131939895-948155456-1001\...\StartupApproved\Run: => "Kies3PDLR.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{C66A32FB-3C15-4FAF-80F4-DD09E4FF2BAF}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{1DA02B4B-15E7-446D-82B7-5ED005FD2379}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{F8A58B26-FDFF-486D-8C65-67609E200BD7}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{126EC30E-96A5-4442-B454-EC30559FDB84}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{8D0AB6A7-1643-4A45-9843-4EE2A866829A}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [UDP Query User{C31F0F48-B3A0-4486-A299-12B9EC7E2053}C:\users\doryo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\doryo\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BCC5805C-CF52-4207-B480-C37DC06A4A1E}C:\users\doryo\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\doryo\appdata\roaming\spotify\spotify.exe
FirewallRules: [{8B634F36-7A3A-4AF8-86F7-B6E24A195B3E}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5144F8FC-C34D-4444-B0F2-8C0E15602C23}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{ED335A90-F6EA-41F5-8A12-FD7A7CEBCFB4}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F8398A30-F5B1-4678-AAE4-DE857FE5EA26}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1FBEB042-7D19-4B20-9E8D-399F7BB82F0D}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{314F36D0-A562-4F73-AF71-706A8F37C636}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FD01F1F9-952F-4509-9A95-CB8132F2521C}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3931563E-002D-40A3-A27E-DFFA8BA7CBBA}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{B02FDC29-1035-4F68-A799-D8D1E98D2BF7}] => (Allow) C:\Program Files\Microsoft Office\Office16\lync.exe
FirewallRules: [{7C523620-837A-4520-9F80-FA55C25D728E}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{8C141655-DE00-46DD-A5B0-0F2329C51061}] => (Allow) C:\Program Files\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{C9D38CA8-D868-4B1D-93E8-4897764143CE}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{32167CD4-0C10-46FD-936C-5AF736BCF079}] => (Allow) C:\Users\doryo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BD7D5CB4-D5A2-4B3F-B60F-5BAA37E52C8C}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{6E2A7E9D-E82A-4E68-BBD7-967EAEE3A609}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{2E0DFC77-C4AF-4411-8573-62EB5F7311B7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
04-07-2018 19:22:02 Removed Google Chrome
04-07-2018 19:40:26 Removed ChromePlayerPlugin
08-07-2018 20:56:43 Installed ChromePlayerPlugin
10-07-2018 09:57:15 Removed ChromePlayerPlugin
10-07-2018 10:05:06 Removed AdWords Editor
10-07-2018 10:05:49 Removed Bonjour
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/11/2018 06:48:00 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
Error: (07/11/2018 06:48:00 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
 
Error: (07/03/2018 10:03:27 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (07/03/2018 10:03:09 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c8ccff4f-182d-41a0-8bbc-7ac3a3f48a20}
 
Error: (06/01/2018 10:51:30 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (05/16/2018 02:40:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AGSService.exe, version: 4.5.0.814, time stamp: 0x5a4f2d48
Faulting module name: ntdll.dll, version: 10.0.17134.1, time stamp: 0xc8733c73
Exception code: 0xc0000005
Fault offset: 0x00022df9
Faulting process id: 0xe3c
Faulting application start time: 0x01d3e7d5d53c3f26
Faulting application path: C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 69914321-0ed2-4ccf-9bad-59b4b8974594
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/14/2018 06:34:19 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18031.15820.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 18e0
 
Start Time: 01d3eb6510ad5016
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: a4289ed4-4148-4111-a0f2-c5099b3879f6
 
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
Error: (05/11/2018 03:20:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Microsoft.Photos.exe version 2018.18031.15820.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 968
 
Start Time: 01d3e952f6969a61
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
 
Report Id: f126e9fb-a65e-4b4d-80a7-e8b5bec46981
 
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe
 
Faulting package-relative application ID: App
 
 
System errors:
=============
Error: (07/13/2018 09:12:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/13/2018 09:11:40 AM) (Source: DCOM) (EventID: 10016) (User: VAIO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user VAIO\doryo SID (S-1-5-21-60989047-3131939895-948155456-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/13/2018 09:09:48 AM) (Source: DCOM) (EventID: 10016) (User: VAIO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user VAIO\doryo SID (S-1-5-21-60989047-3131939895-948155456-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/13/2018 01:25:54 AM) (Source: DCOM) (EventID: 10016) (User: VAIO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user VAIO\doryo SID (S-1-5-21-60989047-3131939895-948155456-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/13/2018 01:25:26 AM) (Source: DCOM) (EventID: 10016) (User: VAIO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user VAIO\doryo SID (S-1-5-21-60989047-3131939895-948155456-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/12/2018 03:24:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/12/2018 09:19:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/12/2018 09:16:58 AM) (Source: DCOM) (EventID: 10016) (User: VAIO)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user VAIO\doryo SID (S-1-5-21-60989047-3131939895-948155456-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-07-10 17:10:53.245
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {92A3886E-B2C0-4FE1-AEAC-0BA666C86174}
Scan Type: Antimalware
Scan Parameters: Full Scan
 
Date: 2018-07-10 17:10:53.239
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: HackTool:Win64/Gendows
ID: 2147678484
Severity: High
Category: Tool
Path: containerfile:_D:\Cositas\Microsoft.Office.Professional.Plus.2013.x64-iNDiSO\Office_Professional_Plus_2013_64Bit_English.ISO;file:_D:\Cositas\Microsoft.Office.Professional.Plus.2013.x64-iNDiSO\Office_Professional_Plus_2013_64Bit_English.ISO->\Crack\Activation Helper v1.5 x64.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: User
Process Name: Unknown
Signature Version: AV: 1.271.767.0, AS: 1.271.767.0, NIS: 1.271.767.0
Engine Version: AM: 1.1.15000.2, NIS: 1.1.15000.2
 
Date: 2018-07-09 20:07:51.746
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {1525E44C-377A-45FB-BC90-1C9925BB055F}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-04 12:58:55.664
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {41EA708D-11DE-426F-AB32-1E6A870F71AA}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-07-04 10:34:09.623
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F5B35352-08B1-4D9A-808D-DD8CD3279590}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-26 08:34:44.210
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.1961.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2018-06-28 09:19:30.961
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-06-09 13:42:44.445
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\Google\Chrome\Application\chrome.exe) attempted to load \Device\HarddiskVolume1\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 24%
Total physical RAM: 16266.35 MB
Available physical RAM: 12225.04 MB
Total Virtual: 16466.35 MB
Available Virtual: 12117.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:231.58 GB) (Free:49.53 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Harley) (Fixed) (Total:698.64 GB) (Free:121.63 GB) NTFS
Drive e: (24GB SSD) (Fixed) (Total:22.36 GB) (Free:10.6 GB) NTFS
 
\\?\Volume{ae625731-0000-0000-0000-30043a000000}\ () (Fixed) (Total:0.82 GB) (Free:0.32 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 232.9 GB) (Disk ID: AE625731)
Partition 1: (Active) - (Size=231.6 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=838 MB) - (Type=27)
 
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: AB0F1A1C)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: DDC4E5CD)
Partition 2: (Not Active) - (Size=698.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:42 AM

Posted 13 July 2018 - 07:47 AM

Hi,

One of your Shortcuts may be corrupted.

Run the Farbar program. There is a box to create a Shortcut.txt log.
Clear all the other check marks and just mark that box.

Scan and post the log for my review.

While I check this log run this scan.
This scan may take an hour or two. Execute it when you know you will not need the comuuter.

Please scan your computer with ESET Online Scanner.
  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users