Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Credit card info stolen, posible keystroke logger?


  • This topic is locked This topic is locked
6 replies to this topic

#1 Lakoda

Lakoda

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 04 July 2018 - 01:40 AM

I'm concerned I have a keystroke logger because I used my credit card one time to buy something online and that was the only time I used that card in a very long time. The card is set up with some reoccurring payments but I set those up a year or two ago. The only reason I used the card that one time was I grabbed the wrong card. I was pretty shocked to see UBER eats billed me 2 times in Canada and one UBER in California the same day. I'd never even heard of UBER eats, didn't know they brought people food until I looked it up. Anyway, if someone could please look at my log and see if my PC is clean or not I'd really appreciate it.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018 Ran by petra (administrator) on MSI (03-07-2018 21:55:46) Running from C:\Users\petra\Desktop Loaded Profiles: petra (Available Profiles: petra & .NET v4.5 & .NET v4.5 Classic) Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxCUIService.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe (Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe (Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\IntelCpHDCPSvc.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\IntelCpHeciSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxEM.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe () C:\Program Files (x86)\SCM\SCM.exe (Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe (Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxext.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe (SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-06-09] (Intel Corporation) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-06-29] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3375064 2017-11-21] (ELAN Microelectronics Corp.) HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [734904 2017-05-30] (Nahimic) HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2017-06-08] () HKLM\...\Run: [NahimicVRSvc32] => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [990392 2017-06-12] (A-Volute) HKLM\...\Run: [NahimicVRSvc64] => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142456 2017-06-12] (A-Volute) HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [5838120 2017-05-19] (Portrait Displays, Inc.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1874264 2011-08-19] (Intuit Inc. All rights reserved.) HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3752768 2018-06-25] (Dropbox, Inc.) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation) HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\...\Run: [Steam] => D:\steam games\steam.exe [3111712 2017-12-15] (Valve Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2018-01-11] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2017-07-06] ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2018-01-11] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2018-01-11] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-01-09] ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{17c14524-3fef-4917-81da-2e6babe031da}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{43962802-855b-48dd-88f2-bb7fbf2d649e}: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{bcecd424-eb07-4b2f-bacb-a69ad3381384}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation) Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2018-01-11] (Intuit, Inc.) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2018-04-11] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: zkcfya99.default FF ProfilePath: C:\Users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\zkcfya99.default [2018-07-03] FF Extension: (NoScript) - C:\Users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\zkcfya99.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-05-30] FF Extension: (Web of Trust) - C:\Users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\zkcfya99.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-06-26] FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-03] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-03] (NVIDIA Corporation) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-24] (Windows ® Win 7 DDK provider) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-11] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-11] (Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-06-25] (Dropbox, Inc.) R2 ETDService; C:\Program Files\Elantech\ETDService.exe [152536 2017-11-21] (ELAN Microelectronics Corp.) S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2413720 2017-06-12] (Intel Corporation) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-06-09] (Intel Corporation) S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel® Corporation) S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [197264 2017-06-06] (Intel Corporation) R2 Killer Network Service x64; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2193088 2017-06-01] (Rivet Networks) R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.) R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2017-06-08] (Micro-Star International Co., Ltd.) [File not signed] R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [192296 2017-05-19] (Portrait Displays, Inc.) R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [61880 2017-08-28] (Micro-Star INT'L CO., LTD.) R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-08-20] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-08-19] (Intuit Inc.) [File not signed] R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed] S2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] () S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2150120 2017-03-16] (Intel Corporation) S2 TriDefSmartCamService; c:\program files (x86)\tridef\smartcam\tridefsmartcamservice64.exe [11076576 2017-03-10] (DDD Group Plc.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-27] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-27] (Microsoft Corporation) R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin" ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605616 2017-04-24] (Qualcomm) R3 e2xw10x64; C:\WINDOWS\System32\drivers\e2xw10x64.sys [164560 2017-05-17] (Qualcomm Atheros, Inc.) R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31816 2017-11-21] (ELAN Microelectronic Corp.) S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70632 2017-06-12] (Intel Corporation) R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech) R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_463ff046fd545b4a\nvlddmkm.sys [17486096 2018-01-05] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31800 2017-06-29] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [49208 2017-06-29] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2018-01-03] (NVIDIA Corporation) R2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [125136 2017-06-01] (Rivet Networks, LLC.) R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [8228688 2018-05-03] (Realtek Semiconductor Corporation ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-06-29] (Realsil Semiconductor Corporation) R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46896 2017-12-15] () R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [55560 2018-01-09] () R3 ssps2; C:\WINDOWS\System32\drivers\ssps2.sys [38656 2017-12-15] () R3 TriDefSmartCam; C:\WINDOWS\system32\DRIVERS\TriDefSmartCam.sys [48304 2017-02-20] (DDD Group Plc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-27] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-27] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-27] (Microsoft Corporation) R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] () ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-07-03 21:55 - 2018-07-03 21:56 - 000018978 _____ C:\Users\petra\Desktop\FRST.txt 2018-07-03 21:22 - 2018-07-03 21:55 - 000000000 ____D C:\FRST 2018-07-03 21:21 - 2018-07-03 21:21 - 002412544 _____ (Farbar) C:\Users\petra\Desktop\FRST64.exe 2018-07-01 18:39 - 2018-07-01 18:39 - 000000000 ____D C:\Users\petra\Desktop\Mag-Plugins-Mag-Tools-v2.1.5 2018-07-01 18:37 - 2018-07-01 18:38 - 002655255 _____ C:\Users\petra\Desktop\Mag-Plugins-Mag-Tools-v2.1.5.zip 2018-06-27 21:54 - 2018-06-27 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThwargLauncher 2018-06-27 21:54 - 2018-06-27 21:54 - 000000000 ____D C:\Program Files (x86)\Thwargle Games 2018-06-26 18:54 - 2018-06-26 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2018-06-25 10:24 - 2018-06-25 10:24 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe 2018-06-25 10:24 - 2018-06-25 10:24 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys 2018-06-25 10:24 - 2018-06-25 10:24 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys 2018-06-25 10:24 - 2018-06-25 10:24 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2018-06-20 19:32 - 2018-06-20 19:32 - 000000000 ____D C:\ProgramData\Packages 2018-06-13 14:04 - 2018-06-08 12:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2018-06-13 14:04 - 2018-06-08 12:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2018-06-13 14:04 - 2018-06-08 12:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2018-06-13 14:04 - 2018-06-08 12:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2018-06-13 14:04 - 2018-06-08 12:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe 2018-06-13 14:04 - 2018-06-08 12:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL 2018-06-13 14:04 - 2018-06-08 12:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2018-06-13 14:04 - 2018-06-08 11:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2018-06-13 14:04 - 2018-06-08 11:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2018-06-13 14:04 - 2018-06-08 11:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2018-06-13 14:04 - 2018-06-08 11:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-06-13 14:04 - 2018-06-08 11:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2018-06-13 14:04 - 2018-06-08 11:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe 2018-06-13 14:04 - 2018-06-08 11:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2018-06-13 14:04 - 2018-06-08 11:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2018-06-13 14:04 - 2018-06-08 11:44 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll 2018-06-13 14:04 - 2018-06-08 11:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2018-06-13 14:04 - 2018-06-08 11:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2018-06-13 14:04 - 2018-06-08 11:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll 2018-06-13 14:04 - 2018-06-08 11:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2018-06-13 14:04 - 2018-06-08 11:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2018-06-13 14:04 - 2018-06-08 11:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll 2018-06-13 14:04 - 2018-06-08 11:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll 2018-06-13 14:04 - 2018-06-08 11:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll 2018-06-13 14:04 - 2018-06-08 11:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2018-06-13 14:04 - 2018-06-08 11:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2018-06-13 14:04 - 2018-06-08 11:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll 2018-06-13 14:04 - 2018-06-08 11:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-06-13 14:04 - 2018-06-08 11:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2018-06-13 14:04 - 2018-06-08 11:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2018-06-13 14:04 - 2018-06-08 11:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2018-06-13 14:04 - 2018-06-08 11:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2018-06-13 14:04 - 2018-06-08 11:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2018-06-13 14:04 - 2018-06-08 11:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2018-06-13 14:04 - 2018-06-08 11:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2018-06-13 14:04 - 2018-06-08 11:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe 2018-06-13 14:04 - 2018-06-08 11:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll 2018-06-13 14:04 - 2018-06-08 11:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll 2018-06-13 14:04 - 2018-06-08 10:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2018-06-13 14:04 - 2018-06-08 09:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL 2018-06-13 14:04 - 2018-06-08 09:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2018-06-13 14:04 - 2018-06-08 09:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-06-13 14:04 - 2018-06-08 09:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe 2018-06-13 14:04 - 2018-06-08 09:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2018-06-13 14:04 - 2018-06-08 09:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2018-06-13 14:04 - 2018-06-08 09:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll 2018-06-13 14:04 - 2018-06-08 09:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-06-13 14:04 - 2018-06-08 09:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll 2018-06-13 14:04 - 2018-06-08 09:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll 2018-06-13 14:04 - 2018-06-08 09:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2018-06-13 14:04 - 2018-06-08 09:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll 2018-06-13 14:04 - 2018-06-08 09:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2018-06-13 14:04 - 2018-06-08 09:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2018-06-13 14:04 - 2018-06-08 09:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll 2018-06-13 14:04 - 2018-06-08 09:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2018-06-13 14:04 - 2018-06-08 09:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe 2018-06-13 14:04 - 2018-06-08 09:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2018-06-13 14:04 - 2018-06-08 09:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll 2018-06-13 14:04 - 2018-06-08 07:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2018-06-13 14:04 - 2018-06-08 07:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2018-06-13 14:04 - 2018-06-08 03:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2018-06-13 14:04 - 2018-06-08 03:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll 2018-06-13 14:04 - 2018-06-08 03:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2018-06-13 14:04 - 2018-06-08 03:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2018-06-13 14:04 - 2018-06-08 03:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2018-06-13 14:04 - 2018-06-08 03:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2018-06-13 14:04 - 2018-06-08 03:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2018-06-13 14:04 - 2018-06-08 03:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2018-06-13 14:04 - 2018-06-08 03:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys 2018-06-13 14:04 - 2018-06-08 03:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys 2018-06-13 14:04 - 2018-06-08 02:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-06-13 14:04 - 2018-06-08 02:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-06-13 14:04 - 2018-06-08 02:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2018-06-13 14:04 - 2018-06-08 02:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2018-06-13 14:04 - 2018-06-08 02:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll 2018-06-13 14:04 - 2018-06-08 02:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll 2018-06-13 14:04 - 2018-06-08 02:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-06-13 14:04 - 2018-06-08 02:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-06-13 14:04 - 2018-06-08 02:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys 2018-06-13 14:04 - 2018-06-08 02:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-06-13 14:04 - 2018-06-08 02:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2018-06-13 14:04 - 2018-06-08 02:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2018-06-13 14:04 - 2018-06-08 02:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2018-06-13 14:04 - 2018-06-08 02:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2018-06-13 14:04 - 2018-06-08 02:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll 2018-06-13 14:04 - 2018-06-08 02:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll 2018-06-13 14:04 - 2018-06-08 02:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2018-06-13 14:04 - 2018-06-08 02:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-06-13 14:04 - 2018-06-08 02:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2018-06-13 14:04 - 2018-06-08 02:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2018-06-13 14:04 - 2018-06-08 02:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe 2018-06-13 14:04 - 2018-06-08 02:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2018-06-13 14:04 - 2018-06-08 02:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll 2018-06-13 14:04 - 2018-06-08 02:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-06-13 14:04 - 2018-06-08 02:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2018-06-13 14:04 - 2018-06-08 02:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-06-13 14:04 - 2018-06-08 02:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL 2018-06-13 14:04 - 2018-06-08 02:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2018-06-13 14:04 - 2018-06-08 02:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys 2018-06-13 14:04 - 2018-06-08 02:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-06-13 14:04 - 2018-06-08 02:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-06-13 14:04 - 2018-06-08 02:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2018-06-13 14:04 - 2018-06-08 02:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys 2018-06-13 14:04 - 2018-06-08 02:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2018-06-13 14:04 - 2018-06-08 02:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2018-06-13 14:04 - 2018-06-08 02:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2018-06-13 14:04 - 2018-06-08 02:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys 2018-06-13 14:04 - 2018-06-08 02:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2018-06-13 14:04 - 2018-06-08 02:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll 2018-06-13 14:04 - 2018-06-08 02:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll 2018-06-13 14:04 - 2018-06-08 02:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-06-13 14:04 - 2018-06-08 02:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll 2018-06-13 14:04 - 2018-06-08 02:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2018-06-13 14:04 - 2018-06-08 02:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2018-06-13 14:04 - 2018-06-08 02:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2018-06-13 14:04 - 2018-06-08 02:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2018-06-13 14:04 - 2018-06-08 02:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2018-06-13 14:04 - 2018-06-08 02:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL 2018-06-13 14:04 - 2018-06-08 02:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2018-06-13 14:04 - 2018-06-08 02:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll 2018-06-13 14:04 - 2018-06-08 02:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2018-06-13 14:04 - 2018-06-08 02:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2018-06-13 14:04 - 2018-06-08 02:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll 2018-06-13 14:04 - 2018-06-08 02:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll 2018-06-13 14:04 - 2018-06-08 02:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll 2018-06-13 14:04 - 2018-06-08 02:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2018-06-13 14:04 - 2018-06-08 02:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-06-13 14:04 - 2018-06-08 02:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll 2018-06-13 14:04 - 2018-06-08 02:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll 2018-06-13 14:04 - 2018-06-08 02:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll 2018-06-13 14:04 - 2018-06-08 02:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys 2018-06-13 14:04 - 2018-06-08 02:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-06-13 14:04 - 2018-06-08 02:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2018-06-13 14:04 - 2018-06-08 02:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe 2018-06-13 14:04 - 2018-06-08 02:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe 2018-06-13 14:04 - 2018-06-08 02:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2018-06-13 14:04 - 2018-06-08 02:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll 2018-06-13 14:04 - 2018-06-08 02:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe 2018-06-13 14:04 - 2018-06-08 02:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2018-06-13 14:04 - 2018-06-08 02:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll 2018-06-13 14:04 - 2018-06-08 02:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2018-06-13 14:04 - 2018-06-08 02:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll 2018-06-13 14:04 - 2018-06-08 02:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll 2018-06-13 14:04 - 2018-06-08 02:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys 2018-06-13 14:04 - 2018-06-08 02:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2018-06-13 14:04 - 2018-06-08 02:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-06-13 14:04 - 2018-06-08 02:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2018-06-13 14:04 - 2018-06-08 02:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2018-06-13 14:04 - 2018-06-08 02:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll 2018-06-13 14:04 - 2018-06-08 02:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll 2018-06-13 14:04 - 2018-06-08 02:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2018-06-13 14:04 - 2018-06-08 02:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll 2018-06-13 14:04 - 2018-06-08 02:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll 2018-06-13 14:04 - 2018-06-08 02:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys 2018-06-13 14:04 - 2018-06-08 01:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2018-06-13 14:04 - 2018-06-08 01:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-06-13 14:04 - 2018-06-08 01:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2018-06-13 14:04 - 2018-06-08 01:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2018-06-13 14:04 - 2018-06-08 01:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll 2018-06-13 14:04 - 2018-06-08 01:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2018-06-13 14:04 - 2018-06-08 01:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2018-06-13 14:04 - 2018-06-08 01:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2018-06-13 14:04 - 2018-06-08 01:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2018-06-13 14:04 - 2018-06-08 01:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll 2018-06-13 14:04 - 2018-06-08 01:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2018-06-13 14:04 - 2018-06-08 01:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-06-13 14:04 - 2018-06-08 01:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-06-13 14:04 - 2018-06-08 01:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll 2018-06-13 14:04 - 2018-06-08 01:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2018-06-13 14:04 - 2018-06-08 01:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-06-13 14:04 - 2018-06-08 01:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-06-13 14:04 - 2018-06-08 01:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2018-06-13 14:04 - 2018-06-08 01:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll 2018-06-13 14:04 - 2018-06-08 01:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2018-06-13 14:04 - 2018-06-08 01:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe 2018-06-13 14:04 - 2018-06-08 01:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2018-06-13 14:04 - 2018-06-08 01:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2018-06-13 14:04 - 2018-06-08 01:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2018-06-13 14:04 - 2018-06-08 01:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll 2018-06-13 14:04 - 2018-06-08 01:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll 2018-06-13 14:04 - 2018-06-08 01:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2018-06-13 14:04 - 2018-06-08 01:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2018-06-13 14:04 - 2018-06-08 01:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll 2018-06-13 14:04 - 2018-06-08 01:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL 2018-06-13 14:04 - 2018-06-08 01:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-06-13 14:04 - 2018-06-08 01:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2018-06-13 14:04 - 2018-06-08 01:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-06-13 14:04 - 2018-06-08 01:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL 2018-06-13 14:04 - 2018-06-08 01:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-06-13 14:04 - 2018-06-08 01:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL 2018-06-13 14:04 - 2018-06-08 01:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2018-06-13 14:04 - 2018-06-08 01:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-06-13 14:04 - 2018-06-08 01:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll 2018-06-13 14:04 - 2018-06-08 01:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2018-06-13 14:04 - 2018-06-08 01:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2018-06-13 14:04 - 2018-06-08 01:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2018-06-13 14:04 - 2018-06-08 01:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll 2018-06-13 14:04 - 2018-06-08 01:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2018-06-13 14:04 - 2018-06-08 00:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim 2018-06-13 14:04 - 2018-06-06 11:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll 2018-06-13 14:04 - 2018-06-05 21:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll 2018-06-13 14:04 - 2018-06-01 16:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2018-06-13 14:04 - 2018-06-01 15:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2018-06-13 14:04 - 2018-05-24 20:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2018-06-13 14:04 - 2018-05-20 12:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2018-06-13 14:04 - 2018-05-20 12:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2018-06-13 14:04 - 2018-05-20 12:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll 2018-06-13 14:04 - 2018-05-20 12:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2018-06-13 14:04 - 2018-05-20 12:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll 2018-06-13 14:04 - 2018-05-20 12:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2018-06-13 14:04 - 2018-05-20 12:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl 2018-06-13 14:04 - 2018-05-20 12:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll 2018-06-13 14:04 - 2018-05-20 12:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2018-06-13 14:04 - 2018-05-20 12:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2018-06-13 14:04 - 2018-05-20 12:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2018-06-13 14:04 - 2018-05-20 12:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll 2018-06-13 14:04 - 2018-05-20 11:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2018-06-13 14:04 - 2018-05-20 11:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2018-06-13 14:04 - 2018-05-20 11:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll 2018-06-13 14:04 - 2018-05-20 11:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll 2018-06-13 14:04 - 2018-05-20 11:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl 2018-06-13 14:04 - 2018-05-20 10:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2018-06-13 14:04 - 2018-05-20 10:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll 2018-06-13 14:04 - 2018-05-20 09:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2018-06-13 14:04 - 2018-05-20 09:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll 2018-06-13 14:04 - 2018-05-20 09:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll 2018-06-13 14:04 - 2018-05-20 09:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2018-06-13 14:04 - 2018-05-20 09:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll 2018-06-13 14:04 - 2018-05-20 07:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll 2018-06-13 14:04 - 2018-05-20 05:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2018-06-13 14:04 - 2018-05-20 04:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2018-06-13 14:04 - 2018-05-20 04:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2018-06-13 14:04 - 2018-05-20 04:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2018-06-13 14:04 - 2018-05-20 04:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll 2018-06-13 14:04 - 2018-05-20 04:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll 2018-06-13 14:04 - 2018-05-20 04:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys 2018-06-13 14:04 - 2018-05-20 04:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-06-13 14:04 - 2018-05-20 04:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2018-06-13 14:04 - 2018-05-20 04:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll 2018-06-13 14:04 - 2018-05-20 04:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys 2018-06-13 14:04 - 2018-05-20 04:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll 2018-06-13 14:04 - 2018-05-20 04:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2018-06-13 14:04 - 2018-05-20 04:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll 2018-06-13 14:04 - 2018-05-20 04:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2018-06-13 14:04 - 2018-05-20 04:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll 2018-06-13 14:04 - 2018-05-20 04:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-06-13 14:04 - 2018-05-20 04:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2018-06-13 14:04 - 2018-05-20 04:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll 2018-06-13 14:04 - 2018-05-20 04:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2018-06-13 14:04 - 2018-05-20 04:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll 2018-06-13 14:04 - 2018-05-20 04:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll 2018-06-13 14:04 - 2018-05-20 04:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll 2018-06-13 14:04 - 2018-05-20 04:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-06-13 14:04 - 2018-05-20 04:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2018-06-13 14:04 - 2018-05-20 04:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe 2018-06-13 14:04 - 2018-05-20 04:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2018-06-13 14:04 - 2018-05-20 04:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2018-06-13 14:04 - 2018-05-20 04:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll 2018-06-13 14:04 - 2018-05-20 04:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2018-06-13 14:04 - 2018-05-20 04:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll 2018-06-13 14:04 - 2018-05-20 04:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll 2018-06-13 14:04 - 2018-05-20 04:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2018-06-13 14:04 - 2018-05-20 04:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe 2018-06-13 14:04 - 2018-05-20 04:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-06-13 14:04 - 2018-05-20 04:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll 2018-06-13 14:04 - 2018-05-20 04:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll 2018-06-13 14:04 - 2018-05-20 04:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2018-06-13 14:04 - 2018-05-20 04:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll 2018-06-13 14:04 - 2018-05-20 04:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-06-13 14:04 - 2018-05-20 04:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2018-06-13 14:04 - 2018-05-20 04:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll 2018-06-13 14:04 - 2018-05-20 04:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2018-06-13 14:04 - 2018-05-20 04:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2018-06-13 14:04 - 2018-05-20 04:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2018-06-13 14:04 - 2018-05-20 04:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2018-06-13 14:04 - 2018-05-20 04:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2018-06-13 14:04 - 2018-05-20 04:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2018-06-13 14:04 - 2018-05-20 04:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll 2018-06-13 14:04 - 2018-05-20 04:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll 2018-06-13 14:04 - 2018-05-20 04:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2018-06-13 14:04 - 2018-05-20 04:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll 2018-06-13 14:04 - 2018-05-20 04:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2018-06-13 14:04 - 2018-05-20 04:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-06-13 14:04 - 2018-05-20 04:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2018-06-13 14:04 - 2018-05-20 04:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll 2018-06-13 14:04 - 2018-05-20 04:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2018-06-13 14:04 - 2018-05-20 04:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll 2018-06-13 14:04 - 2018-05-20 04:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll 2018-06-13 14:04 - 2018-05-20 04:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2018-06-13 14:04 - 2018-05-20 04:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe 2018-06-13 14:04 - 2018-05-20 04:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2018-06-13 14:04 - 2018-05-20 04:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll 2018-06-13 14:04 - 2018-05-20 04:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll 2018-06-13 14:04 - 2018-05-20 04:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2018-06-13 14:04 - 2018-05-20 04:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2018-06-13 14:04 - 2018-05-20 04:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll 2018-06-13 14:04 - 2018-05-20 01:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat 2018-06-13 14:04 - 2018-05-18 10:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-07-03 21:55 - 2018-01-09 18:35 - 000000000 ____D C:\Users\petra\AppData\LocalLow\Mozilla 2018-07-03 21:41 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-07-03 21:41 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-07-03 21:02 - 2018-05-15 21:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-07-03 17:12 - 2017-07-06 13:56 - 000000000 ____D C:\ProgramData\NVIDIA 2018-07-03 17:09 - 2018-01-09 17:08 - 000000000 __SHD C:\Users\petra\IntelGraphicsProfiles 2018-07-03 14:37 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps 2018-07-01 18:50 - 2018-01-14 22:12 - 000000000 ____D C:\Users\petra\Documents\Decal Plugins 2018-07-01 18:44 - 2018-01-09 21:52 - 000000000 ____D C:\Games 2018-07-01 17:35 - 2018-01-11 17:44 - 000000000 ___RD C:\Users\petra\Dropbox 2018-06-29 00:06 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-06-27 21:54 - 2018-01-09 21:55 - 000001302 _____ C:\Users\Public\Desktop\ThwargLauncher.lnk 2018-06-27 21:54 - 2018-01-09 21:54 - 000000000 ____D C:\Users\petra\AppData\Roaming\Thwargle Games 2018-06-27 21:14 - 2018-02-19 20:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-06-26 18:54 - 2018-01-11 17:24 - 000000000 ____D C:\Program Files (x86)\Dropbox 2018-06-23 20:53 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF 2018-06-22 17:13 - 2018-05-15 21:39 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3178952071-1249660710-2574476267-1001 2018-06-22 17:13 - 2018-05-15 21:35 - 000002374 _____ C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-06-22 17:13 - 2018-01-09 17:10 - 000000000 ___RD C:\Users\petra\OneDrive 2018-06-14 23:30 - 2018-05-15 21:30 - 000970320 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-06-13 18:13 - 2018-05-15 21:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-06-13 18:13 - 2018-04-11 14:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2018-06-13 14:57 - 2018-01-09 20:04 - 000000000 ___RD C:\Users\petra\3D Objects 2018-06-13 14:57 - 2017-05-16 15:12 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-06-13 14:56 - 2018-05-15 21:27 - 000561368 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA 2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\setup 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\appraiser 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2018-06-13 14:55 - 2018-04-11 14:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-06-13 14:09 - 2018-01-09 21:37 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-06-13 14:08 - 2018-01-09 21:37 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2018-06-13 14:08 - 2018-01-09 21:36 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-06-13 14:07 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-06-08 19:14 - 2018-01-09 18:35 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-06-08 19:14 - 2018-01-09 18:35 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-06-05 16:29 - 2018-04-11 16:41 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-06-05 16:29 - 2018-04-11 16:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-05-15 21:27 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018 Ran by petra (03-07-2018 21:56:14) Running from C:\Users\petra\Desktop Windows 10 Home Version 1803 17134.112 (X64) (2018-05-16 04:39:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3178952071-1249660710-2574476267-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-3178952071-1249660710-2574476267-503 - Limited - Disabled) Guest (S-1-5-21-3178952071-1249660710-2574476267-501 - Limited - Disabled) petra (S-1-5-21-3178952071-1249660710-2574476267-1001 - Administrator - Enabled) => C:\Users\petra WDAGUtilityAccount (S-1-5-21-3178952071-1249660710-2574476267-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) ApoDispatch Install Configurator (HKLM\...\{69F42FC4-5C7D-4D15-8751-6D381431AFC6}) (Version: 2.5.1201 - Nahimic) Hidden APOInstallerMSISetup (HKLM\...\{36D4C478-7C23-4B97-93D9-17C7C3A72D61}) (Version: 1.0.11 - Nahimic) Hidden Asheron's Call (HKLM-x32\...\{F0EE55BA-193D-4670-90C0-76E0E25F3A08}) (Version: 1.00.0000 - Turbine) AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{F7B4F297-6901-4432-BCA6-AA739BF5DBA7}) (Version: 1.0.1101 - Nahimic) Hidden AudioLaunchpad Install Configurator (HKLM\...\{1DF10417-3FAB-4E3E-B1B4-02B19F1AC7C0}) (Version: 2.5.1201 - Nahimic) Hidden Battery Calibration (HKLM-x32\...\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.) Hidden Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.) BurnRecovery (HKLM-x32\...\{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1704.1801 - Application) Hidden BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1704.1801 - Application) CheckDevices Install Configurator (HKLM\...\{5D6F7A93-B33F-4FA9-9C6D-901E421C6DBE}) (Version: 2.5.1201 - Nahimic) Hidden Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Decal 3.0 (2.9.7.5) (HKLM-x32\...\{6732F78F-6E90-47A5-9A6C-1A59D0C657B9}) (Version: 2.9.0705 - Decal Development) DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 390.65 - NVIDIA Corporation) Hidden Dragon Center (HKLM-x32\...\{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1711.2101 - Micro-Star International Co., Ltd.) Hidden Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1711.2101 - Micro-Star International Co., Ltd.) Dropbox (HKLM-x32\...\Dropbox) (Version: 52.4.60 - Dropbox, Inc.) Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden ELAN Touchpad 15.13.9.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.9.1 - ELAN Microelectronic Corp.) EndpointMonitoring Install MSISetup (HKLM\...\{6ADD4E11-6CCA-4658-98EB-B015E01C86AF}) (Version: 1.0.1101 - Nahimic) Hidden Help Desk (HKLM-x32\...\{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1706.1901 - Micro-Star International Co., Ltd.) Hidden Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1706.1901 - Micro-Star International Co., Ltd.) Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4708 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation) KB9X Radio Switch Driver (HKLM\...\97FE6BFA6A40EE4967381F4313B334031A3B6E03) (Version: 1.1.4.0 - ENE TECHNOLOGY INC.) Killer Performance Suite (HKLM\...\{D1542D4C-E420-4738-AC1C-F5C9D25280EF}) (Version: 1.3.1309 - Rivet Networks) LauncherSetup Install (HKLM\...\{750B3B59-1788-42BF-987B-261D1391EE00}) (Version: 2.5.1201 - Nahimic) Hidden Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.) Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft) Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation) Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla) MSI Feature Navigator (HKLM-x32\...\{2BD90BC2-5B5C-4493-8633-66D0CADF8B33}) (Version: 1.0.1703.1601 - Micro-Star International Co., Ltd.) Hidden MSI Feature Navigator (HKLM-x32\...\InstallShield_{2BD90BC2-5B5C-4493-8633-66D0CADF8B33}) (Version: 1.0.1703.1601 - Micro-Star International Co., Ltd.) MSI Remind Manager Service (HKLM-x32\...\{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1705.3101 - Micro-Star International Co., Ltd.) Hidden MSI Remind Manager Service (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1705.3101 - Micro-Star International Co., Ltd.) MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 2.0.0.032 - Portrait Displays, Inc.) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) Nahimic 2+ Audio Driver (HKLM\...\{1C5C507B-BE37-45BA-BBDA-5378A4322047}) (Version: 2.5.1201 - Nahimic) Hidden Nahimic 2+ Audio Driver (HKLM-x32\...\{01d181cf-8af5-492c-b8c3-faa7c205c420}) (Version: 2.5.12 - Nahimic) Nahimic VR (HKLM-x32\...\{2b61caff-3f7a-49af-9884-da3da0cf4610}) (Version: 1.0.11 - Nahimic) NineEarsSettings Install Configurator (HKLM\...\{22EAF3C7-633A-488D-8199-97D5E0FC2098}) (Version: 1.0.1101 - Nahimic) Hidden NVIDIA 3D Vision Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.65 - NVIDIA Corporation) NVIDIA GeForce Experience 3.5.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.70 - NVIDIA Corporation) NVIDIA Graphics Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.65 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden ProductDaemon Install Setup (HKLM\...\{1BF51136-38B0-4DE7-A156-194F2046322D}) (Version: 1.0.1101 - Nahimic) Hidden ProductDaemonSetup Install (HKLM\...\{75CD938A-09E6-4304-8826-BE3E44FE091F}) (Version: 2.5.1201 - Nahimic) Hidden ProductNS Install Configurator (HKLM\...\{B6EC6201-5BCB-4DF8-8E0B-DA0DBF20C6AD}) (Version: 2.5.1201 - Nahimic) Hidden Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.309 - Qualcomm Atheros) QuickBooks (HKLM-x32\...\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}) (Version: 22.0.4001.2206 - Intuit Inc.) Hidden QuickBooks Pro 2012 (HKLM-x32\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4001.2206 - Intuit Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8169 - Realtek Semiconductor Corp.) REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0269 - ) SCM (HKLM\...\{F6E94387-38E9-4D98-9FE1-038F575768BA}) (Version: 13.017.06089 - Application) SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0360 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden Sizing Options (HKLM-x32\...\{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application) Hidden Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application) SonicMapper Install Configurator (HKLM\...\{1C77A24A-D524-4208-B651-CAE059BA684A}) (Version: 2.5.1201 - Nahimic) Hidden SSAudioDaemon Install MSISetup (HKLM\...\{0817BA8C-18D8-4A20-AF4E-C80E5D87D2CE}) (Version: 1.0.11 - Nahimic) Hidden Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SteelSeries Engine 3.11.10 (HKLM\...\SteelSeries Engine 3) (Version: 3.11.10 - SteelSeries ApS) The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios) The Lord of the Rings Online v1903.0058.2732.4095 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1903.0058.2732.4095 - Standing Stone Games, LLC) Thunderbolt Software (HKLM-x32\...\{87A31923-8F18-4943-8093-17DBEE0101B7}) (Version: 16.3.61.275 - Intel Corporation) ThwargLauncher (HKLM-x32\...\{9BAD7BA5-BC18-4A33-B11C-AA1778D1A4CF}) (Version: 5.2.2.0 - Thwargle Games) TriDef SmartCam (MSI) 2.1.2 (HKLM-x32\...\webcam-msi-pkg) (Version: 2.1.2 - Dynamic Digital Depth Australia Pty Ltd) UIInstallUpgrade (HKLM\...\{0C7E4CC4-E812-46AA-BAD9-60DADFABE9F5}) (Version: 2.5.1201 - Nahimic) Hidden Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.) Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation) XSplit Gamecaster (HKLM-x32\...\{A39B5969-9683-49F9-AA69-F40EF0D91441}) (Version: 3.0.1705.3123 - SplitmediaLabs) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxDTCM.dll [2017-06-22] (Intel Corporation) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-01-03] (NVIDIA Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {11ADAC5B-52F9-46DA-A5DE-1508C5B07422} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-29] (NVIDIA Corporation) Task: {37BE0B34-88BF-4238-ABC6-07DF771794C0} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2017-05-30] (Nahimic) Task: {3CD38941-A8D2-4376-B5F9-0B33981EFA79} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation) Task: {3EBECF3B-59F9-4CC5-85CE-A15B175066CF} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe Task: {46C2870A-C3D0-4F57-BC63-98C7E96B0E16} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [2017-06-12] (A-Volute) Task: {4B0A881A-012E-4BD7-80C2-200D4DDDD266} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [2017-06-12] (A-Volute) Task: {4EFB1FAD-6F9F-49B3-AF1E-309899DAD19E} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2017-05-30] () Task: {52700594-79F5-429C-BA03-09E22926F658} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-29] (NVIDIA Corporation) Task: {6321BF2D-FB08-4FA7-AB80-7195D0DB2C3C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation) Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] () Task: {6AF4E849-112D-4097-8953-F3F7F9AA8D54} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe Task: {6D364743-E430-4406-ADB3-56453F6B82C5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-11] (Dropbox, Inc.) Task: {6DC40851-D647-457B-859F-C315863E0B29} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-29] (NVIDIA Corporation) Task: {6F4CF6C9-911F-482E-AB4F-BC161DDAD326} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-02-24] (Intel® Corporation) Task: {77F93A1C-BCEB-49F9-9FD3-68CEDA5BEA9A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-29] (NVIDIA Corporation) Task: {8245B853-B73A-45E7-B4DD-480AD1BE45A6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-29] (NVIDIA Corporation) Task: {8BED930A-2F9F-4813-944B-8A5AB3889165} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2017-05-30] () Task: {9604C108-6FC4-411A-8592-FB0CD68B1356} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-11] (Dropbox, Inc.) Task: {98331303-3D07-46F2-B847-BC58A458449A} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3178952071-1249660710-2574476267-1001 Task: {9D52EC3E-9C7F-42BE-834F-33BC2AC91188} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation) Task: {9F0F628F-6636-442F-91A6-AE89A7E3E77D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe Task: {A644D1A5-EF3B-4419-9309-7BE4E356662F} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => ConditionalAppStarter.exe Task: {B1C5FE32-451E-40EF-A073-D36C8BA96012} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation) Task: {B343D6FF-CBB4-46B7-828D-5BA3F3D093DE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-29] (NVIDIA Corporation) Task: {C2A04113-B87F-4DFC-A7BF-130B876822EB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService Task: {D54DACE8-5293-4715-B421-05791F242AEA} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2017-06-19] (Micro-Star International Co., Ltd.) Task: {D73D5EBA-CCCA-4AE8-9AB9-CE4AC9C08A49} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter] Task: {E3EC173E-4E0D-4545-9261-DE5A9F7CE00E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-29] (NVIDIA Corporation) Task: {EEA44EBB-E54A-467C-B9A1-79DEE90091CC} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [2017-11-21] (Micro-Star International Co., Ltd.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-01-10 17:15 - 2018-01-03 18:44 - 000544056 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll 2017-07-06 13:57 - 2017-06-29 19:39 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll 2017-07-06 13:57 - 2018-01-03 16:50 - 000134448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll 2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll 2018-06-13 14:04 - 2018-06-08 01:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-06-08 09:37 - 2017-06-08 09:37 - 000301848 _____ () C:\Program Files (x86)\SCM\SCM.exe 2015-03-06 17:07 - 2015-03-06 17:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll 2017-10-19 20:29 - 2017-10-19 20:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll 2015-03-06 17:07 - 2015-03-06 17:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll 2017-10-19 20:29 - 2017-10-19 20:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll 2018-06-08 19:16 - 2018-06-08 19:16 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2018-06-08 19:16 - 2018-06-08 19:16 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2018-01-09 21:53 - 2018-01-09 21:53 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll 2018-05-30 23:29 - 2018-05-30 23:29 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll 2018-05-30 23:29 - 2018-05-30 23:29 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll 2018-04-25 17:13 - 2018-04-25 17:14 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll 2018-05-30 23:29 - 2018-05-30 23:29 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll 2018-04-05 22:39 - 2018-04-05 22:39 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll 2018-06-08 19:16 - 2018-06-08 19:16 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll 2018-05-30 23:29 - 2018-05-30 23:29 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2018-06-08 19:16 - 2018-06-08 19:16 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll 2018-05-30 23:29 - 2018-05-30 23:29 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2018-05-30 23:29 - 2018-05-30 23:29 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-05-30 23:29 - 2018-05-30 23:29 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll 2018-06-08 19:16 - 2018-06-08 19:16 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll 2018-06-22 17:13 - 2018-06-22 17:13 - 000093696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll 2018-06-22 17:13 - 2018-06-22 17:13 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll 2018-06-22 17:13 - 2018-06-22 17:13 - 007813632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll 2017-06-06 00:23 - 2017-06-06 00:23 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll 2017-07-06 13:57 - 2017-06-29 19:39 - 000901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2018-06-26 18:54 - 2018-06-25 10:24 - 001107272 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll 2018-06-26 18:54 - 2018-06-25 10:24 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll 2018-05-23 15:01 - 2018-06-25 10:29 - 000021328 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000022384 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000135656 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 001881448 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000023400 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:24 - 000111576 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll 2018-05-23 15:01 - 2018-06-25 10:24 - 000103392 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000068952 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000079688 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:24 - 000399832 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll 2018-05-23 15:01 - 2018-06-25 10:24 - 000024544 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000043496 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:24 - 000021472 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000124896 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000114664 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000392024 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000024552 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000175584 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000024544 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000026080 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000048616 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000057824 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000023392 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000069992 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:27 - 003865936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000088904 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 001800528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 001960272 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:27 - 000155480 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000521552 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:27 - 000051032 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000043352 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:27 - 000130896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:27 - 000220504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000205144 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000060896 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000056160 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000024040 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000024424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000023400 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000022376 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000023400 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000028016 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:24 - 000348128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:27 - 000101712 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000024432 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:24 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll 2018-06-26 18:54 - 2018-06-25 10:26 - 000034152 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:24 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll 2018-05-23 15:01 - 2018-06-25 10:29 - 000023400 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL 2018-05-23 15:01 - 2018-06-25 10:29 - 000031584 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL 2018-06-26 18:54 - 2018-06-25 10:26 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll 2018-05-23 15:01 - 2018-06-25 10:29 - 000090472 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp35-win32.pyd 2018-05-23 15:01 - 2018-06-25 10:29 - 000026984 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000546640 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd 2018-06-26 18:54 - 2018-06-25 10:26 - 000359760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd 2017-07-06 13:57 - 2017-06-29 19:39 - 002442176 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node 2017-07-06 13:57 - 2017-06-29 19:39 - 000363576 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node 2017-07-06 13:57 - 2017-06-29 19:39 - 000254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node 2017-07-06 13:57 - 2017-06-29 19:39 - 000385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node 2017-07-06 13:57 - 2017-06-29 19:39 - 000469048 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node 2017-07-06 13:57 - 2017-06-29 19:39 - 000571840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2017-03-18 14:03 - 2017-03-18 14:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\petra\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_0459.JPG DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: ) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk" HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk" HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk" HKLM\...\StartupApproved\Run: => "Nahimic2UILauncher" HKLM\...\StartupApproved\Run: => "NahimicVRSvc32" HKLM\...\StartupApproved\Run: => "NahimicVRSvc64" HKLM\...\StartupApproved\Run32: => "Intuit SyncManager" HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\...\StartupApproved\Run: => "Akamai NetSession Interface" HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\...\StartupApproved\Run: => "Steam" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [UDP Query User{66DBD03D-F36B-40CD-835C-8C28CA5FE934}C:\turbine\asheron's call\acclient.exe] => (Allow) C:\turbine\asheron's call\acclient.exe FirewallRules: [TCP Query User{B07A1A89-1C0E-4549-BD55-D4159F42ECBD}C:\turbine\asheron's call\acclient.exe] => (Allow) C:\turbine\asheron's call\acclient.exe FirewallRules: [{3E320716-6388-4057-9C42-BD90C004A6FC}] => (Allow) D:\steam games\steamapps\common\Myst Masterpiece\Myst.exe FirewallRules: [{088D233F-F24A-4F4F-9132-E3068F4A4FCA}] => (Allow) D:\steam games\steamapps\common\Myst Masterpiece\Myst.exe FirewallRules: [{2D0A896C-E8E5-4387-B9A7-C84FE0473E00}] => (Allow) D:\steam games\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{1E0EA4C2-50FB-4896-AAD3-5CCBA778B2D2}] => (Allow) D:\steam games\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{FD61E7DE-F94E-45ED-952B-B535A0301354}] => (Allow) D:\steam games\Steam.exe FirewallRules: [{2E515317-FD10-4037-9224-7D2B18602AB8}] => (Allow) D:\steam games\Steam.exe FirewallRules: [UDP Query User{8A348AEC-0AC9-4606-9167-DD8C14F31AD1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [TCP Query User{B66B008A-EDE5-4B91-9BCE-7BADC7880504}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{AC1347AF-B89F-4903-BB87-E84D2B3882A7}C:\users\petra\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\petra\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{0E08E2F4-D15F-4ACC-B5EF-FEF6298F4783}C:\users\petra\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\petra\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{908ACB89-52E7-4D25-89A8-E8CB0EE79DE5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [TCP Query User{1AE280F5-FD10-41AE-B3E3-D97829C254CE}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe FirewallRules: [UDP Query User{EBC9F43C-505B-43A9-81B5-31D4F8C8AD6E}D:\standingstonegames\the lord of the rings online\lotroclient.exe] => (Allow) D:\standingstonegames\the lord of the rings online\lotroclient.exe FirewallRules: [TCP Query User{0E2379B5-BF72-4D90-9E78-2CE895B43CDF}D:\standingstonegames\the lord of the rings online\lotroclient.exe] => (Allow) D:\standingstonegames\the lord of the rings online\lotroclient.exe FirewallRules: [UDP Query User{B9958AA9-0019-48DD-9B2B-A48F0AEBFEE3}C:\users\petra\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\petra\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{F895183C-EAB8-4101-ACC4-14E882A0C749}C:\users\petra\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\petra\appdata\local\akamai\netsession_win.exe FirewallRules: [UDP Query User{01996A85-8D24-40EC-830E-11DA14BF924A}C:\turbine\asheron's call\acclient.exe] => (Allow) C:\turbine\asheron's call\acclient.exe FirewallRules: [TCP Query User{80A96865-C7F1-4595-ABC8-90D452EC3393}C:\turbine\asheron's call\acclient.exe] => (Allow) C:\turbine\asheron's call\acclient.exe FirewallRules: [{1BC0CFA4-99B7-4C74-AF66-00EAAF701F9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{7690DADF-A770-46F1-94DE-D2802B4DD9DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{EEDA29A0-8081-477F-94AB-5E9FD9215ABB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{774305DF-5B8E-4970-9362-488A6E2372F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{8BE7F3AE-363D-4972-8C0B-29A49013D242}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{BB6875C0-D05D-42AE-8907-98D3074F4AA6}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe FirewallRules: [{24A989DF-7D20-4757-B793-3F7ADC7185D2}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe FirewallRules: [{E4F0D649-3E11-45DE-AFA2-ED614628D34B}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe FirewallRules: [{1F950570-6F04-4801-8D22-085F5069349C}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe FirewallRules: [{4784F86D-4B64-4671-AFC2-9B1917F5FAD3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{1F0AAACB-5DA5-4958-9248-119B800DF49D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{52D4CADA-B354-4D4E-998C-C48D6EEEDBEF}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe FirewallRules: [{24728EE7-50C2-4BBA-BD8A-03EA4FA513A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{B32C0B43-1968-44C7-AF0B-615D0FFCC98F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{6BF4F234-55AD-48AD-A3F9-1C25F0EABAA5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{3E2F3A84-2FFD-430D-802A-2631ACE81E13}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{97DF209D-2970-437D-BA7B-F937DF695BB3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{1AF3B96F-313B-4B95-9823-D21D926ED607}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{A53EA0AC-D316-4603-9808-E07D6327E363}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{B15E272D-B6BA-4892-835B-4F5A4A8A5FC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe FirewallRules: [{B77A8072-764E-41DE-9C82-7F9C50398A00}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe FirewallRules: [{B9A04326-1223-44DB-9D02-FF289C6895AE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/14/2018 11:26:39 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (06/14/2018 11:26:39 PM) (Source: COM) (EventID: 10031) (User: ) Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected Error: (06/13/2018 06:14:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MSI Notification.exe, version: 1.0.1706.1901, time stamp: 0x59477489 Faulting module name: KERNELBASE.dll, version: 10.0.17134.112, time stamp: 0xf2b2cb6c Exception code: 0xc000041d Fault offset: 0x000000000003a388 Faulting process id: 0x30ac Faulting application start time: 0x01d4037cffeaa364 Faulting application path: C:\Program Files (x86)\MSI\Help Desk\MSI Notification.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: 0a28362d-8c7f-4f03-bed8-940d5b394d62 Faulting package full name: Faulting package-relative application ID: Error: (06/13/2018 06:14:13 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: MSI Notification.exe, version: 1.0.1706.1901, time stamp: 0x59477489 Faulting module name: KERNELBASE.dll, version: 10.0.17134.112, time stamp: 0xf2b2cb6c Exception code: 0xc0020001 Fault offset: 0x000000000003a388 Faulting process id: 0x30ac Faulting application start time: 0x01d4037cffeaa364 Faulting application path: C:\Program Files (x86)\MSI\Help Desk\MSI Notification.exe Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll Report Id: c74add56-1505-44dc-80b8-ed78eb35bd0b Faulting package full name: Faulting package-relative application ID: Error: (06/13/2018 06:14:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: MSI Notification.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: System.Runtime.InteropServices.SEHException at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr) at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr) Error: (06/13/2018 02:56:17 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AUDIODG.EXE, version: 10.0.17134.112, time stamp: 0xecd85e98 Faulting module name: NAHIMICV3apo.dll, version: 6.3.9600.17336, time stamp: 0x5914cc69 Exception code: 0xc0000005 Fault offset: 0x0000000000336377 Faulting process id: 0x1280 Faulting application start time: 0x01d403615a8be6b7 Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE Faulting module path: C:\WINDOWS\system32\NAHIMICV3apo.dll Report Id: 294a2167-0032-4703-a929-4add3abc5c3c Faulting package full name: Faulting package-relative application ID: Error: (06/13/2018 02:09:16 PM) (Source: Perflib) (EventID: 1017) (User: ) Description: Disabled performance counter data collection from the "ASP.NET_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service. Error: (06/13/2018 02:09:16 PM) (Source: Perflib) (EventID: 1021) (User: ) Description: Windows cannot open the 32-bit extensible counter DLL ASP.NET_2.0.50727 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe. System errors: ============= Error: (07/03/2018 09:02:26 PM) (Source: DCOM) (EventID: 10016) (User: MSI) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8BC3F05E-D86B-11D0-A075-00C04FB68820} and APPID {8BC3F05E-D86B-11D0-A075-00C04FB68820} to the user MSI\petra SID (S-1-5-21-3178952071-1249660710-2574476267-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool. Error: (07/03/2018 09:02:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/03/2018 06:10:56 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk2\DR2. Error: (07/03/2018 05:09:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/03/2018 05:09:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/03/2018 05:09:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/03/2018 02:37:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (07/03/2018 02:34:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52} and APPID {4839DDB7-58C2-48F5-8283-E1D1807D0D7D} to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Windows Defender: =================================== Date: 2018-06-26 20:10:29.766 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {2B0C8B95-A1C5-4EBE-B36C-B7A9E070D99D} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-06-24 19:20:08.307 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {92FCEA74-CCA9-483E-B3D0-EAB4D361C4B0} Scan Type: Antimalware Scan Parameters: Quick Scan Date: 2018-05-19 21:37:53.448 Description: Windows Defender Antivirus scan has been stopped before completion. Scan ID: {B4CE91FB-6876-4879-8E1E-4D844D6B07A8} Scan Type: Antimalware Scan Parameters: Quick Scan ==================== Memory info =========================== Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz Percentage of memory in use: 19% Total physical RAM: 16271.69 MB Available physical RAM: 13035.55 MB Total Virtual: 18703.69 MB Available Virtual: 14084.56 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:117.94 GB) (Free:64.89 GB) NTFS Drive d: (Data) (Fixed) (Total:909.92 GB) (Free:815.37 GB) NTFS Drive e: () (Removable) (Total:124.97 GB) (Free:122.52 GB) FAT32 \\?\Volume{7b3bd6a3-c204-4501-abaa-f375a32c8bb5}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.37 GB) NTFS \\?\Volume{00bf2091-053a-4584-a75c-e81592bdfe33}\ (BIOS_RVY) (Fixed) (Total:21.59 GB) (Free:0.68 GB) NTFS \\?\Volume{4dbb4898-aa12-444e-bb55-54e9e5f4acd9}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: CE291E40) Partition: GPT. ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: CE291E66) Partition: GPT. ======================================================== Disk: 2 (Protective MBR) (Size: 125 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================


Edited by hamluis, 04 July 2018 - 02:30 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,527 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 04 July 2018 - 08:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Sorry but we cannot read your logs.

Please run the Farbar program again.

Save the file with Notepad or a Text Editor.
Each line must end with a CR (Carriage/return)

Post the new logs for my review.

Wait for further instructions.

#3 Lakoda

Lakoda
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 04 July 2018 - 12:44 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by petra (administrator) on MSI (03-07-2018 21:55:46)
Running from C:\Users\petra\Desktop
Loaded Profiles: petra (Available Profiles: petra & .NET v4.5 & .NET v4.5 Classic)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\IntelCpHDCPSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxEM.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe
() C:\Program Files (x86)\SCM\SCM.exe
(Portrait Displays, Inc.) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Portrait Displays, Inc) C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorHelper.exe
(Rivet Networks) C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxext.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [321096 2017-06-09] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9229280 2017-06-29] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3375064 2017-11-21] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [734904 2017-05-30] (Nahimic)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [301848 2017-06-08] ()
HKLM\...\Run: [NahimicVRSvc32] => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [990392 2017-06-12] (A-Volute)
HKLM\...\Run: [NahimicVRSvc64] => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [1142456 2017-06-12] (A-Volute)
HKLM\...\Run: [MsiTrueColor] => C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColor.exe [5838120 2017-05-19] (Portrait Displays, Inc.)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1874264 2011-08-19] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3752768 2018-06-25] (Dropbox, Inc.)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\...\Run: [Steam] => D:\steam games\steam.exe [3111712 2017-12-15] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2018-01-11]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Control Center.lnk [2017-07-06]
ShortcutTarget: Killer Control Center.lnk -> C:\Program Files\Killer Networking\Killer Control Center\KillerControlCenter.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2018-01-11]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2018-01-11]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2012\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2018-01-09]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{17c14524-3fef-4917-81da-2e6babe031da}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{43962802-855b-48dd-88f2-bb7fbf2d649e}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bcecd424-eb07-4b2f-bacb-a69ad3381384}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem17win10.msn.com/?pc=NMTE
HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2018-01-11] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\system32\mscoree.dll [2018-04-11] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: zkcfya99.default
FF ProfilePath: C:\Users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\zkcfya99.default [2018-07-03]
FF Extension: (NoScript) - C:\Users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\zkcfya99.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2018-05-30]
FF Extension: (Web of Trust) - C:\Users\petra\AppData\Roaming\Mozilla\Firefox\Profiles\zkcfya99.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}.xpi [2018-06-26]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-01-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-01-03] (NVIDIA Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2017-04-24] (Windows ® Win 7 DDK provider)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-11] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-01-11] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-06-25] (Dropbox, Inc.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [152536 2017-11-21] (ELAN Microelectronics Corp.)
S3 iaStorAfsService; C:\Windows\IAStorAfsService\iaStorAfsService.exe [2413720 2017-06-12] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2017-06-09] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [732448 2017-02-24] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [548648 2017-02-24] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [197264 2017-06-06] (Intel Corporation)
R2 Killer Network Service x64; C:\Program Files\Killer Networking\Killer Control Center\KillerNetworkService.exe [2193088 2017-06-01] (Rivet Networks)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2017-06-08] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSITrueColorService; C:\Program Files\Portrait Displays\MSI True Color\MsiTrueColorService.exe [192296 2017-05-19] (Portrait Displays, Inc.)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [61880 2017-08-28] (Micro-Star INT'L CO., LTD.)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2011-08-20] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2011-08-19] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.) [File not signed]
S2 RunSwUSB; C:\Windows\runSW.exe [44760 2014-12-12] ()
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2150120 2017-03-16] (Intel Corporation)
S2 TriDefSmartCamService; c:\program files (x86)\tridef\smartcam\tridefsmartcamservice64.exe [11076576 2017-03-10] (DDD Group Plc.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-27] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-27] (Microsoft Corporation)
R2 NvContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
S3 NvContainerNetworkService; "C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe" -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [605616 2017-04-24] (Qualcomm)
R3 e2xw10x64; C:\WINDOWS\System32\drivers\e2xw10x64.sys [164560 2017-05-17] (Qualcomm Atheros, Inc.)
R3 ETDSMBus; C:\WINDOWS\System32\drivers\ETDSMBus.sys [31816 2017-11-21] (ELAN Microelectronic Corp.)
S3 iaStorAfs; C:\WINDOWS\System32\drivers\iaStorAfs.sys [70632 2017-06-12] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-10-19] (Logitech Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_463ff046fd545b4a\nvlddmkm.sys [17486096 2018-01-05] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31800 2017-06-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [49208 2017-06-29] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2018-01-03] (NVIDIA Corporation)
R2 RfeCoSvc; C:\WINDOWS\system32\DRIVERS\RfeCo10X64.sys [125136 2017-06-01] (Rivet Networks, LLC.)
R3 RtlWlanu; C:\WINDOWS\system32\DRIVERS\rtwlanu.sys [8228688 2018-05-03] (Realtek Semiconductor Corporation )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [420832 2017-06-29] (Realsil Semiconductor Corporation)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46896 2017-12-15] ()
R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [55560 2018-01-09] ()
R3 ssps2; C:\WINDOWS\System32\drivers\ssps2.sys [38656 2017-12-15] ()
R3 TriDefSmartCam; C:\WINDOWS\system32\DRIVERS\TriDefSmartCam.sys [48304 2017-02-20] (DDD Group Plc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-27] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-27] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-27] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-03 21:55 - 2018-07-03 21:56 - 000018978 _____ C:\Users\petra\Desktop\FRST.txt
2018-07-03 21:22 - 2018-07-03 21:55 - 000000000 ____D C:\FRST
2018-07-03 21:21 - 2018-07-03 21:21 - 002412544 _____ (Farbar) C:\Users\petra\Desktop\FRST64.exe
2018-07-01 18:39 - 2018-07-01 18:39 - 000000000 ____D C:\Users\petra\Desktop\Mag-Plugins-Mag-Tools-v2.1.5
2018-07-01 18:37 - 2018-07-01 18:38 - 002655255 _____ C:\Users\petra\Desktop\Mag-Plugins-Mag-Tools-v2.1.5.zip
2018-06-27 21:54 - 2018-06-27 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThwargLauncher
2018-06-27 21:54 - 2018-06-27 21:54 - 000000000 ____D C:\Program Files (x86)\Thwargle Games
2018-06-26 18:54 - 2018-06-26 18:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-06-25 10:24 - 2018-06-25 10:24 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-06-25 10:24 - 2018-06-25 10:24 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-06-25 10:24 - 2018-06-25 10:24 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-06-25 10:24 - 2018-06-25 10:24 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-06-20 19:32 - 2018-06-20 19:32 - 000000000 ____D C:\ProgramData\Packages
2018-06-13 14:04 - 2018-06-08 12:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-06-13 14:04 - 2018-06-08 12:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-13 14:04 - 2018-06-08 12:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-13 14:04 - 2018-06-08 12:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-13 14:04 - 2018-06-08 12:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-06-13 14:04 - 2018-06-08 12:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-13 14:04 - 2018-06-08 12:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-06-13 14:04 - 2018-06-08 11:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-13 14:04 - 2018-06-08 11:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-13 14:04 - 2018-06-08 11:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-13 14:04 - 2018-06-08 11:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-13 14:04 - 2018-06-08 11:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-13 14:04 - 2018-06-08 11:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-06-13 14:04 - 2018-06-08 11:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-13 14:04 - 2018-06-08 11:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-06-13 14:04 - 2018-06-08 11:44 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2018-06-13 14:04 - 2018-06-08 11:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-06-13 14:04 - 2018-06-08 11:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-13 14:04 - 2018-06-08 11:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-06-13 14:04 - 2018-06-08 11:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-13 14:04 - 2018-06-08 11:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-13 14:04 - 2018-06-08 11:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-06-13 14:04 - 2018-06-08 11:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-06-13 14:04 - 2018-06-08 11:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-06-13 14:04 - 2018-06-08 11:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-13 14:04 - 2018-06-08 11:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-13 14:04 - 2018-06-08 11:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-13 14:04 - 2018-06-08 11:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-13 14:04 - 2018-06-08 11:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-13 14:04 - 2018-06-08 11:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-13 14:04 - 2018-06-08 11:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-06-13 14:04 - 2018-06-08 11:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-13 14:04 - 2018-06-08 11:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-13 14:04 - 2018-06-08 11:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-13 14:04 - 2018-06-08 11:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-13 14:04 - 2018-06-08 11:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-13 14:04 - 2018-06-08 11:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-06-13 14:04 - 2018-06-08 11:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-06-13 14:04 - 2018-06-08 10:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-13 14:04 - 2018-06-08 09:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-13 14:04 - 2018-06-08 09:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-06-13 14:04 - 2018-06-08 09:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-13 14:04 - 2018-06-08 09:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-06-13 14:04 - 2018-06-08 09:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-13 14:04 - 2018-06-08 09:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-13 14:04 - 2018-06-08 09:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-13 14:04 - 2018-06-08 09:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-13 14:04 - 2018-06-08 09:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-06-13 14:04 - 2018-06-08 09:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-06-13 14:04 - 2018-06-08 09:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-13 14:04 - 2018-06-08 09:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-06-13 14:04 - 2018-06-08 09:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-13 14:04 - 2018-06-08 09:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-13 14:04 - 2018-06-08 09:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-06-13 14:04 - 2018-06-08 09:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-13 14:04 - 2018-06-08 09:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-13 14:04 - 2018-06-08 09:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-13 14:04 - 2018-06-08 09:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-13 14:04 - 2018-06-08 07:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-13 14:04 - 2018-06-08 07:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-13 14:04 - 2018-06-08 03:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-13 14:04 - 2018-06-08 03:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-13 14:04 - 2018-06-08 03:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-13 14:04 - 2018-06-08 03:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-13 14:04 - 2018-06-08 03:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-13 14:04 - 2018-06-08 03:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-13 14:04 - 2018-06-08 03:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-13 14:04 - 2018-06-08 03:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-13 14:04 - 2018-06-08 03:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-13 14:04 - 2018-06-08 03:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-13 14:04 - 2018-06-08 02:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-13 14:04 - 2018-06-08 02:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-13 14:04 - 2018-06-08 02:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-13 14:04 - 2018-06-08 02:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-13 14:04 - 2018-06-08 02:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-13 14:04 - 2018-06-08 02:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-13 14:04 - 2018-06-08 02:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-13 14:04 - 2018-06-08 02:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-13 14:04 - 2018-06-08 02:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-06-13 14:04 - 2018-06-08 02:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-13 14:04 - 2018-06-08 02:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-13 14:04 - 2018-06-08 02:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-13 14:04 - 2018-06-08 02:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-13 14:04 - 2018-06-08 02:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-13 14:04 - 2018-06-08 02:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-13 14:04 - 2018-06-08 02:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-13 14:04 - 2018-06-08 02:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-13 14:04 - 2018-06-08 02:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-13 14:04 - 2018-06-08 02:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-13 14:04 - 2018-06-08 02:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-06-13 14:04 - 2018-06-08 02:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-13 14:04 - 2018-06-08 02:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-13 14:04 - 2018-06-08 02:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-13 14:04 - 2018-06-08 02:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-13 14:04 - 2018-06-08 02:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-13 14:04 - 2018-06-08 02:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-13 14:04 - 2018-06-08 02:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-13 14:04 - 2018-06-08 02:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-13 14:04 - 2018-06-08 02:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-13 14:04 - 2018-06-08 02:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-13 14:04 - 2018-06-08 02:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-13 14:04 - 2018-06-08 02:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-13 14:04 - 2018-06-08 02:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-13 14:04 - 2018-06-08 02:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-13 14:04 - 2018-06-08 02:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-13 14:04 - 2018-06-08 02:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-13 14:04 - 2018-06-08 02:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-13 14:04 - 2018-06-08 02:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-06-13 14:04 - 2018-06-08 02:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-13 14:04 - 2018-06-08 02:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-13 14:04 - 2018-06-08 02:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-13 14:04 - 2018-06-08 02:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-13 14:04 - 2018-06-08 02:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-13 14:04 - 2018-06-08 02:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-13 14:04 - 2018-06-08 02:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-13 14:04 - 2018-06-08 02:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-13 14:04 - 2018-06-08 02:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-13 14:04 - 2018-06-08 02:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-06-13 14:04 - 2018-06-08 02:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-13 14:04 - 2018-06-08 02:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-13 14:04 - 2018-06-08 02:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-13 14:04 - 2018-06-08 02:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-06-13 14:04 - 2018-06-08 02:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-13 14:04 - 2018-06-08 02:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-06-13 14:04 - 2018-06-08 02:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-13 14:04 - 2018-06-08 02:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-13 14:04 - 2018-06-08 02:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-13 14:04 - 2018-06-08 02:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-13 14:04 - 2018-06-08 02:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-13 14:04 - 2018-06-08 02:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-13 14:04 - 2018-06-08 02:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-06-13 14:04 - 2018-06-08 02:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-13 14:04 - 2018-06-08 02:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-06-13 14:04 - 2018-06-08 02:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-06-13 14:04 - 2018-06-08 02:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-13 14:04 - 2018-06-08 02:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-13 14:04 - 2018-06-08 02:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-13 14:04 - 2018-06-08 02:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-13 14:04 - 2018-06-08 02:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-13 14:04 - 2018-06-08 02:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-13 14:04 - 2018-06-08 02:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-13 14:04 - 2018-06-08 02:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-13 14:04 - 2018-06-08 02:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-06-13 14:04 - 2018-06-08 02:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2018-06-13 14:04 - 2018-06-08 02:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-13 14:04 - 2018-06-08 02:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-13 14:04 - 2018-06-08 02:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-13 14:04 - 2018-06-08 02:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-13 14:04 - 2018-06-08 02:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-13 14:04 - 2018-06-08 02:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-06-13 14:04 - 2018-06-08 02:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-06-13 14:04 - 2018-06-08 02:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-13 14:04 - 2018-06-08 02:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-13 14:04 - 2018-06-08 02:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-13 14:04 - 2018-06-08 01:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-06-13 14:04 - 2018-06-08 01:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-13 14:04 - 2018-06-08 01:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-13 14:04 - 2018-06-08 01:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-13 14:04 - 2018-06-08 01:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-13 14:04 - 2018-06-08 01:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-06-13 14:04 - 2018-06-08 01:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-06-13 14:04 - 2018-06-08 01:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-13 14:04 - 2018-06-08 01:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-06-13 14:04 - 2018-06-08 01:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-13 14:04 - 2018-06-08 01:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-13 14:04 - 2018-06-08 01:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-13 14:04 - 2018-06-08 01:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-13 14:04 - 2018-06-08 01:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-06-13 14:04 - 2018-06-08 01:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-13 14:04 - 2018-06-08 01:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-13 14:04 - 2018-06-08 01:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-13 14:04 - 2018-06-08 01:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-13 14:04 - 2018-06-08 01:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-13 14:04 - 2018-06-08 01:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-13 14:04 - 2018-06-08 01:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-06-13 14:04 - 2018-06-08 01:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-13 14:04 - 2018-06-08 01:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-13 14:04 - 2018-06-08 01:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-06-13 14:04 - 2018-06-08 01:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-13 14:04 - 2018-06-08 01:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-13 14:04 - 2018-06-08 01:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-06-13 14:04 - 2018-06-08 01:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-13 14:04 - 2018-06-08 01:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-13 14:04 - 2018-06-08 01:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-13 14:04 - 2018-06-08 01:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-13 14:04 - 2018-06-08 01:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-06-13 14:04 - 2018-06-08 01:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-13 14:04 - 2018-06-08 01:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-06-13 14:04 - 2018-06-08 01:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-13 14:04 - 2018-06-08 01:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-06-13 14:04 - 2018-06-08 01:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-06-13 14:04 - 2018-06-08 01:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-13 14:04 - 2018-06-08 01:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-13 14:04 - 2018-06-08 01:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-13 14:04 - 2018-06-08 01:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-13 14:04 - 2018-06-08 01:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-13 14:04 - 2018-06-08 01:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-13 14:04 - 2018-06-08 01:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-13 14:04 - 2018-06-08 00:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-13 14:04 - 2018-06-06 11:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-13 14:04 - 2018-06-05 21:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-13 14:04 - 2018-06-01 16:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-13 14:04 - 2018-06-01 15:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-13 14:04 - 2018-05-24 20:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-06-13 14:04 - 2018-05-20 12:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-13 14:04 - 2018-05-20 12:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-13 14:04 - 2018-05-20 12:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-13 14:04 - 2018-05-20 12:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-13 14:04 - 2018-05-20 12:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-13 14:04 - 2018-05-20 12:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-13 14:04 - 2018-05-20 12:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-13 14:04 - 2018-05-20 12:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-13 14:04 - 2018-05-20 12:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-13 14:04 - 2018-05-20 12:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-13 14:04 - 2018-05-20 12:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-13 14:04 - 2018-05-20 12:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-13 14:04 - 2018-05-20 11:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-13 14:04 - 2018-05-20 11:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-13 14:04 - 2018-05-20 11:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-13 14:04 - 2018-05-20 11:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-13 14:04 - 2018-05-20 11:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-13 14:04 - 2018-05-20 10:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-13 14:04 - 2018-05-20 10:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-13 14:04 - 2018-05-20 09:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-13 14:04 - 2018-05-20 09:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-13 14:04 - 2018-05-20 09:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-13 14:04 - 2018-05-20 09:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-13 14:04 - 2018-05-20 09:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-13 14:04 - 2018-05-20 07:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-13 14:04 - 2018-05-20 05:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-13 14:04 - 2018-05-20 04:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-13 14:04 - 2018-05-20 04:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-13 14:04 - 2018-05-20 04:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-13 14:04 - 2018-05-20 04:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-13 14:04 - 2018-05-20 04:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-13 14:04 - 2018-05-20 04:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-13 14:04 - 2018-05-20 04:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-13 14:04 - 2018-05-20 04:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-13 14:04 - 2018-05-20 04:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-13 14:04 - 2018-05-20 04:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-13 14:04 - 2018-05-20 04:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-13 14:04 - 2018-05-20 04:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-13 14:04 - 2018-05-20 04:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-13 14:04 - 2018-05-20 04:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-13 14:04 - 2018-05-20 04:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-13 14:04 - 2018-05-20 04:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-13 14:04 - 2018-05-20 04:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-13 14:04 - 2018-05-20 04:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-13 14:04 - 2018-05-20 04:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-13 14:04 - 2018-05-20 04:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-13 14:04 - 2018-05-20 04:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-13 14:04 - 2018-05-20 04:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-13 14:04 - 2018-05-20 04:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-13 14:04 - 2018-05-20 04:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-13 14:04 - 2018-05-20 04:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-13 14:04 - 2018-05-20 04:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-13 14:04 - 2018-05-20 04:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-13 14:04 - 2018-05-20 04:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-13 14:04 - 2018-05-20 04:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-13 14:04 - 2018-05-20 04:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-13 14:04 - 2018-05-20 04:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-13 14:04 - 2018-05-20 04:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-13 14:04 - 2018-05-20 04:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-13 14:04 - 2018-05-20 04:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-13 14:04 - 2018-05-20 04:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-13 14:04 - 2018-05-20 04:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-13 14:04 - 2018-05-20 04:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-13 14:04 - 2018-05-20 04:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-13 14:04 - 2018-05-20 04:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-13 14:04 - 2018-05-20 04:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-13 14:04 - 2018-05-20 04:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-13 14:04 - 2018-05-20 04:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-13 14:04 - 2018-05-20 04:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-13 14:04 - 2018-05-20 04:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-13 14:04 - 2018-05-20 04:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-13 14:04 - 2018-05-20 04:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-13 14:04 - 2018-05-20 04:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-13 14:04 - 2018-05-20 04:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-13 14:04 - 2018-05-20 04:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-13 14:04 - 2018-05-20 04:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-13 14:04 - 2018-05-20 04:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-13 14:04 - 2018-05-20 04:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-13 14:04 - 2018-05-20 04:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-13 14:04 - 2018-05-20 04:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-13 14:04 - 2018-05-20 04:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-13 14:04 - 2018-05-20 04:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-13 14:04 - 2018-05-20 04:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-13 14:04 - 2018-05-20 04:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-13 14:04 - 2018-05-20 04:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-13 14:04 - 2018-05-20 04:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-13 14:04 - 2018-05-20 04:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-13 14:04 - 2018-05-20 04:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-13 14:04 - 2018-05-20 04:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-13 14:04 - 2018-05-20 04:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-13 14:04 - 2018-05-20 04:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-13 14:04 - 2018-05-20 04:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-13 14:04 - 2018-05-20 01:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-13 14:04 - 2018-05-18 10:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-03 21:55 - 2018-01-09 18:35 - 000000000 ____D C:\Users\petra\AppData\LocalLow\Mozilla
2018-07-03 21:41 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-03 21:41 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-03 21:02 - 2018-05-15 21:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-03 17:12 - 2017-07-06 13:56 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-03 17:09 - 2018-01-09 17:08 - 000000000 __SHD C:\Users\petra\IntelGraphicsProfiles
2018-07-03 14:37 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-01 18:50 - 2018-01-14 22:12 - 000000000 ____D C:\Users\petra\Documents\Decal Plugins
2018-07-01 18:44 - 2018-01-09 21:52 - 000000000 ____D C:\Games
2018-07-01 17:35 - 2018-01-11 17:44 - 000000000 ___RD C:\Users\petra\Dropbox
2018-06-29 00:06 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-27 21:54 - 2018-01-09 21:55 - 000001302 _____ C:\Users\Public\Desktop\ThwargLauncher.lnk
2018-06-27 21:54 - 2018-01-09 21:54 - 000000000 ____D C:\Users\petra\AppData\Roaming\Thwargle Games
2018-06-27 21:14 - 2018-02-19 20:13 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 18:54 - 2018-01-11 17:24 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-06-23 20:53 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-06-22 17:13 - 2018-05-15 21:39 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3178952071-1249660710-2574476267-1001
2018-06-22 17:13 - 2018-05-15 21:35 - 000002374 _____ C:\Users\petra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-22 17:13 - 2018-01-09 17:10 - 000000000 ___RD C:\Users\petra\OneDrive
2018-06-14 23:30 - 2018-05-15 21:30 - 000970320 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-13 18:13 - 2018-05-15 21:39 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-13 18:13 - 2018-04-11 14:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-13 14:57 - 2018-01-09 20:04 - 000000000 ___RD C:\Users\petra\3D Objects
2018-06-13 14:57 - 2017-05-16 15:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-13 14:56 - 2018-05-15 21:27 - 000561368 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-13 14:55 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-13 14:55 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-13 14:55 - 2018-04-11 14:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-13 14:09 - 2018-01-09 21:37 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-13 14:08 - 2018-01-09 21:37 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-13 14:08 - 2018-01-09 21:36 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-13 14:07 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-08 19:14 - 2018-01-09 18:35 - 000001012 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-08 19:14 - 2018-01-09 18:35 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-05 16:29 - 2018-04-11 16:41 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 16:29 - 2018-04-11 16:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-15 21:27

==================== End of FRST.txt ============================



#4 Lakoda

Lakoda
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 04 July 2018 - 12:45 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by petra (03-07-2018 21:56:14)
Running from C:\Users\petra\Desktop
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-16 04:39:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3178952071-1249660710-2574476267-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3178952071-1249660710-2574476267-503 - Limited - Disabled)
Guest (S-1-5-21-3178952071-1249660710-2574476267-501 - Limited - Disabled)
petra (S-1-5-21-3178952071-1249660710-2574476267-1001 - Administrator - Enabled) => C:\Users\petra
WDAGUtilityAccount (S-1-5-21-3178952071-1249660710-2574476267-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ApoDispatch Install Configurator (HKLM\...\{69F42FC4-5C7D-4D15-8751-6D381431AFC6}) (Version: 2.5.1201 - Nahimic) Hidden
APOInstallerMSISetup (HKLM\...\{36D4C478-7C23-4B97-93D9-17C7C3A72D61}) (Version: 1.0.11 - Nahimic) Hidden
Asheron's Call (HKLM-x32\...\{F0EE55BA-193D-4670-90C0-76E0E25F3A08}) (Version: 1.00.0000 - Turbine)
AudioDeviceFXPluginSampleUIMSISetup (HKLM\...\{F7B4F297-6901-4432-BCA6-AA739BF5DBA7}) (Version: 1.0.1101 - Nahimic) Hidden
AudioLaunchpad Install Configurator (HKLM\...\{1DF10417-3FAB-4E3E-B1B4-02B19F1AC7C0}) (Version: 2.5.1201 - Nahimic) Hidden
Battery Calibration (HKLM-x32\...\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1609.1901 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1704.1801 - Application) Hidden
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1704.1801 - Application)
CheckDevices Install Configurator (HKLM\...\{5D6F7A93-B33F-4FA9-9C6D-901E421C6DBE}) (Version: 2.5.1201 - Nahimic) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Decal 3.0 (2.9.7.5) (HKLM-x32\...\{6732F78F-6E90-47A5-9A6C-1A59D0C657B9}) (Version: 2.9.0705 - Decal Development)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 390.65 - NVIDIA Corporation) Hidden
Dragon Center (HKLM-x32\...\{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1711.2101 - Micro-Star International Co., Ltd.) Hidden
Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1711.2101 - Micro-Star International Co., Ltd.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 52.4.60 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
ELAN Touchpad 15.13.9.1_X64_WHQL (HKLM\...\Elantech) (Version: 15.13.9.1 - ELAN Microelectronic Corp.)
EndpointMonitoring Install MSISetup (HKLM\...\{6ADD4E11-6CCA-4658-98EB-B015E01C86AF}) (Version: 1.0.1101 - Nahimic) Hidden
Help Desk (HKLM-x32\...\{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1706.1901 - Micro-Star International Co., Ltd.) Hidden
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1706.1901 - Micro-Star International Co., Ltd.)
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1028 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 22.20.16.4708 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.7.0.1014 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\97FE6BFA6A40EE4967381F4313B334031A3B6E03) (Version: 1.1.4.0 - ENE TECHNOLOGY INC.)
Killer Performance Suite (HKLM\...\{D1542D4C-E420-4738-AC1C-F5C9D25280EF}) (Version: 1.3.1309 - Rivet Networks)
LauncherSetup Install (HKLM\...\{750B3B59-1788-42BF-987B-261D1391EE00}) (Version: 2.5.1201 - Nahimic) Hidden
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 57.0.4 - Mozilla)
MSI Feature Navigator (HKLM-x32\...\{2BD90BC2-5B5C-4493-8633-66D0CADF8B33}) (Version: 1.0.1703.1601 - Micro-Star International Co., Ltd.) Hidden
MSI Feature Navigator (HKLM-x32\...\InstallShield_{2BD90BC2-5B5C-4493-8633-66D0CADF8B33}) (Version: 1.0.1703.1601 - Micro-Star International Co., Ltd.)
MSI Remind Manager Service (HKLM-x32\...\{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1705.3101 - Micro-Star International Co., Ltd.) Hidden
MSI Remind Manager Service (HKLM-x32\...\InstallShield_{3E23F267-3E35-40F9-B6BF-BC034D214717}) (Version: 1.0.1705.3101 - Micro-Star International Co., Ltd.)
MSI True Color (HKLM\...\{B4A2776D-59CD-4193-A19D-DE15CB7FC5AA}) (Version: 2.0.0.032 - Portrait Displays, Inc.)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nahimic 2+ Audio Driver (HKLM\...\{1C5C507B-BE37-45BA-BBDA-5378A4322047}) (Version: 2.5.1201 - Nahimic) Hidden
Nahimic 2+ Audio Driver (HKLM-x32\...\{01d181cf-8af5-492c-b8c3-faa7c205c420}) (Version: 2.5.12 - Nahimic)
Nahimic VR (HKLM-x32\...\{2b61caff-3f7a-49af-9884-da3da0cf4610}) (Version: 1.0.11 - Nahimic)
NineEarsSettings Install Configurator (HKLM\...\{22EAF3C7-633A-488D-8199-97D5E0FC2098}) (Version: 1.0.1101 - Nahimic) Hidden
NVIDIA 3D Vision Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 390.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.5.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.70 - NVIDIA Corporation)
NVIDIA Graphics Driver 390.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 390.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.36.6 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.36.6 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
NvNodejs (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvNodejs) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
ProductDaemon Install Setup (HKLM\...\{1BF51136-38B0-4DE7-A156-194F2046322D}) (Version: 1.0.1101 - Nahimic) Hidden
ProductDaemonSetup Install (HKLM\...\{75CD938A-09E6-4304-8826-BE3E44FE091F}) (Version: 2.5.1201 - Nahimic) Hidden
ProductNS Install Configurator (HKLM\...\{B6EC6201-5BCB-4DF8-8E0B-DA0DBF20C6AD}) (Version: 2.5.1201 - Nahimic) Hidden
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.309 - Qualcomm Atheros)
QuickBooks (HKLM-x32\...\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}) (Version: 22.0.4001.2206 - Intuit Inc.) Hidden
QuickBooks Pro 2012 (HKLM-x32\...\{22057D8D-7CC8-46FF-AD8C-9BD24F9014F3}) (Version: 22.0.4001.2206 - Intuit Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8169 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0269 - )
SCM (HKLM\...\{F6E94387-38E9-4D98-9FE1-038F575768BA}) (Version: 13.017.06089 - Application)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0360 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 3.5.0.70 - NVIDIA Corporation) Hidden
Sizing Options (HKLM-x32\...\{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application) Hidden
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1607.2201 - Application)
SonicMapper Install Configurator (HKLM\...\{1C77A24A-D524-4208-B651-CAE059BA684A}) (Version: 2.5.1201 - Nahimic) Hidden
SSAudioDaemon Install MSISetup (HKLM\...\{0817BA8C-18D8-4A20-AF4E-C80E5D87D2CE}) (Version: 1.0.11 - Nahimic) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SteelSeries Engine 3.11.10 (HKLM\...\SteelSeries Engine 3) (Version: 3.11.10 - SteelSeries ApS)
The Elder Scrolls Online (HKLM-x32\...\The Elder Scrolls Online) (Version: 2.6.3.0 - Zenimax Online Studios)
The Lord of the Rings Online™ v1903.0058.2732.4095 (HKLM-x32\...\12bbe590-c890-11d9-9669-0800200c9a66_is1) (Version: 1903.0058.2732.4095 - Standing Stone Games, LLC)
Thunderbolt™ Software (HKLM-x32\...\{87A31923-8F18-4943-8093-17DBEE0101B7}) (Version: 16.3.61.275 - Intel Corporation)
ThwargLauncher (HKLM-x32\...\{9BAD7BA5-BC18-4A33-B11C-AA1778D1A4CF}) (Version: 5.2.2.0 - Thwargle Games)
TriDef SmartCam (MSI) 2.1.2 (HKLM-x32\...\webcam-msi-pkg) (Version: 2.1.2 - Dynamic Digital Depth Australia Pty Ltd)
UIInstallUpgrade (HKLM\...\{0C7E4CC4-E812-46AA-BAD9-60DADFABE9F5}) (Version: 2.5.1201 - Nahimic) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-2) (Version: 1.0.42.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0-3) (Version: 1.0.42.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22329 - Microsoft Corporation)
XSplit Gamecaster (HKLM-x32\...\{A39B5969-9683-49F9-AA69-F40EF0D91441}) (Version: 3.0.1705.3123 - SplitmediaLabs)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.22.0.dll [2018-06-25] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d44295a98a21a376\igfxDTCM.dll [2017-06-22] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-01-03] (NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {11ADAC5B-52F9-46DA-A5DE-1508C5B07422} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-29] (NVIDIA Corporation)
Task: {37BE0B34-88BF-4238-ABC6-07DF771794C0} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2017-05-30] (Nahimic)
Task: {3CD38941-A8D2-4376-B5F9-0B33981EFA79} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
Task: {3EBECF3B-59F9-4CC5-85CE-A15B175066CF} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => ConditionalAppStarter.exe
Task: {46C2870A-C3D0-4F57-BC63-98C7E96B0E16} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe [2017-06-12] (A-Volute)
Task: {4B0A881A-012E-4BD7-80C2-200D4DDDD266} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe [2017-06-12] (A-Volute)
Task: {4EFB1FAD-6F9F-49B3-AF1E-309899DAD19E} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2017-05-30] ()
Task: {52700594-79F5-429C-BA03-09E22926F658} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-06-29] (NVIDIA Corporation)
Task: {6321BF2D-FB08-4FA7-AB80-7195D0DB2C3C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6AF4E849-112D-4097-8953-F3F7F9AA8D54} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => ConditionalAppStarter.exe
Task: {6D364743-E430-4406-ADB3-56453F6B82C5} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-11] (Dropbox, Inc.)
Task: {6DC40851-D647-457B-859F-C315863E0B29} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-29] (NVIDIA Corporation)
Task: {6F4CF6C9-911F-482E-AB4F-BC161DDAD326} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2017-02-24] (Intel® Corporation)
Task: {77F93A1C-BCEB-49F9-9FD3-68CEDA5BEA9A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-06-29] (NVIDIA Corporation)
Task: {8245B853-B73A-45E7-B4DD-480AD1BE45A6} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-06-29] (NVIDIA Corporation)
Task: {8BED930A-2F9F-4813-944B-8A5AB3889165} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2017-05-30] ()
Task: {9604C108-6FC4-411A-8592-FB0CD68B1356} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2018-01-11] (Dropbox, Inc.)
Task: {98331303-3D07-46F2-B847-BC58A458449A} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-3178952071-1249660710-2574476267-1001
Task: {9D52EC3E-9C7F-42BE-834F-33BC2AC91188} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
Task: {9F0F628F-6636-442F-91A6-AE89A7E3E77D} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe
Task: {A644D1A5-EF3B-4419-9309-7BE4E356662F} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on switch user if service is up => ConditionalAppStarter.exe
Task: {B1C5FE32-451E-40EF-A073-D36C8BA96012} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
Task: {B343D6FF-CBB4-46B7-828D-5BA3F3D093DE} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-06-29] (NVIDIA Corporation)
Task: {C2A04113-B87F-4DFC-A7BF-130B876822EB} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {D54DACE8-5293-4715-B421-05791F242AEA} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2017-06-19] (Micro-Star International Co., Ltd.)
Task: {D73D5EBA-CCCA-4AE8-9AB9-CE4AC9C08A49} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter]
Task: {E3EC173E-4E0D-4545-9261-DE5A9F7CE00E} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-06-29] (NVIDIA Corporation)
Task: {EEA44EBB-E54A-467C-B9A1-79DEE90091CC} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [2017-11-21] (Micro-Star International Co., Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-01-10 17:15 - 2018-01-03 18:44 - 000544056 _____ () C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem\DisplayDriverAnalyzer\_DisplayDriverCrashAnalyzer64.dll
2017-07-06 13:57 - 2017-06-29 19:39 - 001148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-07-06 13:57 - 2018-01-03 16:50 - 000134448 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-06-13 14:04 - 2018-06-08 01:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-08 09:37 - 2017-06-08 09:37 - 000301848 _____ () C:\Program Files (x86)\SCM\SCM.exe
2015-03-06 17:07 - 2015-03-06 17:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-10-19 20:29 - 2017-10-19 20:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-10-19 20:29 - 2017-10-19 20:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2018-06-08 19:16 - 2018-06-08 19:16 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-08 19:16 - 2018-06-08 19:16 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-01-09 21:53 - 2018-01-09 21:53 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-30 23:29 - 2018-05-30 23:29 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-30 23:29 - 2018-05-30 23:29 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-04-25 17:13 - 2018-04-25 17:14 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-30 23:29 - 2018-05-30 23:29 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-04-05 22:39 - 2018-04-05 22:39 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-06-08 19:16 - 2018-06-08 19:16 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-30 23:29 - 2018-05-30 23:29 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-08 19:16 - 2018-06-08 19:16 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 23:29 - 2018-05-30 23:29 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-30 23:29 - 2018-05-30 23:29 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 23:29 - 2018-05-30 23:29 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-06-08 19:16 - 2018-06-08 19:16 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2018-06-22 17:13 - 2018-06-22 17:13 - 000093696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-06-22 17:13 - 2018-06-22 17:13 - 002447072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-06-22 17:13 - 2018-06-22 17:13 - 007813632 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-06 00:23 - 2017-06-06 00:23 - 001244304 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2017-07-06 13:57 - 2017-06-29 19:39 - 000901688 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-06-26 18:54 - 2018-06-25 10:24 - 001107272 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2018-06-26 18:54 - 2018-06-25 10:24 - 002079048 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2018-05-23 15:01 - 2018-06-25 10:29 - 000021328 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000022384 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000135656 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 001881448 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000023400 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:24 - 000111576 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes35.dll
2018-05-23 15:01 - 2018-06-25 10:24 - 000103392 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000068952 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000079688 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:24 - 000399832 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom35.dll
2018-05-23 15:01 - 2018-06-25 10:24 - 000024544 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000043496 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:24 - 000021472 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000124896 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000114664 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000392024 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000028520 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000024552 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000175584 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000024544 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000026080 _____ () C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000023904 _____ () C:\Program Files (x86)\Dropbox\Client\winshell.compiled._winshell.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000048616 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000057824 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000022360 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000023392 _____ () C:\Program Files (x86)\Dropbox\Client\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000069992 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000025960 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:27 - 003865936 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000088904 _____ () C:\Program Files (x86)\Dropbox\Client\sip.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 001800528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 001960272 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000028640 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:27 - 000155480 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000521552 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:27 - 000051032 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000043352 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:27 - 000130896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:27 - 000220504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000205144 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000060896 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000056160 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000024040 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000024424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000023400 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000022376 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000023400 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000028016 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:24 - 000348128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:27 - 000101712 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000024432 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000026464 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:24 - 000036312 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2018-06-26 18:54 - 2018-06-25 10:26 - 000034152 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:24 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2018-05-23 15:01 - 2018-06-25 10:29 - 000023400 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000181064 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2018-05-23 15:01 - 2018-06-25 10:29 - 000031584 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000024384 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.DLL
2018-06-26 18:54 - 2018-06-25 10:26 - 001638208 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2018-05-23 15:01 - 2018-06-25 10:29 - 000090472 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.cp35-win32.pyd
2018-05-23 15:01 - 2018-06-25 10:29 - 000026984 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000546640 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.cp35-win32.pyd
2018-06-26 18:54 - 2018-06-25 10:26 - 000359760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.cp35-win32.pyd
2017-07-06 13:57 - 2017-06-29 19:39 - 002442176 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-07-06 13:57 - 2017-06-29 19:39 - 000363576 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-07-06 13:57 - 2017-06-29 19:39 - 000254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-07-06 13:57 - 2017-06-29 19:39 - 000385592 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-07-06 13:57 - 2017-06-29 19:39 - 000469048 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-07-06 13:57 - 2017-06-29 19:39 - 000571840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 14:03 - 2017-03-18 14:01 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\petra\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\IMG_0459.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\Run: => "Nahimic2UILauncher"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc32"
HKLM\...\StartupApproved\Run: => "NahimicVRSvc64"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\...\StartupApproved\Run: => "Akamai NetSession Interface"
HKU\S-1-5-21-3178952071-1249660710-2574476267-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{66DBD03D-F36B-40CD-835C-8C28CA5FE934}C:\turbine\asheron's call\acclient.exe] => (Allow) C:\turbine\asheron's call\acclient.exe
FirewallRules: [TCP Query User{B07A1A89-1C0E-4549-BD55-D4159F42ECBD}C:\turbine\asheron's call\acclient.exe] => (Allow) C:\turbine\asheron's call\acclient.exe
FirewallRules: [{3E320716-6388-4057-9C42-BD90C004A6FC}] => (Allow) D:\steam games\steamapps\common\Myst Masterpiece\Myst.exe
FirewallRules: [{088D233F-F24A-4F4F-9132-E3068F4A4FCA}] => (Allow) D:\steam games\steamapps\common\Myst Masterpiece\Myst.exe
FirewallRules: [{2D0A896C-E8E5-4387-B9A7-C84FE0473E00}] => (Allow) D:\steam games\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{1E0EA4C2-50FB-4896-AAD3-5CCBA778B2D2}] => (Allow) D:\steam games\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{FD61E7DE-F94E-45ED-952B-B535A0301354}] => (Allow) D:\steam games\Steam.exe
FirewallRules: [{2E515317-FD10-4037-9224-7D2B18602AB8}] => (Allow) D:\steam games\Steam.exe
FirewallRules: [UDP Query User{8A348AEC-0AC9-4606-9167-DD8C14F31AD1}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{B66B008A-EDE5-4B91-9BCE-7BADC7880504}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{AC1347AF-B89F-4903-BB87-E84D2B3882A7}C:\users\petra\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\petra\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{0E08E2F4-D15F-4ACC-B5EF-FEF6298F4783}C:\users\petra\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\petra\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{908ACB89-52E7-4D25-89A8-E8CB0EE79DE5}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{1AE280F5-FD10-41AE-B3E3-D97829C254CE}C:\program files\logitech gaming software\lcore.exe] => (Allow) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [UDP Query User{EBC9F43C-505B-43A9-81B5-31D4F8C8AD6E}D:\standingstonegames\the lord of the rings online\lotroclient.exe] => (Allow) D:\standingstonegames\the lord of the rings online\lotroclient.exe
FirewallRules: [TCP Query User{0E2379B5-BF72-4D90-9E78-2CE895B43CDF}D:\standingstonegames\the lord of the rings online\lotroclient.exe] => (Allow) D:\standingstonegames\the lord of the rings online\lotroclient.exe
FirewallRules: [UDP Query User{B9958AA9-0019-48DD-9B2B-A48F0AEBFEE3}C:\users\petra\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\petra\appdata\local\akamai\netsession_win.exe
FirewallRules: [TCP Query User{F895183C-EAB8-4101-ACC4-14E882A0C749}C:\users\petra\appdata\local\akamai\netsession_win.exe] => (Allow) C:\users\petra\appdata\local\akamai\netsession_win.exe
FirewallRules: [UDP Query User{01996A85-8D24-40EC-830E-11DA14BF924A}C:\turbine\asheron's call\acclient.exe] => (Allow) C:\turbine\asheron's call\acclient.exe
FirewallRules: [TCP Query User{80A96865-C7F1-4595-ABC8-90D452EC3393}C:\turbine\asheron's call\acclient.exe] => (Allow) C:\turbine\asheron's call\acclient.exe
FirewallRules: [{1BC0CFA4-99B7-4C74-AF66-00EAAF701F9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{7690DADF-A770-46F1-94DE-D2802B4DD9DC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{EEDA29A0-8081-477F-94AB-5E9FD9215ABB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{774305DF-5B8E-4970-9362-488A6E2372F2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8BE7F3AE-363D-4972-8C0B-29A49013D242}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{BB6875C0-D05D-42AE-8907-98D3074F4AA6}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
FirewallRules: [{24A989DF-7D20-4757-B793-3F7ADC7185D2}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe
FirewallRules: [{E4F0D649-3E11-45DE-AFA2-ED614628D34B}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe
FirewallRules: [{1F950570-6F04-4801-8D22-085F5069349C}] => (Allow) C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.cam.exe
FirewallRules: [{4784F86D-4B64-4671-AFC2-9B1917F5FAD3}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{1F0AAACB-5DA5-4958-9248-119B800DF49D}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{52D4CADA-B354-4D4E-998C-C48D6EEEDBEF}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{24728EE7-50C2-4BBA-BD8A-03EA4FA513A1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B32C0B43-1968-44C7-AF0B-615D0FFCC98F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{6BF4F234-55AD-48AD-A3F9-1C25F0EABAA5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{3E2F3A84-2FFD-430D-802A-2631ACE81E13}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{97DF209D-2970-437D-BA7B-F937DF695BB3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1AF3B96F-313B-4B95-9823-D21D926ED607}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{A53EA0AC-D316-4603-9808-E07D6327E363}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B15E272D-B6BA-4892-835B-4F5A4A8A5FC5}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B77A8072-764E-41DE-9C82-7F9C50398A00}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{B9A04326-1223-44DB-9D02-FF289C6895AE}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.84.344.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/14/2018 11:26:39 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (06/14/2018 11:26:39 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected

Error: (06/13/2018 06:14:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSI Notification.exe, version: 1.0.1706.1901, time stamp: 0x59477489
Faulting module name: KERNELBASE.dll, version: 10.0.17134.112, time stamp: 0xf2b2cb6c
Exception code: 0xc000041d
Fault offset: 0x000000000003a388
Faulting process id: 0x30ac
Faulting application start time: 0x01d4037cffeaa364
Faulting application path: C:\Program Files (x86)\MSI\Help Desk\MSI Notification.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 0a28362d-8c7f-4f03-bed8-940d5b394d62
Faulting package full name:
Faulting package-relative application ID:

Error: (06/13/2018 06:14:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MSI Notification.exe, version: 1.0.1706.1901, time stamp: 0x59477489
Faulting module name: KERNELBASE.dll, version: 10.0.17134.112, time stamp: 0xf2b2cb6c
Exception code: 0xc0020001
Fault offset: 0x000000000003a388
Faulting process id: 0x30ac
Faulting application start time: 0x01d4037cffeaa364
Faulting application path: C:\Program Files (x86)\MSI\Help Desk\MSI Notification.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: c74add56-1505-44dc-80b8-ed78eb35bd0b
Faulting package full name:
Faulting package-relative application ID:

Error: (06/13/2018 06:14:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: MSI Notification.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Runtime.InteropServices.SEHException
   at MS.Win32.UnsafeNativeMethods.CallWindowProc(IntPtr, IntPtr, Int32, IntPtr, IntPtr)
   at MS.Win32.HwndSubclass.SubclassWndProc(IntPtr, Int32, IntPtr, IntPtr)

Error: (06/13/2018 02:56:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.17134.112, time stamp: 0xecd85e98
Faulting module name: NAHIMICV3apo.dll, version: 6.3.9600.17336, time stamp: 0x5914cc69
Exception code: 0xc0000005
Fault offset: 0x0000000000336377
Faulting process id: 0x1280
Faulting application start time: 0x01d403615a8be6b7
Faulting application path: C:\WINDOWS\system32\AUDIODG.EXE
Faulting module path: C:\WINDOWS\system32\NAHIMICV3apo.dll
Report Id: 294a2167-0032-4703-a929-4add3abc5c3c
Faulting package full name:
Faulting package-relative application ID:

Error: (06/13/2018 02:09:16 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.

Error: (06/13/2018 02:09:16 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: Windows cannot open the 32-bit extensible counter DLL ASP.NET_2.0.50727 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.


System errors:
=============
Error: (07/03/2018 09:02:26 PM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user MSI\petra SID (S-1-5-21-3178952071-1249660710-2574476267-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (07/03/2018 09:02:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/03/2018 06:10:56 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk2\DR2.

Error: (07/03/2018 05:09:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/03/2018 05:09:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/03/2018 05:09:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/03/2018 02:37:22 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/03/2018 02:34:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-06-26 20:10:29.766
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {2B0C8B95-A1C5-4EBE-B36C-B7A9E070D99D}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-24 19:20:08.307
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {92FCEA74-CCA9-483E-B3D0-EAB4D361C4B0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-05-19 21:37:53.448
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B4CE91FB-6876-4879-8E1E-4D844D6B07A8}
Scan Type: Antimalware
Scan Parameters: Quick Scan

==================== Memory info ===========================

Processor: Intel® Core™ i7-7700HQ CPU @ 2.80GHz
Percentage of memory in use: 19%
Total physical RAM: 16271.69 MB
Available physical RAM: 13035.55 MB
Total Virtual: 18703.69 MB
Available Virtual: 14084.56 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:117.94 GB) (Free:64.89 GB) NTFS
Drive d: (Data) (Fixed) (Total:909.92 GB) (Free:815.37 GB) NTFS
Drive e: () (Removable) (Total:124.97 GB) (Free:122.52 GB) FAT32

\\?\Volume{7b3bd6a3-c204-4501-abaa-f375a32c8bb5}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.37 GB) NTFS
\\?\Volume{00bf2091-053a-4584-a75c-e81592bdfe33}\ (BIOS_RVY) (Fixed) (Total:21.59 GB) (Free:0.68 GB) NTFS
\\?\Volume{4dbb4898-aa12-444e-bb55-54e9e5f4acd9}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.26 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: CE291E40)

Partition: GPT.

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: CE291E66)

Partition: GPT.

========================================================
Disk: 2 (Protective MBR) (Size: 125 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



#5 Lakoda

Lakoda
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 04 July 2018 - 12:47 PM

Sorry about the first post. I think it was because I didn't allow my NoScript in firefox. It looked ok on my end until I hit post.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,527 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:21 AM

Posted 04 July 2018 - 01:44 PM

Hi,

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Other that your logs are clean.

I can only suggest you change all you important passwods if not already done.

===

For you peace of mind you can run this scan.

This scan may take an hour or two. Execute it when you know you will not need the comuuter.

Please scan your computer with ESET Online Scanner.
  • Click on this link to open ESET Online Scanner in a new window.
    • Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    • Close all your programs and browsers.
    • Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    • Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.
  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.

#7 Lakoda

Lakoda
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 05 July 2018 - 07:44 PM

Thank you for looking at my logs. I turned system restore on and I’ll run the other scan just to be sure in the next few days. Looks like my info was stolen after it left my pc.
Again thanks for the work you do.




16 user(s) are reading this topic

0 members, 16 guests, 0 anonymous users