Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I got myself some malware - csmxrizsvc.exe?


  • Please log in to reply
7 replies to this topic

#1 DCJamison

DCJamison

  • Members
  • 4 posts
  • ONLINE
  •  
  • Local time:10:43 AM

Posted Yesterday, 01:39 PM

installed a file(easeus data recovery wizard 12) to try to recover some deleted files and ended up getting what I think is some malware(I think I clicked on a third party ad instead of getting the actual company's website). Having trouble deleting folders/files that I believe to be infected and am unable to get to safe mode in windows 10 no matter what way I try.(I could do these things in windows 7, but windows 10 seems to hate me.) even tried booting off an windows install usb.- unable to get to safe mode that way either.

 

I have given up the ghost at trying to fix this one myself and will not try anything else til I here from someone on here.

Thank you in advance!

 

using GlassWire firewall at the moment.

 

various folders were created that I cannot access in appdata\local\:

cgsapim

pcntknu

dwnbspm

csmxrizsvc.exe is still running at all times(could not find any info on it)

 

the issue started on 10/12/18 and I identified the file that started all of the issues(it has since been deleted).

 

files that are on my system that I believe to be part of the issue(I removed what files I could and blocked all of these with glasswire):

agservice.exe

alloyMANYCUTS

Anonymizer Gadget

au_.exe

Balz

cgsapim.exe

Chameleon Explorer

Galliano

JCleaner

mbehnzg.exe

msduago.exe

nsscef0.tmp

quoteex.exe

saturday.exe

tempqce35.exe

transiently (\appdata\local\temp\nsg8fd9.tmp\hty8awzt8.exe)

 

 

 

FRST.txt log file:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by dclin (administrator) on DCMAIN10 (15-10-2018 12:39:20)
Running from F:\xfers\BleepingComputer
Loaded Profiles: dclin (Available Profiles: dclin & dancl & Daniel)
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(TOSHIBA CORPORATION) C:\Windows\System32\csmxrizsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(DEVGURU Co., LTD.) C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\Locator.exe
(sonarr.tv) C:\ProgramData\NzbDrone\bin\NzbDrone.Console.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(2BrightSparks Pte. Ltd.) F:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.30.98.1000_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files (x86)\Gigabyte\AppCenter\ApCent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(GIGA-BYTE TECHNOLOGY CO., LTD.) C:\Program Files (x86)\Gigabyte\SIV\thermald.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.30.98.1000_x64__kzf8qxf38zg5c\SkypeApp.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Valve Corporation) F:\Program Files (x86)\Steam\Steam.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 6970\Bin\ScanToPCActivationApp.exe
(Plex, Inc.) F:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(The Eraser Project) F:\Program Files\Eraser\Eraser.exe
() C:\Users\dclin\AppData\Roaming\CouchPotato\application\CouchPotato.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Python27\pythonw.exe
(The SABnzbd-team) F:\Program Files\SABnzbd\SABnzbd.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(HP Inc.) C:\Program Files\HP\HP OfficeJet Pro 6970\Bin\HPNetworkCommunicatorCom.exe
(Python Software Foundation) F:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Python Software Foundation) F:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) F:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
(Plex) F:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
() C:\Users\dclin\AppData\Local\cgsapim\cgsapim.exe
(Python Software Foundation) F:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Valve Corporation) F:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
(Binary Fortress Software) C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\dclin\AppData\Local\pcntkxu\mbehnzg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\dclin\AppData\Local\cgsapim\msduago.exe
() C:\Users\dclin\AppData\Local\cgsapim\msduago.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18723976 2018-08-07] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc.)
HKLM\...\Run: [Brust] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM\...\Run: [Tracery] => "C:\Program Files (x86)\boardrooms\Balz.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM\...\Run: [Auden] => "C:\Program Files (x86)\Impromptu\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3784512 2018-10-09] (Dropbox, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [56894944 2017-11-03] (Western Digital Corporation)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2309008 2017-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Micahel] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM-x32\...\Run: [Nestling] => "C:\Program Files (x86)\boardrooms\Balz.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM-x32\...\Run: [Rhythm] => "C:\Program Files (x86)\Impromptu\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [SIV] => C:\Program Files (x86)\Gigabyte\SIV\sivro.exe [12072 2016-02-18] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\Gigabyte\EasyTune\etro.exe [5632 2015-09-14] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [Steam] => F:\Program Files (x86)\Steam\steam.exe [3208992 2018-10-12] (Valve Corporation)
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [HP OfficeJet Pro 6970 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 6970\Bin\ScanToPCActivationApp.exe [3764360 2016-11-17] (HP Inc.)
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [Plex Media Server] => F:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [18314216 2018-09-21] (Plex, Inc.)
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [Eraser] => F:\Program Files\Eraser\Eraser.exe [463248 2009-12-16] (The Eraser Project)
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [Fortier] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [Fritter] => "C:\Program Files (x86)\boardrooms\Balz.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [Shoulders] => "C:\Program Files (x86)\Impromptu\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [Rummy] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [Javed] => "C:\Program Files (x86)\boardrooms\Balz.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [Donohue] => "C:\Program Files (x86)\Impromptu\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [expensing] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)
HKU\S-1-5-18\...\Run: [Plex Media Server] => F:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [18314216 2018-09-21] (Plex, Inc.)
ShellExecuteHooks: Directory Opus Shell Execute Hook - {3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE} - C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll [1917680 2018-05-30] (GP Software)
ShellExecuteHooks-x32: Directory Opus Shell Execute Hook - {EE761688-C137-4b04-8FAB-3C9CDF0886F0} - C:\Program Files\GPSoftware\Directory Opus\dopuslib32.dll [382704 2018-05-30] (GP Software)
Startup: C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CouchPotato.lnk [2018-05-31]
ShortcutTarget: CouchPotato.lnk -> C:\Users\dclin\AppData\Roaming\CouchPotato\application\CouchPotato.exe ()
Startup: C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.scf [2013-05-06] ()
Startup: C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PlexPy.pyw - Shortcut.lnk [2018-05-08]
ShortcutTarget: PlexPy.pyw - Shortcut.lnk -> F:\PlexPy\PlexPy.pyw ()
Startup: C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2017-09-26]
ShortcutTarget: SABnzbd.lnk -> F:\Program Files\SABnzbd\SABnzbd.exe (The SABnzbd-team)
Startup: C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-08-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a5c2e419-1a6e-4bd9-a5ef-aa91f757d3da}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-10-12] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2899436820-3732532657-4052289127-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2016-01-04] (Belarc, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-10-05] (Microsoft Corporation)
 
Edge: 
======
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.17.1.0_neutral__qq0fmhteeht3j [2018-09-05]
 
FireFox:
========
FF DefaultProfile: h6peqywn.default
FF DefaultProfile: rg74nuue.default
FF ProfilePath: C:\Users\dclin\AppData\Roaming\Mozilla\SeaMonkey\Profiles\h6peqywn.default [2018-10-15]
FF ProfilePath: C:\Users\dclin\AppData\Roaming\Mozilla\Firefox\Profiles\rg74nuue.default [2018-10-15]
FF Homepage: Mozilla\Firefox\Profiles\rg74nuue.default -> file:///C:/ProgramData/Quoteexs/ff.HP
FF NewTab: Mozilla\Firefox\Profiles\rg74nuue.default -> file:///C:/ProgramData/Quoteexs/ff.NT
FF Extension: (Xmarks Bookmark Sync) - C:\Users\dclin\AppData\Roaming\Mozilla\Firefox\Profiles\rg74nuue.default\Extensions\foxmarks@kei.com.xpi [2018-04-22]
FF Extension: (LastPass: Free Password Manager) - C:\Users\dclin\AppData\Roaming\Mozilla\Firefox\Profiles\rg74nuue.default\Extensions\support@lastpass.com.xpi [2018-09-24]
FF Extension: (uBlock Origin) - C:\Users\dclin\AppData\Roaming\Mozilla\Firefox\Profiles\rg74nuue.default\Extensions\uBlock0@raymondhill.net.xpi [2018-09-24]
FF Extension: (Greasemonkey) - C:\Users\dclin\AppData\Roaming\Mozilla\Firefox\Profiles\rg74nuue.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-04-22]
FF SearchPlugin: C:\Users\dclin\AppData\Roaming\Mozilla\Firefox\Profiles\rg74nuue.default\searchplugins\bing-lavasoft.xml [2017-11-16]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2017-09-07] [Legacy] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_122.dll [2018-10-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_122.dll [2018-10-09] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-10-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-10-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
StartMenuInternet: FIREFOX.EXE - F:\Program Files (x86)\Mozilla Firefox\firefox.exe
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default [2018-10-15]
CHR Extension: (Slides) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2017-09-23]
CHR Extension: (Docs) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-04]
CHR Extension: (YouTube) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-04]
CHR Extension: (Honey) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2018-08-24]
CHR Extension: (Adblock Plus) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-09-11]
CHR Extension: (uBlock Origin) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-28]
CHR Extension: (CrackWatch) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dechlkibpibjlaidpeniljjejncdhfpj [2018-06-20]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-06-04]
CHR Extension: (Dropbox for Gmail) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2018-04-25]
CHR Extension: (ICE Quick Stream) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2017-06-04]
CHR Extension: (Google Calendar) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-06-04]
CHR Extension: (ARC Welder) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\emfinbmielocnlhgmfkkmkngdoccbadn [2018-02-07]
CHR Extension: (Google Play Music) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2018-09-27]
CHR Extension: (Pandora) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2017-06-04]
CHR Extension: (Sheets) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Plex) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpniocchabmgenibceglhnfeimmdhdfm [2017-10-10]
CHR Extension: (Chrome Remote Desktop) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2018-10-10]
CHR Extension: (Google Docs Offline) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (The Camelizer) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2018-06-23]
CHR Extension: (OneNote Web Clipper) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gojbdfnpnhogfdgjbigejoaolejmgdhk [2018-06-23]
CHR Extension: (Pinterest Save Button) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-09-24]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-10-05]
CHR Extension: (SuperSorter) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2017-06-04]
CHR Extension: (Dropbox) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2018-03-23]
CHR Extension: (Google Voice (by Google)) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2017-06-04]
CHR Extension: (Little Alchemy) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd [2017-06-04]
CHR Extension: (Evernote Web) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2017-06-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-06-04]
CHR Extension: (PasswordMaker Pro) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lnhofcfhehhcbccpmdmdpjncdoihmkkh [2018-05-01]
CHR Extension: (App Runtime for Chrome (Beta)) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfaihdlpglflfgpfjcifdjdjcckigekc [2017-09-12]
CHR Extension: (Ghostery – Privacy Ad Blocker) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2018-08-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-04]
CHR Extension: (Enhanced Steam) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2018-07-29]
CHR Extension: (Picasa) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2017-06-04]
CHR Extension: (Amazon Assistant for Chrome) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2018-10-14]
CHR Extension: (Evernote Web Clipper) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2018-10-05]
CHR Extension: (Gmail) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-04]
CHR Extension: (Chrome Media Router) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-20]
CHR Extension: (Eiffel Tower) - C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ppbaibkigenhdcommebegmmmpoolmpip [2018-10-12]
CHR Extension: (YouTube Music) - F:\xfers\android\youtube-music-1-90-4.apk_export_maEUZ [2017-09-12]
CHR Profile: C:\Users\dclin\AppData\Local\Google\Chrome\User Data\Guest Profile [2018-10-13]
CHR Profile: C:\Users\dclin\AppData\Local\Google\Chrome\User Data\System Profile [2018-10-13]
CHR HKU\S-1-5-21-2899436820-3732532657-4052289127-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - C:\Users\dclin\AppData\Local\Programs\Opera\Launcher.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\dlncz <==== ATTENTION (Rootkit!)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
S3 AppleChargerSrv; C:\WINDOWS\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7206312 2018-09-26] ()
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-09-05] (BlueStack Systems, Inc.)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\69.0.3497.7\remoting_host.exe [72024 2018-07-23] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9677088 2018-09-29] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-13] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-10-09] (Dropbox, Inc.)
R2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5291424 2017-11-14] (Binary Fortress Software)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-27] (EasyAntiCheat Ltd)
R2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] () [File not signed]
S4 GalaxyClientService; F:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [682056 2018-06-14] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8174664 2018-06-14] (GOG.com)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4328400 2018-06-22] (SecureMix LLC)
S2 HitmanPro38CrusaderBoot; F:\xfers\hitmanpro_x64.exe [11576808 2018-10-14] (SurfRight B.V.)
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62760 2016-06-01] (GIGA-BYTE TECHNOLOGY CO., LTD.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-08-07] (Logitech Inc.)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)
R2 NzbDrone; C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe [25600 2018-10-08] (sonarr.tv) [File not signed]
S4 Origin Client Service; F:\Program Files (x86)\Origin\OriginClientService.exe [2201920 2018-06-14] (Electronic Arts)
S4 Origin Web Helper Service; F:\Program Files (x86)\Origin\OriginWebHelperService.exe [3072328 2018-06-14] (Electronic Arts)
S4 PlexUpdateService; F:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2241512 2018-09-21] (Plex, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2018-05-29] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-16] (DEVGURU Co., LTD.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [355184 2017-09-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-09-25] (Microsoft Corporation)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-09-25] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
R1 AppleCharger; C:\WINDOWS\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-09-11] (Malwarebytes)
R3 etocdrv; C:\WINDOWS\etocdrv.sys [15584 2013-10-31] (Giga-Byte Technology CO., LTD.)
S3 GVTDrv64; C:\WINDOWS\GVTDrv64.sys [30528 2018-06-09] ()
R1 gwdrv; C:\WINDOWS\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
S3 IreulBus; C:\WINDOWS\System32\drivers\IreulBus.sys [52984 2017-12-15] (Rainway, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2018-08-07] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2018-08-07] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [200232 2018-10-12] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [118584 2018-10-15] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [58400 2018-10-15] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260384 2018-10-15] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [110424 2018-10-15] (Malwarebytes)
R3 mt7612US; C:\WINDOWS\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_54bd1f10ac116cd5\nvlddmkm.sys [20605496 2018-10-02] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [69544 2018-06-07] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation)
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
R1 UsbCharger; C:\WINDOWS\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-09-25] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [352424 2018-09-25] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60584 2018-09-25] (Microsoft Corporation)
S2 WinRing0_1_2_0; F:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\WinRing0\WinRing0x64.sys [14536 2015-12-14] (OpenLibSys.org)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
S4 bpkrlncd; System32\drivers\wdoiezvr.sys [X]
S1 vnoezrid; \??\C:\Users\dclin\AppData\Local\Temp\nvocrmie.sys [X] <==== ATTENTION
S3 xadgkn; system32\drivers\dgjnqt.sys [X]
R3 ycfilp; system32\drivers\filpsv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-15 12:39 - 2018-10-15 12:39 - 000000000 ____D C:\FRST
2018-10-15 12:29 - 2018-10-15 12:29 - 000000000 ____D C:\Users\dclin\AppData\Local\pcntkxu
2018-10-15 12:26 - 2018-10-15 12:26 - 000260384 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-10-15 12:26 - 2018-10-15 12:26 - 000118584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-10-15 12:26 - 2018-10-15 12:26 - 000058400 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-10-15 12:21 - 2018-10-15 12:21 - 000145744 ____N C:\WINDOWS\system32\Drivers\spiilosv.sys
2018-10-15 12:04 - 2018-10-15 12:25 - 002921984 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\csmxrizsvc.exe
2018-10-15 11:45 - 2018-10-15 12:26 - 000110424 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-10-14 11:56 - 2018-10-15 12:21 - 000000000 ____D C:\Users\dclin\AppData\Local\Eraser
2018-10-14 11:54 - 2018-10-14 11:54 - 000042152 _____ C:\WINDOWS\system32\.crusader
2018-10-14 11:54 - 2018-10-14 11:54 - 000033024 _____ C:\WINDOWS\system32\bootdelete.lst
2018-10-14 11:54 - 2018-10-14 11:54 - 000012872 _____ (SurfRight B.V.) C:\WINDOWS\system32\bootdelete.exe
2018-10-14 11:47 - 2018-10-14 11:55 - 000000000 ____D C:\ProgramData\HitmanPro
2018-10-14 11:17 - 2018-10-14 11:17 - 000000000 ____D C:\Users\dclin\AppData\Roaming\Free File Unlocker
2018-10-14 11:17 - 2018-04-01 12:53 - 000000224 _____ C:\ProgramData\fddbs.dll
2018-10-14 11:16 - 2018-10-14 11:16 - 000001024 _____ C:\Users\Public\Desktop\4dots Software PRODUCT CATALOG.lnk
2018-10-14 11:13 - 2018-10-14 11:33 - 000000001 _____ C:\no7il65gcqkmy9t
2018-10-13 09:57 - 2018-10-14 12:18 - 000000000 ____D C:\ESD
2018-10-13 09:55 - 2018-10-13 09:55 - 000000000 ____D C:\$WINDOWS.~BT
2018-10-13 09:33 - 2018-10-15 12:26 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-10-12 16:39 - 2018-10-12 15:48 - 000000850 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20181012-163920.backup
2018-10-12 16:33 - 2018-10-12 16:33 - 000001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2018-10-12 16:33 - 2018-10-12 16:33 - 000001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-10-12 16:33 - 2018-10-12 16:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2018-10-12 16:33 - 2018-02-06 19:04 - 000032168 _____ (Safer-Networking Ltd.) C:\WINDOWS\system32\sdnclean64.exe
2018-10-12 16:32 - 2018-10-15 12:26 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-10-12 16:02 - 2018-10-13 09:07 - 000000217 _____ C:\WINDOWS\wininit.ini
2018-10-12 15:55 - 2018-10-15 12:32 - 000005554 _____ C:\WINDOWS\system32\PerfStringBackup.TMP
2018-10-12 15:35 - 2018-10-13 21:53 - 000000000 ____D C:\Users\dclin\AppData\Local\dwnbspm
2018-10-12 15:32 - 2018-10-15 12:39 - 000000000 ____D C:\Users\dclin\AppData\Local\cgsapim
2018-10-12 15:22 - 2018-10-12 15:22 - 000000000 ____D C:\Users\dclin\AppData\Local\mbam
2018-10-12 15:21 - 2018-10-12 15:45 - 000200232 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-10-12 15:21 - 2018-10-12 15:21 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-12 15:21 - 2018-10-12 15:21 - 000000000 ____D C:\Users\dclin\AppData\Local\mbamtray
2018-10-12 15:21 - 2018-10-12 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-10-12 15:21 - 2018-10-12 15:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-12 15:21 - 2018-10-12 15:21 - 000000000 ____D C:\Program Files\Malwarebytes
2018-10-12 15:21 - 2018-09-11 13:18 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-10-12 15:15 - 2018-10-15 11:49 - 002921984 _____ C:\WINDOWS\system32\csmxrizsvc.old
2018-10-12 15:15 - 2018-10-12 15:35 - 000000000 ____D C:\WINDOWS\system32\vdaxoir
2018-10-12 15:15 - 2018-10-12 15:15 - 000000000 ____D C:\WINDOWS\SysWOW64\vdaxoir
2018-10-12 15:14 - 2018-10-12 15:19 - 000000000 ____D C:\Users\dclin\AppData\Roaming\AGData
2018-10-12 15:14 - 2018-10-12 15:14 - 000000000 ____D C:\Users\dclin\AppData\Roaming\et
2018-10-12 15:13 - 2018-10-14 11:33 - 000000000 ____D C:\Program Files (x86)\Dilip
2018-10-12 15:13 - 2018-10-12 15:13 - 006860752 _____ (NeoSoft Tools ) C:\Users\dclin\AppData\Roaming\cexplorer.exe
2018-10-12 15:13 - 2018-10-12 15:13 - 000004124 _____ C:\WINDOWS\System32\Tasks\remarked formation caterwauling
2018-10-12 15:13 - 2018-10-12 15:13 - 000004116 _____ C:\WINDOWS\System32\Tasks\entablature
2018-10-12 15:13 - 2018-10-12 15:13 - 000004100 _____ C:\WINDOWS\System32\Tasks\barricaded rylander
2018-10-12 15:13 - 2018-10-12 15:13 - 000004096 _____ C:\WINDOWS\System32\Tasks\kirchhoff_ted
2018-10-12 15:13 - 2018-10-12 15:13 - 000004092 _____ C:\WINDOWS\System32\Tasks\durum-issuances
2018-10-12 15:13 - 2018-10-12 15:13 - 000004088 _____ C:\WINDOWS\System32\Tasks\intersperse_abbate
2018-10-12 15:13 - 2018-10-12 15:13 - 000004084 _____ C:\WINDOWS\System32\Tasks\enfolds
2018-10-12 15:13 - 2018-10-12 15:13 - 000004082 _____ C:\WINDOWS\System32\Tasks\naturalized
2018-10-12 15:13 - 2018-10-12 15:13 - 000004022 _____ C:\WINDOWS\System32\Tasks\remarked formation caterwaulingremarked formation caterwauling
2018-10-12 15:13 - 2018-10-12 15:13 - 000003976 _____ C:\WINDOWS\System32\Tasks\entablatureentablature
2018-10-12 15:13 - 2018-10-12 15:13 - 000003974 _____ C:\WINDOWS\System32\Tasks\barricaded rylanderbarricaded rylander
2018-10-12 15:13 - 2018-10-12 15:13 - 000003962 _____ C:\WINDOWS\System32\Tasks\intersperse_abbateintersperse_abbate
2018-10-12 15:13 - 2018-10-12 15:13 - 000003960 _____ C:\WINDOWS\System32\Tasks\durum-issuancesdurum-issuances
2018-10-12 15:13 - 2018-10-12 15:13 - 000003958 _____ C:\WINDOWS\System32\Tasks\kirchhoff_tedkirchhoff_ted
2018-10-12 15:13 - 2018-10-12 15:13 - 000003942 _____ C:\WINDOWS\System32\Tasks\naturalizednaturalized
2018-10-12 15:13 - 2018-10-12 15:13 - 000003934 _____ C:\WINDOWS\System32\Tasks\enfoldsenfolds
2018-10-12 15:13 - 2018-10-12 15:13 - 000002980 _____ C:\WINDOWS\System32\Tasks\Chameleon Folder-dclin
2018-10-12 15:12 - 2018-10-12 15:12 - 000000000 ____D C:\ProgramData\Caphyon
2018-10-12 14:37 - 2018-10-12 14:38 - 000000000 ____D C:\Users\dclin\AppData\Roaming\GetRightToGo
2018-10-12 14:17 - 2018-10-12 16:30 - 000000000 ____D C:\Program Files\CCleaner
2018-10-12 14:17 - 2018-10-12 14:17 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-10-12 14:17 - 2018-10-12 14:17 - 000002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-10-12 14:17 - 2018-10-12 14:17 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-10-12 14:17 - 2018-10-12 14:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-10-12 14:05 - 2018-10-12 14:05 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-10-12 14:03 - 2018-10-12 14:03 - 000000000 ____D C:\Program Files\EaseUS
2018-10-12 08:33 - 2018-10-12 08:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-10-12 08:31 - 2018-10-12 08:31 - 000017920 _____ C:\WINDOWS\erasers.exe
2018-10-12 07:40 - 2018-10-12 07:40 - 000096394 _____ C:\WINDOWS\uninstaller.dat
2018-10-11 07:17 - 2018-10-11 07:17 - 000001345 _____ C:\Users\dclin\Desktop\rebuild Icons.lnk
2018-10-10 04:17 - 2018-09-21 00:14 - 000661056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-10-10 04:17 - 2018-09-21 00:11 - 000753056 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-10-10 04:17 - 2018-09-21 00:09 - 004790160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-10-10 04:17 - 2018-09-21 00:09 - 002253696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-10-10 04:17 - 2018-09-21 00:09 - 001427968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-10-10 04:17 - 2018-09-21 00:09 - 000129088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-10-10 04:17 - 2018-09-21 00:08 - 002765344 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-10-10 04:17 - 2018-09-21 00:08 - 001566720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-10-10 04:17 - 2018-09-21 00:08 - 000709936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-10-10 04:17 - 2018-09-21 00:08 - 000261008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-10-10 04:17 - 2018-09-21 00:08 - 000170808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-10-10 04:17 - 2018-09-21 00:07 - 000604664 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-10-10 04:17 - 2018-09-20 23:57 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-10-10 04:17 - 2018-09-20 23:57 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-10-10 04:17 - 2018-09-20 23:43 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-10-10 04:17 - 2018-09-20 23:42 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-10-10 04:17 - 2018-09-20 23:40 - 002368000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-10-10 04:17 - 2018-09-20 23:39 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-10-10 04:17 - 2018-09-20 23:39 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-10-10 04:17 - 2018-09-20 23:38 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-10-10 04:17 - 2018-09-20 23:38 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-10-10 04:17 - 2018-09-20 23:37 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-10-10 04:17 - 2018-09-20 23:37 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-10-10 04:17 - 2018-09-20 23:37 - 001211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-10-10 04:17 - 2018-09-20 23:37 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-10-10 04:17 - 2018-09-20 23:36 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-10-10 04:17 - 2018-09-20 23:36 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-10-10 04:17 - 2018-09-20 23:36 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-10-10 04:17 - 2018-09-20 05:37 - 001634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-10-10 04:17 - 2018-09-20 05:19 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-10-10 04:17 - 2018-09-20 05:18 - 003649024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-10-10 04:17 - 2018-09-20 05:18 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-10-10 04:17 - 2018-09-20 05:17 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-10-10 04:17 - 2018-09-20 05:17 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-10-10 04:17 - 2018-09-20 04:46 - 001454440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-10-10 04:17 - 2018-09-20 04:34 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-10-10 04:17 - 2018-09-20 04:29 - 002891776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-10-10 04:17 - 2018-09-20 04:29 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-10-10 04:17 - 2018-09-20 02:43 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-10-10 04:17 - 2018-09-20 01:52 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-10-10 04:17 - 2018-09-20 00:29 - 006569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-10-10 04:17 - 2018-09-20 00:29 - 001989232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-10-10 04:17 - 2018-09-20 00:29 - 001513032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-10-10 04:17 - 2018-09-20 00:28 - 001129544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-10-10 04:17 - 2018-09-20 00:28 - 000581792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-10-10 04:17 - 2018-09-20 00:28 - 000567256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-10-10 04:17 - 2018-09-20 00:17 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-10-10 04:17 - 2018-09-20 00:13 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-10-10 04:17 - 2018-09-20 00:11 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-10-10 04:17 - 2018-09-20 00:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-10-10 04:17 - 2018-09-20 00:11 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-10-10 04:17 - 2018-09-20 00:10 - 001221128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-10-10 04:17 - 2018-09-20 00:10 - 001029432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-10-10 04:17 - 2018-09-20 00:10 - 000076088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-10-10 04:17 - 2018-09-20 00:09 - 009089848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-10-10 04:17 - 2018-09-20 00:09 - 007520096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-10-10 04:17 - 2018-09-20 00:09 - 002825232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-10-10 04:17 - 2018-09-20 00:09 - 001767096 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-10-10 04:17 - 2018-09-20 00:09 - 001540096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-10-10 04:17 - 2018-09-20 00:09 - 000885952 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-10-10 04:17 - 2018-09-20 00:09 - 000793088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-10-10 04:17 - 2018-09-20 00:09 - 000713472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-10-10 04:17 - 2018-09-20 00:09 - 000412984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-10-10 04:17 - 2018-09-20 00:08 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-10-10 04:17 - 2018-09-20 00:08 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-10-10 04:17 - 2018-09-19 23:44 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-10-10 04:17 - 2018-09-19 23:42 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-10-10 04:17 - 2018-09-19 23:42 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-10-10 04:17 - 2018-09-19 23:41 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-10-10 04:17 - 2018-09-19 23:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-10-10 04:17 - 2018-09-19 23:41 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-10-10 04:17 - 2018-09-19 23:41 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-10-10 04:17 - 2018-09-19 23:40 - 003090432 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-10-10 04:17 - 2018-09-19 23:40 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-10-10 04:17 - 2018-09-19 23:40 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-10-10 04:17 - 2018-09-19 23:36 - 001375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-10-10 04:17 - 2018-09-08 03:42 - 000169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.XamlHost.dll
2018-10-10 04:17 - 2018-09-08 02:59 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.XamlHost.dll
2018-10-10 04:17 - 2018-09-08 02:57 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-10-10 04:17 - 2018-09-07 23:59 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-10-10 04:17 - 2018-09-07 23:58 - 000376120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2018-10-10 04:17 - 2018-09-07 23:57 - 002571128 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-10-10 04:17 - 2018-09-07 23:57 - 000267576 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-10-10 04:17 - 2018-09-07 23:44 - 001980984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-10-10 04:17 - 2018-09-07 23:44 - 000829752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-10-10 04:17 - 2018-09-07 23:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-10-10 04:17 - 2018-09-07 23:29 - 004771840 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-10-10 04:17 - 2018-09-07 23:29 - 000358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\exfat.sys
2018-10-10 04:17 - 2018-09-07 23:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-10-10 04:17 - 2018-09-07 23:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-10-10 04:17 - 2018-09-07 23:28 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-10-10 04:17 - 2018-09-07 23:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-10-10 04:17 - 2018-09-07 23:27 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-10-10 04:17 - 2018-09-07 23:26 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-10-10 04:17 - 2018-09-07 23:26 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-10-10 04:17 - 2018-09-07 23:26 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-10-10 04:17 - 2018-09-07 23:25 - 003553792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-10-10 04:17 - 2018-09-07 23:25 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-10-10 04:17 - 2018-09-07 23:25 - 000415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-10-10 04:17 - 2018-09-07 23:24 - 001457664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2018-10-10 04:17 - 2018-09-07 23:24 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-10-10 04:17 - 2018-09-07 23:22 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-10-10 04:17 - 2018-08-02 23:38 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-10-10 04:16 - 2018-09-21 05:23 - 000257848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVFileSystemMetadata.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 001786168 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 001626936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 001422648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 001038136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 000830264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 000825144 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 000749880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 000670008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 000495416 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 000399672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 000231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-10-10 04:16 - 2018-09-21 05:21 - 000228152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamMap.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 000201528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVStreamingUX.dll
2018-10-10 04:16 - 2018-09-21 05:21 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2018-10-10 04:16 - 2018-09-21 05:21 - 000173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVNice.exe
2018-10-10 04:16 - 2018-09-21 05:21 - 000034304 _____ C:\WINDOWS\system32\SyncAppvPublishingServer.exe
2018-10-10 04:16 - 2018-09-21 05:18 - 021386888 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-10-10 04:16 - 2018-09-21 05:01 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-10-10 04:16 - 2018-09-21 04:22 - 020381784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-10-10 04:16 - 2018-09-21 04:12 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-10-10 04:16 - 2018-09-21 00:13 - 000480568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-10-10 04:16 - 2018-09-21 00:12 - 001035256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-10-10 04:16 - 2018-09-21 00:09 - 001062920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-10-10 04:16 - 2018-09-21 00:08 - 004404720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-10-10 04:16 - 2018-09-21 00:08 - 001456720 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-10-10 04:16 - 2018-09-21 00:08 - 001257864 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-10-10 04:16 - 2018-09-21 00:08 - 001140672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-10-10 04:16 - 2018-09-21 00:08 - 000982600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-10-10 04:16 - 2018-09-20 23:58 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-10-10 04:16 - 2018-09-20 23:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-10-10 04:16 - 2018-09-20 23:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-10-10 04:16 - 2018-09-20 23:53 - 001006080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-10-10 04:16 - 2018-09-20 23:41 - 003396096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-10-10 04:16 - 2018-09-20 23:39 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-10-10 04:16 - 2018-09-20 23:39 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-10-10 04:16 - 2018-09-20 23:36 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-10-10 04:16 - 2018-09-20 23:36 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-10-10 04:16 - 2018-09-20 05:40 - 000348160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-10-10 04:16 - 2018-09-20 05:23 - 006602240 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-10-10 04:16 - 2018-09-20 05:22 - 013572096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-10-10 04:16 - 2018-09-20 05:18 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-10-10 04:16 - 2018-09-20 05:17 - 002874368 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-10-10 04:16 - 2018-09-20 05:17 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-10-10 04:16 - 2018-09-20 05:16 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-10-10 04:16 - 2018-09-20 04:35 - 005669888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-10-10 04:16 - 2018-09-20 04:30 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-10-10 04:16 - 2018-09-20 04:29 - 002824704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-10-10 04:16 - 2018-09-20 04:28 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-10-10 04:16 - 2018-09-20 00:29 - 006039368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-10-10 04:16 - 2018-09-20 00:29 - 000357056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-10-10 04:16 - 2018-09-20 00:21 - 022013440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-10-10 04:16 - 2018-09-20 00:15 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-10-10 04:16 - 2018-09-20 00:12 - 000272200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-10-10 04:16 - 2018-09-20 00:12 - 000269128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-10-10 04:16 - 2018-09-20 00:11 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-10-10 04:16 - 2018-09-20 00:11 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2018-10-10 04:16 - 2018-09-20 00:10 - 002719032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-10-10 04:16 - 2018-09-20 00:10 - 000566800 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-10-10 04:16 - 2018-09-20 00:10 - 000500536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-10-10 04:16 - 2018-09-20 00:10 - 000355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2018-10-10 04:16 - 2018-09-20 00:10 - 000134968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-10-10 04:16 - 2018-09-20 00:09 - 007432136 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-10-10 04:16 - 2018-09-20 00:09 - 002462888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-10-10 04:16 - 2018-09-20 00:09 - 002421248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-10-10 04:16 - 2018-09-20 00:09 - 001097744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-10-10 04:16 - 2018-09-19 23:53 - 025851392 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-10-10 04:16 - 2018-09-19 23:46 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-10-10 04:16 - 2018-09-19 23:44 - 004383744 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-10-10 04:16 - 2018-09-19 23:43 - 000052736 _____ C:\WINDOWS\system32\runexehelper.exe
2018-10-10 04:16 - 2018-09-19 23:42 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2018-10-10 04:16 - 2018-09-19 23:41 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-10-10 04:16 - 2018-09-19 23:38 - 001724416 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-10-10 04:16 - 2018-09-19 23:38 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2018-10-10 04:16 - 2018-09-19 23:37 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-10-10 04:16 - 2018-09-19 23:37 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-10-10 04:16 - 2018-09-19 22:21 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-10-10 04:16 - 2018-09-19 21:28 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2018-10-10 04:16 - 2018-09-08 04:12 - 000452112 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-10-10 04:16 - 2018-09-08 04:07 - 002868536 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-10-10 04:16 - 2018-09-08 04:07 - 001610552 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-10-10 04:16 - 2018-09-08 04:07 - 000792376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-10-10 04:16 - 2018-09-08 04:07 - 000689464 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-10-10 04:16 - 2018-09-08 04:07 - 000612360 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-10-10 04:16 - 2018-09-08 04:07 - 000309560 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-10-10 04:16 - 2018-09-08 04:07 - 000144696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-10-10 04:16 - 2018-09-08 04:07 - 000069944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-10-10 04:16 - 2018-09-08 04:03 - 002267136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-10-10 04:16 - 2018-09-08 04:02 - 000645112 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-10-10 04:16 - 2018-09-08 04:02 - 000540984 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-10-10 04:16 - 2018-09-08 03:58 - 001639352 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-10-10 04:16 - 2018-09-08 03:58 - 001520744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-10-10 04:16 - 2018-09-08 03:57 - 000204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-10-10 04:16 - 2018-09-08 03:44 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBth.dll
2018-10-10 04:16 - 2018-09-08 03:43 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-10-10 04:16 - 2018-09-08 03:43 - 000047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardBi.dll
2018-10-10 04:16 - 2018-09-08 03:42 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-10-10 04:16 - 2018-09-08 03:42 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-10-10 04:16 - 2018-09-08 03:42 - 000114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthci.dll
2018-10-10 04:16 - 2018-09-08 03:41 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-10-10 04:16 - 2018-09-08 03:40 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-10-10 04:16 - 2018-09-08 03:40 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-10-10 04:16 - 2018-09-08 03:40 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2018-10-10 04:16 - 2018-09-08 03:40 - 000522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-10-10 04:16 - 2018-09-08 03:40 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2018-10-10 04:16 - 2018-09-08 03:40 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2018-10-10 04:16 - 2018-09-08 03:39 - 005505024 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-10-10 04:16 - 2018-09-08 03:39 - 002052096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-10-10 04:16 - 2018-09-08 03:39 - 001787904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-10-10 04:16 - 2018-09-08 03:39 - 000615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-10-10 04:16 - 2018-09-08 03:38 - 001288192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-10-10 04:16 - 2018-09-08 03:38 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-10-10 04:16 - 2018-09-08 03:38 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-10-10 04:16 - 2018-09-08 03:38 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2018-10-10 04:16 - 2018-09-08 03:38 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-10-10 04:16 - 2018-09-08 03:37 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-10-10 04:16 - 2018-09-08 03:17 - 001540104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-10-10 04:16 - 2018-09-08 03:16 - 000482080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-10-10 04:16 - 2018-09-08 03:14 - 001328056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-10-10 04:16 - 2018-09-08 03:13 - 001626656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-10-10 04:16 - 2018-09-08 03:13 - 000181288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-10-10 04:16 - 2018-09-08 03:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-10-10 04:16 - 2018-09-08 03:03 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdBth.dll
2018-10-10 04:16 - 2018-09-08 03:02 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-10-10 04:16 - 2018-09-08 03:00 - 000548864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2018-10-10 04:16 - 2018-09-08 02:59 - 001530368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-10-10 04:16 - 2018-09-08 02:59 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-10-10 04:16 - 2018-09-08 02:59 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-10-10 04:16 - 2018-09-08 02:58 - 001308672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-10-10 04:16 - 2018-09-08 02:58 - 000897536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-10-10 04:16 - 2018-09-08 02:58 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-10-10 04:16 - 2018-09-08 02:57 - 005391360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-10-10 04:16 - 2018-09-08 02:57 - 000625664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2018-10-10 04:16 - 2018-09-08 02:57 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2018-10-10 04:16 - 2018-09-08 02:56 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-10-10 04:16 - 2018-09-08 00:08 - 000462880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-10-10 04:16 - 2018-09-07 23:59 - 000361544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-10-10 04:16 - 2018-09-07 23:58 - 000744976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-10-10 04:16 - 2018-09-07 23:58 - 000368440 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-10-10 04:16 - 2018-09-07 23:57 - 001016984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-10-10 04:16 - 2018-09-07 23:57 - 000930616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-10-10 04:16 - 2018-09-07 23:57 - 000482384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-10-10 04:16 - 2018-09-07 23:57 - 000368448 _____ (Microsoft Corporation) C:\WINDOWS\system32\sechost.dll
2018-10-10 04:16 - 2018-09-07 23:51 - 000380728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-10-10 04:16 - 2018-09-07 23:45 - 000295416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-10-10 04:16 - 2018-09-07 23:45 - 000286824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-10-10 04:16 - 2018-09-07 23:43 - 001174448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-10-10 04:16 - 2018-09-07 23:43 - 000269104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sechost.dll
2018-10-10 04:16 - 2018-09-07 23:32 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-10-10 04:16 - 2018-09-07 23:31 - 000272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Proxy.dll
2018-10-10 04:16 - 2018-09-07 23:30 - 003601920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Service.dll
2018-10-10 04:16 - 2018-09-07 23:30 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2018-10-10 04:16 - 2018-09-07 23:30 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-10-10 04:16 - 2018-09-07 23:30 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2018-10-10 04:16 - 2018-09-07 23:30 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2018-10-10 04:16 - 2018-09-07 23:29 - 000241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2018-10-10 04:16 - 2018-09-07 23:29 - 000183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2018-10-10 04:16 - 2018-09-07 23:28 - 000481280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2018-10-10 04:16 - 2018-09-07 23:28 - 000273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-10-10 04:16 - 2018-09-07 23:28 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-10-10 04:16 - 2018-09-07 23:27 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-10-10 04:16 - 2018-09-07 23:27 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcfile.dll
2018-10-10 04:16 - 2018-09-07 23:27 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2018-10-10 04:16 - 2018-09-07 23:27 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-10-10 04:16 - 2018-09-07 23:26 - 002328064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmsipc.dll
2018-10-10 04:16 - 2018-09-07 23:26 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-10-10 04:16 - 2018-09-07 23:26 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2018-10-10 04:16 - 2018-09-07 23:26 - 000359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcfile.dll
2018-10-10 04:16 - 2018-09-07 23:26 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2018-10-10 04:16 - 2018-09-07 23:25 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-10-10 04:16 - 2018-09-07 23:25 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\winipcsecproc.dll
2018-10-10 04:16 - 2018-09-07 23:25 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Proximity.dll
2018-10-10 04:16 - 2018-09-07 23:24 - 000845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2018-10-10 04:16 - 2018-09-07 23:24 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2018-10-10 04:16 - 2018-09-07 23:23 - 001655296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmsipc.dll
2018-10-10 04:16 - 2018-09-07 23:23 - 000807936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winipcsecproc.dll
2018-10-10 04:16 - 2018-09-07 23:23 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fveapi.dll
2018-10-10 04:16 - 2018-09-07 23:23 - 000314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Proximity.dll
2018-10-09 15:08 - 2018-10-09 15:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-10-09 09:10 - 2018-10-09 09:10 - 000000000 ____D C:\Users\dclin\AppData\Local\GlassWire
2018-10-09 09:06 - 2018-10-09 09:06 - 000001974 _____ C:\Users\Public\Desktop\GlassWire.lnk
2018-10-09 09:06 - 2018-10-09 09:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire
2018-10-09 09:06 - 2018-10-09 09:06 - 000000000 ____D C:\ProgramData\GlassWire
2018-10-09 09:06 - 2018-10-09 09:06 - 000000000 ____D C:\Program Files (x86)\GlassWire
2018-10-09 09:06 - 2015-05-29 00:30 - 000008392 _____ C:\WINDOWS\system32\Drivers\gwdrv.cat
2018-10-09 09:06 - 2015-05-29 00:15 - 000033152 _____ (SecureMix LLC) C:\WINDOWS\system32\Drivers\gwdrv.sys
2018-10-09 07:53 - 2018-10-09 07:53 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-10-09 07:53 - 2018-10-09 07:53 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-10-09 07:53 - 2018-10-09 07:53 - 000050232 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-10-09 07:53 - 2018-10-09 07:53 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-10-06 15:45 - 2018-10-06 15:45 - 000000000 ____D C:\Users\dclin\AppData\Local\AbzuGame
2018-10-04 13:59 - 2018-10-02 01:45 - 000133160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-10-04 13:57 - 2018-10-02 23:31 - 035296480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-10-04 13:57 - 2018-10-02 23:31 - 029972128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-10-04 13:57 - 2018-10-02 23:31 - 015907904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-10-04 13:57 - 2018-10-02 23:31 - 013202672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-10-04 13:57 - 2018-10-02 23:31 - 001471392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-10-04 13:57 - 2018-10-02 23:31 - 001462184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-10-04 13:57 - 2018-10-02 23:31 - 001167560 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-10-04 13:57 - 2018-10-02 23:31 - 001151960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-10-04 13:57 - 2018-10-02 23:31 - 001145512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-10-04 13:57 - 2018-10-02 23:31 - 000914552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-10-04 13:57 - 2018-10-02 23:31 - 000822552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-10-04 13:57 - 2018-10-02 23:31 - 000794416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-10-04 13:57 - 2018-10-02 23:31 - 000637640 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-10-04 13:57 - 2018-10-02 23:30 - 019704344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-10-04 13:57 - 2018-10-02 23:30 - 016983304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-10-04 13:57 - 2018-10-02 23:30 - 004249912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-10-04 13:57 - 2018-10-02 20:35 - 000978312 _____ C:\WINDOWS\system32\vulkan-1-999-0-0-0.dll
2018-10-04 13:57 - 2018-10-02 20:35 - 000978312 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-10-04 13:57 - 2018-10-02 20:35 - 000845192 _____ C:\WINDOWS\SysWOW64\vulkan-1-999-0-0-0.dll
2018-10-04 13:57 - 2018-10-02 20:35 - 000845192 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-10-04 13:57 - 2018-10-02 20:35 - 000268192 _____ C:\WINDOWS\system32\vulkaninfo-1-999-0-0-0.exe
2018-10-04 13:57 - 2018-10-02 20:35 - 000268192 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-10-04 13:57 - 2018-10-02 20:35 - 000243592 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2018-10-04 13:57 - 2018-10-02 20:35 - 000243592 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-10-04 13:57 - 2018-10-02 20:32 - 002018352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6441616.dll
2018-10-04 13:57 - 2018-10-02 20:32 - 001998200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-10-04 13:57 - 2018-10-02 20:32 - 001507944 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-10-04 13:57 - 2018-10-02 20:32 - 001468360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6441616.dll
2018-10-04 13:57 - 2018-10-02 20:32 - 001455176 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-10-04 13:57 - 2018-10-02 20:32 - 001122376 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-10-04 13:57 - 2018-10-02 20:32 - 000750184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-10-04 13:57 - 2018-10-02 20:32 - 000631368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-10-04 13:57 - 2018-10-02 20:32 - 000521904 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-10-04 13:57 - 2018-10-02 20:31 - 040253672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-10-04 13:57 - 2018-10-02 20:31 - 035151592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-10-04 13:57 - 2018-10-02 20:31 - 004938800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-10-04 13:57 - 2018-10-02 20:31 - 004310984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-10-04 13:57 - 2018-10-02 20:31 - 000608872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-10-04 13:57 - 2018-10-01 14:49 - 000047576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-10-03 10:29 - 2018-10-03 10:29 - 000000222 _____ C:\Users\dclin\Desktop\Dungeons 3.url
2018-10-03 10:29 - 2018-10-03 10:29 - 000000000 ____D C:\Users\dclin\AppData\LocalLow\Adriaan de Jongh
2018-10-03 10:28 - 2018-10-03 10:28 - 000000222 _____ C:\Users\dclin\Desktop\Hidden Folks.url
2018-09-29 22:42 - 2018-10-14 12:15 - 000000000 ____D C:\WINDOWS\Panther
2018-09-28 06:57 - 2018-09-28 06:57 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-09-28 06:57 - 2018-09-28 06:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-09-28 06:57 - 2018-09-28 06:57 - 000000000 ____D C:\Program Files\iTunes
2018-09-28 06:57 - 2018-09-28 06:57 - 000000000 ____D C:\Program Files\iPod
2018-09-26 10:34 - 2018-09-26 10:34 - 000000000 ____D C:\Users\dclin\AppData\Local\Frontier Developments
2018-09-26 10:34 - 2018-09-26 10:34 - 000000000 ____D C:\ProgramData\Frontier Developments
2018-09-26 10:27 - 2018-09-26 10:27 - 000000746 _____ C:\Users\dclin\Desktop\Jurassic World Evolution.lnk
2018-09-26 10:27 - 2018-09-26 10:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jurassic World Evolution
2018-09-26 08:49 - 2018-09-26 08:49 - 000000234 _____ C:\Users\dclin\Desktop\The Crew 2.url
2018-09-25 13:32 - 2018-10-02 21:28 - 000000000 ____D C:\Users\dclin\AppData\Local\PlaceholderTileLogoFolder
2018-09-25 07:41 - 2018-09-25 07:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser
2018-09-25 07:41 - 2009-12-16 08:12 - 000377232 _____ (-) C:\WINDOWS\system32\Eraser.dll
2018-09-25 07:41 - 2009-12-16 08:12 - 000315280 _____ (-) C:\WINDOWS\SysWOW64\Eraser.dll
2018-09-25 07:41 - 2009-12-16 08:12 - 000103824 _____ (-) C:\WINDOWS\system32\Erasext.dll
2018-09-25 07:41 - 2009-12-16 08:12 - 000091536 _____ (-) C:\WINDOWS\system32\Eraserl.exe
2018-09-25 07:41 - 2009-12-16 08:12 - 000085392 _____ (-) C:\WINDOWS\SysWOW64\Erasext.dll
2018-09-24 08:18 - 2018-10-12 14:09 - 000001399 _____ C:\Users\dclin\Desktop\PC Inspector File Recovery.lnk
2018-09-24 08:18 - 2018-09-24 08:18 - 000000000 ____D C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
2018-09-24 08:18 - 2018-09-24 08:18 - 000000000 ____D C:\Program Files (x86)\Convar
2018-09-24 02:06 - 2018-09-24 02:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-15 12:38 - 2018-05-21 12:34 - 000000000 ___HD C:\Users\dclin\Documents\.tmp.drivedownload
2018-10-15 12:32 - 2018-04-11 19:36 - 000000000 ____D C:\WINDOWS\INF
2018-10-15 12:29 - 2017-06-04 00:26 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-15 12:27 - 2017-11-03 18:56 - 000000000 ____D C:\Users\dclin\AppData\Roaming\WD Discovery
2018-10-15 12:26 - 2018-06-09 14:02 - 000026192 ____N (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2018-10-15 12:26 - 2018-05-18 04:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-10-15 12:26 - 2018-04-11 19:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-15 12:26 - 2017-06-10 19:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-10-15 12:26 - 2017-06-04 03:03 - 000000000 ____D C:\ProgramData\NzbDrone
2018-10-15 12:26 - 2017-06-04 01:10 - 000000000 ___RD C:\Users\dclin\Google Drive
2018-10-15 12:26 - 2017-06-04 00:28 - 000000000 __SHD C:\Users\dclin\IntelGraphicsProfiles
2018-10-15 12:21 - 2018-04-11 17:04 - 023330816 _____ C:\WINDOWS\system32\config\HARDWARE
2018-10-15 12:21 - 2018-04-11 17:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2018-10-15 12:10 - 2017-06-09 02:15 - 000000000 ____D C:\Users\dclin\AppData\Local\CrashDumps
2018-10-15 11:43 - 2018-05-18 04:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-10-15 10:12 - 2018-08-01 13:03 - 000003986 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1533143024
2018-10-15 07:20 - 2018-05-18 04:24 - 000004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{85E93017-E7DA-4B40-A515-E7C77596899B}
2018-10-15 07:08 - 2018-08-18 16:41 - 000000000 ____D C:\ProgramData\Garmin
2018-10-15 07:08 - 2017-06-04 00:39 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-14 11:14 - 2018-05-18 04:16 - 000000000 ____D C:\Users\dclin
2018-10-13 09:56 - 2017-06-13 07:05 - 000000000 ___RD C:\Users\dclin\Dropbox
2018-10-13 09:27 - 2017-09-21 21:48 - 000000000 ____D C:\Users\dclin\AppData\Local\NVIDIA Corporation
2018-10-13 09:08 - 2017-06-13 07:33 - 000000000 ____D C:\Users\dclin\AppData\Roaming\FileZilla
2018-10-13 09:08 - 2017-06-10 19:44 - 000000000 ____D C:\Users\dclin\AppData\Roaming\TeamViewer
2018-10-12 16:32 - 2018-04-02 10:06 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-10-12 15:46 - 2018-05-18 04:16 - 000000000 ____D C:\Users\Daniel
2018-10-12 15:43 - 2017-06-04 02:11 - 000000889 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2018-10-12 15:43 - 2017-06-04 00:33 - 000002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-10-12 15:43 - 2017-06-04 00:33 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-12 15:14 - 2018-07-03 15:43 - 000000000 ____D C:\ProgramData\dv
2018-10-12 15:14 - 2018-05-21 12:42 - 000000000 ___HD C:\Users\dclin\Desktop\.tmp.drivedownload
2018-10-12 15:10 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-10-12 13:53 - 2017-06-23 08:22 - 000000000 ____D C:\Users\dclin\AppData\Roaming\vlc
2018-10-12 08:33 - 2017-06-04 01:53 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-10-12 08:33 - 2017-06-04 01:53 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-10-12 08:33 - 2017-06-04 01:53 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-10-12 08:33 - 2017-06-04 01:53 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-10-12 08:33 - 2017-06-04 01:53 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-10-12 08:33 - 2017-06-04 01:53 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-10-12 08:33 - 2017-06-04 01:53 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-10-12 08:33 - 2017-06-04 01:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-10-11 15:38 - 2018-04-11 19:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-10-11 12:20 - 2018-04-11 19:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-10 17:38 - 2017-12-12 08:20 - 000000000 ___RD C:\Users\dclin\3D Objects
2018-10-10 17:38 - 2017-06-04 00:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-10 17:37 - 2018-05-18 04:14 - 005072808 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-10-10 17:36 - 2018-04-11 19:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-10-10 17:36 - 2018-04-11 19:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-10-10 17:36 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-10-10 17:36 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-10-10 17:36 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-10-10 17:36 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-10-10 17:36 - 2018-04-11 19:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-10-10 04:20 - 2017-06-04 00:29 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-10-10 04:18 - 2017-06-04 00:29 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-10-10 04:17 - 2018-04-11 19:34 - 000494400 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-10-10 04:17 - 2018-04-11 19:34 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-10-09 19:10 - 2018-05-18 04:24 - 000004574 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-09 19:10 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-10-09 19:10 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-10-09 15:08 - 2017-06-13 07:03 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-10-09 09:39 - 2017-08-11 19:48 - 000000000 ____D C:\Users\dclin\AppData\Roaming\Apple Computer
2018-10-06 16:27 - 2017-06-24 07:15 - 000000000 ____D C:\Users\dclin\AppData\Local\UnrealEngine
2018-10-05 10:56 - 2018-06-19 23:30 - 000000000 ____D C:\ProgramData\Packages
2018-10-04 14:00 - 2017-06-04 00:26 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-10-04 14:00 - 2017-06-04 00:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-10-04 13:59 - 2017-09-21 21:48 - 000000000 ____D C:\Users\dclin\AppData\Local\NVIDIA
2018-10-04 13:59 - 2017-06-04 00:25 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-10-04 12:02 - 2018-06-06 05:55 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 12:02 - 2018-06-06 05:55 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 12:02 - 2018-06-06 05:55 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 12:02 - 2018-06-06 05:55 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 12:02 - 2018-06-06 05:55 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 12:02 - 2018-05-18 04:24 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 12:02 - 2018-05-18 04:24 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 12:02 - 2018-05-18 04:24 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 12:02 - 2018-05-18 04:24 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 12:02 - 2018-05-18 04:24 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 12:02 - 2018-05-18 04:24 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 12:02 - 2017-09-21 21:48 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-10-04 12:02 - 2017-06-04 00:25 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-10-03 10:29 - 2017-06-04 10:52 - 000000000 ____D C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-10-02 23:30 - 2018-03-27 17:49 - 004989680 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-10-02 16:13 - 2018-04-11 19:41 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-10-02 16:13 - 2018-04-11 19:41 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-02 11:21 - 2017-12-12 06:21 - 000000000 ____D C:\Users\dclin\AppData\Local\Packages
2018-10-02 03:49 - 2018-03-27 17:49 - 000048046 _____ C:\WINDOWS\system32\nvinfo.pb
2018-10-02 01:37 - 2017-09-21 21:47 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-10-02 01:35 - 2017-06-04 00:26 - 005939512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-10-02 01:35 - 2017-06-04 00:26 - 002611592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-10-02 01:35 - 2017-06-04 00:26 - 001767920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-10-02 01:35 - 2017-06-04 00:26 - 000635888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-10-02 01:35 - 2017-06-04 00:26 - 000450768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-10-02 01:35 - 2017-06-04 00:26 - 000123944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-10-02 01:35 - 2017-06-04 00:26 - 000082800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-10-01 14:49 - 2018-03-27 17:49 - 001685104 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-10-01 14:49 - 2018-03-27 17:49 - 000227856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-09-29 22:39 - 2017-08-21 22:16 - 000000000 ____D C:\Users\dclin\AppData\Local\Ubisoft Game Launcher
2018-09-29 19:16 - 2018-04-11 19:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-28 20:50 - 2017-06-04 00:26 - 008368212 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-09-27 15:31 - 2018-06-24 10:05 - 000000000 ____D C:\Users\dclin\Documents\The Crew 2
2018-09-27 07:09 - 2018-06-11 13:46 - 000000000 ____D C:\Users\dclin\AppData\Local\BattlEye
2018-09-26 11:04 - 2017-06-04 03:14 - 000000000 ____D C:\Users\dclin\AppData\Roaming\deluge
2018-09-26 10:23 - 2018-05-18 07:38 - 000000000 ____D C:\Users\dclin\AppData\Local\D3DSCache
2018-09-25 17:21 - 2018-06-07 07:29 - 000001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-09-25 17:21 - 2018-06-07 07:29 - 000001028 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-09-25 13:32 - 2017-06-04 00:24 - 000000000 ____D C:\Users\dclin\AppData\Local\Publishers
2018-09-25 10:05 - 2018-02-26 03:31 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-09-25 07:27 - 2017-06-04 00:24 - 000000000 ____D C:\Users\dclin\AppData\Local\VirtualStore
2018-09-24 08:33 - 2017-06-04 02:13 - 000000000 ____D C:\Users\dclin\AppData\LocalLow\Mozilla
2018-09-23 09:53 - 2017-06-13 07:03 - 000000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-09-23 09:53 - 2017-06-13 07:03 - 000000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-09-23 08:19 - 2018-05-18 04:24 - 000003364 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2899436820-3732532657-4052289127-1001
2018-09-23 08:19 - 2018-05-18 04:16 - 000002367 _____ C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-23 08:19 - 2017-06-04 00:26 - 000000000 ___RD C:\Users\dclin\OneDrive
2018-09-21 14:48 - 2018-05-18 04:24 - 000003984 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-09-21 14:48 - 2018-05-18 04:24 - 000003752 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-09-17 14:39 - 2017-07-27 13:15 - 000000000 ____D C:\Users\dclin\AppData\Local\Battle.net
 
==================== Files in the root of some directories =======
 
2018-10-14 11:17 - 2018-04-01 12:53 - 000000224 _____ () C:\ProgramData\fddbs.dll
2003-05-25 03:20 - 2003-05-25 03:20 - 000000000 _____ () C:\ProgramData\sdpsenv.dat
2017-12-17 22:36 - 2017-12-28 17:07 - 000000089 _____ () C:\Users\dclin\AppData\Roaming\Camdata.ini
2017-12-17 22:36 - 2017-12-28 17:07 - 000000408 _____ () C:\Users\dclin\AppData\Roaming\CamLayout.ini
2017-12-17 22:36 - 2017-12-28 17:07 - 000000408 _____ () C:\Users\dclin\AppData\Roaming\CamShapes.ini
2017-12-17 22:36 - 2017-12-28 17:07 - 000004536 _____ () C:\Users\dclin\AppData\Roaming\CamStudio.cfg
2018-10-12 15:13 - 2018-10-12 15:13 - 006860752 _____ (NeoSoft Tools                                               ) C:\Users\dclin\AppData\Roaming\cexplorer.exe
2017-12-17 20:42 - 2017-12-28 16:56 - 000000096 _____ () C:\Users\dclin\AppData\Roaming\version2.xml
 
Some files in TEMP:
====================
2018-10-15 07:14 - 2018-10-14 11:47 - 011576808 _____ (SurfRight B.V.) C:\Users\dclin\AppData\Local\Temp\HitmanPro.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
C:\WINDOWS\system32\drivers\spiilosv.sys -> Access Denied <======= ATTENTION
 
LastRegBack: 2018-05-18 04:14
 
==================== End of FRST.txt ============================

 

 


BC AdBot (Login to Remove)

 


#2 Android8888

Android8888

  • Malware Response Team
  • 103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:43 PM

Posted Yesterday, 05:41 PM

Hello DCJamison and  :welcome:  to Bleeping Computer Forums.

I'm Android8888 and I will be helping you with your malware issues. Please ask questions if anything is unclear.

Please read the instructions carefully and follow the directions in the order listed.

Some set of instructions may be long or you can stay without Internet connection for a while so I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Make sure to run all tools from the computer Desktop and with Administrator privileges (i.e. right-click the tool icon and select Run as administrator).

Please run one scan at a time.


I see in your Farbar log your computer is infected with a SmartService rootkit. Please proceed with this:

Restart the computer in Normal mode and do this:

Right click on the FRST64 icon and select Run as administrator to start the tool;
Highlight and copy the following text and paste it inside the 'Search' box area of FRST;

Start::
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
End::

Once done, click on the Fix button and wait. A file called Fixlog.txt should appear on your computer Desktop.
Please attach it to your next reply.


Next,

Now please read carefully the following instructions and if you don't understand something, please STOP and ask before proceed.

You will have to run a scan with FRST64 from the Windows Recovery Environment (RE).

First you will need to have access to a clean computer and a USB Flash Drive.

Please note: The USB Flash Drive can only be inserted in the infected computer if it is either shutdown, or in the Windows RE (Recovery Environment). Otherwise, the infection will mess with the files on the USB.
 
 

Preparing the USB Flash Drive (on a clean computer)

  • Plug-in the USB Flash Drive on a clean computer and format it before using it ('Quick Format' is enough).
  • Access the Internet and download FRST64.exe from a clean computer (Don't use the FRST64.exe file from the infected computer):
  • Move the executable (FRST64.exe) on the USB Flash Drive.
  • DO NOT plug the Flash Drive into the infected computer until booted to Recovery Environment.

 

 

Boot in the Recovery Environment (RE) (on the infected computer)

 

To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums

  • Note:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.

 

Note: Once in the Windows RE, plug the USB Flash Drive in the computer.

 

You will have to reach and select the Command Prompt icon in Advanced Options in the Recovery Environment.
 
 

Once in the Command Prompt

  • In the command prompt, type notepad and press on Enter;
  • Notepad will open. Click on the File menu and select Open;
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad;
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter;
  • Note: Replace the letter e with the drive letter of your USB Flash Drive;
  • FRST will open;
  • Click on Yes to accept the disclaimer;
  • Click on the Scan button and wait for the scan to complete;
  • A log called FRST.txt will be saved on your USB Flash Drive;
  • Please attach that log in your next reply.

 

Leave the infected computer in Recovery Environment and attach the two logs (Fixlog.txt and FRST.txt) from your flash drive via the clean computer.
 
Thank you.
 
Android8888


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#3 DCJamison

DCJamison
  • Topic Starter

  • Members
  • 4 posts
  • ONLINE
  •  
  • Local time:10:43 AM

Posted Today, 12:23 AM

What led you to the discovery that I have the smartservice rootkit?(hoping to learn something from this)

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by dclin (16-10-2018 00:34:38) Run:1
Running from F:\xfers\BleepingComputer
Loaded Profiles: dclin (Available Profiles: dclin & dancl & Daniel)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
 
*****************
 
 
========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
==== End of Fixlog 00:34:38 ====
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.10.2018
Ran by SYSTEM on MININT-CVVTUIQ (16-10-2018 01:17:59)
Running from J:\
Platform: Windows 10 Pro Version 1803 17134.345 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [18723976 2018-08-07] (Logitech Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [301880 2018-08-23] (Apple Inc.)
HKLM\...\Run: [Brust] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM\...\Run: [Tracery] => "C:\Program Files (x86)\boardrooms\Balz.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM\...\Run: [Auden] => "C:\Program Files (x86)\Impromptu\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3784512 2018-10-09] (Dropbox, Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => "F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => "F:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
HKLM-x32\...\Run: [WDDiscovery] => C:\Program Files (x86)\Western Digital\Discovery\Current\WD Discovery.exe [56894944 2017-11-03] (Western Digital Corporation)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [2309008 2017-09-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Micahel] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM-x32\...\Run: [Nestling] => "C:\Program Files (x86)\boardrooms\Balz.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM-x32\...\Run: [Rhythm] => "C:\Program Files (x86)\Impromptu\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [6788032 2018-04-20] (Safer-Networking Ltd.)
HKLM-x32\...\RunOnce: [SIV] => C:\Program Files (x86)\Gigabyte\SIV\sivro.exe [12072 2016-02-18] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [EasyTune] => C:\Program Files (x86)\Gigabyte\EasyTune\etro.exe [5632 2015-09-14] (GIGA-BYTE TECHNOLOGY CO., LTD.)
HKLM-x32\...\RunOnce: [PreRun] => C:\Program Files (x86)\Gigabyte\AppCenter\PreRun.exe [8192 2013-04-29] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\dancl\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\Daniel\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\dclin\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [46281248 2018-05-30] ()
HKU\dclin\...\Run: [Steam] => "F:\Program Files (x86)\Steam\steam.exe" -silent
HKU\dclin\...\Run: [HP OfficeJet Pro 6970 (NET)] => C:\Program Files\HP\HP OfficeJet Pro 6970\Bin\ScanToPCActivationApp.exe [3764360 2016-11-17] (HP Inc.)
HKU\dclin\...\Run: [Plex Media Server] => "F:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"
HKU\dclin\...\Run: [Eraser] => F:\Program Files\Eraser\Eraser.exe -hide
HKU\dclin\...\Run: [Fortier] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [Fritter] => "C:\Program Files (x86)\boardrooms\Balz.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [Shoulders] => "C:\Program Files (x86)\Impromptu\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [Rummy] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [Javed] => "C:\Program Files (x86)\boardrooms\Balz.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [Donohue] => "C:\Program Files (x86)\Impromptu\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [expensing] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd)
HKU\dclin\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE [169232 2018-10-12] (Microsoft Corporation)
HKU\dclin\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1469784 2018-09-15] (Google Inc.)
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
Startup: C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CouchPotato.lnk [2018-05-31]
ShortcutTarget: CouchPotato.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\CouchPotato\application\CouchPotato.exe (No File)
Startup: C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.scf [2013-05-06] ()
Startup: C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PlexPy.pyw - Shortcut.lnk [2018-05-08]
ShortcutTarget: PlexPy.pyw - Shortcut.lnk -> F:\PlexPy\PlexPy.pyw (No File)
Startup: C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2017-09-26]
ShortcutTarget: SABnzbd.lnk -> F:\Program Files\SABnzbd\SABnzbd.exe (No File)
Startup: C:\Users\dclin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2018-08-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * bootdelete
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"HKLM\System\ControlSet001\Services\dlncz" => removed successfully
C:\Windows\System32\drivers\spilosvy.sys => moved successfully
"HKLM\System\ControlSet001\Services\xadgkn" => removed successfully
C:\Users\dclin\AppData\Local\cgsapim\cgsapim.exe => moved successfully
C:\Users\dclin\AppData\Local\cgsapim\msduago.exe => moved successfully
C:\Users\dclin\AppData\Local\Musictube\Musictube.exe => moved successfully
C:\Users\dclin\AppData\Local\Musictube\uninstall.exe => moved successfully
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7206312 2018-09-26] ()
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-09-04] (BlueStack Systems, Inc.)
S3 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\69.0.3497.7\remoting_host.exe [72024 2018-07-23] (Google Inc.)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9677088 2018-09-29] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-13] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-13] (Dropbox, Inc.)
S2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51024 2018-10-09] (Dropbox, Inc.)
S2 DisplayFusionService; C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe [5291424 2017-11-14] (Binary Fortress Software)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-27] (EasyAntiCheat Ltd)
S2 gadjservice; C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe [16896 2015-04-14] ()
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8174664 2018-06-14] (GOG.com)
S2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4328400 2018-06-21] (SecureMix LLC)
S3 HwmRecordService; C:\Program Files (x86)\GIGABYTE\SIV\HwmRecordService.exe [62760 2016-06-01] (GIGA-BYTE TECHNOLOGY CO., LTD.)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [206472 2018-08-07] (Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)
S2 NzbDrone; C:\ProgramData\NzbDrone\bin\nzbdrone.console.exe [25600 2018-10-07] (sonarr.tv)
S2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2018-05-29] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3892256 2018-04-20] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [3943664 2018-04-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [233712 2018-02-06] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-07-14] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S2 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11644656 2018-08-13] (TeamViewer GmbH)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [355184 2017-09-19] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-09-25] (Microsoft Corporation)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-09-25] (Microsoft Corporation)
S4 GalaxyClientService; "F:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe" [X]
S2 HitmanPro38CrusaderBoot; "F:\xfers\hitmanpro_x64.exe" /crusader:boot [X] <==== ATTENTION
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
S2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S4 Origin Client Service; "F:\Program Files (x86)\Origin\OriginClientService.exe" [X]
S4 Origin Web Helper Service; "F:\Program Files (x86)\Origin\OriginWebHelperService.exe" [X]
S4 PlexUpdateService; "F:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AndnetBus; C:\Windows\System32\drivers\lgandnetbus64.sys [20992 2014-10-10] (LG Electronics Inc.)
S3 AndNetDiag; C:\Windows\system32\DRIVERS\lgandnetdiag64.sys [30720 2014-10-10] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\system32\DRIVERS\lgandnetmodem64.sys [37376 2014-10-10] (LG Electronics Inc.)
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22240 2013-10-28] ()
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
S3 etocdrv; C:\WINDOWS\etocdrv.sys [15584 2013-10-30] (Giga-Byte Technology CO., LTD.)
S3 GVTDrv64; C:\WINDOWS\GVTDrv64.sys [30528 2018-06-09] ()
S1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
S3 IreulBus; C:\Windows\System32\drivers\IreulBus.sys [52984 2017-12-15] (Rainway, Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2018-08-07] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2018-08-07] (Logitech Inc.)
S2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [200232 2018-10-12] (Malwarebytes)
S4 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [110424 2018-10-15] (Malwarebytes)
S3 mt7612US; C:\Windows\System32\drivers\mt7612US.sys [377864 2015-12-09] (MediaTek Inc.)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_54bd1f10ac116cd5\nvlddmkm.sys [20605496 2018-10-02] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69544 2018-06-07] (NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [65792 2018-04-24] (NVIDIA Corporation)
S3 SteamStreamingMicrophone; C:\Windows\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
S3 SteamStreamingSpeakers; C:\Windows\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-20] ()
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [22240 2013-10-24] ()
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46184 2018-09-25] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [352424 2018-09-25] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60584 2018-09-25] (Microsoft Corporation)
S3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
S4 bpkrlncd; System32\drivers\wdoiezvr.sys [X]
S1 vnoezrid; \??\C:\Users\dclin\AppData\Local\Temp\nvocrmie.sys [X] <==== ATTENTION
S2 WinRing0_1_2_0; \??\F:\Program Files (x86)\Steam\steamapps\common\EVGA PrecisionX\WinRing0\WinRing0x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-15 20:25 - 2018-10-15 20:26 - 000000000 ____D C:\Users\dclin\AppData\Local\pcntkxu
2018-10-15 08:39 - 2018-10-15 20:34 - 000000000 ____D C:\FRST
2018-10-15 08:04 - 2018-10-15 08:25 - 002921984 _____ C:\Windows\System32\csmxrizsvc.exe
2018-10-15 07:45 - 2018-10-15 08:26 - 000110424 ____N (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-10-14 07:56 - 2018-10-15 21:13 - 000000000 ____D C:\Users\dclin\AppData\Local\Eraser
2018-10-14 07:54 - 2018-10-14 07:54 - 000042152 _____ C:\Windows\System32\.crusader
2018-10-14 07:54 - 2018-10-14 07:54 - 000033024 _____ C:\Windows\System32\bootdelete.lst
2018-10-14 07:54 - 2018-10-14 07:54 - 000012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2018-10-14 07:47 - 2018-10-14 07:55 - 000000000 ____D C:\ProgramData\HitmanPro
2018-10-14 07:17 - 2018-10-14 07:17 - 000000000 ____D C:\Users\dclin\AppData\Roaming\Free File Unlocker
2018-10-14 07:17 - 2018-04-01 08:53 - 000000224 _____ C:\ProgramData\fddbs.dll
2018-10-14 07:16 - 2018-10-14 07:16 - 000001024 _____ C:\Users\Public\Desktop\4dots Software PRODUCT CATALOG.lnk
2018-10-13 05:57 - 2018-10-14 08:18 - 000000000 ____D C:\ESD
2018-10-13 05:55 - 2018-10-13 05:55 - 000000000 ____D C:\$WINDOWS.~BT
2018-10-13 05:33 - 2018-10-15 08:26 - 000000180 _____ C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-10-12 12:39 - 2018-10-12 11:48 - 000000850 _____ C:\Windows\System32\Drivers\etc\hosts.20181012-163920.backup
2018-10-12 12:33 - 2018-10-12 12:33 - 000001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2018-10-12 12:33 - 2018-02-06 15:04 - 000032168 _____ (Safer-Networking Ltd.) C:\Windows\System32\sdnclean64.exe
2018-10-12 12:32 - 2018-10-15 08:26 - 000000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2018-10-12 12:02 - 2018-10-13 05:07 - 000000217 _____ C:\Windows\wininit.ini
2018-10-12 11:55 - 2018-10-15 08:32 - 000005554 _____ C:\Windows\System32\PerfStringBackup.TMP
2018-10-12 11:35 - 2018-10-13 17:53 - 000000000 ____D C:\Users\dclin\AppData\Local\dwnbspm
2018-10-12 11:32 - 2018-10-16 01:18 - 000000000 ____D C:\Users\dclin\AppData\Local\cgsapim
2018-10-12 11:22 - 2018-10-12 11:22 - 000000000 ____D C:\Users\dclin\AppData\Local\mbam
2018-10-12 11:21 - 2018-10-12 11:45 - 000200232 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamChameleon.sys
2018-10-12 11:21 - 2018-10-12 11:21 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-10-12 11:21 - 2018-10-12 11:21 - 000000000 ____D C:\Users\dclin\AppData\Local\mbamtray
2018-10-12 11:21 - 2018-10-12 11:21 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-10-12 11:21 - 2018-10-12 11:21 - 000000000 ____D C:\Program Files\Malwarebytes
2018-10-12 11:21 - 2018-09-11 09:18 - 000152688 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae64.sys
2018-10-12 11:15 - 2018-10-15 07:49 - 002921984 _____ C:\Windows\System32\csmxrizsvc.old
2018-10-12 11:15 - 2018-10-12 11:35 - 000000000 ____D C:\Windows\System32\vdaxoir
2018-10-12 11:15 - 2018-10-12 11:15 - 000000000 ____D C:\Windows\SysWOW64\vdaxoir
2018-10-12 11:14 - 2018-10-12 11:19 - 000000000 ____D C:\Users\dclin\AppData\Roaming\AGData
2018-10-12 11:14 - 2018-10-12 11:14 - 000000000 ____D C:\Users\dclin\AppData\Roaming\et
2018-10-12 11:13 - 2018-10-14 07:33 - 000000000 ____D C:\Program Files (x86)\Dilip
2018-10-12 11:13 - 2018-10-12 11:13 - 000004124 _____ C:\Windows\System32\Tasks\remarked formation caterwauling
2018-10-12 11:13 - 2018-10-12 11:13 - 000004116 _____ C:\Windows\System32\Tasks\entablature
2018-10-12 11:13 - 2018-10-12 11:13 - 000004100 _____ C:\Windows\System32\Tasks\barricaded rylander
2018-10-12 11:13 - 2018-10-12 11:13 - 000004096 _____ C:\Windows\System32\Tasks\kirchhoff_ted
2018-10-12 11:13 - 2018-10-12 11:13 - 000004092 _____ C:\Windows\System32\Tasks\durum-issuances
2018-10-12 11:13 - 2018-10-12 11:13 - 000004088 _____ C:\Windows\System32\Tasks\intersperse_abbate
2018-10-12 11:13 - 2018-10-12 11:13 - 000004084 _____ C:\Windows\System32\Tasks\enfolds
2018-10-12 11:13 - 2018-10-12 11:13 - 000004082 _____ C:\Windows\System32\Tasks\naturalized
2018-10-12 11:13 - 2018-10-12 11:13 - 000004022 _____ C:\Windows\System32\Tasks\remarked formation caterwaulingremarked formation caterwauling
2018-10-12 11:13 - 2018-10-12 11:13 - 000003976 _____ C:\Windows\System32\Tasks\entablatureentablature
2018-10-12 11:13 - 2018-10-12 11:13 - 000003974 _____ C:\Windows\System32\Tasks\barricaded rylanderbarricaded rylander
2018-10-12 11:13 - 2018-10-12 11:13 - 000003962 _____ C:\Windows\System32\Tasks\intersperse_abbateintersperse_abbate
2018-10-12 11:13 - 2018-10-12 11:13 - 000003960 _____ C:\Windows\System32\Tasks\durum-issuancesdurum-issuances
2018-10-12 11:13 - 2018-10-12 11:13 - 000003958 _____ C:\Windows\System32\Tasks\kirchhoff_tedkirchhoff_ted
2018-10-12 11:13 - 2018-10-12 11:13 - 000003942 _____ C:\Windows\System32\Tasks\naturalizednaturalized
2018-10-12 11:13 - 2018-10-12 11:13 - 000003934 _____ C:\Windows\System32\Tasks\enfoldsenfolds
2018-10-12 11:13 - 2018-10-12 11:13 - 000002980 _____ C:\Windows\System32\Tasks\Chameleon Folder-dclin
2018-10-12 11:12 - 2018-10-12 11:12 - 000000000 ____D C:\ProgramData\Caphyon
2018-10-12 10:37 - 2018-10-12 10:38 - 000000000 ____D C:\Users\dclin\AppData\Roaming\GetRightToGo
2018-10-12 10:17 - 2018-10-12 12:30 - 000000000 ____D C:\Program Files\CCleaner
2018-10-12 10:17 - 2018-10-12 10:17 - 000003936 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-10-12 10:17 - 2018-10-12 10:17 - 000002856 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2018-10-12 10:17 - 2018-10-12 10:17 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-10-12 10:05 - 2018-10-12 10:05 - 000000000 ____D C:\ProgramData\SystemAcCrux
2018-10-12 10:03 - 2018-10-12 10:03 - 000000000 ____D C:\Program Files\EaseUS
2018-10-12 04:31 - 2018-10-12 04:31 - 000017920 _____ C:\Windows\erasers.exe
2018-10-12 03:40 - 2018-10-12 03:40 - 000096394 _____ C:\Windows\uninstaller.dat
2018-10-11 03:17 - 2018-10-11 03:17 - 000001345 _____ C:\Users\dclin\Desktop\rebuild Icons.lnk
2018-10-10 00:17 - 2018-09-20 20:14 - 000661056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2018-10-10 00:17 - 2018-09-20 20:11 - 000753056 _____ (Microsoft Corporation) C:\Windows\System32\evr.dll
2018-10-10 00:17 - 2018-09-20 20:09 - 004790160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-10-10 00:17 - 2018-09-20 20:09 - 002253696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-10-10 00:17 - 2018-09-20 20:09 - 001427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2018-10-10 00:17 - 2018-09-20 20:09 - 000129088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-10-10 00:17 - 2018-09-20 20:08 - 002765344 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2018-10-10 00:17 - 2018-09-20 20:08 - 001566720 _____ (Microsoft Corporation) C:\Windows\System32\AppxPackaging.dll
2018-10-10 00:17 - 2018-09-20 20:08 - 000709936 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2018-10-10 00:17 - 2018-09-20 20:08 - 000261008 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2018-10-10 00:17 - 2018-09-20 20:08 - 000170808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2018-10-10 00:17 - 2018-09-20 20:07 - 000604664 _____ (Microsoft Corporation) C:\Windows\System32\securekernel.exe
2018-10-10 00:17 - 2018-09-20 19:57 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-10-10 00:17 - 2018-09-20 19:57 - 001361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSPhotography.dll
2018-10-10 00:17 - 2018-09-20 19:43 - 001627136 _____ (Microsoft Corporation) C:\Windows\System32\enterprisecsps.dll
2018-10-10 00:17 - 2018-09-20 19:42 - 000209408 _____ (Microsoft Corporation) C:\Windows\System32\AppXApplicabilityBlob.dll
2018-10-10 00:17 - 2018-09-20 19:40 - 002368000 _____ (Microsoft Corporation) C:\Windows\System32\WebRuntimeManager.dll
2018-10-10 00:17 - 2018-09-20 19:39 - 001708544 _____ (Microsoft Corporation) C:\Windows\System32\MSPhotography.dll
2018-10-10 00:17 - 2018-09-20 19:39 - 001535488 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2018-10-10 00:17 - 2018-09-20 19:38 - 002172928 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2018-10-10 00:17 - 2018-09-20 19:38 - 001551360 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.desktop.dll
2018-10-10 00:17 - 2018-09-20 19:37 - 002904064 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2018-10-10 00:17 - 2018-09-20 19:37 - 002236928 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2018-10-10 00:17 - 2018-09-20 19:37 - 001211904 _____ (Microsoft Corporation) C:\Windows\System32\wpnapps.dll
2018-10-10 00:17 - 2018-09-20 19:37 - 000604160 _____ (Microsoft Corporation) C:\Windows\System32\updatehandlers.dll
2018-10-10 00:17 - 2018-09-20 19:36 - 001159680 _____ (Microsoft Corporation) C:\Windows\System32\rpcss.dll
2018-10-10 00:17 - 2018-09-20 19:36 - 001034240 _____ (Microsoft Corporation) C:\Windows\System32\modernexecserver.dll
2018-10-10 00:17 - 2018-09-20 19:36 - 000401920 _____ (Microsoft Corporation) C:\Windows\System32\rascustom.dll
2018-10-10 00:17 - 2018-09-20 01:37 - 001634944 _____ (Microsoft Corporation) C:\Windows\System32\gdi32full.dll
2018-10-10 00:17 - 2018-09-20 01:19 - 001121792 _____ (Microsoft Corporation) C:\Windows\System32\TSWorkspace.dll
2018-10-10 00:17 - 2018-09-20 01:18 - 003649024 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2018-10-10 00:17 - 2018-09-20 01:18 - 000327168 _____ (Microsoft Corporation) C:\Windows\System32\rdpinit.exe
2018-10-10 00:17 - 2018-09-20 01:17 - 001856000 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2018-10-10 00:17 - 2018-09-20 01:17 - 000463872 _____ (Microsoft Corporation) C:\Windows\System32\rdpshell.exe
2018-10-10 00:17 - 2018-09-20 00:46 - 001454440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-10-10 00:17 - 2018-09-20 00:34 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-10-10 00:17 - 2018-09-20 00:29 - 002891776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-10-10 00:17 - 2018-09-20 00:29 - 001586176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-10-10 00:17 - 2018-09-19 22:43 - 001008640 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.MixedRealityCapture.dll
2018-10-10 00:17 - 2018-09-19 21:52 - 000868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-10-10 00:17 - 2018-09-19 20:29 - 006569856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-10-10 00:17 - 2018-09-19 20:29 - 001989232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-10-10 00:17 - 2018-09-19 20:29 - 001513032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2018-10-10 00:17 - 2018-09-19 20:28 - 001129544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2018-10-10 00:17 - 2018-09-19 20:28 - 000581792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2018-10-10 00:17 - 2018-09-19 20:28 - 000567256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-10-10 00:17 - 2018-09-19 20:17 - 006661632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-10-10 00:17 - 2018-09-19 20:13 - 003711488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-10-10 00:17 - 2018-09-19 20:11 - 005777920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-10-10 00:17 - 2018-09-19 20:11 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-10-10 00:17 - 2018-09-19 20:11 - 000561152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-10-10 00:17 - 2018-09-19 20:10 - 001221128 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2018-10-10 00:17 - 2018-09-19 20:10 - 001029432 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2018-10-10 00:17 - 2018-09-19 20:10 - 000076088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hvservice.sys
2018-10-10 00:17 - 2018-09-19 20:09 - 009089848 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2018-10-10 00:17 - 2018-09-19 20:09 - 007520096 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2018-10-10 00:17 - 2018-09-19 20:09 - 002825232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2018-10-10 00:17 - 2018-09-19 20:09 - 001767096 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2018-10-10 00:17 - 2018-09-19 20:09 - 001540096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpserverbase.dll
2018-10-10 00:17 - 2018-09-19 20:09 - 000885952 _____ (Microsoft Corporation) C:\Windows\System32\CoreMessaging.dll
2018-10-10 00:17 - 2018-09-19 20:09 - 000793088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms2.sys
2018-10-10 00:17 - 2018-09-19 20:09 - 000713472 _____ (Microsoft Corporation) C:\Windows\System32\MSVideoDSP.dll
2018-10-10 00:17 - 2018-09-19 20:09 - 000412984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2018-10-10 00:17 - 2018-09-19 20:08 - 004191232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-10-10 00:17 - 2018-09-19 20:08 - 001627648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-10-10 00:17 - 2018-09-19 19:44 - 008188928 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2018-10-10 00:17 - 2018-09-19 19:42 - 004866560 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2018-10-10 00:17 - 2018-09-19 19:42 - 000433664 _____ (Microsoft Corporation) C:\Windows\System32\MusNotification.exe
2018-10-10 00:17 - 2018-09-19 19:41 - 007577088 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2018-10-10 00:17 - 2018-09-19 19:41 - 000898560 _____ (Microsoft Corporation) C:\Windows\System32\MusUpdateHandlers.dll
2018-10-10 00:17 - 2018-09-19 19:41 - 000319488 _____ (Microsoft Corporation) C:\Windows\System32\MusNotificationUx.exe
2018-10-10 00:17 - 2018-09-19 19:41 - 000154112 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2018-10-10 00:17 - 2018-09-19 19:40 - 003090432 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2018-10-10 00:17 - 2018-09-19 19:40 - 000808448 _____ (Microsoft Corporation) C:\Windows\System32\EdgeManager.dll
2018-10-10 00:17 - 2018-09-19 19:40 - 000726528 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2018-10-10 00:17 - 2018-09-19 19:36 - 001375232 _____ (Microsoft Corporation) C:\Windows\System32\usocore.dll
2018-10-10 00:17 - 2018-09-07 23:42 - 000169984 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.XamlHost.dll
2018-10-10 00:17 - 2018-09-07 22:59 - 000133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.XamlHost.dll
2018-10-10 00:17 - 2018-09-07 22:57 - 000423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2018-10-10 00:17 - 2018-09-07 19:59 - 000433664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2018-10-10 00:17 - 2018-09-07 19:58 - 000376120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
2018-10-10 00:17 - 2018-09-07 19:57 - 002571128 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2018-10-10 00:17 - 2018-09-07 19:57 - 000267576 _____ (Microsoft Corporation) C:\Windows\System32\browserbroker.dll
2018-10-10 00:17 - 2018-09-07 19:44 - 001980984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-10-10 00:17 - 2018-09-07 19:44 - 000829752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2018-10-10 00:17 - 2018-09-07 19:31 - 000342528 _____ (Microsoft Corporation) C:\Windows\System32\browserexport.exe
2018-10-10 00:17 - 2018-09-07 19:29 - 004771840 _____ (Microsoft Corporation) C:\Windows\System32\InputService.dll
2018-10-10 00:17 - 2018-09-07 19:29 - 000358912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\exfat.sys
2018-10-10 00:17 - 2018-09-07 19:29 - 000174080 _____ (Microsoft Corporation) C:\Windows\System32\wuuhosdeployment.dll
2018-10-10 00:17 - 2018-09-07 19:28 - 000473088 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2018-10-10 00:17 - 2018-09-07 19:28 - 000265728 _____ (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2018-10-10 00:17 - 2018-09-07 19:27 - 003348992 _____ (Microsoft Corporation) C:\Windows\System32\msftedit.dll
2018-10-10 00:17 - 2018-09-07 19:27 - 000596992 _____ (Microsoft Corporation) C:\Windows\System32\TileDataRepository.dll
2018-10-10 00:17 - 2018-09-07 19:26 - 000814592 _____ (Microsoft Corporation) C:\Windows\System32\ieproxy.dll
2018-10-10 00:17 - 2018-09-07 19:26 - 000471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll
2018-10-10 00:17 - 2018-09-07 19:26 - 000365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2018-10-10 00:17 - 2018-09-07 19:25 - 003553792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2018-10-10 00:17 - 2018-09-07 19:25 - 000466432 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll
2018-10-10 00:17 - 2018-09-07 19:25 - 000415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-10-10 00:17 - 2018-09-07 19:24 - 001457664 _____ (Microsoft Corporation) C:\Windows\System32\dosvc.dll
2018-10-10 00:17 - 2018-09-07 19:24 - 000899072 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2018-10-10 00:17 - 2018-09-07 19:22 - 000778240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-10-10 00:17 - 2018-08-02 19:38 - 000158720 _____ (Microsoft Corporation) C:\Windows\System32\vertdll.dll
2018-10-10 00:16 - 2018-09-21 01:23 - 000257848 _____ (Microsoft Corporation) C:\Windows\System32\AppVFileSystemMetadata.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 001786168 _____ (Microsoft Corporation) C:\Windows\System32\AppVEntVirtualization.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 001626936 _____ (Microsoft Corporation) C:\Windows\System32\AppVIntegration.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 001422648 _____ (Microsoft Corporation) C:\Windows\System32\AppVEntSubsystemController.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 001038136 _____ (Microsoft Corporation) C:\Windows\System32\AppVPolicy.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 000954368 _____ (Microsoft Corporation) C:\Windows\System32\AppVManifest.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 000830264 _____ (Microsoft Corporation) C:\Windows\System32\AppVOrchestration.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 000825144 _____ (Microsoft Corporation) C:\Windows\System32\AppVEntStreamingManager.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 000749880 _____ (Microsoft Corporation) C:\Windows\System32\AppVReporting.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 000670008 _____ (Microsoft Corporation) C:\Windows\System32\AppVCatalog.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 000652288 _____ (Microsoft Corporation) C:\Windows\System32\AppVPublishing.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 000495416 _____ (Microsoft Corporation) C:\Windows\System32\TransportDSA.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 000399672 _____ (Microsoft Corporation) C:\Windows\System32\AppVScripting.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 000231424 _____ (Microsoft Corporation) C:\Windows\System32\AppVShNotify.exe
2018-10-10 00:16 - 2018-09-21 01:21 - 000228152 _____ (Microsoft Corporation) C:\Windows\System32\AppVStreamMap.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 000201528 _____ (Microsoft Corporation) C:\Windows\System32\AppVStreamingUX.dll
2018-10-10 00:16 - 2018-09-21 01:21 - 000180736 _____ (Microsoft Corporation) C:\Windows\System32\AppVDllSurrogate.exe
2018-10-10 00:16 - 2018-09-21 01:21 - 000173056 _____ (Microsoft Corporation) C:\Windows\System32\AppVNice.exe
2018-10-10 00:16 - 2018-09-21 01:21 - 000034304 _____ C:\Windows\System32\SyncAppvPublishingServer.exe
2018-10-10 00:16 - 2018-09-21 01:18 - 021386888 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2018-10-10 00:16 - 2018-09-21 01:01 - 000171520 _____ (Microsoft Corporation) C:\Windows\System32\itss.dll
2018-10-10 00:16 - 2018-09-21 00:22 - 020381784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-10-10 00:16 - 2018-09-21 00:12 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-10-10 00:16 - 2018-09-20 20:13 - 000480568 _____ (Microsoft Corporation) C:\Windows\System32\dcntel.dll
2018-10-10 00:16 - 2018-09-20 20:12 - 001035256 _____ (Microsoft Corporation) C:\Windows\System32\ApplyTrustOffline.exe
2018-10-10 00:16 - 2018-09-20 20:09 - 001062920 _____ (Microsoft Corporation) C:\Windows\System32\SecConfig.efi
2018-10-10 00:16 - 2018-09-20 20:08 - 004404720 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2018-10-10 00:16 - 2018-09-20 20:08 - 001456720 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2018-10-10 00:16 - 2018-09-20 20:08 - 001257864 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2018-10-10 00:16 - 2018-09-20 20:08 - 001140672 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2018-10-10 00:16 - 2018-09-20 20:08 - 000982600 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2018-10-10 00:16 - 2018-09-20 19:58 - 005307392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2018-10-10 00:16 - 2018-09-20 19:56 - 000331264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-10-10 00:16 - 2018-09-20 19:54 - 000251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-10-10 00:16 - 2018-09-20 19:53 - 001006080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2018-10-10 00:16 - 2018-09-20 19:41 - 003396096 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2018-10-10 00:16 - 2018-09-20 19:39 - 003320320 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2018-10-10 00:16 - 2018-09-20 19:39 - 000625152 _____ (Microsoft Corporation) C:\Windows\System32\PsmServiceExtHost.dll
2018-10-10 00:16 - 2018-09-20 19:36 - 000932352 _____ (Microsoft Corporation) C:\Windows\System32\rasmans.dll
2018-10-10 00:16 - 2018-09-20 19:36 - 000505344 _____ (Microsoft Corporation) C:\Windows\System32\edgeIso.dll
2018-10-10 00:16 - 2018-09-20 01:40 - 000348160 _____ (Microsoft Corporation) C:\Windows\System32\MusNotifyIcon.exe
2018-10-10 00:16 - 2018-09-20 01:23 - 006602240 _____ (Microsoft Corporation) C:\Windows\System32\twinui.dll
2018-10-10 00:16 - 2018-09-20 01:22 - 013572096 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2018-10-10 00:16 - 2018-09-20 01:18 - 000392192 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2018-10-10 00:16 - 2018-09-20 01:17 - 002874368 _____ (Microsoft Corporation) C:\Windows\System32\themeui.dll
2018-10-10 00:16 - 2018-09-20 01:17 - 001364992 _____ (Microsoft Corporation) C:\Windows\System32\bcastdvruserservice.dll
2018-10-10 00:16 - 2018-09-20 01:16 - 000127488 _____ (Microsoft Corporation) C:\Windows\System32\wmpshell.dll
2018-10-10 00:16 - 2018-09-20 00:35 - 005669888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2018-10-10 00:16 - 2018-09-20 00:30 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-10-10 00:16 - 2018-09-20 00:29 - 002824704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2018-10-10 00:16 - 2018-09-20 00:28 - 000102400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpshell.dll
2018-10-10 00:16 - 2018-09-19 20:29 - 006039368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-10-10 00:16 - 2018-09-19 20:29 - 000357056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2018-10-10 00:16 - 2018-09-19 20:21 - 022013440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-10-10 00:16 - 2018-09-19 20:15 - 019404288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-10-10 00:16 - 2018-09-19 20:12 - 000272200 _____ (Microsoft Corporation) C:\Windows\System32\SgrmEnclave.dll
2018-10-10 00:16 - 2018-09-19 20:12 - 000269128 _____ (Microsoft Corporation) C:\Windows\System32\SgrmEnclave_secure.dll
2018-10-10 00:16 - 2018-09-19 20:11 - 000608768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-10-10 00:16 - 2018-09-19 20:11 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2018-10-10 00:16 - 2018-09-19 20:10 - 002719032 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2018-10-10 00:16 - 2018-09-19 20:10 - 000566800 _____ (Microsoft Corporation) C:\Windows\System32\tcblaunch.exe
2018-10-10 00:16 - 2018-09-19 20:10 - 000500536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2018-10-10 00:16 - 2018-09-19 20:10 - 000355840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2018-10-10 00:16 - 2018-09-19 20:10 - 000134968 _____ (Microsoft Corporation) C:\Windows\System32\hvloader.dll
2018-10-10 00:16 - 2018-09-19 20:09 - 007432136 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2018-10-10 00:16 - 2018-09-19 20:09 - 002462888 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2018-10-10 00:16 - 2018-09-19 20:09 - 002421248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2018-10-10 00:16 - 2018-09-19 20:09 - 001097744 _____ (Microsoft Corporation) C:\Windows\System32\msvproc.dll
2018-10-10 00:16 - 2018-09-19 19:53 - 025851392 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2018-10-10 00:16 - 2018-09-19 19:46 - 022715392 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2018-10-10 00:16 - 2018-09-19 19:44 - 004383744 _____ (Microsoft Corporation) C:\Windows\System32\EdgeContent.dll
2018-10-10 00:16 - 2018-09-19 19:43 - 000052736 _____ C:\Windows\System32\runexehelper.exe
2018-10-10 00:16 - 2018-09-19 19:42 - 000099328 _____ (Microsoft Corporation) C:\Windows\System32\utcutil.dll
2018-10-10 00:16 - 2018-09-19 19:41 - 000894464 _____ (Microsoft Corporation) C:\Windows\System32\webplatstorageserver.dll
2018-10-10 00:16 - 2018-09-19 19:38 - 001724416 _____ (Microsoft Corporation) C:\Windows\System32\rdpserverbase.dll
2018-10-10 00:16 - 2018-09-19 19:38 - 000433664 _____ (Microsoft Corporation) C:\Windows\System32\PhotoMetadataHandler.dll
2018-10-10 00:16 - 2018-09-19 19:37 - 004615680 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2018-10-10 00:16 - 2018-09-19 19:37 - 001804288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2018-10-10 00:16 - 2018-09-19 18:21 - 000001312 _____ C:\Windows\System32\tcbres.wim
2018-10-10 00:16 - 2018-09-19 17:28 - 000343552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2018-10-10 00:16 - 2018-09-08 00:12 - 000452112 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2018-10-10 00:16 - 2018-09-08 00:07 - 002868536 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2018-10-10 00:16 - 2018-09-08 00:07 - 001610552 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2018-10-10 00:16 - 2018-09-08 00:07 - 000792376 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2018-10-10 00:16 - 2018-09-08 00:07 - 000689464 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2018-10-10 00:16 - 2018-09-08 00:07 - 000612360 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2018-10-10 00:16 - 2018-09-08 00:07 - 000309560 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2018-10-10 00:16 - 2018-09-08 00:07 - 000144696 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2018-10-10 00:16 - 2018-09-08 00:07 - 000069944 _____ (Microsoft Corporation) C:\Windows\System32\win32appinventorycsp.dll
2018-10-10 00:16 - 2018-09-08 00:03 - 002267136 _____ (Microsoft Corporation) C:\Windows\System32\AppVEntSubsystems64.dll
2018-10-10 00:16 - 2018-09-08 00:02 - 000645112 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2018-10-10 00:16 - 2018-09-08 00:02 - 000540984 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2018-10-10 00:16 - 2018-09-07 23:58 - 001639352 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll
2018-10-10 00:16 - 2018-09-07 23:58 - 001520744 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2018-10-10 00:16 - 2018-09-07 23:57 - 000204800 _____ (Microsoft Corporation) C:\Windows\System32\basecsp.dll
2018-10-10 00:16 - 2018-09-07 23:44 - 000068096 _____ (Microsoft Corporation) C:\Windows\System32\fdBth.dll
2018-10-10 00:16 - 2018-09-07 23:43 - 000085504 _____ (Microsoft Corporation) C:\Windows\System32\INETRES.dll
2018-10-10 00:16 - 2018-09-07 23:43 - 000047616 _____ (Microsoft Corporation) C:\Windows\System32\SCardBi.dll
2018-10-10 00:16 - 2018-09-07 23:42 - 000256000 _____ (Microsoft Corporation) C:\Windows\System32\scksp.dll
2018-10-10 00:16 - 2018-09-07 23:42 - 000188928 _____ (Microsoft Corporation) C:\Windows\System32\certprop.dll
2018-10-10 00:16 - 2018-09-07 23:42 - 000114176 _____ (Microsoft Corporation) C:\Windows\System32\bthci.dll
2018-10-10 00:16 - 2018-09-07 23:41 - 000258560 _____ (Microsoft Corporation) C:\Windows\System32\SCardSvr.dll
2018-10-10 00:16 - 2018-09-07 23:40 - 001724928 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Immersive.dll
2018-10-10 00:16 - 2018-09-07 23:40 - 000677888 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2018-10-10 00:16 - 2018-09-07 23:40 - 000593408 _____ (Microsoft Corporation) C:\Windows\System32\cryptui.dll
2018-10-10 00:16 - 2018-09-07 23:40 - 000522240 _____ (Microsoft Corporation) C:\Windows\System32\winspool.drv
2018-10-10 00:16 - 2018-09-07 23:40 - 000402944 _____ (Microsoft Corporation) C:\Windows\System32\bdesvc.dll
2018-10-10 00:16 - 2018-09-07 23:40 - 000249344 _____ (Microsoft Corporation) C:\Windows\System32\bthprops.cpl
2018-10-10 00:16 - 2018-09-07 23:39 - 005505024 _____ (Microsoft Corporation) C:\Windows\System32\aclui.dll
2018-10-10 00:16 - 2018-09-07 23:39 - 002052096 _____ (Microsoft Corporation) C:\Windows\System32\wsp_fs.dll
2018-10-10 00:16 - 2018-09-07 23:39 - 001787904 _____ (Microsoft Corporation) C:\Windows\System32\wsp_health.dll
2018-10-10 00:16 - 2018-09-07 23:39 - 000615936 _____ (Microsoft Corporation) C:\Windows\System32\resutils.dll
2018-10-10 00:16 - 2018-09-07 23:38 - 001288192 _____ (Microsoft Corporation) C:\Windows\System32\SystemSettings.Handlers.dll
2018-10-10 00:16 - 2018-09-07 23:38 - 001004544 _____ (Microsoft Corporation) C:\Windows\System32\clusapi.dll
2018-10-10 00:16 - 2018-09-07 23:38 - 000986112 _____ (Microsoft Corporation) C:\Windows\System32\inetcomm.dll
2018-10-10 00:16 - 2018-09-07 23:38 - 000882688 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2018-10-10 00:16 - 2018-09-07 23:38 - 000836608 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2018-10-10 00:16 - 2018-09-07 23:37 - 000091136 _____ (Microsoft Corporation) C:\Windows\System32\mcbuilder.exe
2018-10-10 00:16 - 2018-09-07 23:17 - 001540104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppVEntSubsystems32.dll
2018-10-10 00:16 - 2018-09-07 23:16 - 000482080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-10-10 00:16 - 2018-09-07 23:14 - 001328056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2018-10-10 00:16 - 2018-09-07 23:13 - 001626656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2018-10-10 00:16 - 2018-09-07 23:13 - 000181288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\basecsp.dll
2018-10-10 00:16 - 2018-09-07 23:03 - 000084992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2018-10-10 00:16 - 2018-09-07 23:03 - 000059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdBth.dll
2018-10-10 00:16 - 2018-09-07 23:02 - 000236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scksp.dll
2018-10-10 00:16 - 2018-09-07 23:00 - 000548864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2018-10-10 00:16 - 2018-09-07 22:59 - 001530368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2018-10-10 00:16 - 2018-09-07 22:59 - 001452544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2018-10-10 00:16 - 2018-09-07 22:59 - 000485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2018-10-10 00:16 - 2018-09-07 22:58 - 001308672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2018-10-10 00:16 - 2018-09-07 22:58 - 000897536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2018-10-10 00:16 - 2018-09-07 22:58 - 000775680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2018-10-10 00:16 - 2018-09-07 22:57 - 005391360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2018-10-10 00:16 - 2018-09-07 22:57 - 000625664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2018-10-10 00:16 - 2018-09-07 22:57 - 000223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2018-10-10 00:16 - 2018-09-07 22:56 - 000080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2018-10-10 00:16 - 2018-09-07 20:08 - 000462880 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2018-10-10 00:16 - 2018-09-07 19:59 - 000361544 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Storage.ApplicationData.dll
2018-10-10 00:16 - 2018-09-07 19:58 - 000744976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2018-10-10 00:16 - 2018-09-07 19:58 - 000368440 _____ (Microsoft Corporation) C:\Windows\System32\thumbcache.dll
2018-10-10 00:16 - 2018-09-07 19:57 - 001016984 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase.dll
2018-10-10 00:16 - 2018-09-07 19:57 - 000930616 _____ (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
2018-10-10 00:16 - 2018-09-07 19:57 - 000482384 _____ (Microsoft Corporation) C:\Windows\System32\ucrtbase_enclave.dll
2018-10-10 00:16 - 2018-09-07 19:57 - 000368448 _____ (Microsoft Corporation) C:\Windows\System32\sechost.dll
2018-10-10 00:16 - 2018-09-07 19:51 - 000380728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2018-10-10 00:16 - 2018-09-07 19:45 - 000295416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2018-10-10 00:16 - 2018-09-07 19:45 - 000286824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2018-10-10 00:16 - 2018-09-07 19:43 - 001174448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2018-10-10 00:16 - 2018-09-07 19:43 - 000269104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2018-10-10 00:16 - 2018-09-07 19:32 - 000025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Dumpstorport.sys
2018-10-10 00:16 - 2018-09-07 19:31 - 000272384 _____ (Microsoft Corporation) C:\Windows\System32\Microsoft.Bluetooth.Proxy.dll
2018-10-10 00:16 - 2018-09-07 19:30 - 003601920 _____ (Microsoft Corporation) C:\Windows\System32\Microsoft.Bluetooth.Service.dll
2018-10-10 00:16 - 2018-09-07 19:30 - 000189440 _____ (Microsoft Corporation) C:\Windows\System32\BluetoothApis.dll
2018-10-10 00:16 - 2018-09-07 19:30 - 000137728 _____ (Microsoft Corporation) C:\Windows\System32\InputLocaleManager.dll
2018-10-10 00:16 - 2018-09-07 19:30 - 000115200 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidbth.sys
2018-10-10 00:16 - 2018-09-07 19:30 - 000101888 _____ (Microsoft Corporation) C:\Windows\System32\BthRadioMedia.dll
2018-10-10 00:16 - 2018-09-07 19:29 - 000241152 _____ (Microsoft Corporation) C:\Windows\System32\HttpsDataSource.dll
2018-10-10 00:16 - 2018-09-07 19:29 - 000183808 _____ (Microsoft Corporation) C:\Windows\System32\bthserv.dll
2018-10-10 00:16 - 2018-09-07 19:28 - 000481280 _____ (Microsoft Corporation) C:\Windows\System32\ngccredprov.dll
2018-10-10 00:16 - 2018-09-07 19:28 - 000273408 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2018-10-10 00:16 - 2018-09-07 19:28 - 000153088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft.Bluetooth.Proxy.dll
2018-10-10 00:16 - 2018-09-07 19:27 - 000983040 _____ (Microsoft Corporation) C:\Windows\System32\wbiosrvc.dll
2018-10-10 00:16 - 2018-09-07 19:27 - 000499200 _____ (Microsoft Corporation) C:\Windows\System32\winipcfile.dll
2018-10-10 00:16 - 2018-09-07 19:27 - 000301056 _____ (Microsoft Corporation) C:\Windows\System32\ProximityService.dll
2018-10-10 00:16 - 2018-09-07 19:27 - 000271872 _____ (Microsoft Corporation) C:\Windows\System32\dafBth.dll
2018-10-10 00:16 - 2018-09-07 19:26 - 002328064 _____ (Microsoft Corporation) C:\Windows\System32\winmsipc.dll
2018-10-10 00:16 - 2018-09-07 19:26 - 000784896 _____ (Microsoft Corporation) C:\Windows\System32\ngcsvc.dll
2018-10-10 00:16 - 2018-09-07 19:26 - 000387584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ngccredprov.dll
2018-10-10 00:16 - 2018-09-07 19:26 - 000359424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipcfile.dll
2018-10-10 00:16 - 2018-09-07 19:26 - 000142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2018-10-10 00:16 - 2018-09-07 19:25 - 002789376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2018-10-10 00:16 - 2018-09-07 19:25 - 000882688 _____ (Microsoft Corporation) C:\Windows\System32\winipcsecproc.dll
2018-10-10 00:16 - 2018-09-07 19:25 - 000341504 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Proximity.dll
2018-10-10 00:16 - 2018-09-07 19:24 - 000845824 _____ (Microsoft Corporation) C:\Windows\System32\fveapi.dll
2018-10-10 00:16 - 2018-09-07 19:24 - 000463360 _____ (Microsoft Corporation) C:\Windows\System32\das.dll
2018-10-10 00:16 - 2018-09-07 19:23 - 001655296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmsipc.dll
2018-10-10 00:16 - 2018-09-07 19:23 - 000807936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipcsecproc.dll
2018-10-10 00:16 - 2018-09-07 19:23 - 000667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fveapi.dll
2018-10-10 00:16 - 2018-09-07 19:23 - 000314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Proximity.dll
2018-10-09 05:10 - 2018-10-09 05:10 - 000000000 ____D C:\Users\dclin\AppData\Local\GlassWire
2018-10-09 05:06 - 2018-10-09 05:06 - 000001974 _____ C:\Users\Public\Desktop\GlassWire.lnk
2018-10-09 05:06 - 2018-10-09 05:06 - 000000000 ____D C:\ProgramData\GlassWire
2018-10-09 05:06 - 2018-10-09 05:06 - 000000000 ____D C:\Program Files (x86)\GlassWire
2018-10-09 05:06 - 2015-05-28 20:30 - 000008392 _____ C:\Windows\System32\Drivers\gwdrv.cat
2018-10-09 05:06 - 2015-05-28 20:15 - 000033152 _____ (SecureMix LLC) C:\Windows\System32\Drivers\gwdrv.sys
2018-10-09 03:53 - 2018-10-09 03:53 - 000051024 _____ (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
2018-10-09 03:53 - 2018-10-09 03:53 - 000050232 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-dev.sys
2018-10-09 03:53 - 2018-10-09 03:53 - 000050232 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-canary.sys
2018-10-09 03:53 - 2018-10-09 03:53 - 000045640 _____ (Dropbox, Inc.) C:\Windows\System32\Drivers\dbx-stable.sys
2018-10-06 11:45 - 2018-10-06 11:45 - 000000000 ____D C:\Users\dclin\AppData\Local\AbzuGame
2018-10-04 09:59 - 2018-10-01 21:45 - 000133160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-10-04 09:57 - 2018-10-02 19:31 - 035296480 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2018-10-04 09:57 - 2018-10-02 19:31 - 029972128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-10-04 09:57 - 2018-10-02 19:31 - 015907904 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll
2018-10-04 09:57 - 2018-10-02 19:31 - 013202672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-10-04 09:57 - 2018-10-02 19:31 - 001471392 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFThevc.dll
2018-10-04 09:57 - 2018-10-02 19:31 - 001462184 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncMFTH264.dll
2018-10-04 09:57 - 2018-10-02 19:31 - 001167560 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll
2018-10-04 09:57 - 2018-10-02 19:31 - 001151960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2018-10-04 09:57 - 2018-10-02 19:31 - 001145512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-10-04 09:57 - 2018-10-02 19:31 - 000914552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-10-04 09:57 - 2018-10-02 19:31 - 000822552 _____ (NVIDIA Corporation) C:\Windows\System32\nvmcumd.dll
2018-10-04 09:57 - 2018-10-02 19:31 - 000794416 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2018-10-04 09:57 - 2018-10-02 19:31 - 000637640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-10-04 09:57 - 2018-10-02 19:30 - 019704344 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2018-10-04 09:57 - 2018-10-02 19:30 - 016983304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-10-04 09:57 - 2018-10-02 19:30 - 004249912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-10-04 09:57 - 2018-10-02 16:35 - 000978312 _____ C:\Windows\System32\vulkan-1-999-0-0-0.dll
2018-10-04 09:57 - 2018-10-02 16:35 - 000978312 _____ C:\Windows\System32\vulkan-1.dll
2018-10-04 09:57 - 2018-10-02 16:35 - 000845192 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2018-10-04 09:57 - 2018-10-02 16:35 - 000845192 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-10-04 09:57 - 2018-10-02 16:35 - 000268192 _____ C:\Windows\System32\vulkaninfo-1-999-0-0-0.exe
2018-10-04 09:57 - 2018-10-02 16:35 - 000268192 _____ C:\Windows\System32\vulkaninfo.exe
2018-10-04 09:57 - 2018-10-02 16:35 - 000243592 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2018-10-04 09:57 - 2018-10-02 16:35 - 000243592 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-10-04 09:57 - 2018-10-02 16:32 - 002018352 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6441616.dll
2018-10-04 09:57 - 2018-10-02 16:32 - 001998200 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2018-10-04 09:57 - 2018-10-02 16:32 - 001507944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-10-04 09:57 - 2018-10-02 16:32 - 001468360 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6441616.dll
2018-10-04 09:57 - 2018-10-02 16:32 - 001455176 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2018-10-04 09:57 - 2018-10-02 16:32 - 001122376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-10-04 09:57 - 2018-10-02 16:32 - 000750184 _____ (NVIDIA Corporation) C:\Windows\System32\nvDecMFTMjpeg.dll
2018-10-04 09:57 - 2018-10-02 16:32 - 000631368 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2018-10-04 09:57 - 2018-10-02 16:32 - 000521904 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-10-04 09:57 - 2018-10-02 16:31 - 040253672 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2018-10-04 09:57 - 2018-10-02 16:31 - 035151592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-10-04 09:57 - 2018-10-02 16:31 - 004938800 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2018-10-04 09:57 - 2018-10-02 16:31 - 004310984 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-10-04 09:57 - 2018-10-02 16:31 - 000608872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-10-04 09:57 - 2018-10-01 10:49 - 000047576 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2018-10-03 06:29 - 2018-10-03 06:29 - 000000222 _____ C:\Users\dclin\Desktop\Dungeons 3.url
2018-10-03 06:29 - 2018-10-03 06:29 - 000000000 ____D C:\Users\dclin\AppData\LocalLow\Adriaan de Jongh
2018-10-03 06:28 - 2018-10-03 06:28 - 000000222 _____ C:\Users\dclin\Desktop\Hidden Folks.url
2018-09-29 18:42 - 2018-10-14 08:15 - 000000000 ____D C:\Windows\Panther
2018-09-28 02:57 - 2018-09-28 02:57 - 000001816 _____ C:\Users\Public\Desktop\iTunes.lnk
2018-09-28 02:57 - 2018-09-28 02:57 - 000000000 ____D C:\Program Files\iTunes
2018-09-28 02:57 - 2018-09-28 02:57 - 000000000 ____D C:\Program Files\iPod
2018-09-26 06:34 - 2018-09-26 06:34 - 000000000 ____D C:\Users\dclin\AppData\Local\Frontier Developments
2018-09-26 06:34 - 2018-09-26 06:34 - 000000000 ____D C:\ProgramData\Frontier Developments
2018-09-26 06:27 - 2018-09-26 06:27 - 000000746 _____ C:\Users\dclin\Desktop\Jurassic World Evolution.lnk
2018-09-26 04:49 - 2018-09-26 04:49 - 000000234 _____ C:\Users\dclin\Desktop\The Crew 2.url
2018-09-25 09:32 - 2018-10-02 17:28 - 000000000 ____D C:\Users\dclin\AppData\Local\PlaceholderTileLogoFolder
2018-09-25 03:41 - 2009-12-16 04:12 - 000377232 _____ (-) C:\Windows\System32\Eraser.dll
2018-09-25 03:41 - 2009-12-16 04:12 - 000315280 _____ (-) C:\Windows\SysWOW64\Eraser.dll
2018-09-25 03:41 - 2009-12-16 04:12 - 000103824 _____ (-) C:\Windows\System32\Erasext.dll
2018-09-25 03:41 - 2009-12-16 04:12 - 000091536 _____ (-) C:\Windows\System32\Eraserl.exe
2018-09-25 03:41 - 2009-12-16 04:12 - 000085392 _____ (-) C:\Windows\SysWOW64\Erasext.dll
2018-09-24 04:18 - 2018-10-12 10:09 - 000001399 _____ C:\Users\dclin\Desktop\PC Inspector File Recovery.lnk
2018-09-24 04:18 - 2018-09-24 04:18 - 000000000 ____D C:\Program Files (x86)\Convar
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-10-16 01:18 - 2017-08-22 03:02 - 000000000 ____D C:\Users\dclin\AppData\Local\Musictube
2018-10-15 21:13 - 2018-05-18 00:24 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-15 21:13 - 2018-04-11 13:04 - 023330816 _____ C:\Windows\System32\config\HARDWARE
2018-10-15 21:13 - 2018-04-11 13:04 - 001048576 _____ C:\Windows\System32\config\BBI
2018-10-15 21:13 - 2017-06-03 20:26 - 000000000 ____D C:\ProgramData\NVIDIA
2018-10-15 21:12 - 2018-04-11 15:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-10-15 20:45 - 2017-06-03 23:03 - 000000000 ____D C:\ProgramData\NzbDrone
2018-10-15 19:55 - 2017-06-23 04:22 - 000000000 ____D C:\Users\dclin\AppData\Roaming\vlc
2018-10-15 19:26 - 2018-05-18 00:14 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-10-15 08:38 - 2018-05-21 08:34 - 000000000 ___HD C:\Users\dclin\Documents\.tmp.drivedownload
2018-10-15 08:32 - 2018-04-11 15:36 - 000000000 ____D C:\Windows\INF
2018-10-15 08:27 - 2017-11-03 14:56 - 000000000 ____D C:\Users\dclin\AppData\Roaming\WD Discovery
2018-10-15 08:26 - 2018-06-09 10:02 - 000026192 ____N (Windows ® Server 2003 DDK provider) C:\Windows\gdrv.sys
2018-10-15 08:26 - 2017-06-10 15:44 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-10-15 08:26 - 2017-06-03 21:10 - 000000000 ___RD C:\Users\dclin\Google Drive
2018-10-15 08:26 - 2017-06-03 20:28 - 000000000 __SHD C:\Users\dclin\IntelGraphicsProfiles
2018-10-15 08:10 - 2017-06-08 22:15 - 000000000 ____D C:\Users\dclin\AppData\Local\CrashDumps
2018-10-15 06:12 - 2018-08-01 09:03 - 000003986 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1533143024
2018-10-15 03:20 - 2018-05-18 00:24 - 000004168 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{85E93017-E7DA-4B40-A515-E7C77596899B}
2018-10-15 03:08 - 2018-08-18 12:41 - 000000000 ____D C:\ProgramData\Garmin
2018-10-15 03:08 - 2017-06-03 20:39 - 000000000 ____D C:\ProgramData\Package Cache
2018-10-14 07:14 - 2018-05-18 00:16 - 000000000 ____D C:\users\dclin
2018-10-13 05:56 - 2017-06-13 03:05 - 000000000 ___RD C:\Users\dclin\Dropbox
2018-10-13 05:27 - 2017-09-21 17:48 - 000000000 ____D C:\Users\dclin\AppData\Local\NVIDIA Corporation
2018-10-13 05:08 - 2017-06-13 03:33 - 000000000 ____D C:\Users\dclin\AppData\Roaming\FileZilla
2018-10-13 05:08 - 2017-06-10 15:44 - 000000000 ____D C:\Users\dclin\AppData\Roaming\TeamViewer
2018-10-12 12:32 - 2018-04-02 06:06 - 000000000 ____D C:\ProgramData\Spybot - Search & Destroy
2018-10-12 11:46 - 2018-05-18 00:16 - 000000000 ____D C:\users\Daniel
2018-10-12 11:43 - 2017-06-03 20:33 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-10-12 11:14 - 2018-07-03 11:43 - 000000000 ____D C:\ProgramData\dv
2018-10-12 11:14 - 2018-05-21 08:42 - 000000000 ___HD C:\Users\dclin\Desktop\.tmp.drivedownload
2018-10-12 11:10 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\AppReadiness
2018-10-12 04:33 - 2017-06-03 21:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-10-11 11:38 - 2018-04-11 15:30 - 000000000 ____D C:\Windows\CbsTemp
2018-10-11 08:20 - 2018-04-11 15:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-10-10 13:38 - 2017-12-12 04:20 - 000000000 ___RD C:\Users\dclin\3D Objects
2018-10-10 13:38 - 2017-06-03 20:24 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-10-10 13:37 - 2018-05-18 00:14 - 005072808 _____ C:\Windows\System32\FNTCACHE.DAT
2018-10-10 13:36 - 2018-04-11 15:38 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-10-10 13:36 - 2018-04-11 15:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-10-10 13:36 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\TextInput
2018-10-10 13:36 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\System32\ShellExperiences
2018-10-10 13:36 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\PolicyDefinitions
2018-10-10 13:36 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\bcastdvr
2018-10-10 13:36 - 2018-04-11 15:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-10-10 00:20 - 2017-06-03 20:29 - 000000000 ____D C:\Windows\System32\MRT
2018-10-10 00:18 - 2017-06-03 20:29 - 136745976 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-10-10 00:17 - 2018-04-11 15:34 - 000494400 _____ (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll
2018-10-10 00:17 - 2018-04-11 15:34 - 000035232 _____ (Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
2018-10-09 15:10 - 2018-05-18 00:24 - 000004574 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-10-09 15:10 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-10-09 15:10 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\System32\Macromed
2018-10-09 11:08 - 2017-06-13 03:03 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-10-09 05:39 - 2017-08-11 15:48 - 000000000 ____D C:\Users\dclin\AppData\Roaming\Apple Computer
2018-10-06 12:27 - 2017-06-24 03:15 - 000000000 ____D C:\Users\dclin\AppData\Local\UnrealEngine
2018-10-05 06:56 - 2018-06-19 19:30 - 000000000 ____D C:\ProgramData\Packages
2018-10-04 10:00 - 2017-06-03 20:26 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-10-04 09:59 - 2017-09-21 17:48 - 000000000 ____D C:\Users\dclin\AppData\Local\NVIDIA
2018-10-04 09:59 - 2017-06-03 20:25 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-10-04 08:02 - 2018-06-06 01:55 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 08:02 - 2018-06-06 01:55 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 08:02 - 2018-06-06 01:55 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 08:02 - 2018-06-06 01:55 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 08:02 - 2018-06-06 01:55 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 08:02 - 2018-05-18 00:24 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 08:02 - 2018-05-18 00:24 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 08:02 - 2018-05-18 00:24 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 08:02 - 2018-05-18 00:24 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 08:02 - 2018-05-18 00:24 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 08:02 - 2018-05-18 00:24 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-10-04 08:02 - 2017-09-21 17:48 - 000001447 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2018-10-04 08:02 - 2017-06-03 20:25 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-10-02 19:30 - 2018-03-27 13:49 - 004989680 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2018-10-02 12:13 - 2018-04-11 15:41 - 000835152 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-10-02 12:13 - 2018-04-11 15:41 - 000179792 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-10-02 07:21 - 2017-12-12 02:21 - 000000000 ____D C:\Users\dclin\AppData\Local\Packages
2018-10-01 23:49 - 2018-03-27 13:49 - 000048046 _____ C:\Windows\System32\nvinfo.pb
2018-10-01 21:37 - 2017-09-21 17:47 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-10-01 21:35 - 2017-06-03 20:26 - 005939512 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2018-10-01 21:35 - 2017-06-03 20:26 - 002611592 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2018-10-01 21:35 - 2017-06-03 20:26 - 001767920 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2018-10-01 21:35 - 2017-06-03 20:26 - 000635888 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2018-10-01 21:35 - 2017-06-03 20:26 - 000450768 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2018-10-01 21:35 - 2017-06-03 20:26 - 000123944 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2018-10-01 21:35 - 2017-06-03 20:26 - 000082800 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2018-10-01 10:49 - 2018-03-27 13:49 - 001685104 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdagenco6420103.dll
2018-10-01 10:49 - 2018-03-27 13:49 - 000227856 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys
2018-09-29 18:39 - 2017-08-21 18:16 - 000000000 ____D C:\Users\dclin\AppData\Local\Ubisoft Game Launcher
2018-09-29 15:16 - 2018-04-11 15:38 - 000000000 ____D C:\Windows\LiveKernelReports
2018-09-28 16:50 - 2017-06-03 20:26 - 008368212 _____ C:\Windows\System32\nvcoproc.bin
2018-09-27 11:31 - 2018-06-24 06:05 - 000000000 ____D C:\Users\dclin\Documents\The Crew 2
2018-09-27 03:09 - 2018-06-11 09:46 - 000000000 ____D C:\Users\dclin\AppData\Local\BattlEye
2018-09-26 07:04 - 2017-06-03 23:14 - 000000000 ____D C:\Users\dclin\AppData\Roaming\deluge
2018-09-26 06:23 - 2018-05-18 03:38 - 000000000 ____D C:\Users\dclin\AppData\Local\D3DSCache
2018-09-25 13:21 - 2018-06-07 03:29 - 000001028 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-09-25 09:32 - 2017-06-03 20:24 - 000000000 ____D C:\Users\dclin\AppData\Local\Publishers
2018-09-25 06:05 - 2018-02-25 23:31 - 000000000 ____D C:\Windows\System32\Drivers\wd
2018-09-25 03:27 - 2017-06-03 20:24 - 000000000 ____D C:\Users\dclin\AppData\Local\VirtualStore
2018-09-24 04:33 - 2017-06-03 22:13 - 000000000 ____D C:\Users\dclin\AppData\LocalLow\Mozilla
2018-09-23 05:53 - 2017-06-13 03:03 - 000000924 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2018-09-23 05:53 - 2017-06-13 03:03 - 000000920 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2018-09-23 04:19 - 2018-05-18 00:24 - 000003364 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2899436820-3732532657-4052289127-1001
2018-09-23 04:19 - 2017-06-03 20:26 - 000000000 ___RD C:\Users\dclin\OneDrive
2018-09-21 10:48 - 2018-05-18 00:24 - 000003984 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineUA
2018-09-21 10:48 - 2018-05-18 00:24 - 000003752 _____ C:\Windows\System32\Tasks\DropboxUpdateTaskMachineCore
2018-09-17 10:39 - 2017-07-27 09:15 - 000000000 ____D C:\Users\dclin\AppData\Local\Battle.net
 
Some files in TEMP:
====================
2018-10-15 03:14 - 2018-10-14 07:47 - 011576808 _____ (SurfRight B.V.) C:\Users\dclin\AppData\Local\Temp\HitmanPro.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2018-10-10 00:16] - [2018-09-07 23:40] - 000677888 _____ (Microsoft Corporation) 749CA1F1B638E4E4A8A1F0990377012F
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2018-07-10 19:11] - [2018-07-06 06:17] - 003932672 _____ (Microsoft Corporation) E4A81EDDFF8B844D85C8B45354E4144E
 
C:\Windows\SysWOW64\explorer.exe
[2018-07-10 19:11] - [2018-07-06 04:06] - 003611368 _____ (Microsoft Corporation) 499B0D1F6277F17B3BAC525B8717C064
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2018-08-15 06:29] - [2018-07-13 20:19] - 000636944 _____ (Microsoft Corporation) 2FC61B2CF84792516D543CA94139A92C
 
C:\Windows\System32\User32.dll
[2018-10-10 00:16] - [2018-09-07 23:58] - 001639352 _____ (Microsoft Corporation) 64F64755DAB23A264332CDBA35A66E42
 
C:\Windows\SysWOW64\User32.dll
[2018-10-10 00:16] - [2018-09-07 23:13] - 001626656 _____ (Microsoft Corporation) 95B76D825264C62860C2BB3618597CA2
 
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-10-10 00:17] - [2018-09-20 19:36] - 001159680 _____ (Microsoft Corporation) CABE63E881D5A9719EBB5B3CFD754F0C
 
C:\Windows\System32\dnsapi.dll
[2018-07-10 19:11] - [2018-07-05 23:26] - 000766608 _____ (Microsoft Corporation) F4B9F200B9D7EBC8BD4C8E39F02A44E3
 
C:\Windows\SysWOW64\dnsapi.dll
[2018-07-10 19:11] - [2018-07-05 23:14] - 000573904 _____ (Microsoft Corporation) BE663A3C8E4F3ED2E8404A808614BCE3
 
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 6%
Total physical RAM: 16271.76 MB
Available physical RAM: 15247.17 MB
Total Virtual: 16271.76 MB
Available Virtual: 15291.81 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:465.21 GB) (Free:209.35 GB) NTFS
Drive g: (ESD-USB) (Removable) (Total:29.21 GB) (Free:24.64 GB) FAT32
Drive j: (CLIP) (Removable) (Total:7.44 GB) (Free:7.44 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
 
\\?\Volume{15a40b1d-2d32-4612-afcb-6a6789bdc8e1}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
\\?\Volume{965c9a6b-363e-498d-aaba-2c0bc9b7f950}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 3726 GB) (Disk ID: C14BF560)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 3726 GB) (Disk ID: 50F415A3)
 
Partition: GPT.
 
========================================================
Disk: 2 (Size: 465.8 GB) (Disk ID: 21775DF8)
 
Partition: GPT.
 
========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 3726 GB) (Disk ID: 09CD03A5)
 
Partition: GPT.
 
========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 29.2 GB) (Disk ID: 82AFFF12)
Partition 1: (Active) - (Size=29.2 GB) - (Type=0C)
 
========================================================
Disk: 5 (Size: 7452 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
========================================================
Disk: 6 (Size: 7.5 GB) (Disk ID: 0028FAF2)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0C)
 
LastRegBack: 2018-05-18 00:14
 
==================== End of FRST.txt ============================


#4 Android8888

Android8888

  • Malware Response Team
  • 103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:43 PM

Posted Today, 06:22 AM

Hello DCJamison.
 

What led you to the discovery that I have the smartservice rootkit?(hoping to learn something from this)

Due to your initial description on your first post and also from the Farbar log.

Usually you got this infection with as part of a bundle with another tool you downloaded from the Internet.

These are some of the symptoms you described:

Having trouble deleting folders/files
am unable to get to safe mode in windows 10 no matter what way I try
various folders were created that I cannot access in appdata\local\:
csmxrizsvc.exe is still running at all times(could not find any info on it)


It also blocks most of the anti-malware programs from running. This is why it is so difficult to remove.


Okay, let's run the following scans with RogueKiller and AdwCleaner to see what's left.


RogueKiller Portable (Clean Mode)

Please download RogueKiller_portable64.exe by Tigzy and save it to your computer Desktop;

  • Now close all programs and Internet browsers and disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the file RogueKiller_portable64.exe and select Run as administrator to start the tool;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Once the tool is open, click the 'Scan' tab menu and the click the Start Scan button;
  • Wait until the scan has finished. Note: This scan may take some time to complete;
  • Once finished the results will be displayed;
  • Check every single entry (threat found), and click on the Remove Selected button;
    Click on the Open Report button. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop.
  • Close RogueKiller.

Please copy and paste the contents of RKlog.txt to your next reply.


AdwCleaner (Clean Mode)

  • Download AdwCleaner and move it to your computer Desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator.
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do it.
  • After the restart, a log will open when logging in. Please copy and paste the content of that log in your next reply.

 

Please post the two logs and let me know how is the computer running now.

Android8888


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#5 DCJamison

DCJamison
  • Topic Starter

  • Members
  • 4 posts
  • ONLINE
  •  
  • Local time:10:43 AM

Posted Today, 06:44 AM

I'm currently still at the advanced startup command prompt only, (option 7) 

The see more recovery options is not there, I assume you want me to run these in safe mode, but I still have no way to get to that.

 

Am I supposed to restart and boot up normally now?(I'm thinking this is not what you want)



#6 Android8888

Android8888

  • Malware Response Team
  • 103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:43 PM

Posted Today, 08:35 AM

DCJamison, disregard the instructions in my previous post.
 

 

Am I supposed to restart and boot up normally now?(I'm thinking this is not what you want)

No, and it's not the Safe mode either.

 

Leave the infected computer in the Recovery Environment.

 

Now, do this please:

On the clean computer plugin the USB Flash Drive with FRST64.exe.
Download the attached fixlist.txt file at the bottom of this post and save it to the USB Flash Drive.
Unplug the USB Flash Drive from the clean computer and plug it on the infected computer which must still in Recovery Environment.

Once in the command prompt

  • In the command prompt of the infected computer, type notepad and press on Enter.
  • Notepad will open. Click on the File menu and select Open.
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad.
  • In the command prompt, type e:\frst64.exe and press on Enter.
  • Note: Replace the letter e with the drive letter of your USB Flash Drive.
  • FRST will open.
  • Click on Yes to accept the disclaimer.
  • Click on the Fix button and wait for the scan to complete.
  • A log called Fixlog.txt will be saved on your USB Flash Drive.

Unplug the USB Flash Drive from the infected computer and plug it on the clean computer (leave the infected computer in Recovery Environment).

Open the Fixlog.txt located in the USB Flash Drive and post its entire content in your next reply.

 

Let me know if anything is unclear.

Attached Files


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#7 DCJamison

DCJamison
  • Topic Starter

  • Members
  • 4 posts
  • ONLINE
  •  
  • Local time:10:43 AM

Posted Today, 09:01 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 10.10.2018
Ran by SYSTEM (16-10-2018 09:46:48) Run:2
Running from J:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [Brust] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM\...\Run: [Tracery] => "C:\Program Files (x86)\boardrooms\Balz.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM\...\Run: [Auden] => "C:\Program Files (x86)\Impromptu\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM-x32\...\Run: [Micahel] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM-x32\...\Run: [Nestling] => "C:\Program Files (x86)\boardrooms\Balz.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKLM-x32\...\Run: [Rhythm] => "C:\Program Files (x86)\Impromptu\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [Fortier] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [Fritter] => "C:\Program Files (x86)\boardrooms\Balz.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [Shoulders] => "C:\Program Files (x86)\Impromptu\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [Rummy] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [Javed] => "C:\Program Files (x86)\boardrooms\Balz.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [Donohue] => "C:\Program Files (x86)\Impromptu\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
HKU\dclin\...\Run: [expensing] => "C:\Program Files (x86)\Eclipsing\Galliano.exe" hwkaiwhwkaiwhwkaiwhwkai.hwkaibhwkaiahwkaijhwkai.hwkaiphwkaiwhwkai/hwkaig2w0w1w8w1hwkaii0i1g2gwhthwkaimlEDAlHIm2hwkaiUPanQeZmjvhwkaird
S0 b06bdrv; System32\drivers\bxvbda.sys [X]
S4 bpkrlncd; System32\drivers\wdoiezvr.sys [X]
S1 vnoezrid; \??\C:\Users\dclin\AppData\Local\Temp\nvocrmie.sys [X] <==== ATTENTION
C:\Users\dclin\AppData\Local\Temp\nvocrmie.sys
C:\Users\dclin\AppData\Local\cgsapim
C:\Users\dclin\AppData\Local\dwnbspm
C:\Windows\System32\csmxrizsvc.exe
C:\Program Files (x86)\Eclipsing
C:\Program Files (x86)\Impromptu
C:\Program Files (x86)\boardrooms
C:\Users\dclin\AppData\Local\pcntkxu
EmptyTemp:
 
*****************
 
Error: Restore point can only be created in normal mode.
CloseProcesses: => Error: This directive works only outside recovery mode.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Brust" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Tracery" => removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Auden" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Micahel" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Nestling" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Rhythm" => removed successfully
"HKU\dclin\Software\Microsoft\Windows\CurrentVersion\Run\\Fortier" => removed successfully
"HKU\dclin\Software\Microsoft\Windows\CurrentVersion\Run\\Fritter" => removed successfully
"HKU\dclin\Software\Microsoft\Windows\CurrentVersion\Run\\Shoulders" => removed successfully
"HKU\dclin\Software\Microsoft\Windows\CurrentVersion\Run\\Rummy" => removed successfully
"HKU\dclin\Software\Microsoft\Windows\CurrentVersion\Run\\Javed" => removed successfully
"HKU\dclin\Software\Microsoft\Windows\CurrentVersion\Run\\Donohue" => removed successfully
"HKU\dclin\Software\Microsoft\Windows\CurrentVersion\Run\\expensing" => removed successfully
HKLM\System\ControlSet001\Services\b06bdrv => removed successfully
b06bdrv => service removed successfully
HKLM\System\ControlSet001\Services\bpkrlncd => removed successfully
bpkrlncd => service removed successfully
HKLM\System\ControlSet001\Services\vnoezrid => removed successfully
vnoezrid => service removed successfully
"C:\Users\dclin\AppData\Local\Temp\nvocrmie.sys" => not found
"C:\Users\dclin\AppData\Local\cgsapim" => not found
"C:\Users\dclin\AppData\Local\dwnbspm" => not found
C:\Windows\System32\csmxrizsvc.exe => moved successfully
"C:\Program Files (x86)\Eclipsing" => not found
"C:\Program Files (x86)\Impromptu" => not found
"C:\Program Files (x86)\boardrooms" => not found
"C:\Users\dclin\AppData\Local\pcntkxu" => not found
EmptyTemp: => Error: This directive works only outside recovery mode.
 
==== End of Fixlog 09:46:49 ====


#8 Android8888

Android8888

  • Malware Response Team
  • 103 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:43 PM

Posted Today, 09:31 AM

Thank you for the log. It looks like it cleaned up most of the rootkit bad stuff.

 

Please restart the computer in Normal mode.

 

 

Okay, let's run the following scans with RogueKiller and AdwCleaner to see what's left.


RogueKiller Portable (Clean Mode)

Please download RogueKiller_portable64.exe by Tigzy and save it to your computer Desktop;

  • Now close all programs and Internet browsers and disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the file RogueKiller_portable64.exe and select Run as administrator to start the tool;
  • Click Yes to accept the User Account Control security warning that may appear;
  • Once the tool is open, click the 'Scan' tab menu and the click the Start Scan button;
  • Wait until the scan has finished. Note: This scan may take some time to complete;
  • Once finished the results will be displayed;
  • Check every single entry (threat found), and click on the Remove Selected button;
    Click on the Open Report button. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop.
  • Close RogueKiller.

Please copy and paste the contents of RKlog.txt to your next reply.


AdwCleaner (Clean Mode)

  • Download AdwCleaner and move it to your computer Desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator.
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean & Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do it.
  • After the restart, a log will open when logging in. Please copy and paste the content of that log in your next reply.

 

Please post the contents of both logs and let me know how is the computer running now.

Android8888


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!





8 user(s) are reading this topic

1 members, 7 guests, 0 anonymous users


    DCJamison