Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Occamy.c Trojan! Please help!

Trojan Virus Malware Occamy.c

  • Please log in to reply

#1
MrMatoke

MrMatoke

    Member

  • Member
  • PipPip
  • 32 posts

Hello.

Lately I have been experiencing some issues when gaming (FPS drops), unwanted publicity, computer running slow, etc. Windows Defender detected this: "Trojan:Win32/Occamy.C". Plus, I went to the task manager and realized that the CPU was working WAY more than it should; so I went file by file until I discovered "Dtdump", a file created by the trojan everytime I started up the PC. So I got scared and did some research so as to eliminate the virus. First I did a full scan with windows defender and it didn´t manage to eliminate the trojan. Then I thought to myself: maybe if I erase the tasks at the task manager that were created by the trojan it would disappear...didn´t work. I also started up the PC in safe mode (following the rules of a post I found on Google) but did nothing. I scanned the PC both with Windows Defender and ClamWinFree Antivirus and neither of them found anything or, when they actually found the trojan, they "eliminated" it but later I would again see it harming my computer...not eliminated. 

Also, everytime I Google somehting, publicity shows up above t

 

I have the following (idk if it's useful for you):

 

Windows 10

Processor: AMD Ryzen 7 1700 Eight - Core Processor

RAM: 8192 MB

Directx 12

Graphic Card: GeForce GTX 1050

 

Thank you so much for your help!!!!

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP


  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


 


  • 1

#3
MrMatoke

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


 

 

Will do.


  • 0

#4
MrMatoke

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by Matoke (administrator) on DESKTOP-4LAFI5B (24-07-2018 15:07:21)
Running from C:\Users\amd\Downloads
Loaded Profiles: Matoke (Available Profiles: Matoke)
Platform: Windows 10 Pro Version 1803 17134.165 (X64) Language: Español (México)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
() C:\Program Files\WinVPN\inetdrv.exe
() C:\Program Files\MjU2ZmY\NTM4NWVlNG.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\WinVPN\wpsvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-04-03] (Disc Soft Ltd)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3201312 2018-06-08] (Valve Corporation)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [Discord] => C:\Users\amd\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32966032 2018-07-20] (Epic Games, Inc.)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [5GJH4B4PT9PENBZ] => "C:\Program Files (x86)\ShutdownTime\AMKL5.exe"
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [GoogleChromeAutoLaunch_75BED9BC4FE28DE71792C715C05373CF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568 2018-06-22] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 100.72.3.109 100.72.3.1
Tcpip\..\Interfaces\{54e2108c-8637-4bb9-95c6-a60275ec1987}: [DhcpNameServer] 208.67.220.220 208.67.222.222
Tcpip\..\Interfaces\{641c23af-61d5-46a6-a811-c61f189b2b88}: [DhcpNameServer] 100.72.3.109 100.72.3.1
 
Internet Explorer:
==================
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHhI8J8aInErgE7xdslq-PtG7be0E1PeUZSAqkGnzX2fKYuNPJVwuxmFa_2ljjAKqYTs0__ceWtT-R6P1LcWVhKWRC1r3SchMfrR1r6e9gaYZukVYY0-V8bYUqylE-BJTBFHftuXCFMrzVQD-F2EPQITHgiufaNPCmL7DWKc8mQR&q={searchTerms}
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://feed.helperbar.com/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHhI8J8aInErgE7xdslq-PtG7be0E1PeUZSAqkGnzX2fKYuNPJVwuxmFa_2ljjAKqYTs0__ceWtT-R6Du-6ILjhmfADyjYSgK7zEDUu6qLLni98iVBZBpUb3RlHcF0cq0oX_Geg2cgRpl0OXVbZXBXIaaF4GkrLDxUBVe1SYqqvQ
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHhI8J8aInErgE7xdslq-PtG7be0E1PeUZSAqkGnzX2fKYuNPJVwuxmFa_2ljjAKqYTs0__ceWtT-R6P1LcWVhKWRC1r3SchMfrR1r6e9gaYZukVYY0-V8bYUqylE-BJTBFHftuXCFMrzVQD-F2EPQITHgiufaNPCmL7DWKc8mQR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1830811996-1437030023-4132568959-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHhI8J8aInErgE7xdslq-PtG7be0E1PeUZSAqkGnzX2fKYuNPJVwuxmFa_2ljjAKqYTs0__ceWtT-R6P1LcWVhKWRC1r3SchMfrR1r6e9gaYZukVYY0-V8bYUqylE-BJTBFHftuXCFMrzVQD-F2EPQITHgiufaNPCmL7DWKc8mQR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1830811996-1437030023-4132568959-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHhI8J8aInErgE7xdslq-PtG7be0E1PeUZSAqkGnzX2fKYuNPJVwuxmFa_2ljjAKqYTs0__ceWtT-R6P1LcWVhKWRC1r3SchMfrR1r6e9gaYZukVYY0-V8bYUqylE-BJTBFHftuXCFMrzVQD-F2EPQITHgiufaNPCmL7DWKc8mQR&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-06-30] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-05-14] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-06-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-06-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425245053&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1425245053&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245","hxxp://www.mystartsearch.com/?type=hppp&ts=1425245075&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245"
CHR Profile: C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default [2018-07-24]
CHR Extension: (Presentaciones) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-21]
CHR Extension: (Documentos) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-21]
CHR Extension: (Google Drive) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-21]
CHR Extension: (YouTube) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-21]
CHR Extension: (Hojas de cálculo) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-21]
CHR Extension: (Cablevisión Flow) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbnbmbkemlokfckhdoaakhjogffkinc [2018-07-21]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-21]
CHR Extension: (AdBlock) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-21]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-21]
CHR Extension: (Gmail) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-21]
CHR Extension: (Chrome Media Router) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-21]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7206312 2018-07-17] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-07-13] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3606120 2018-04-03] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-05-14] (EasyAntiCheat Ltd)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [38328 2018-04-26] ()
R2 INetDriverSvc; C:\Program Files\WinVPN\inetdrv.exe [1180160 2018-06-10] () [File not signed]
R2 MjU2ZmY; C:\Program Files\MjU2ZmY\NTM4NWVlNG.exe [963456 2018-07-09] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S2 saiyitechnology; C:\ProgramData\yahoochrome_D\desktop117.exe [517432 2018-05-21] (PandaViewer)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-26] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-26] (Microsoft Corporation)
R2 WinPing; C:\Program Files\WinVPN\wpsvc.exe [12288 2018-06-08] () [File not signed]
R2 MTQ3Nz; rundll32.exe C:\WINDOWS\mwjbruagnvkvdqql.mwjbr MWcGUpTR [X]
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2018-05-11] (Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2018-05-11] (Advanced Micro Devices, Inc)
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-05-11] (Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2018-05-11] (Advanced Micro Devices, Inc. )
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-05-13] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-05-13] (Disc Soft Ltd)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvpcdi.inf_amd64_1956348608fec82f\nvlddmkm.sys [17200392 2018-06-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31200 2018-05-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [68112 2018-06-24] (NVIDIA Corporation)
R1 powzip; C:\WINDOWS\System32\drivers\powzip.sys [193160 2018-07-09] (Nice Pulle Science and Technology Ltd.)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5707264 2018-04-11] (Realtek Semiconductor Corporation )
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-26] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-26] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-26] (Microsoft Corporation)
R1 ZmRjNzcxODQxYWNmODgw; C:\WINDOWS\System32\drivers\ZmRjNzcxODQxYWNmODgw.sys [210056 2018-07-09] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-24 15:07 - 2018-07-24 15:07 - 000017928 _____ C:\Users\amd\Downloads\FRST.txt
2018-07-24 15:06 - 2018-07-24 15:07 - 000000000 ____D C:\FRST
2018-07-24 15:06 - 2018-07-24 15:06 - 002412544 _____ (Farbar) C:\Users\amd\Downloads\FRST64.exe
2018-07-24 15:03 - 2018-07-24 15:04 - 000000000 ____D C:\Users\amd\AppData\Roaming\grdsvc
2018-07-21 16:33 - 2018-07-21 16:33 - 000302336 _____ C:\WINDOWS\ntbtlog.txt
2018-07-21 16:33 - 2018-07-21 16:33 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-07-21 16:28 - 2018-07-21 16:28 - 005930728 _____ (EnigmaSoft Limited) C:\Users\amd\Downloads\SpyHunter-Installer.exe
2018-07-21 04:11 - 2018-07-23 12:36 - 099090432 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-07-21 04:05 - 2018-07-21 04:11 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-07-21 00:48 - 2018-07-23 09:35 - 000002364 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-21 00:48 - 2018-07-23 09:34 - 000002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-21 00:41 - 2018-07-21 00:41 - 000003620 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-21 00:41 - 2018-07-21 00:41 - 000003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-21 00:35 - 2018-07-24 15:04 - 000004222 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{73890BB9-1793-49C2-B71C-CE9860C861B9}
2018-07-20 23:03 - 2018-07-20 23:03 - 000000314 _____ C:\Users\amd\Desktop\Fortnite.url
2018-07-20 02:36 - 2018-07-20 02:36 - 000000000 ____D C:\Users\amd\AppData\Local\CrashDumps
2018-07-19 03:24 - 2018-07-19 03:24 - 000002210 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2018-07-19 03:23 - 2018-07-19 03:23 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-07-19 03:23 - 2018-06-24 12:40 - 000132032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-07-19 03:22 - 2018-06-24 12:39 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-07-19 03:22 - 2018-06-24 12:31 - 005947520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 002612624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 001767360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 000633792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 000451144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 000124200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 000083424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-07-19 03:22 - 2018-06-20 07:52 - 008207422 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-07-19 03:21 - 2018-07-19 03:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-07-19 03:21 - 2018-06-25 14:26 - 000551840 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-07-19 03:21 - 2018-06-25 14:26 - 000457144 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 040346984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 035250256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 031244248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 013728120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 011273632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 004350040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 003760672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 002013784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439836.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001563392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001468448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439836.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001419200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001216872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001092360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 000749472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 000626616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 000608512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 000518208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 025961336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 017750344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 015165008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 004856232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 004126128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001356816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001347664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001157392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001063216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 000904720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 000814616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 000652344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 000634760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-07-19 03:15 - 2018-06-24 14:27 - 001688848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-07-19 03:15 - 2018-06-24 14:27 - 000227928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-07-19 03:15 - 2018-06-24 14:27 - 000068112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-07-19 03:15 - 2018-06-24 14:27 - 000047648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-07-19 03:15 - 2018-06-24 14:27 - 000044271 _____ C:\WINDOWS\system32\nvinfo.pb
2018-07-19 01:31 - 2018-07-19 01:31 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-19 01:31 - 2018-07-19 01:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2018-07-17 22:26 - 2018-07-17 22:26 - 000366538 _____ C:\Users\amd\Downloads\SOBRE RUEDAS-1.prproj
2018-07-17 22:24 - 2018-07-17 22:24 - 000041440 _____ C:\Users\amd\Downloads\corto dijusi 2016.veg
2018-07-16 21:09 - 2018-07-16 21:09 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:09 - 2018-07-16 21:09 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:09 - 2018-05-20 14:36 - 002496480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-07-16 21:09 - 2018-05-20 14:36 - 002164192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-07-16 21:09 - 2018-05-20 14:36 - 001312224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-07-16 21:08 - 2018-07-16 21:08 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-07-16 21:07 - 2018-03-15 05:47 - 000067432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-07-15 19:08 - 2018-07-23 09:25 - 000000000 ____D C:\Users\amd\AppData\Roaming\dtdump
2018-07-14 01:32 - 2018-05-16 21:18 - 000000916 _____ C:\Users\amd\Desktop\VLC media player.lnk
2018-07-13 14:48 - 2018-07-17 22:41 - 000000000 ____D C:\Users\amd\AppData\Local\ElevatedDiagnostics
2018-07-13 00:01 - 2018-07-13 00:01 - 000000000 __SHD C:\MSOCache
2018-07-13 00:01 - 2018-07-13 00:01 - 000000000 ___HD C:\Users\Public\Shared Files
2018-07-12 10:49 - 2018-07-12 10:49 - 001943805 _____ C:\Users\amd\Downloads\drive-download-20180712T134928Z-001.zip
2018-07-12 10:33 - 2018-07-12 10:33 - 000181871 _____ C:\Users\amd\Downloads\ESCENA 1.jpeg
2018-07-12 09:01 - 2018-06-28 22:13 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-07-12 09:01 - 2018-06-28 22:13 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-11 21:49 - 2018-07-06 11:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-11 21:49 - 2018-07-06 11:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-11 21:49 - 2018-07-06 11:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-11 21:49 - 2018-07-06 11:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-11 21:49 - 2018-07-06 11:15 - 002266520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-07-11 21:49 - 2018-07-06 11:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-11 21:49 - 2018-07-06 10:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-11 21:49 - 2018-07-06 10:53 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2018-07-11 21:49 - 2018-07-06 10:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-11 21:49 - 2018-07-06 10:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-11 21:49 - 2018-07-06 10:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-11 21:49 - 2018-07-06 10:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-11 21:49 - 2018-07-06 10:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-11 21:49 - 2018-07-06 10:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-11 21:49 - 2018-07-06 10:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-11 21:49 - 2018-07-06 10:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-11 21:49 - 2018-07-06 10:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-11 21:49 - 2018-07-06 10:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-11 21:49 - 2018-07-06 10:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-11 21:49 - 2018-07-06 10:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-11 21:49 - 2018-07-06 09:12 - 001539000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-07-11 21:49 - 2018-07-06 09:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-11 21:49 - 2018-07-06 08:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-11 21:49 - 2018-07-06 08:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-11 21:49 - 2018-07-06 08:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-11 21:49 - 2018-07-06 08:53 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2018-07-11 21:49 - 2018-07-06 08:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-11 21:49 - 2018-07-06 08:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-11 21:49 - 2018-07-06 08:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-11 21:49 - 2018-07-06 08:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-11 21:49 - 2018-07-06 08:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-11 21:49 - 2018-07-06 08:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-11 21:49 - 2018-07-06 08:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-11 21:49 - 2018-07-06 08:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-11 21:49 - 2018-07-06 08:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-11 21:49 - 2018-07-06 04:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-11 21:49 - 2018-07-06 04:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-11 21:49 - 2018-07-06 04:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-11 21:49 - 2018-07-06 04:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-11 21:49 - 2018-07-06 04:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-11 21:49 - 2018-07-06 04:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-11 21:49 - 2018-07-06 04:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-11 21:49 - 2018-07-06 04:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-11 21:49 - 2018-07-06 04:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-11 21:49 - 2018-07-06 04:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-11 21:49 - 2018-07-06 04:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-11 21:49 - 2018-07-06 04:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-11 21:49 - 2018-07-06 04:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-11 21:49 - 2018-07-06 04:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-11 21:49 - 2018-07-06 04:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-11 21:49 - 2018-07-06 04:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-11 21:49 - 2018-07-06 04:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-11 21:49 - 2018-07-06 04:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-11 21:49 - 2018-07-06 04:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-11 21:49 - 2018-07-06 04:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-11 21:49 - 2018-07-06 04:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-11 21:49 - 2018-07-06 04:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-11 21:49 - 2018-07-06 04:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-11 21:49 - 2018-07-06 04:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-11 21:49 - 2018-07-06 04:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-11 21:49 - 2018-07-06 04:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-11 21:49 - 2018-07-06 04:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-11 21:49 - 2018-07-06 04:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-11 21:49 - 2018-07-06 04:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-11 21:49 - 2018-07-06 04:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-11 21:49 - 2018-07-06 04:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-11 21:49 - 2018-07-06 04:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-11 21:49 - 2018-07-06 04:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-11 21:49 - 2018-07-06 04:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-11 21:49 - 2018-07-06 03:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-11 21:49 - 2018-07-06 03:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-11 21:49 - 2018-07-06 03:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-11 21:49 - 2018-07-06 03:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-11 21:49 - 2018-07-06 03:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-11 21:49 - 2018-07-06 03:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-11 21:49 - 2018-07-06 03:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-11 21:49 - 2018-07-06 02:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-11 21:49 - 2018-06-29 01:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-11 21:49 - 2018-06-15 14:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-11 21:49 - 2018-06-15 14:53 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-11 21:49 - 2018-06-15 14:53 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-11 21:49 - 2018-06-15 14:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-11 21:49 - 2018-06-15 14:49 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-11 21:49 - 2018-06-15 14:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-11 21:49 - 2018-06-15 14:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-11 21:49 - 2018-06-15 14:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-11 21:49 - 2018-06-15 14:34 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-11 21:49 - 2018-06-15 14:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-11 21:49 - 2018-06-15 14:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-11 21:49 - 2018-06-15 14:33 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-11 21:49 - 2018-06-15 14:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-11 21:49 - 2018-06-15 14:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-11 21:49 - 2018-06-15 14:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-11 21:49 - 2018-06-15 14:32 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2018-07-11 21:49 - 2018-06-15 14:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2018-07-11 21:49 - 2018-06-15 14:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-11 21:49 - 2018-06-15 14:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-11 21:49 - 2018-06-15 14:31 - 002193920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2018-07-11 21:49 - 2018-06-15 14:31 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-11 21:49 - 2018-06-15 14:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-11 21:49 - 2018-06-15 14:31 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-11 21:49 - 2018-06-15 14:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-11 21:49 - 2018-06-15 14:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-11 21:49 - 2018-06-15 14:30 - 001186816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2018-07-11 21:49 - 2018-06-15 14:30 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2018-07-11 21:49 - 2018-06-15 14:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-11 21:49 - 2018-06-15 14:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-11 21:49 - 2018-06-15 14:30 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-07-11 21:49 - 2018-06-15 14:30 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-07-11 21:49 - 2018-06-15 14:29 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-11 21:49 - 2018-06-15 14:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-11 21:49 - 2018-06-15 14:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-11 21:49 - 2018-06-15 14:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-11 21:49 - 2018-06-15 14:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-11 21:49 - 2018-06-15 14:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-11 21:49 - 2018-06-15 14:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-11 21:49 - 2018-06-15 14:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-11 21:49 - 2018-06-15 14:03 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2018-07-11 21:49 - 2018-06-15 14:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppCore.dll
2018-07-11 21:49 - 2018-06-15 12:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-11 21:49 - 2018-06-15 12:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-11 21:49 - 2018-06-15 12:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-11 21:49 - 2018-06-15 12:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-11 21:49 - 2018-06-15 12:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-11 21:49 - 2018-06-15 12:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-11 21:49 - 2018-06-15 12:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-11 21:49 - 2018-06-15 12:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-11 21:49 - 2018-06-15 12:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-11 21:49 - 2018-06-15 12:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-11 21:49 - 2018-06-15 12:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-11 21:49 - 2018-06-15 12:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-11 21:49 - 2018-06-15 12:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-11 21:49 - 2018-06-15 10:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-11 21:49 - 2018-06-15 04:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-11 21:49 - 2018-06-15 04:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-11 21:49 - 2018-06-15 04:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-11 21:49 - 2018-06-15 02:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-11 21:49 - 2018-06-15 02:21 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-11 21:49 - 2018-06-15 02:19 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-11 21:49 - 2018-06-15 02:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-11 21:49 - 2018-06-15 02:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-11 21:49 - 2018-06-15 02:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-11 21:49 - 2018-06-15 02:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-11 21:49 - 2018-06-15 02:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-11 21:49 - 2018-06-15 02:15 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-11 21:49 - 2018-06-15 02:13 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-11 21:49 - 2018-06-15 02:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-11 21:49 - 2018-06-15 02:11 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-11 21:49 - 2018-06-15 02:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-11 21:49 - 2018-06-15 02:10 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-11 21:49 - 2018-06-15 02:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-11 21:49 - 2018-06-15 02:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-11 21:49 - 2018-06-15 02:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-11 21:49 - 2018-06-15 02:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-11 21:49 - 2018-06-15 02:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-11 21:49 - 2018-06-15 02:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-11 21:49 - 2018-06-15 02:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-11 21:49 - 2018-06-15 02:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-11 21:49 - 2018-06-15 02:08 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-11 21:49 - 2018-06-15 02:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-11 21:49 - 2018-06-15 02:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-07-11 21:49 - 2018-06-15 02:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-11 21:49 - 2018-06-15 02:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-11 21:49 - 2018-06-15 02:07 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-11 21:49 - 2018-06-15 02:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-11 21:49 - 2018-06-15 02:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-11 21:49 - 2018-06-15 02:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-11 21:49 - 2018-06-15 01:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-11 21:49 - 2018-06-15 01:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-11 21:49 - 2018-06-15 01:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-11 21:49 - 2018-06-15 01:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-11 21:49 - 2018-06-15 01:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-11 21:49 - 2018-06-15 01:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-11 21:49 - 2018-06-15 01:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-11 21:49 - 2018-06-15 01:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-11 21:49 - 2018-06-15 01:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-11 21:49 - 2018-06-15 01:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-11 21:49 - 2018-06-15 01:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-11 21:49 - 2018-06-15 01:42 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-07-11 21:49 - 2018-06-15 01:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-11 21:49 - 2018-06-15 01:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-11 21:49 - 2018-06-15 01:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-11 21:49 - 2018-06-15 01:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-11 21:49 - 2018-06-15 01:37 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-11 21:49 - 2018-06-15 01:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-11 21:49 - 2018-06-15 01:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-11 21:49 - 2018-06-01 02:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-10 22:56 - 2018-07-10 22:56 - 000000000 ____D C:\Program Files\MjU2ZmY
2018-07-10 22:43 - 2018-07-10 22:53 - 000000000 ____D C:\Users\amd\AppData\Roaming\b1zpdchybea
2018-07-10 22:43 - 2018-07-10 22:45 - 000000000 ____D C:\Program Files\V7U7ES7IM0
2018-07-10 22:43 - 2018-07-10 22:45 - 000000000 ____D C:\Program Files\L47AI9SWWQ
2018-07-10 22:43 - 2018-07-10 22:44 - 000000000 ____D C:\Users\amd\AppData\Roaming\twh0ck0e53l
2018-07-10 22:43 - 2018-07-10 22:44 - 000000000 ____D C:\Users\amd\AppData\Roaming\imh4kbeearm
2018-07-10 22:42 - 2018-07-10 22:42 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2018-07-10 22:37 - 2018-07-22 02:11 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2018-07-10 22:37 - 2018-07-14 14:39 - 000000000 ____D C:\ProgramData\4e66ca30-7181-0
2018-07-10 22:37 - 2018-07-14 14:39 - 000000000 ____D C:\ProgramData\4e66ca30-3995-1
2018-07-10 22:37 - 2018-07-14 14:39 - 000000000 ____D C:\ProgramData\17d45ec2-6351-1
2018-07-10 22:37 - 2018-07-14 14:39 - 000000000 ____D C:\ProgramData\17d45ec2-3167-0
2018-07-10 22:37 - 2018-07-10 22:56 - 000000000 ____D C:\Users\amd\AppData\Roaming\jprjartygf3
2018-07-10 22:37 - 2018-07-10 22:56 - 000000000 ____D C:\Users\amd\AppData\Roaming\id0yinjkuy2
2018-07-10 22:37 - 2018-07-10 22:56 - 000000000 ____D C:\Users\amd\AppData\Roaming\fmnb0zfbxih
2018-07-10 22:37 - 2018-07-10 22:56 - 000000000 ____D C:\Users\amd\AppData\Local\cypjMERAky
2018-07-10 22:37 - 2018-07-10 22:56 - 000000000 ____D C:\Program Files\MG6JGM1UN9
2018-07-10 22:37 - 2018-07-10 22:56 - 000000000 ____D C:\Program Files\EX089URF8V
2018-07-10 22:37 - 2018-07-10 22:53 - 000000000 ____D C:\Users\amd\AppData\Roaming\zu4loayviyw
2018-07-10 22:37 - 2018-07-10 22:44 - 000000000 ____D C:\Program Files\Y4TBHSB5GU
2018-07-10 22:37 - 2018-07-10 22:37 - 001068032 _____ C:\WINDOWS\mwjbruagnvkvdqql.mwjbr
2018-07-10 22:37 - 2018-07-10 22:37 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2018-07-10 22:37 - 2018-07-10 22:37 - 000000000 ____D C:\Program Files\WinVPN
2018-07-10 22:36 - 2018-07-10 22:44 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-07-10 22:36 - 2018-07-10 22:44 - 000000000 ____D C:\Program Files (x86)\Housse
2018-07-10 22:36 - 2018-07-10 22:43 - 000000000 ____D C:\Program Files (x86)\ShutdownTime
2018-07-10 22:36 - 2018-07-10 22:36 - 001895382 _____ C:\Users\amd\AppData\Local\Sanhome.bin
2018-07-10 22:36 - 2018-07-10 22:36 - 000015606 _____ C:\WINDOWS\SysWOW64\findit.xml
2018-07-10 22:36 - 2018-07-10 22:36 - 000000000 ____D C:\Users\amd\AppData\Roaming\Mozilla
2018-07-10 22:36 - 2018-07-10 22:36 - 000000000 ____D C:\ProgramData\Quoteexs
2018-07-10 22:35 - 2018-07-10 22:40 - 000929792 _____ C:\Users\amd\AppData\Local\sham.db
2018-07-10 22:35 - 2018-07-10 22:35 - 007631872 _____ C:\Users\amd\AppData\Local\agent.dat
2018-07-10 22:35 - 2018-07-10 22:35 - 001989145 _____ C:\Users\amd\AppData\Local\Faxfind.tst
2018-07-10 22:35 - 2018-07-10 22:35 - 000278509 _____ C:\Users\amd\AppData\Local\Black-Job.tst
2018-07-10 22:35 - 2018-07-10 22:35 - 000140800 _____ C:\Users\amd\AppData\Local\installer.dat
2018-07-10 22:35 - 2018-07-10 22:35 - 000126464 _____ C:\Users\amd\AppData\Local\noah.dat
2018-07-10 22:35 - 2018-07-10 22:35 - 000070896 _____ C:\Users\amd\AppData\Local\Config.xml
2018-07-10 22:35 - 2018-07-10 22:35 - 000018432 _____ C:\Users\amd\AppData\Local\Main.dat
2018-07-10 22:35 - 2018-07-10 22:35 - 000016416 _____ C:\Users\amd\AppData\Local\InstallationConfiguration.xml
2018-07-10 22:35 - 2018-07-10 22:35 - 000005568 _____ C:\Users\amd\AppData\Local\md.xml
2018-07-10 22:35 - 2018-07-10 22:33 - 001810944 _____ (TODO: <Company name>) C:\Users\amd\AppData\Local\Faxfind.exe
2018-07-10 22:35 - 2018-07-10 22:33 - 001810944 _____ (TODO: <Company name>) C:\Users\amd\AppData\Local\Black-Job.exe
2018-07-10 22:33 - 2018-07-21 16:33 - 000000000 ____D C:\Users\amd\AppData\Local\XService
2018-07-10 22:33 - 2018-07-10 22:33 - 000003310 _____ C:\WINDOWS\System32\Tasks\ravbt
2018-07-10 22:33 - 2018-07-10 22:33 - 000000000 ____D C:\Users\amd\AppData\Roaming\twbnr
2018-07-10 22:33 - 2018-07-10 22:33 - 000000000 ____D C:\ProgramData\yahoochrome_D
2018-07-10 22:32 - 2018-07-14 17:33 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final
2018-07-10 22:32 - 2018-07-10 22:32 - 000003564 _____ C:\WINDOWS\System32\Tasks\SVC Update
2018-07-10 11:03 - 2018-07-10 11:03 - 000179278 _____ C:\Users\amd\Downloads\TECNICAS (1).pdf
2018-07-09 16:57 - 2018-07-09 16:57 - 002118144 _____ C:\WINDOWS\ZTI5NjJhOTlmYWY2YTY.exe
2018-07-09 16:57 - 2018-07-09 16:57 - 000210056 _____ C:\WINDOWS\system32\Drivers\ZmRjNzcxODQxYWNmODgw.sys
2018-07-09 16:57 - 2018-07-09 16:57 - 000096399 _____ C:\WINDOWS\uninstaller.dat
2018-07-09 15:26 - 2018-07-09 15:26 - 000179278 _____ C:\Users\amd\Downloads\TECNICAS.pdf
2018-07-09 06:23 - 2018-07-09 06:23 - 000193160 _____ (Nice Pulle Science and Technology Ltd.) C:\WINDOWS\system32\Drivers\powzip.sys
2018-07-01 19:54 - 2018-07-01 19:54 - 049232027 _____ C:\Users\amd\Downloads\Cap 12 clase .m4a
2018-06-30 21:48 - 2018-06-30 21:48 - 030474743 _____ C:\Users\amd\Downloads\Capitulo 11 clase.m4a
2018-06-27 22:09 - 2018-06-27 22:10 - 081951191 _____ C:\Users\amd\Downloads\vlc-record-2018-06-27-20h14m06s-dvd___-.mp4
2018-06-25 22:41 - 2018-07-02 19:07 - 000000000 ____D C:\Users\amd\AppData\LocalLow\BitTorrent
2018-06-25 21:19 - 2018-06-25 21:20 - 011259054 _____ C:\Users\amd\Downloads\vlc-record-2018-06-25-20h41m46s-dvd___-.zip
2018-06-25 20:40 - 2018-06-27 20:34 - 000000000 ____D C:\Users\amd\Desktop\Video Mama
2018-06-25 18:46 - 2018-06-25 18:46 - 034076823 _____ C:\Users\amd\Downloads\drive-download-20180625T214450Z-001.zip
2018-06-25 14:15 - 2018-06-25 14:15 - 000481175 _____ C:\Users\amd\Downloads\313-1049-1-PB.pdf
2018-06-24 20:11 - 2018-06-24 20:13 - 000000000 ____D C:\Users\amd\AppData\Local\PAYDAY 2
2018-06-24 13:45 - 2018-06-24 13:46 - 009356418 _____ C:\Users\amd\Downloads\nxcam_hxrnx100.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-24 15:04 - 2018-05-10 16:18 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-24 15:01 - 2018-06-10 20:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-24 15:01 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-23 12:36 - 2018-04-11 18:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-23 11:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-23 10:40 - 2018-05-10 15:33 - 000000000 ____D C:\Users\amd\AppData\Local\Packages
2018-07-23 10:23 - 2018-06-10 20:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-21 01:28 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-21 01:18 - 2018-06-10 20:18 - 001762872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-21 01:18 - 2018-04-12 13:21 - 000781218 _____ C:\WINDOWS\system32\perfh00A.dat
2018-07-21 01:18 - 2018-04-12 13:21 - 000152030 _____ C:\WINDOWS\system32\perfc00A.dat
2018-07-21 01:18 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-21 00:41 - 2018-05-10 16:06 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-21 00:37 - 2018-05-11 10:18 - 000000000 ____D C:\Program Files (x86)\OCCTPT
2018-07-20 22:32 - 2018-05-14 20:23 - 000000000 ____D C:\Program Files\Epic Games
2018-07-20 22:12 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-19 03:37 - 2018-06-10 20:18 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1830811996-1437030023-4132568959-1001
2018-07-19 03:37 - 2018-06-10 20:07 - 000002361 _____ C:\Users\amd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-19 03:37 - 2018-05-10 15:34 - 000000000 ___RD C:\Users\amd\OneDrive
2018-07-19 03:24 - 2018-05-10 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-07-19 03:24 - 2018-05-10 16:16 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-07-19 03:23 - 2018-05-10 16:15 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-07-19 03:22 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\Help
2018-07-19 03:21 - 2018-05-10 16:17 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-07-19 03:17 - 2018-05-10 16:19 - 000000000 ____D C:\Users\amd\AppData\Local\NVIDIA
2018-07-19 01:31 - 2018-05-13 22:08 - 000002580 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-19 01:29 - 2018-05-13 22:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-17 22:58 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-17 22:26 - 2018-05-16 21:18 - 000000000 ____D C:\Users\amd\AppData\Roaming\vlc
2018-07-16 21:13 - 2018-05-10 16:19 - 000000000 ____D C:\Users\amd\AppData\Local\NVIDIA Corporation
2018-07-16 21:08 - 2018-06-10 20:18 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-06-10 20:18 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-06-10 20:18 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-06-10 20:18 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 20:23 - 2018-05-10 17:44 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-16 02:40 - 2018-06-10 20:07 - 000000000 ____D C:\Users\amd
2018-07-13 17:04 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-12 23:33 - 2018-05-14 20:21 - 000000000 ____D C:\Users\amd\AppData\Local\UnrealEngine
2018-07-12 09:01 - 2018-06-10 20:03 - 005101584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-12 09:01 - 2018-05-10 15:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-12 09:01 - 2018-05-10 15:33 - 000000000 ___RD C:\Users\amd\3D Objects
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-11 22:48 - 2018-06-17 18:10 - 000000000 ____D C:\ProgramData\Packages
2018-07-11 21:07 - 2018-05-14 20:36 - 000000000 ____D C:\Users\amd\Desktop\MIS COSAS
2018-07-10 23:03 - 2018-05-13 22:04 - 000000000 ____D C:\Users\amd\AppData\Local\MicrosoftEdge
2018-07-10 22:30 - 2018-05-13 22:02 - 000000000 ____D C:\Program Files\KMSpico
2018-07-10 21:25 - 2018-05-10 15:49 - 000000000 ____D C:\Users\amd\AppData\Local\Comms
2018-07-10 20:44 - 2018-05-10 15:33 - 000000000 ____D C:\Users\amd\AppData\Local\ConnectedDevicesPlatform
2018-07-05 10:40 - 2018-05-23 10:54 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-07-02 23:21 - 2018-05-14 20:17 - 000000000 ____D C:\Users\amd\AppData\Roaming\BitTorrent
2018-07-01 00:07 - 2018-05-14 19:51 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-28 09:55 - 2018-06-15 19:00 - 000000000 ____D C:\Users\amd\AppData\Roaming\dvdcss
2018-06-26 21:06 - 2018-05-10 18:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 20:56 - 2018-05-10 16:19 - 000000000 ____D C:\Users\amd\AppData\Local\PlaceholderTileLogoFolder
2018-06-24 00:27 - 2018-05-10 16:17 - 000000000 ____D C:\ProgramData\Package Cache
 
==================== Files in the root of some directories =======
 
2018-07-10 22:35 - 2018-07-10 22:35 - 007631872 _____ () C:\Users\amd\AppData\Local\agent.dat
2018-07-10 22:35 - 2018-07-10 22:33 - 001810944 _____ (TODO: <Company name>) C:\Users\amd\AppData\Local\Black-Job.exe
2018-07-10 22:35 - 2018-07-10 22:35 - 000278509 _____ () C:\Users\amd\AppData\Local\Black-Job.tst
2018-07-10 22:35 - 2018-07-10 22:35 - 000070896 _____ () C:\Users\amd\AppData\Local\Config.xml
2018-07-10 22:35 - 2018-07-10 22:33 - 001810944 _____ (TODO: <Company name>) C:\Users\amd\AppData\Local\Faxfind.exe
2018-07-10 22:35 - 2018-07-10 22:35 - 001989145 _____ () C:\Users\amd\AppData\Local\Faxfind.tst
2018-07-10 22:35 - 2018-07-10 22:35 - 000016416 _____ () C:\Users\amd\AppData\Local\InstallationConfiguration.xml
2018-07-10 22:35 - 2018-07-10 22:35 - 000140800 _____ () C:\Users\amd\AppData\Local\installer.dat
2018-07-10 22:35 - 2018-07-10 22:35 - 000018432 _____ () C:\Users\amd\AppData\Local\Main.dat
2018-07-10 22:35 - 2018-07-10 22:35 - 000005568 _____ () C:\Users\amd\AppData\Local\md.xml
2018-07-10 22:35 - 2018-07-10 22:35 - 000126464 _____ () C:\Users\amd\AppData\Local\noah.dat
2018-07-10 22:36 - 2018-07-10 22:36 - 001895382 _____ () C:\Users\amd\AppData\Local\Sanhome.bin
2018-07-10 22:35 - 2018-07-10 22:40 - 000929792 _____ () C:\Users\amd\AppData\Local\sham.db
2018-07-10 22:36 - 2018-07-10 22:36 - 000032038 _____ () C:\Users\amd\AppData\Local\uninstall_temp.ico
 
Some files in TEMP:
====================
2018-07-19 03:16 - 2018-05-07 16:26 - 000394640 _____ (NVIDIA Corporation) C:\Users\amd\AppData\Local\Temp\nvStInst.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-10 20:03
 
==================== End of FRST.txt ============================

  • 0

#5
MrMatoke

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by Matoke (24-07-2018 15:08:18)
Running from C:\Users\amd\Downloads
Windows 10 Pro Version 1803 17134.165 (X64) (2018-06-10 23:19:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1830811996-1437030023-4132568959-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1830811996-1437030023-4132568959-503 - Limited - Disabled)
Invitado (S-1-5-21-1830811996-1437030023-4132568959-501 - Limited - Disabled)
Matoke (S-1-5-21-1830811996-1437030023-4132568959-1001 - Administrator - Enabled) => C:\Users\amd
WDAGUtilityAccount (S-1-5-21-1830811996-1437030023-4132568959-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Actualización de NVIDIA 31.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.2.0.0 - NVIDIA Corporation) Hidden
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe Animate CC 2015 (HKLM-x32\...\{8CEBC11D-C52F-11E5-A0D6-D44AB5E81A82}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Encore CS6 (HKLM-x32\...\{46251F95-B2F8-484A-9B5B-8C0E5A43A202}) (Version: 6.0.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD Ryzen Master (HKLM\...\{5A1CE077-7111-4C7D-A5C5-E210D4B68AD8}) (Version: 1.3.0.0623 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Balanced (HKLM-x32\...\{EFD0705E-598B-46D4-8D5B-4539431764B8}) (Version: 2.02.0000 - Nombre de su organización) Hidden
BitTorrent (HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\BitTorrent) (Version: 7.10.3.44495 - BitTorrent Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
ClamWin Free Antivirus 0.98.7 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0410 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
DMMultiView (HKLM-x32\...\{8EEBAD15-F3B7-468B-917F-97BBF6B1004B}) (Version:  - )
Epic Games Launcher (HKLM-x32\...\{79F5479A-BF71-4F4C-9C49-9D616AF923DE}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GeoVision ADPCM (HKLM-x32\...\GeoADPCM) (Version:  - )
GeoVision Audio (HKLM-x32\...\GeoAudio) (Version:  - )
GeoVision H264 (HKLM-x32\...\Codec_264) (Version:  - )
GeoVision JPEG (HKLM-x32\...\Codec_jpeg) (Version:  - )
GeoVision MJPG (HKLM-x32\...\Codec_MJPG) (Version:  - )
GeoVision MPEG4 (HKLM-x32\...\GEOXCodec) (Version:  - )
GeoVision MPEG4 ASP (HKLM-x32\...\Codec_amp4) (Version:  - )
GeoVision MPEG4 AVC (HKLM-x32\...\Codec_AVC) (Version:  - )
GeoVision MXPG (HKLM-x32\...\Codec_MXPG) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoPro Quik (HKLM\...\{855E73D9-1EC0-4914-98D1-FD1FC7E93870}) (Version: 0.1.780 - GoPro, Inc.) Hidden
GoPro Quik (HKLM-x32\...\{e2b0610c-a7ad-4330-87ba-c30a14ff17e7}) (Version: 2.6.1.780 - GoPro, Inc.)
K-Lite Codec Pack 10.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.10228.20134 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Controlador de 3D Vision 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.36 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.36 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Nombre de su organización)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.36 - NVIDIA Corporation) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
Vegas Pro 13.0 (64-bit) (HKLM\...\{3934F12E-091D-11E4-A0AD-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VidBlaster (HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\VidBlaster) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinVPN (HKLM\...\{4BB9D57D-4603-4C82-B314-B7A7254F2AEE}) (Version: 1.0.2 - WinSoft) Hidden
X264 (HKLM-x32\...\Codec_X264) (Version:  - )
XVID (HKLM-x32\...\Codec_XVID) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\Program Files (x86)\Total Video Converter\TVCShellExtx64.dll [2010-07-29] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-05-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-05-16] (Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-04-03] (Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-04-03] (Disc Soft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-05-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-05-16] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {074B9C73-9823-4F4E-8344-47297ABF102A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {0B418509-AD9F-4396-8967-4A69554D2F2E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {13EE18BC-8863-4D47-A11B-66DD05F977F8} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {14996975-8268-4AA2-9225-FF555DA507C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {20852031-E115-47CE-A511-E40B9B0151C5} - System32\Tasks\ravbt => C:\Users\amd\AppData\Roaming\twbnr\ravbt.vbs [2018-07-10] ()
Task: {26D1D219-3C67-4C6C-91AD-FC1D2F4FFB8C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {2A3E46A4-5658-4FBA-9E1F-FE3E5CEA08E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
Task: {34276272-4DD5-49E6-8401-A8109C63D488} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-05-20] (NVIDIA Corporation)
Task: {3A27B7E3-946E-41F0-9E51-5DA30F623B29} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {46A4B11E-936E-464E-85BA-BEB6166557A8} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {46F78853-6E37-426E-8B4A-9E896562E9EA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {4EB5D3ED-893E-4FFB-9725-0F4F39E54F2B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {59802F1B-D439-4674-BF33-04E28625723E} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {5B4F92E6-61AE-4682-B31B-CD13ABE2F287} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6BDB7AF3-F0D0-4657-810F-30E14A3A956E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {6F74F99D-2336-4C11-8B28-3F24F2D30454} - System32\Tasks\SVC Update => C:\WINDOWS\explorer.exe "hxxp://lktoday.ru" <==== ATTENTION
Task: {74AD65FC-79C3-4170-892E-1839AE7735C4} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-19] (Microsoft Corporation)
Task: {86AFB6B7-9FFC-480E-BAC1-AF3888160B37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
Task: {98797121-9190-4CF5-BD30-AE63BD2B2820} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {9916BE9A-884D-4CBD-85E0-AD2D8889230B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {A8DE0CF1-54E9-40B5-BA0A-1D2718414C96} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {B52D37BF-DC1D-4F9A-931D-7C7C5933AE86} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-13] (Microsoft Corporation)
Task: {C5BF9A08-7965-470F-A85B-BE3651106501} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-20] (NVIDIA Corporation)
Task: {CE306552-E2A6-4362-94F0-97D83C82C2B6} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {DBE46C90-54F5-4420-9D17-F502676C0CD6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-05-20] (NVIDIA Corporation)
Task: {EA79ED87-7635-4EB8-BCF0-D218CEF42F29} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-13] (Microsoft Corporation)
Task: {FE8A0F3D-2267-4D9E-9614-CC10BAA50857} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\amd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\amd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-06-10 22:28 - 2018-06-10 22:28 - 001180160 _____ () C:\Program Files\WinVPN\inetdrv.exe
2018-07-09 16:57 - 2018-07-09 16:57 - 000963456 _____ () C:\Program Files\MjU2ZmY\NTM4NWVlNG.exe
2018-07-16 21:08 - 2018-05-20 14:36 - 001315296 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-06-08 10:42 - 2018-06-08 10:42 - 000012288 _____ () C:\Program Files\WinVPN\wpsvc.exe
2018-04-11 20:34 - 2018-04-11 20:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-06-16 16:42 - 2018-06-08 06:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-06-16 16:42 - 2018-06-08 06:31 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-07-16 20:37 - 2018-07-16 20:37 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-16 20:37 - 2018-07-16 20:37 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-16 20:37 - 2018-07-16 20:38 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-16 20:37 - 2018-07-16 20:37 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-16 20:37 - 2018-07-16 20:37 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-14 02:44 - 2018-07-14 02:44 - 004483072 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DiscSoft.NET.Common\7a74af7991087a618ce790c1a73f6a5f\DiscSoft.NET.Common.ni.dll
2018-07-14 02:45 - 2018-07-14 02:45 - 003039744 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DotNetCommon\19a7420818774d85bb838ddb1712707a\DotNetCommon.ni.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 005471232 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2018-07-11 21:49 - 2018-06-15 01:36 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 005082112 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2018-04-26 17:34 - 2018-04-26 17:34 - 000038328 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2018-07-16 21:08 - 2018-05-20 14:36 - 095437792 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-07-16 21:08 - 2018-05-20 14:36 - 003029472 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-07-16 21:08 - 2018-05-20 14:36 - 000149984 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-07-21 00:48 - 2018-06-22 16:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-07-21 00:48 - 2018-06-22 16:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-07-10 22:37 - 2018-07-10 22:37 - 001068032 _____ () C:\WINDOWS\mwjbruagnvkvdqql.mwjbr
2018-05-10 16:18 - 2018-05-20 14:36 - 001033184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-05-13 21:51 - 2005-02-08 18:23 - 000979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2018-05-13 21:51 - 2004-11-20 04:27 - 000069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2018-05-13 21:51 - 2004-10-11 21:21 - 000094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2018-05-13 21:51 - 2004-05-25 22:18 - 000057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2018-05-13 21:51 - 2004-05-25 22:18 - 000049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2018-05-13 21:51 - 2004-05-25 22:18 - 000495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2018-05-13 21:51 - 2004-05-25 22:20 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2018-05-13 21:51 - 2004-10-11 21:22 - 000315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2018-05-13 21:51 - 2004-11-20 04:27 - 000106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2018-05-13 21:51 - 2004-01-15 15:45 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2018-05-13 21:51 - 2003-10-01 14:40 - 002240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2018-05-13 21:51 - 2003-10-01 12:43 - 003239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2018-05-13 21:51 - 2003-08-10 10:14 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2018-05-13 21:51 - 2004-05-25 22:17 - 000622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2018-05-13 21:51 - 2004-05-25 22:19 - 000045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [466]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 10:46 - 2018-07-10 22:37 - 002097781 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
5.149.252.98 www.gstatic.com
5.149.252.98 www.google-analytics.com
5.149.252.98 adservice.google.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\amd\Desktop\MIS COSAS\FOTOS\eclipse-solar-desde-espacio-5303c998cd1c9.jpg
DNS Servers: 100.72.3.109 - 100.72.3.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_75BED9BC4FE28DE71792C715C05373CF"
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\StartupApproved\Run: => "5GJH4B4PT9PENBZ"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{88E3E29D-109F-46CA-8ABB-4FAC74DE9764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{232BF066-6AFA-4FB6-8B8C-258FD2AA095C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{967A078C-2787-4857-AEC4-DDEB46BA97D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{44A7BF63-3ACC-4849-AA77-8872FFE74435}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{B298653C-6BAB-4CCA-B65C-37F519AEFE6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe
FirewallRules: [{E2D48BAC-D002-4319-9A43-B7D6B9C52F95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe
FirewallRules: [{8E94CEDE-325F-40E0-B4A5-7EC859D283B1}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{CB1DEDE9-CF93-4715-A1C3-D7AADC51287E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{7197B44B-2563-4E30-B626-2583CDE2BF21}] => (Allow) LPort=1688
FirewallRules: [{C12170D5-FE4C-47A9-9B16-47AE0E1DCEAC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{A1CCF4F0-1FD9-4EA2-A8A3-61ABFAD0194A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{46C1F681-5175-4812-A704-0A018D087A0F}C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{CB8558D1-FF69-4771-986A-C2983A7D5446}C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{A4D6B4EE-7047-43BC-909B-5FF1F4911A6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{D015CD49-13BE-4A89-BA7C-828AFA56A527}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{5DAFBFA5-8A8F-4773-BF75-7B6D123C593D}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{C9725F0F-0625-4FA0-85EB-FBF7A38DCE1E}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{41A40A2A-E44C-44AD-A93A-4446FB8E4CA9}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{CE208CB7-FEB1-4606-A637-A1C014A852E8}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe
FirewallRules: [UDP Query User{C0A02348-D406-4393-8DAB-A47F8250E9BF}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{212AADF3-0D7A-4B97-BD5E-D558EFAA8095}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{CAC2B27A-6F9D-41B6-8986-25D9E88D4F44}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3619F6DB-09BC-4709-9F36-6AF287EC7F51}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{31032BAD-1FB8-4D89-86C7-7CBF9CE10001}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{3EF15DF0-2E4C-4BD5-ABFD-FAAD5FA28EE9}C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{C1D3B3D8-0520-4EC6-BD87-157489A4E2C5}C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{1986FD76-61B9-48EB-90E8-50AB87B518ED}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{C7410143-03D1-4CB0-B8BE-5CF6D10EA1C9}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{BFE94E1D-B42B-4799-B60B-6336E3F01D1F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{14BC1D4B-28B3-4AD0-A3EA-97B954B29A81}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{881E906A-2F74-49C0-AAA0-5BE6EF13ABD7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BDE08CFB-A8A7-4776-B108-37791A672AEB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D3BC73DD-4794-4CA4-B22F-4FEF12DC5665}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC017309-7C26-4359-A151-1AE1D766CC4D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B0A0A887-684E-45D7-BF21-CD5D9C18E7A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1EE555D1-361E-40E1-960E-5242CBF45DB8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A79FEC8E-8608-44A5-B830-50A08F9E4100}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
FirewallRules: [TCP Query User{378DBA21-D185-4130-9A42-F11651F8C453}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{B074AF06-8527-4F30-BDCE-8D9CE60A0D53}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{DA11FE6F-E914-4873-AFE5-297597BB43C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{2F6A9682-729C-418B-93A2-E615DEB4DC7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{CB3F23E2-5A54-40B3-BAF2-DCBC60FD273E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{70723222-7F58-42CC-B8A5-918E7286FB4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D57043B8-7AB8-49A0-8243-ADF770A2B30C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{565B55D3-DF80-4157-9FB2-13114E6FD59E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DD9E286F-A222-41C1-A22B-C83B69BD5E78}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD02882D-50A2-4C61-B9FE-DDB64138E515}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{73087F32-2BC1-47E2-915E-6ABC1EF98E8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5C27A3D1-B2E9-4255-976A-A7D699C045E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{523A9CE0-21E9-4BB9-9265-825AD07630BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FE7CD51C-C9EC-4FD4-92DC-837F2E488155}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5D539D63-C976-4325-AD13-6B9ABF51097F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{AB4D714C-311B-48FB-ABA6-F627127BE69F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7752A647-8395-435F-B743-04FCA460CCD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B86DB1F4-7334-4E33-9C35-CA679EE45517}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E8B221D8-C7A2-4037-8FB3-8CB60CDAE9A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{C98FA12F-FB51-44C5-B43C-C56EC7B6CA33}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{940227FA-8FDA-42D7-8A86-621A79BC3ACF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-07-2018 22:42:02 Removed NativeDesktopMediaService
21-07-2018 02:02:05 Punto de control programado
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/24/2018 03:03:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: desktop117.exe, versión: 1.0.0.11, marca de tiempo: 0x5b029b40
Nombre del módulo con errores: desktop117.exe, versión: 1.0.0.11, marca de tiempo: 0x5b029b40
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x0001578c
Identificador del proceso con errores: 0xd04
Hora de inicio de la aplicación con errores: 0x01d423784925c449
Ruta de acceso de la aplicación con errores: C:\ProgramData\yahoochrome_D\desktop117.exe
Ruta de acceso del módulo con errores: C:\ProgramData\yahoochrome_D\desktop117.exe
Identificador del informe: a34a77bf-d25d-46a9-b68d-9eccbaf66b05
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:
 
Error: (07/23/2018 09:17:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: desktop117.exe, versión: 1.0.0.11, marca de tiempo: 0x5b029b40
Nombre del módulo con errores: desktop117.exe, versión: 1.0.0.11, marca de tiempo: 0x5b029b40
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x0001578c
Identificador del proceso con errores: 0xd68
Hora de inicio de la aplicación con errores: 0x01d4227ec57f4d65
Ruta de acceso de la aplicación con errores: C:\ProgramData\yahoochrome_D\desktop117.exe
Ruta de acceso del módulo con errores: C:\ProgramData\yahoochrome_D\desktop117.exe
Identificador del informe: ca08fbdb-398b-426d-a155-18c1b609047e
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:
 
Error: (07/22/2018 03:28:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: desktop117.exe, versión: 1.0.0.11, marca de tiempo: 0x5b029b40
Nombre del módulo con errores: desktop117.exe, versión: 1.0.0.11, marca de tiempo: 0x5b029b40
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x0001578c
Identificador del proceso con errores: 0xdd0
Hora de inicio de la aplicación con errores: 0x01d421e97650bb3d
Ruta de acceso de la aplicación con errores: C:\ProgramData\yahoochrome_D\desktop117.exe
Ruta de acceso del módulo con errores: C:\ProgramData\yahoochrome_D\desktop117.exe
Identificador del informe: 7b0af976-264e-4b2c-ad23-c52b1caaf70f
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:
 
Error: (07/21/2018 04:37:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: desktop117.exe, versión: 1.0.0.11, marca de tiempo: 0x5b029b40
Nombre del módulo con errores: desktop117.exe, versión: 1.0.0.11, marca de tiempo: 0x5b029b40
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x0001578c
Identificador del proceso con errores: 0xdb8
Hora de inicio de la aplicación con errores: 0x01d4212a0b948bcc
Ruta de acceso de la aplicación con errores: C:\ProgramData\yahoochrome_D\desktop117.exe
Ruta de acceso del módulo con errores: C:\ProgramData\yahoochrome_D\desktop117.exe
Identificador del informe: 81b58cca-a766-4d3c-835e-d4e36b5629ee
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:
 
Error: (07/21/2018 01:28:33 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: inetdrv.exe, versión: 0.0.0.0, marca de tiempo: 0x5b1d58b5
Nombre del módulo con errores: ntdll.dll, versión: 10.0.17134.165, marca de tiempo: 0x845de87a
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00022e19
Identificador del proceso con errores: 0xc44
Hora de inicio de la aplicación con errores: 0x01d420a90b6e51e2
Ruta de acceso de la aplicación con errores: C:\Program Files\WinVPN\inetdrv.exe
Ruta de acceso del módulo con errores: C:\WINDOWS\SYSTEM32\ntdll.dll
Identificador del informe: a1c8ab2e-59a3-4b75-85b8-8411b15faa38
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:
 
Error: (07/21/2018 01:14:39 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: desktop117.exe, versión: 1.0.0.11, marca de tiempo: 0x5b029b40
Nombre del módulo con errores: desktop117.exe, versión: 1.0.0.11, marca de tiempo: 0x5b029b40
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x0001578c
Identificador del proceso con errores: 0xd30
Hora de inicio de la aplicación con errores: 0x01d420a90b721ad5
Ruta de acceso de la aplicación con errores: C:\ProgramData\yahoochrome_D\desktop117.exe
Ruta de acceso del módulo con errores: C:\ProgramData\yahoochrome_D\desktop117.exe
Identificador del informe: 7461d322-a0a7-48e9-98c9-87370b1bfe3d
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:
 
Error: (07/21/2018 12:47:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: desktop117.exe, versión: 1.0.0.11, marca de tiempo: 0x5b029b40
Nombre del módulo con errores: desktop117.exe, versión: 1.0.0.11, marca de tiempo: 0x5b029b40
Código de excepción: 0xc0000409
Desplazamiento de errores: 0x0001578c
Identificador del proceso con errores: 0xd94
Hora de inicio de la aplicación con errores: 0x01d420a54e59b201
Ruta de acceso de la aplicación con errores: C:\ProgramData\yahoochrome_D\desktop117.exe
Ruta de acceso del módulo con errores: C:\ProgramData\yahoochrome_D\desktop117.exe
Identificador del informe: 8a62be3f-02bc-4744-ad40-c9a23fe1fe36
Nombre completo del paquete con errores: 
Identificador de aplicación relativa del paquete con errores:
 
Error: (07/20/2018 04:07:13 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Error al generar el contexto de activación para "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Error en el archivo de manifiesto o directiva "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" en la línea 1.
La identidad de componente encontrada en el manifiesto no coincide con la del componente solicitado.
La referencia es UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
La definición es UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Use sxstrace.exe para obtener un diagnóstico detallado.
 
 
System errors:
=============
Error: (07/24/2018 03:07:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4LAFI5B)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (07/24/2018 03:05:15 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4LAFI5B)
Description: El servidor {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (07/24/2018 03:04:47 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4LAFI5B)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-4LAFI5B\Matoke con SID (S-1-5-21-1830811996-1437030023-4132568959-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (07/24/2018 03:03:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (07/24/2018 03:03:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (07/24/2018 03:03:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (07/24/2018 03:03:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (07/24/2018 03:03:16 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: El servicio saiyi technology limit se terminó de manera inesperada. Esto ha sucedido 1 veces.
 
 
Windows Defender:
===================================
Date: 2018-07-22 19:42:44.718
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {5C5A683C-E423-4ECB-B4DD-60B9945759D9}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
 
Date: 2018-07-22 19:31:33.831
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {D6835CBE-3DAF-480E-B184-818C6F6B6BFD}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
 
Date: 2018-07-22 15:41:52.403
Description: 
El examen de Antivirus de Windows Defender se detuvo antes de completarse.
Id. de examen: {A9DFF9CC-E5A5-4550-94EB-6C83297790AF}
Tipo de examen: Antimalware
Parámetros de examen: Examen rápido
Usuario: NT AUTHORITY\SYSTEM
 
Date: 2018-07-21 16:30:36.277
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
Nombre: Trojan:Win32/Occamy.C
Id.: 2147726780
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\amd\AppData\Local\XService\XService.dll
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\SysWOW64\svchost.exe
Versión de firma: AV: 1.273.122.0, AS: 1.273.122.0, NIS: 1.273.122.0
Versión de motor: AM: 1.1.15100.1, NIS: 1.1.15100.1
 
Date: 2018-07-21 16:30:36.153
Description: 
Antivirus de Windows Defender detectó malware u otro software potencialmente no deseado.
Para obtener más información consulte lo siguiente:
Nombre: Trojan:Win32/Occamy.C
Id.: 2147726780
Gravedad: Grave
Categoría: Caballo de Troya
Ruta de acceso: file:_C:\Users\amd\AppData\Local\XService\XService.dll
Origen de detección: Equipo local
Tipo de detección: FastPath
Fuente de detección: Protección en tiempo real
Usuario: NT AUTHORITY\SYSTEM
Nombre de proceso: C:\Windows\SysWOW64\svchost.exe
Versión de firma: AV: 1.273.122.0, AS: 1.273.122.0, NIS: 1.273.122.0
Versión de motor: AM: 1.1.15100.1, NIS: 1.1.15100.1
 
Date: 2018-07-21 16:33:26.036
Description: 
La característica Protección en tiempo real de Antivirus de Windows Defender encontró un error:
Característica: Durante el acceso
Código de error: 0x8007043c
Descripción del error: El servicio no puede iniciarse en modo a prueba de errores 
Motivo: La protección antimalware dejó de funcionar por motivos desconocidos. En algunos casos, reiniciar el servicio puede que resuelva el problema.
 
Date: 2018-07-14 02:05:21.257
Description: 
Antivirus de Windows Defender encontró un error al intentar actualizar las firmas.
Nueva versión de firma: 
Versión de firma anterior: 1.271.978.0
Origen de actualización: Servidor de Microsoft Update
Tipo de firma: AntiVirus
Tipo de actualización: Completa
Usuario: NT AUTHORITY\SYSTEM
Versión de motor actual: 
Versión de motor anterior: 1.1.15000.2
Código de error: 0x80240438
Descripción del error: Se produjo un problema inesperado mientras se buscaban actualizaciones. Para obtener más información sobre cómo instalar o solucionar problemas en las actualizaciones, consulta Ayuda y soporte técnico. 
 
==================== Memory info =========================== 
 
Processor: AMD Ryzen 7 1700 Eight-Core Processor 
Percentage of memory in use: 36%
Total physical RAM: 8124 MB
Available physical RAM: 5132.07 MB
Total Virtual: 12092 MB
Available Virtual: 8057.04 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.91 GB) (Free:681.29 GB) NTFS
 
\\?\Volume{232ffcd7-c3e0-4d2a-87fa-f0a4133550f4}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
\\?\Volume{48d798ba-c390-4088-a209-866139d7c711}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{8965400f-570f-11e8-929b-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{89654031-570f-11e8-929b-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{d993b2da-5716-11e8-929c-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{a91aeb05-5910-11e8-92a1-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{ababae44-639b-11e8-92a7-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{ababae47-639b-11e8-92a7-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{ababae49-639b-11e8-92a7-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{7f281cfe-72ea-11e8-92b1-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{7f281d02-72ea-11e8-92b1-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EA3C124C)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

No need to PM me when you post.  I get an email.  I'm just not always on line so expect a delay before I get back to you.

 

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 


  • 0

#7
MrMatoke

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

No need to PM me when you post.  I get an email.  I'm just not always on line so expect a delay before I get back to you.

 

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

FIXLOG

Fix result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by Matoke (25-07-2018 00:27:00) Run:1
Running from C:\Users\amd\Downloads
Loaded Profiles: Matoke (Available Profiles: Matoke)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CMD: Type C:\Users\amd\AppData\Roaming\twbnr\ravbt.vbs
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [5GJH4B4PT9PENBZ] => "C:\Program Files (x86)\ShutdownTime\AMKL5.exe"
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [GoogleChromeAutoLaunch_75BED9BC4FE28DE71792C715C05373CF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568 2018-06-22] (Google Inc.)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHhI8J8aInErgE7xdslq-PtG7be0E1PeUZSAqkGnzX2fKYuNPJVwuxmFa_2ljjAKqYTs0__ceWtT-R6P1LcWVhKWRC1r3SchMfrR1r6e9gaYZukVYY0-V8bYUqylE-BJTBFHftuXCFMrzVQD-F2EPQITHgiufaNPCmL7DWKc8mQR&q={searchTerms}
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://feed.helperbar.com/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHhI8J8aInErgE7xdslq-PtG7be0E1PeUZSAqkGnzX2fKYuNPJVwuxmFa_2ljjAKqYTs0__ceWtT-R6Du-6ILjhmfADyjYSgK7zEDUu6qLLni98iVBZBpUb3RlHcF0cq0oX_Geg2cgRpl0OXVbZXBXIaaF4GkrLDxUBVe1SYqqvQ
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHhI8J8aInErgE7xdslq-PtG7be0E1PeUZSAqkGnzX2fKYuNPJVwuxmFa_2ljjAKqYTs0__ceWtT-R6P1LcWVhKWRC1r3SchMfrR1r6e9gaYZukVYY0-V8bYUqylE-BJTBFHftuXCFMrzVQD-F2EPQITHgiufaNPCmL7DWKc8mQR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1830811996-1437030023-4132568959-1001 -> DefaultScope {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHhI8J8aInErgE7xdslq-PtG7be0E1PeUZSAqkGnzX2fKYuNPJVwuxmFa_2ljjAKqYTs0__ceWtT-R6P1LcWVhKWRC1r3SchMfrR1r6e9gaYZukVYY0-V8bYUqylE-BJTBFHftuXCFMrzVQD-F2EPQITHgiufaNPCmL7DWKc8mQR&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1830811996-1437030023-4132568959-1001 -> {ielnksrch} URL = hxxps://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoHhI8J8aInErgE7xdslq-PtG7be0E1PeUZSAqkGnzX2fKYuNPJVwuxmFa_2ljjAKqYTs0__ceWtT-R6P1LcWVhKWRC1r3SchMfrR1r6e9gaYZukVYY0-V8bYUqylE-BJTBFHftuXCFMrzVQD-F2EPQITHgiufaNPCmL7DWKc8mQR&q={searchTerms}
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425245053&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1425245053&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245","hxxp://www.mystartsearch.com/?type=hppp&ts=1425245075&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245"
R2 INetDriverSvc; C:\Program Files\WinVPN\inetdrv.exe [1180160 2018-06-10] () [File not signed]
R2 MjU2ZmY; C:\Program Files\MjU2ZmY\NTM4NWVlNG.exe [963456 2018-07-09] ()
R2 WinPing; C:\Program Files\WinVPN\wpsvc.exe [12288 2018-06-08] () [File not signed]
R2 MTQ3Nz; rundll32.exe C:\WINDOWS\mwjbruagnvkvdqql.mwjbr MWcGUpTR [X]
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [X]
R1 ZmRjNzcxODQxYWNmODgw; C:\WINDOWS\System32\drivers\ZmRjNzcxODQxYWNmODgw.sys [210056 2018-07-09] ()
R1 powzip; C:\WINDOWS\System32\drivers\powzip.sys [193160 2018-07-09] (Nice Pulle Science and Technology Ltd.)
2018-07-21 16:28 - 2018-07-21 16:28 - 005930728 _____ (EnigmaSoft Limited) C:\Users\amd\Downloads\SpyHunter-Installer.exe
2018-07-15 19:08 - 2018-07-23 09:25 - 000000000 ____D C:\Users\amd\AppData\Roaming\dtdump
2018-07-10 22:56 - 2018-07-10 22:56 - 000000000 ____D C:\Program Files\MjU2ZmY
2018-07-10 22:43 - 2018-07-10 22:53 - 000000000 ____D C:\Users\amd\AppData\Roaming\b1zpdchybea
2018-07-10 22:43 - 2018-07-10 22:45 - 000000000 ____D C:\Program Files\V7U7ES7IM0
2018-07-10 22:43 - 2018-07-10 22:45 - 000000000 ____D C:\Program Files\L47AI9SWWQ
2018-07-10 22:43 - 2018-07-10 22:44 - 000000000 ____D C:\Users\amd\AppData\Roaming\twh0ck0e53l
2018-07-10 22:43 - 2018-07-10 22:44 - 000000000 ____D C:\Users\amd\AppData\Roaming\imh4kbeearm
2018-07-10 22:42 - 2018-07-10 22:42 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2018-07-10 22:37 - 2018-07-22 02:11 - 000000000 ____D C:\WINDOWS\SysWOW64\SSL
2018-07-10 22:37 - 2018-07-14 14:39 - 000000000 ____D C:\ProgramData\4e66ca30-7181-0
2018-07-10 22:37 - 2018-07-14 14:39 - 000000000 ____D C:\ProgramData\4e66ca30-3995-1
2018-07-10 22:37 - 2018-07-14 14:39 - 000000000 ____D C:\ProgramData\17d45ec2-6351-1
2018-07-10 22:37 - 2018-07-14 14:39 - 000000000 ____D C:\ProgramData\17d45ec2-3167-0
2018-07-10 22:37 - 2018-07-10 22:56 - 000000000 ____D C:\Users\amd\AppData\Roaming\jprjartygf3
2018-07-10 22:37 - 2018-07-10 22:56 - 000000000 ____D C:\Users\amd\AppData\Roaming\id0yinjkuy2
2018-07-10 22:37 - 2018-07-10 22:56 - 000000000 ____D C:\Users\amd\AppData\Roaming\fmnb0zfbxih
2018-07-10 22:37 - 2018-07-10 22:56 - 000000000 ____D C:\Users\amd\AppData\Local\cypjMERAky
2018-07-10 22:37 - 2018-07-10 22:56 - 000000000 ____D C:\Program Files\MG6JGM1UN9
2018-07-10 22:37 - 2018-07-10 22:56 - 000000000 ____D C:\Program Files\EX089URF8V
2018-07-10 22:37 - 2018-07-10 22:53 - 000000000 ____D C:\Users\amd\AppData\Roaming\zu4loayviyw
2018-07-10 22:37 - 2018-07-10 22:44 - 000000000 ____D C:\Program Files\Y4TBHSB5GU
2018-07-10 22:37 - 2018-07-10 22:37 - 001068032 _____ C:\WINDOWS\mwjbruagnvkvdqql.mwjbr
2018-07-10 22:37 - 2018-07-10 22:37 - 000000000 ____D C:\Users\Public\Documents\XMUpdate
2018-07-10 22:37 - 2018-07-10 22:37 - 000000000 ____D C:\Program Files\WinVPN
2018-07-10 22:36 - 2018-07-10 22:44 - 000000000 ____D C:\ProgramData\Logic Cramble
2018-07-10 22:36 - 2018-07-10 22:44 - 000000000 ____D C:\Program Files (x86)\Housse
2018-07-10 22:36 - 2018-07-10 22:43 - 000000000 ____D C:\Program Files (x86)\ShutdownTime
2018-07-10 22:36 - 2018-07-10 22:36 - 001895382 _____ C:\Users\amd\AppData\Local\Sanhome.bin
2018-07-10 22:36 - 2018-07-10 22:36 - 000015606 _____ C:\WINDOWS\SysWOW64\findit.xml
2018-07-10 22:36 - 2018-07-10 22:36 - 000000000 ____D C:\Users\amd\AppData\Roaming\Mozilla
2018-07-10 22:36 - 2018-07-10 22:36 - 000000000 ____D C:\ProgramData\Quoteexs
2018-07-10 22:35 - 2018-07-10 22:40 - 000929792 _____ C:\Users\amd\AppData\Local\sham.db
2018-07-10 22:35 - 2018-07-10 22:35 - 007631872 _____ C:\Users\amd\AppData\Local\agent.dat
2018-07-10 22:35 - 2018-07-10 22:35 - 001989145 _____ C:\Users\amd\AppData\Local\Faxfind.tst
2018-07-10 22:35 - 2018-07-10 22:35 - 000278509 _____ C:\Users\amd\AppData\Local\Black-Job.tst
2018-07-10 22:35 - 2018-07-10 22:35 - 000140800 _____ C:\Users\amd\AppData\Local\installer.dat
2018-07-10 22:35 - 2018-07-10 22:35 - 000126464 _____ C:\Users\amd\AppData\Local\noah.dat
2018-07-10 22:35 - 2018-07-10 22:35 - 000070896 _____ C:\Users\amd\AppData\Local\Config.xml
2018-07-10 22:35 - 2018-07-10 22:35 - 000018432 _____ C:\Users\amd\AppData\Local\Main.dat
2018-07-10 22:35 - 2018-07-10 22:35 - 000016416 _____ C:\Users\amd\AppData\Local\InstallationConfiguration.xml
2018-07-10 22:35 - 2018-07-10 22:35 - 000005568 _____ C:\Users\amd\AppData\Local\md.xml
2018-07-10 22:35 - 2018-07-10 22:33 - 001810944 _____ (TODO: <Company name>) C:\Users\amd\AppData\Local\Faxfind.exe
2018-07-10 22:35 - 2018-07-10 22:33 - 001810944 _____ (TODO: <Company name>) C:\Users\amd\AppData\Local\Black-Job.exe
2018-07-10 22:33 - 2018-07-21 16:33 - 000000000 ____D C:\Users\amd\AppData\Local\XService
2018-07-10 22:33 - 2018-07-10 22:33 - 000003310 _____ C:\WINDOWS\System32\Tasks\ravbt
2018-07-10 22:33 - 2018-07-10 22:33 - 000000000 ____D C:\Users\amd\AppData\Roaming\twbnr
2018-07-10 22:33 - 2018-07-10 22:33 - 000000000 ____D C:\ProgramData\yahoochrome_D
2018-07-10 22:32 - 2018-07-14 17:33 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final
2018-07-10 22:32 - 2018-07-10 22:32 - 000003564 _____ C:\WINDOWS\System32\Tasks\SVC Update
2018-07-09 16:57 - 2018-07-09 16:57 - 002118144 _____ C:\WINDOWS\ZTI5NjJhOTlmYWY2YTY.exe
2018-07-09 16:57 - 2018-07-09 16:57 - 000210056 _____ C:\WINDOWS\system32\Drivers\ZmRjNzcxODQxYWNmODgw.sys   
Task: {20852031-E115-47CE-A511-E40B9B0151C5} - System32\Tasks\ravbt => C:\Users\amd\AppData\Roaming\twbnr\ravbt.vbs [2018-07-10] ()
Task: {6F74F99D-2336-4C11-8B28-3F24F2D30454} - System32\Tasks\SVC Update => C:\WINDOWS\explorer.exe "hxxp://lktoday.ru" <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
AlternateDataStreams: C:\Users\Public\AppData:CSM [484]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [466]
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\StartupApproved\Run: => "5GJH4B4PT9PENBZ" 
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_75BED9BC4FE28DE71792C715C05373CF"
C:\Users\amd\AppData\Local\XService
WinVPN (HKLM\...\{4BB9D57D-4603-4C82-B314-B7A7254F2AEE}) (Version: 1.0.2 - WinSoft) Hidden
EmptyTemp:
Reboot:
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
 
 
 
 
 
 
 
 
 
 
 
 
 
*****************
 
Processes closed successfully.
 
========= Type C:\Users\amd\AppData\Roaming\twbnr\ravbt.vbs =========
 
set absipjn=CreateObject("WScript.Shell")
rmxvzyg=absipjn.Run ("C:\Users\amd\AppData\Roaming\twbnr\ccruo.vbs", 0, true)
Do While rmxvzyg<0
Loop
rmxvzyg=absipjn.Run ("C:\Users\amd\AppData\Roaming\twbnr\ggkeo.vbs", 0, true)
 
========= End of CMD: =========
 
"HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\Software\Microsoft\Windows\CurrentVersion\Run\\5GJH4B4PT9PENBZ" => removed successfully
"HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_75BED9BC4FE28DE71792C715C05373CF" => removed successfully
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => removed successfully
HKLM\Software\Wow6432Node\Classes\CLSID\ielnksrch => not found
"HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully
"HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => removed successfully
HKLM\Software\Classes\CLSID\{ielnksrch} => not found
"Chrome HomePage" => removed successfully
"Chrome StartupUrls" => removed successfully
"HKLM\System\CurrentControlSet\Services\INetDriverSvc" => removed successfully
INetDriverSvc => service removed successfully
"HKLM\System\CurrentControlSet\Services\MjU2ZmY" => removed successfully
MjU2ZmY => service removed successfully
"HKLM\System\CurrentControlSet\Services\WinPing" => removed successfully
WinPing => service removed successfully
"HKLM\System\CurrentControlSet\Services\MTQ3Nz" => removed successfully
MTQ3Nz => service removed successfully
"HKLM\System\CurrentControlSet\Services\Service KMSELDI" => removed successfully
Service KMSELDI => service removed successfully
ZmRjNzcxODQxYWNmODgw => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\ZmRjNzcxODQxYWNmODgw" => removed successfully
ZmRjNzcxODQxYWNmODgw => service removed successfully
powzip => Unable to stop service.
"HKLM\System\CurrentControlSet\Services\powzip" => removed successfully
powzip => service removed successfully
C:\Users\amd\Downloads\SpyHunter-Installer.exe => moved successfully
C:\Users\amd\AppData\Roaming\dtdump => moved successfully
C:\Program Files\MjU2ZmY => moved successfully
C:\Users\amd\AppData\Roaming\b1zpdchybea => moved successfully
C:\Program Files\V7U7ES7IM0 => moved successfully
C:\Program Files\L47AI9SWWQ => moved successfully
C:\Users\amd\AppData\Roaming\twh0ck0e53l => moved successfully
C:\Users\amd\AppData\Roaming\imh4kbeearm => moved successfully
C:\WINDOWS\system32\appmgmt => moved successfully
C:\WINDOWS\SysWOW64\SSL => moved successfully
C:\ProgramData\4e66ca30-7181-0 => moved successfully
C:\ProgramData\4e66ca30-3995-1 => moved successfully
C:\ProgramData\17d45ec2-6351-1 => moved successfully
C:\ProgramData\17d45ec2-3167-0 => moved successfully
C:\Users\amd\AppData\Roaming\jprjartygf3 => moved successfully
C:\Users\amd\AppData\Roaming\id0yinjkuy2 => moved successfully
C:\Users\amd\AppData\Roaming\fmnb0zfbxih => moved successfully
C:\Users\amd\AppData\Local\cypjMERAky => moved successfully
C:\Program Files\MG6JGM1UN9 => moved successfully
C:\Program Files\EX089URF8V => moved successfully
C:\Users\amd\AppData\Roaming\zu4loayviyw => moved successfully
C:\Program Files\Y4TBHSB5GU => moved successfully
C:\WINDOWS\mwjbruagnvkvdqql.mwjbr => moved successfully
C:\Users\Public\Documents\XMUpdate => moved successfully
C:\Program Files\WinVPN => moved successfully
C:\ProgramData\Logic Cramble => moved successfully
C:\Program Files (x86)\Housse => moved successfully
C:\Program Files (x86)\ShutdownTime => moved successfully
C:\Users\amd\AppData\Local\Sanhome.bin => moved successfully
C:\WINDOWS\SysWOW64\findit.xml => moved successfully
C:\Users\amd\AppData\Roaming\Mozilla => moved successfully
C:\ProgramData\Quoteexs => moved successfully
C:\Users\amd\AppData\Local\sham.db => moved successfully
C:\Users\amd\AppData\Local\agent.dat => moved successfully
C:\Users\amd\AppData\Local\Faxfind.tst => moved successfully
C:\Users\amd\AppData\Local\Black-Job.tst => moved successfully
C:\Users\amd\AppData\Local\installer.dat => moved successfully
C:\Users\amd\AppData\Local\noah.dat => moved successfully
C:\Users\amd\AppData\Local\Config.xml => moved successfully
C:\Users\amd\AppData\Local\Main.dat => moved successfully
C:\Users\amd\AppData\Local\InstallationConfiguration.xml => moved successfully
C:\Users\amd\AppData\Local\md.xml => moved successfully
C:\Users\amd\AppData\Local\Faxfind.exe => moved successfully
C:\Users\amd\AppData\Local\Black-Job.exe => moved successfully
C:\Users\amd\AppData\Local\XService => moved successfully
C:\WINDOWS\System32\Tasks\ravbt => moved successfully
C:\Users\amd\AppData\Roaming\twbnr => moved successfully
C:\ProgramData\yahoochrome_D => moved successfully
C:\Program Files (x86)\KMSPico 10.2.1 Final => moved successfully
C:\WINDOWS\System32\Tasks\SVC Update => moved successfully
C:\WINDOWS\ZTI5NjJhOTlmYWY2YTY.exe => moved successfully
C:\WINDOWS\system32\Drivers\ZmRjNzcxODQxYWNmODgw.sys => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20852031-E115-47CE-A511-E40B9B0151C5}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20852031-E115-47CE-A511-E40B9B0151C5}" => removed successfully
"C:\WINDOWS\System32\Tasks\ravbt" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ravbt" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F74F99D-2336-4C11-8B28-3F24F2D30454}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F74F99D-2336-4C11-8B28-3F24F2D30454}" => removed successfully
"C:\WINDOWS\System32\Tasks\SVC Update" => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SVC Update" => removed successfully
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => moved successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
C:\Users\Public\Shared Files => ":VersionCache" ADS removed successfully
"HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\5GJH4B4PT9PENBZ" => removed successfully
"HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\5GJH4B4PT9PENBZ" => not found
"HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\GoogleChromeAutoLaunch_75BED9BC4FE28DE71792C715C05373CF" => removed successfully
"HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_75BED9BC4FE28DE71792C715C05373CF" => not found
"C:\Users\amd\AppData\Local\XService" => not found
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BB9D57D-4603-4C82-B314-B7A7254F2AEE}\\SystemComponent" => removed successfully
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
Error al borrar el registro Microsoft-Windows-LiveId/Analytic. Acceso denegado.
Error al borrar el registro Microsoft-Windows-LiveId/Operational. Acceso denegado.
Error al borrar el registro Microsoft-Windows-USBVideo/Analytic. Un proveedor de datos WMI no reconoce como válido el nombre de instancia pasado.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8151040 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 140399501 B
Java, Flash, Steam htmlcache => 12396157 B
Windows/system/drivers => 1680084 B
Edge => 7946292 B
Chrome => 388468863 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
LocalService => 0 B
NetworkService => 100600 B
NetworkService => 0 B
amd => 5648944378 B
 
RecycleBin => 37183 B
EmptyTemp: => 5.8 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 00:28:58 ====

Edited by MrMatoke, 24 July 2018 - 09:39 PM.

  • 0

#8
MrMatoke

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

No need to PM me when you post.  I get an email.  I'm just not always on line so expect a delay before I get back to you.

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 &&0

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by Matoke (administrator) on DESKTOP-4LAFI5B (25-07-2018 00:35:53)
Running from C:\Users\amd\Downloads
Loaded Profiles: Matoke (Available Profiles: Matoke)
Platform: Windows 10 Pro Version 1803 17134.165 (X64) Language: Español (México)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
() C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\amd\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-04-03] (Disc Soft Ltd)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3201312 2018-06-08] (Valve Corporation)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [Discord] => C:\Users\amd\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32966032 2018-07-20] (Epic Games, Inc.)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [GoogleChromeAutoLaunch_75BED9BC4FE28DE71792C715C05373CF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568 2018-06-22] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 100.72.3.109 100.72.3.1
Tcpip\..\Interfaces\{54e2108c-8637-4bb9-95c6-a60275ec1987}: [DhcpNameServer] 208.67.220.220 208.67.222.222
Tcpip\..\Interfaces\{641c23af-61d5-46a6-a811-c61f189b2b88}: [DhcpNameServer] 100.72.3.109 100.72.3.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-06-30] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-05-14] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-06-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-06-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425245053&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1425245053&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245","hxxp://www.mystartsearch.com/?type=hppp&ts=1425245075&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245"
CHR Profile: C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default [2018-07-25]
CHR Extension: (Presentaciones) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-21]
CHR Extension: (Documentos) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-21]
CHR Extension: (Google Drive) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-21]
CHR Extension: (YouTube) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-21]
CHR Extension: (Hojas de cálculo) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-21]
CHR Extension: (Cablevisión Flow) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbnbmbkemlokfckhdoaakhjogffkinc [2018-07-21]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-21]
CHR Extension: (AdBlock) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-21]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-21]
CHR Extension: (Gmail) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-21]
CHR Extension: (Chrome Media Router) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-21]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7206312 2018-07-17] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-07-13] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3606120 2018-04-03] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-05-14] (EasyAntiCheat Ltd)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [38328 2018-04-26] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-26] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-26] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S2 saiyitechnology; C:\ProgramData\yahoochrome_D\desktop117.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2018-05-11] (Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2018-05-11] (Advanced Micro Devices, Inc)
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-05-11] (Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2018-05-11] (Advanced Micro Devices, Inc. )
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-05-13] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-05-13] (Disc Soft Ltd)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvpcdi.inf_amd64_1956348608fec82f\nvlddmkm.sys [17200392 2018-06-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31200 2018-05-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [68112 2018-06-24] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5707264 2018-04-11] (Realtek Semiconductor Corporation )
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-26] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-26] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-26] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-25 00:27 - 2018-07-25 00:28 - 000018208 _____ C:\Users\amd\Downloads\Fixlog.txt
2018-07-25 00:17 - 2018-07-25 00:17 - 000001265 _____ C:\Users\amd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64 (1).lnk
2018-07-25 00:13 - 2018-07-25 00:13 - 002412544 _____ (Farbar) C:\Users\amd\Downloads\FRST64 (1).exe
2018-07-24 15:08 - 2018-07-24 15:08 - 000053058 _____ C:\Users\amd\Downloads\Addition.txt
2018-07-24 15:07 - 2018-07-25 00:36 - 000015093 _____ C:\Users\amd\Downloads\FRST.txt
2018-07-24 15:06 - 2018-07-25 00:35 - 000000000 ____D C:\FRST
2018-07-24 15:06 - 2018-07-24 15:06 - 002412544 _____ (Farbar) C:\Users\amd\Downloads\FRST64.exe
2018-07-24 15:03 - 2018-07-24 18:09 - 000000000 ____D C:\Users\amd\AppData\Roaming\grdsvc
2018-07-21 16:33 - 2018-07-21 16:33 - 000302336 _____ C:\WINDOWS\ntbtlog.txt
2018-07-21 04:11 - 2018-07-25 00:29 - 099090432 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-07-21 04:05 - 2018-07-21 04:11 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-07-21 00:48 - 2018-07-24 15:12 - 000002364 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-21 00:48 - 2018-07-24 15:11 - 000002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-21 00:41 - 2018-07-21 00:41 - 000003620 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-21 00:41 - 2018-07-21 00:41 - 000003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-21 00:35 - 2018-07-25 00:11 - 000004222 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{73890BB9-1793-49C2-B71C-CE9860C861B9}
2018-07-20 23:03 - 2018-07-20 23:03 - 000000314 _____ C:\Users\amd\Desktop\Fortnite.url
2018-07-20 02:36 - 2018-07-20 02:36 - 000000000 ____D C:\Users\amd\AppData\Local\CrashDumps
2018-07-19 03:24 - 2018-07-19 03:24 - 000002210 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2018-07-19 03:23 - 2018-07-19 03:23 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-07-19 03:23 - 2018-06-24 12:40 - 000132032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-07-19 03:22 - 2018-06-24 12:39 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-07-19 03:22 - 2018-06-24 12:31 - 005947520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 002612624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 001767360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 000633792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 000451144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 000124200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 000083424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-07-19 03:22 - 2018-06-20 07:52 - 008207422 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-07-19 03:21 - 2018-07-19 03:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-07-19 03:21 - 2018-06-25 14:26 - 000551840 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-07-19 03:21 - 2018-06-25 14:26 - 000457144 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 040346984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 035250256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 031244248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 013728120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 011273632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 004350040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 003760672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 002013784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439836.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001563392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001468448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439836.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001419200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001216872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001092360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 000749472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 000626616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 000608512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 000518208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 025961336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 017750344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 015165008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 004856232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 004126128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001356816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001347664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001157392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001063216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 000904720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 000814616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 000652344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 000634760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-07-19 03:15 - 2018-06-24 14:27 - 001688848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-07-19 03:15 - 2018-06-24 14:27 - 000227928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-07-19 03:15 - 2018-06-24 14:27 - 000068112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-07-19 03:15 - 2018-06-24 14:27 - 000047648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-07-19 03:15 - 2018-06-24 14:27 - 000044271 _____ C:\WINDOWS\system32\nvinfo.pb
2018-07-19 01:31 - 2018-07-19 01:31 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-19 01:31 - 2018-07-19 01:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2018-07-17 22:26 - 2018-07-17 22:26 - 000366538 _____ C:\Users\amd\Downloads\SOBRE RUEDAS-1.prproj
2018-07-17 22:24 - 2018-07-17 22:24 - 000041440 _____ C:\Users\amd\Downloads\corto dijusi 2016.veg
2018-07-16 21:09 - 2018-07-16 21:09 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:09 - 2018-07-16 21:09 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:09 - 2018-05-20 14:36 - 002496480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-07-16 21:09 - 2018-05-20 14:36 - 002164192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-07-16 21:09 - 2018-05-20 14:36 - 001312224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-07-16 21:08 - 2018-07-16 21:08 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-07-16 21:07 - 2018-03-15 05:47 - 000067432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-07-14 01:32 - 2018-05-16 21:18 - 000000916 _____ C:\Users\amd\Desktop\VLC media player.lnk
2018-07-13 14:48 - 2018-07-17 22:41 - 000000000 ____D C:\Users\amd\AppData\Local\ElevatedDiagnostics
2018-07-13 00:01 - 2018-07-13 00:01 - 000000000 __SHD C:\MSOCache
2018-07-13 00:01 - 2018-07-13 00:01 - 000000000 ___HD C:\Users\Public\Shared Files
2018-07-12 10:49 - 2018-07-12 10:49 - 001943805 _____ C:\Users\amd\Downloads\drive-download-20180712T134928Z-001.zip
2018-07-12 10:33 - 2018-07-12 10:33 - 000181871 _____ C:\Users\amd\Downloads\ESCENA 1.jpeg
2018-07-12 09:01 - 2018-06-28 22:13 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-07-12 09:01 - 2018-06-28 22:13 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-11 21:49 - 2018-07-06 11:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-11 21:49 - 2018-07-06 11:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-11 21:49 - 2018-07-06 11:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-11 21:49 - 2018-07-06 11:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-11 21:49 - 2018-07-06 11:15 - 002266520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-07-11 21:49 - 2018-07-06 11:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-11 21:49 - 2018-07-06 10:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-11 21:49 - 2018-07-06 10:53 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2018-07-11 21:49 - 2018-07-06 10:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-11 21:49 - 2018-07-06 10:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-11 21:49 - 2018-07-06 10:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-11 21:49 - 2018-07-06 10:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-11 21:49 - 2018-07-06 10:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-11 21:49 - 2018-07-06 10:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-11 21:49 - 2018-07-06 10:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-11 21:49 - 2018-07-06 10:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-11 21:49 - 2018-07-06 10:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-11 21:49 - 2018-07-06 10:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-11 21:49 - 2018-07-06 10:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-11 21:49 - 2018-07-06 10:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-11 21:49 - 2018-07-06 09:12 - 001539000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-07-11 21:49 - 2018-07-06 09:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-11 21:49 - 2018-07-06 08:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-11 21:49 - 2018-07-06 08:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-11 21:49 - 2018-07-06 08:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-11 21:49 - 2018-07-06 08:53 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2018-07-11 21:49 - 2018-07-06 08:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-11 21:49 - 2018-07-06 08:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-11 21:49 - 2018-07-06 08:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-11 21:49 - 2018-07-06 08:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-11 21:49 - 2018-07-06 08:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-11 21:49 - 2018-07-06 08:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-11 21:49 - 2018-07-06 08:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-11 21:49 - 2018-07-06 08:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-11 21:49 - 2018-07-06 08:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-11 21:49 - 2018-07-06 04:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-11 21:49 - 2018-07-06 04:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-11 21:49 - 2018-07-06 04:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-11 21:49 - 2018-07-06 04:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-11 21:49 - 2018-07-06 04:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-11 21:49 - 2018-07-06 04:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-11 21:49 - 2018-07-06 04:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-11 21:49 - 2018-07-06 04:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-11 21:49 - 2018-07-06 04:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-11 21:49 - 2018-07-06 04:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-11 21:49 - 2018-07-06 04:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-11 21:49 - 2018-07-06 04:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-11 21:49 - 2018-07-06 04:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-11 21:49 - 2018-07-06 04:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-11 21:49 - 2018-07-06 04:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-11 21:49 - 2018-07-06 04:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-11 21:49 - 2018-07-06 04:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-11 21:49 - 2018-07-06 04:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-11 21:49 - 2018-07-06 04:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-11 21:49 - 2018-07-06 04:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-11 21:49 - 2018-07-06 04:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-11 21:49 - 2018-07-06 04:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-11 21:49 - 2018-07-06 04:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-11 21:49 - 2018-07-06 04:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-11 21:49 - 2018-07-06 04:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-11 21:49 - 2018-07-06 04:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-11 21:49 - 2018-07-06 04:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-11 21:49 - 2018-07-06 04:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-11 21:49 - 2018-07-06 04:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-11 21:49 - 2018-07-06 04:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-11 21:49 - 2018-07-06 04:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-11 21:49 - 2018-07-06 04:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-11 21:49 - 2018-07-06 04:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-11 21:49 - 2018-07-06 04:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-11 21:49 - 2018-07-06 03:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-11 21:49 - 2018-07-06 03:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-11 21:49 - 2018-07-06 03:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-11 21:49 - 2018-07-06 03:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-11 21:49 - 2018-07-06 03:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-11 21:49 - 2018-07-06 03:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-11 21:49 - 2018-07-06 03:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-11 21:49 - 2018-07-06 02:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-11 21:49 - 2018-06-29 01:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-11 21:49 - 2018-06-15 14:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-11 21:49 - 2018-06-15 14:53 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-11 21:49 - 2018-06-15 14:53 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-11 21:49 - 2018-06-15 14:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-11 21:49 - 2018-06-15 14:49 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-11 21:49 - 2018-06-15 14:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-11 21:49 - 2018-06-15 14:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-11 21:49 - 2018-06-15 14:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-11 21:49 - 2018-06-15 14:34 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-11 21:49 - 2018-06-15 14:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-11 21:49 - 2018-06-15 14:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-11 21:49 - 2018-06-15 14:33 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-11 21:49 - 2018-06-15 14:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-11 21:49 - 2018-06-15 14:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-11 21:49 - 2018-06-15 14:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-11 21:49 - 2018-06-15 14:32 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2018-07-11 21:49 - 2018-06-15 14:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2018-07-11 21:49 - 2018-06-15 14:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-11 21:49 - 2018-06-15 14:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-11 21:49 - 2018-06-15 14:31 - 002193920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2018-07-11 21:49 - 2018-06-15 14:31 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-11 21:49 - 2018-06-15 14:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-11 21:49 - 2018-06-15 14:31 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-11 21:49 - 2018-06-15 14:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-11 21:49 - 2018-06-15 14:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-11 21:49 - 2018-06-15 14:30 - 001186816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2018-07-11 21:49 - 2018-06-15 14:30 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2018-07-11 21:49 - 2018-06-15 14:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-11 21:49 - 2018-06-15 14:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-11 21:49 - 2018-06-15 14:30 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-07-11 21:49 - 2018-06-15 14:30 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-07-11 21:49 - 2018-06-15 14:29 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-11 21:49 - 2018-06-15 14:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-11 21:49 - 2018-06-15 14:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-11 21:49 - 2018-06-15 14:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-11 21:49 - 2018-06-15 14:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-11 21:49 - 2018-06-15 14:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-11 21:49 - 2018-06-15 14:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-11 21:49 - 2018-06-15 14:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-11 21:49 - 2018-06-15 14:03 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2018-07-11 21:49 - 2018-06-15 14:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppCore.dll
2018-07-11 21:49 - 2018-06-15 12:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-11 21:49 - 2018-06-15 12:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-11 21:49 - 2018-06-15 12:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-11 21:49 - 2018-06-15 12:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-11 21:49 - 2018-06-15 12:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-11 21:49 - 2018-06-15 12:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-11 21:49 - 2018-06-15 12:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-11 21:49 - 2018-06-15 12:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-11 21:49 - 2018-06-15 12:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-11 21:49 - 2018-06-15 12:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-11 21:49 - 2018-06-15 12:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-11 21:49 - 2018-06-15 12:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-11 21:49 - 2018-06-15 12:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-11 21:49 - 2018-06-15 10:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-11 21:49 - 2018-06-15 04:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-11 21:49 - 2018-06-15 04:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-11 21:49 - 2018-06-15 04:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-11 21:49 - 2018-06-15 02:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-11 21:49 - 2018-06-15 02:21 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-11 21:49 - 2018-06-15 02:19 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-11 21:49 - 2018-06-15 02:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-11 21:49 - 2018-06-15 02:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-11 21:49 - 2018-06-15 02:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-11 21:49 - 2018-06-15 02:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-11 21:49 - 2018-06-15 02:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-11 21:49 - 2018-06-15 02:15 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-11 21:49 - 2018-06-15 02:13 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-11 21:49 - 2018-06-15 02:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-11 21:49 - 2018-06-15 02:11 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-11 21:49 - 2018-06-15 02:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-11 21:49 - 2018-06-15 02:10 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-11 21:49 - 2018-06-15 02:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-11 21:49 - 2018-06-15 02:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-11 21:49 - 2018-06-15 02:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-11 21:49 - 2018-06-15 02:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-11 21:49 - 2018-06-15 02:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-11 21:49 - 2018-06-15 02:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-11 21:49 - 2018-06-15 02:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-11 21:49 - 2018-06-15 02:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-11 21:49 - 2018-06-15 02:08 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-11 21:49 - 2018-06-15 02:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-11 21:49 - 2018-06-15 02:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-07-11 21:49 - 2018-06-15 02:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-11 21:49 - 2018-06-15 02:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-11 21:49 - 2018-06-15 02:07 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-11 21:49 - 2018-06-15 02:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-11 21:49 - 2018-06-15 02:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-11 21:49 - 2018-06-15 02:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-11 21:49 - 2018-06-15 01:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-11 21:49 - 2018-06-15 01:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-11 21:49 - 2018-06-15 01:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-11 21:49 - 2018-06-15 01:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-11 21:49 - 2018-06-15 01:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-11 21:49 - 2018-06-15 01:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-11 21:49 - 2018-06-15 01:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-11 21:49 - 2018-06-15 01:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-11 21:49 - 2018-06-15 01:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-11 21:49 - 2018-06-15 01:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-11 21:49 - 2018-06-15 01:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-11 21:49 - 2018-06-15 01:42 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-07-11 21:49 - 2018-06-15 01:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-11 21:49 - 2018-06-15 01:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-11 21:49 - 2018-06-15 01:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-11 21:49 - 2018-06-15 01:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-11 21:49 - 2018-06-15 01:37 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-11 21:49 - 2018-06-15 01:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-11 21:49 - 2018-06-15 01:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-11 21:49 - 2018-06-01 02:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-10 11:03 - 2018-07-10 11:03 - 000179278 _____ C:\Users\amd\Downloads\TECNICAS (1).pdf
2018-07-09 16:57 - 2018-07-09 16:57 - 000096399 _____ C:\WINDOWS\uninstaller.dat
2018-07-09 15:26 - 2018-07-09 15:26 - 000179278 _____ C:\Users\amd\Downloads\TECNICAS.pdf
2018-07-09 06:23 - 2018-07-09 06:23 - 000193160 _____ (Nice Pulle Science and Technology Ltd.) C:\WINDOWS\system32\Drivers\powzip.sys
2018-07-01 19:54 - 2018-07-01 19:54 - 049232027 _____ C:\Users\amd\Downloads\Cap 12 clase .m4a
2018-06-30 21:48 - 2018-06-30 21:48 - 030474743 _____ C:\Users\amd\Downloads\Capitulo 11 clase.m4a
2018-06-27 22:09 - 2018-06-27 22:10 - 081951191 _____ C:\Users\amd\Downloads\vlc-record-2018-06-27-20h14m06s-dvd___-.mp4
2018-06-25 22:41 - 2018-07-02 19:07 - 000000000 ____D C:\Users\amd\AppData\LocalLow\BitTorrent
2018-06-25 21:19 - 2018-06-25 21:20 - 011259054 _____ C:\Users\amd\Downloads\vlc-record-2018-06-25-20h41m46s-dvd___-.zip
2018-06-25 20:40 - 2018-06-27 20:34 - 000000000 ____D C:\Users\amd\Desktop\Video Mama
2018-06-25 18:46 - 2018-06-25 18:46 - 034076823 _____ C:\Users\amd\Downloads\drive-download-20180625T214450Z-001.zip
2018-06-25 14:15 - 2018-06-25 14:15 - 000481175 _____ C:\Users\amd\Downloads\313-1049-1-PB.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-25 00:36 - 2018-06-10 20:18 - 001762872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-25 00:36 - 2018-04-12 13:21 - 000781218 _____ C:\WINDOWS\system32\perfh00A.dat
2018-07-25 00:36 - 2018-04-12 13:21 - 000152030 _____ C:\WINDOWS\system32\perfc00A.dat
2018-07-25 00:36 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-25 00:32 - 2018-05-10 16:18 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-25 00:29 - 2018-06-10 20:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-25 00:29 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-25 00:29 - 2018-04-11 18:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-25 00:28 - 2018-05-26 15:59 - 000000000 ____D C:\Users\amd\AppData\LocalLow\Temp
2018-07-25 00:26 - 2018-06-10 20:07 - 000000000 ____D C:\Users\amd
2018-07-23 11:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-23 10:40 - 2018-05-10 15:33 - 000000000 ____D C:\Users\amd\AppData\Local\Packages
2018-07-23 10:23 - 2018-06-10 20:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-21 01:28 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-21 00:41 - 2018-05-10 16:06 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-21 00:37 - 2018-05-11 10:18 - 000000000 ____D C:\Program Files (x86)\OCCTPT
2018-07-20 22:32 - 2018-05-14 20:23 - 000000000 ____D C:\Program Files\Epic Games
2018-07-20 22:12 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-19 03:37 - 2018-06-10 20:18 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1830811996-1437030023-4132568959-1001
2018-07-19 03:37 - 2018-06-10 20:07 - 000002361 _____ C:\Users\amd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-19 03:37 - 2018-05-10 15:34 - 000000000 ___RD C:\Users\amd\OneDrive
2018-07-19 03:24 - 2018-05-10 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-07-19 03:24 - 2018-05-10 16:16 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-07-19 03:23 - 2018-05-10 16:15 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-07-19 03:22 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\Help
2018-07-19 03:21 - 2018-05-10 16:17 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-07-19 03:17 - 2018-05-10 16:19 - 000000000 ____D C:\Users\amd\AppData\Local\NVIDIA
2018-07-19 01:31 - 2018-05-13 22:08 - 000002580 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-19 01:29 - 2018-05-13 22:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-17 22:58 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-17 22:26 - 2018-05-16 21:18 - 000000000 ____D C:\Users\amd\AppData\Roaming\vlc
2018-07-16 21:13 - 2018-05-10 16:19 - 000000000 ____D C:\Users\amd\AppData\Local\NVIDIA Corporation
2018-07-16 21:08 - 2018-06-10 20:18 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-06-10 20:18 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-06-10 20:18 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-06-10 20:18 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 20:23 - 2018-05-10 17:44 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-13 17:04 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-12 23:33 - 2018-05-14 20:21 - 000000000 ____D C:\Users\amd\AppData\Local\UnrealEngine
2018-07-12 09:01 - 2018-06-10 20:03 - 005101584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-12 09:01 - 2018-05-10 15:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-12 09:01 - 2018-05-10 15:33 - 000000000 ___RD C:\Users\amd\3D Objects
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-11 22:48 - 2018-06-17 18:10 - 000000000 ____D C:\ProgramData\Packages
2018-07-11 21:07 - 2018-05-14 20:36 - 000000000 ____D C:\Users\amd\Desktop\MIS COSAS
2018-07-10 23:03 - 2018-05-13 22:04 - 000000000 ____D C:\Users\amd\AppData\Local\MicrosoftEdge
2018-07-10 22:30 - 2018-05-13 22:02 - 000000000 ____D C:\Program Files\KMSpico
2018-07-10 21:25 - 2018-05-10 15:49 - 000000000 ____D C:\Users\amd\AppData\Local\Comms
2018-07-10 20:44 - 2018-05-10 15:33 - 000000000 ____D C:\Users\amd\AppData\Local\ConnectedDevicesPlatform
2018-07-05 10:40 - 2018-05-23 10:54 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-07-02 23:21 - 2018-05-14 20:17 - 000000000 ____D C:\Users\amd\AppData\Roaming\BitTorrent
2018-07-01 00:07 - 2018-05-14 19:51 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-28 09:55 - 2018-06-15 19:00 - 000000000 ____D C:\Users\amd\AppData\Roaming\dvdcss
2018-06-26 21:06 - 2018-05-10 18:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 20:56 - 2018-05-10 16:19 - 000000000 ____D C:\Users\amd\AppData\Local\PlaceholderTileLogoFolder
 
==================== Files in the root of some directories =======
 
2018-07-10 22:36 - 2018-07-10 22:36 - 000032038 _____ () C:\Users\amd\AppData\Local\uninstall_temp.ico
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-10 20:03
 
==================== End of FRST.txt ============================

  • 0

#9
MrMatoke

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

No need to PM me when you post.  I get an email.  I'm just not always on line so expect a delay before I get back to you.

 

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 &&0

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by Matoke (25-07-2018 00:36:51)
Running from C:\Users\amd\Downloads
Windows 10 Pro Version 1803 17134.165 (X64) (2018-06-10 23:19:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1830811996-1437030023-4132568959-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1830811996-1437030023-4132568959-503 - Limited - Disabled)
Invitado (S-1-5-21-1830811996-1437030023-4132568959-501 - Limited - Disabled)
Matoke (S-1-5-21-1830811996-1437030023-4132568959-1001 - Administrator - Enabled) => C:\Users\amd
WDAGUtilityAccount (S-1-5-21-1830811996-1437030023-4132568959-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Actualización de NVIDIA 31.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.2.0.0 - NVIDIA Corporation) Hidden
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe Animate CC 2015 (HKLM-x32\...\{8CEBC11D-C52F-11E5-A0D6-D44AB5E81A82}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Encore CS6 (HKLM-x32\...\{46251F95-B2F8-484A-9B5B-8C0E5A43A202}) (Version: 6.0.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD Ryzen Master (HKLM\...\{5A1CE077-7111-4C7D-A5C5-E210D4B68AD8}) (Version: 1.3.0.0623 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Balanced (HKLM-x32\...\{EFD0705E-598B-46D4-8D5B-4539431764B8}) (Version: 2.02.0000 - Nombre de su organización) Hidden
BitTorrent (HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\BitTorrent) (Version: 7.10.3.44495 - BitTorrent Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
ClamWin Free Antivirus 0.98.7 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0410 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
DMMultiView (HKLM-x32\...\{8EEBAD15-F3B7-468B-917F-97BBF6B1004B}) (Version:  - )
Epic Games Launcher (HKLM-x32\...\{79F5479A-BF71-4F4C-9C49-9D616AF923DE}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GeoVision ADPCM (HKLM-x32\...\GeoADPCM) (Version:  - )
GeoVision Audio (HKLM-x32\...\GeoAudio) (Version:  - )
GeoVision H264 (HKLM-x32\...\Codec_264) (Version:  - )
GeoVision JPEG (HKLM-x32\...\Codec_jpeg) (Version:  - )
GeoVision MJPG (HKLM-x32\...\Codec_MJPG) (Version:  - )
GeoVision MPEG4 (HKLM-x32\...\GEOXCodec) (Version:  - )
GeoVision MPEG4 ASP (HKLM-x32\...\Codec_amp4) (Version:  - )
GeoVision MPEG4 AVC (HKLM-x32\...\Codec_AVC) (Version:  - )
GeoVision MXPG (HKLM-x32\...\Codec_MXPG) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoPro Quik (HKLM\...\{855E73D9-1EC0-4914-98D1-FD1FC7E93870}) (Version: 0.1.780 - GoPro, Inc.) Hidden
GoPro Quik (HKLM-x32\...\{e2b0610c-a7ad-4330-87ba-c30a14ff17e7}) (Version: 2.6.1.780 - GoPro, Inc.)
K-Lite Codec Pack 10.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.10228.20134 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Controlador de 3D Vision 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.36 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.36 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Nombre de su organización)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.36 - NVIDIA Corporation) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
Vegas Pro 13.0 (64-bit) (HKLM\...\{3934F12E-091D-11E4-A0AD-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VidBlaster (HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\VidBlaster) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinVPN (HKLM\...\{4BB9D57D-4603-4C82-B314-B7A7254F2AEE}) (Version: 1.0.2 - WinSoft)
X264 (HKLM-x32\...\Codec_X264) (Version:  - )
XVID (HKLM-x32\...\Codec_XVID) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\Program Files (x86)\Total Video Converter\TVCShellExtx64.dll [2010-07-29] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-05-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-05-16] (Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-04-03] (Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-04-03] (Disc Soft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-05-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-05-16] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {074B9C73-9823-4F4E-8344-47297ABF102A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {0B418509-AD9F-4396-8967-4A69554D2F2E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {13EE18BC-8863-4D47-A11B-66DD05F977F8} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {14996975-8268-4AA2-9225-FF555DA507C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {26D1D219-3C67-4C6C-91AD-FC1D2F4FFB8C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {2A3E46A4-5658-4FBA-9E1F-FE3E5CEA08E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
Task: {34276272-4DD5-49E6-8401-A8109C63D488} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-05-20] (NVIDIA Corporation)
Task: {3A27B7E3-946E-41F0-9E51-5DA30F623B29} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {46A4B11E-936E-464E-85BA-BEB6166557A8} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {46F78853-6E37-426E-8B4A-9E896562E9EA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {4EB5D3ED-893E-4FFB-9725-0F4F39E54F2B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {59802F1B-D439-4674-BF33-04E28625723E} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {5B4F92E6-61AE-4682-B31B-CD13ABE2F287} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6BDB7AF3-F0D0-4657-810F-30E14A3A956E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {74AD65FC-79C3-4170-892E-1839AE7735C4} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-19] (Microsoft Corporation)
Task: {86AFB6B7-9FFC-480E-BAC1-AF3888160B37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
Task: {98797121-9190-4CF5-BD30-AE63BD2B2820} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {9916BE9A-884D-4CBD-85E0-AD2D8889230B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {A8DE0CF1-54E9-40B5-BA0A-1D2718414C96} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {B52D37BF-DC1D-4F9A-931D-7C7C5933AE86} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-13] (Microsoft Corporation)
Task: {C5BF9A08-7965-470F-A85B-BE3651106501} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-20] (NVIDIA Corporation)
Task: {CE306552-E2A6-4362-94F0-97D83C82C2B6} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {DBE46C90-54F5-4420-9D17-F502676C0CD6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-05-20] (NVIDIA Corporation)
Task: {EA79ED87-7635-4EB8-BCF0-D218CEF42F29} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-13] (Microsoft Corporation)
Task: {FE8A0F3D-2267-4D9E-9614-CC10BAA50857} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\amd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\amd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-07-16 21:08 - 2018-05-20 14:36 - 001315296 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-16 20:37 - 2018-07-16 20:37 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-16 20:37 - 2018-07-16 20:37 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-16 20:37 - 2018-07-16 20:38 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-16 20:37 - 2018-07-16 20:37 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-16 20:37 - 2018-07-16 20:37 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-14 02:44 - 2018-07-14 02:44 - 004483072 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DiscSoft.NET.Common\7a74af7991087a618ce790c1a73f6a5f\DiscSoft.NET.Common.ni.dll
2018-07-14 02:45 - 2018-07-14 02:45 - 003039744 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DotNetCommon\19a7420818774d85bb838ddb1712707a\DotNetCommon.ni.dll
2018-05-14 20:21 - 2018-05-14 20:21 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-05-14 20:21 - 2018-05-14 20:21 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-05-14 20:21 - 2018-05-14 20:21 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-07-21 00:48 - 2018-06-22 16:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-07-21 00:48 - 2018-06-22 16:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-07-16 21:08 - 2018-05-20 14:36 - 095437792 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-07-16 21:08 - 2018-05-20 14:36 - 003029472 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-07-16 21:08 - 2018-05-20 14:36 - 000149984 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-04-26 17:34 - 2018-04-26 17:34 - 000038328 _____ () C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
2018-06-16 16:42 - 2018-06-08 06:31 - 003912608 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-06-16 16:42 - 2018-06-08 06:31 - 002506680 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-05-10 16:18 - 2018-05-20 14:36 - 001033184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-05-13 21:51 - 2005-02-08 18:23 - 000979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2018-05-13 21:51 - 2004-11-20 04:27 - 000069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2018-05-13 21:51 - 2004-10-11 21:21 - 000094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2018-05-13 21:51 - 2004-05-25 22:18 - 000057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2018-05-13 21:51 - 2004-05-25 22:18 - 000049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2018-05-13 21:51 - 2004-05-25 22:18 - 000495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2018-05-13 21:51 - 2004-05-25 22:20 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2018-05-13 21:51 - 2004-10-11 21:22 - 000315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2018-05-13 21:51 - 2004-11-20 04:27 - 000106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2018-05-13 21:51 - 2004-01-15 15:45 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2018-05-13 21:51 - 2003-10-01 14:40 - 002240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2018-05-13 21:51 - 2003-10-01 12:43 - 003239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2018-05-13 21:51 - 2003-08-10 10:14 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2018-05-13 21:51 - 2004-05-25 22:17 - 000622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2018-05-13 21:51 - 2004-05-25 22:19 - 000045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 10:46 - 2018-07-10 22:37 - 002097781 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
5.149.252.98 www.gstatic.com
5.149.252.98 www.google-analytics.com
5.149.252.98 adservice.google.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\amd\Desktop\MIS COSAS\FOTOS\eclipse-solar-desde-espacio-5303c998cd1c9.jpg
DNS Servers: 100.72.3.109 - 100.72.3.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{88E3E29D-109F-46CA-8ABB-4FAC74DE9764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{232BF066-6AFA-4FB6-8B8C-258FD2AA095C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{967A078C-2787-4857-AEC4-DDEB46BA97D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{44A7BF63-3ACC-4849-AA77-8872FFE74435}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{B298653C-6BAB-4CCA-B65C-37F519AEFE6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe
FirewallRules: [{E2D48BAC-D002-4319-9A43-B7D6B9C52F95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe
FirewallRules: [{8E94CEDE-325F-40E0-B4A5-7EC859D283B1}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{CB1DEDE9-CF93-4715-A1C3-D7AADC51287E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{7197B44B-2563-4E30-B626-2583CDE2BF21}] => (Allow) LPort=1688
FirewallRules: [{C12170D5-FE4C-47A9-9B16-47AE0E1DCEAC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{A1CCF4F0-1FD9-4EA2-A8A3-61ABFAD0194A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{46C1F681-5175-4812-A704-0A018D087A0F}C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{CB8558D1-FF69-4771-986A-C2983A7D5446}C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{A4D6B4EE-7047-43BC-909B-5FF1F4911A6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{D015CD49-13BE-4A89-BA7C-828AFA56A527}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{5DAFBFA5-8A8F-4773-BF75-7B6D123C593D}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{C9725F0F-0625-4FA0-85EB-FBF7A38DCE1E}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{41A40A2A-E44C-44AD-A93A-4446FB8E4CA9}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{CE208CB7-FEB1-4606-A637-A1C014A852E8}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe
FirewallRules: [UDP Query User{C0A02348-D406-4393-8DAB-A47F8250E9BF}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{212AADF3-0D7A-4B97-BD5E-D558EFAA8095}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{CAC2B27A-6F9D-41B6-8986-25D9E88D4F44}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3619F6DB-09BC-4709-9F36-6AF287EC7F51}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{31032BAD-1FB8-4D89-86C7-7CBF9CE10001}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{3EF15DF0-2E4C-4BD5-ABFD-FAAD5FA28EE9}C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{C1D3B3D8-0520-4EC6-BD87-157489A4E2C5}C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{1986FD76-61B9-48EB-90E8-50AB87B518ED}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{C7410143-03D1-4CB0-B8BE-5CF6D10EA1C9}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{BFE94E1D-B42B-4799-B60B-6336E3F01D1F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{14BC1D4B-28B3-4AD0-A3EA-97B954B29A81}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{881E906A-2F74-49C0-AAA0-5BE6EF13ABD7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BDE08CFB-A8A7-4776-B108-37791A672AEB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D3BC73DD-4794-4CA4-B22F-4FEF12DC5665}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC017309-7C26-4359-A151-1AE1D766CC4D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B0A0A887-684E-45D7-BF21-CD5D9C18E7A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1EE555D1-361E-40E1-960E-5242CBF45DB8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A79FEC8E-8608-44A5-B830-50A08F9E4100}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
FirewallRules: [TCP Query User{378DBA21-D185-4130-9A42-F11651F8C453}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{B074AF06-8527-4F30-BDCE-8D9CE60A0D53}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{DA11FE6F-E914-4873-AFE5-297597BB43C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{2F6A9682-729C-418B-93A2-E615DEB4DC7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{CB3F23E2-5A54-40B3-BAF2-DCBC60FD273E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{70723222-7F58-42CC-B8A5-918E7286FB4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D57043B8-7AB8-49A0-8243-ADF770A2B30C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{565B55D3-DF80-4157-9FB2-13114E6FD59E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DD9E286F-A222-41C1-A22B-C83B69BD5E78}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD02882D-50A2-4C61-B9FE-DDB64138E515}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{73087F32-2BC1-47E2-915E-6ABC1EF98E8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5C27A3D1-B2E9-4255-976A-A7D699C045E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{523A9CE0-21E9-4BB9-9265-825AD07630BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FE7CD51C-C9EC-4FD4-92DC-837F2E488155}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5D539D63-C976-4325-AD13-6B9ABF51097F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{AB4D714C-311B-48FB-ABA6-F627127BE69F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7752A647-8395-435F-B743-04FCA460CCD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B86DB1F4-7334-4E33-9C35-CA679EE45517}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E8B221D8-C7A2-4037-8FB3-8CB60CDAE9A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{C98FA12F-FB51-44C5-B43C-C56EC7B6CA33}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{940227FA-8FDA-42D7-8A86-621A79BC3ACF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
10-07-2018 22:42:02 Removed NativeDesktopMediaService
21-07-2018 02:02:05 Punto de control programado
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (07/25/2018 12:36:05 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4LAFI5B)
Description: El servidor {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (07/25/2018 12:34:05 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4LAFI5B)
Description: El servidor {E48EDA45-43C6-48E0-9323-A7B2067D9CD5} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (07/25/2018 12:32:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (07/25/2018 12:32:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (07/25/2018 12:32:05 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (07/25/2018 12:30:52 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4LAFI5B)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-4LAFI5B\Matoke con SID (S-1-5-21-1830811996-1437030023-4132568959-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (07/25/2018 12:29:59 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: El servicio saiyitechnology no pudo iniciarse debido al siguiente error: 
El sistema no puede encontrar el archivo especificado.
 
Error: (07/25/2018 12:29:14 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-4LAFI5B)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.
 
 
==================== Memory info =========================== 
 
Processor: AMD Ryzen 7 1700 Eight-Core Processor 
Percentage of memory in use: 34%
Total physical RAM: 8124 MB
Available physical RAM: 5354.81 MB
Total Virtual: 12092 MB
Available Virtual: 8374.55 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.91 GB) (Free:686.62 GB) NTFS
 
\\?\Volume{232ffcd7-c3e0-4d2a-87fa-f0a4133550f4}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
\\?\Volume{48d798ba-c390-4088-a209-866139d7c711}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{8965400f-570f-11e8-929b-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{89654031-570f-11e8-929b-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{d993b2da-5716-11e8-929c-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{a91aeb05-5910-11e8-92a1-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{ababae44-639b-11e8-92a7-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{ababae47-639b-11e8-92a7-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{ababae49-639b-11e8-92a7-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{7f281cfe-72ea-11e8-92b1-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{7f281d02-72ea-11e8-92b1-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EA3C124C)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

We got most of it that time.  There is nothing active that I can see but there is a broken driver we should remove so one more fixlist:

 

Same instructions as before:

 

Attached File  fixlist.txt   498bytes   257 downloads

 

Let's see if it is still running slow:

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

Also try Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

Going to bed now.
 

 


  • 1

Advertisements


#11
MrMatoke

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

We got most of it that time.  There is nothing active that I can see but there is a broken driver we should remove so one more fixlist:

 

Same instructions as before:

 

Let's see if it is still running slow:

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

Also try Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

Going to bed now.
 

 

This is the txt from Process Explorer

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
audiodg.exe 6.476 K 11.592 K 7768 Aislamiento de gráficos de dispositivo de audio de Windows Microsoft Corporation (Verified) Microsoft Windows
CCleaner64.exe 11.376 K 30.344 K 5836 CCleaner Piriform Ltd (Verified) Piriform Ltd
chrome.exe 2.044 K 8.236 K 8976 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 1.996 K 8.928 K 9052 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 37.340 K 51.620 K 6256 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 13.024 K 21.596 K 6084 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 52.560 K 65.008 K 5568 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 128.528 K 140.684 K 5800 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 131.044 K 94.600 K 9192 Google Chrome Google Inc. (Verified) Google Inc
conhost.exe 5.448 K 1.152 K 1228 Host de ventana de consola Microsoft Corporation (Verified) Microsoft Windows
ctfmon.exe 3.480 K 13.488 K 6336 Cargador de CTF Microsoft Corporation (Verified) Microsoft Windows
dasHost.exe 5.048 K 16.004 K 3636 Device Association Framework Provider Host Microsoft Corporation (Verified) Microsoft Windows
DTAgent.exe 63.928 K 68.904 K 9036 DAEMON Tools Lite Agent Disc Soft Ltd (Verified) AVB Disc Soft
DTShellHlp.exe 5.464 K 14.240 K 9628 DAEMON Tools Shell Extensions Helper Disc Soft Ltd (Verified) AVB Disc Soft
fontdrvhost.exe 10.788 K 12.616 K 8 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
fontdrvhost.exe 11.368 K 14.832 K 804 Usermode Font Driver Host Microsoft Corporation (Verified) Microsoft Windows
GoogleCrashHandler.exe 1.756 K 1.176 K 6812 Google Crash Handler Google Inc. (Verified) Google Inc
GoogleCrashHandler64.exe 1.684 K 520 K 6820 Google Crash Handler Google Inc. (Verified) Google Inc
GoProDeviceDetection.exe 11.732 K 13.652 K 10876 (Verified) GoPro Media
Memory Compression 32 K 4 K 1952
MSASCuiL.exe 2.204 K 9.428 K 8916 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
NisSrv.exe 8.088 K 10.832 K 8332 Microsoft Network Realtime Inspection Service Microsoft Corporation (Verified) Microsoft Corporation
NVIDIA Share.exe 9.684 K 23.008 K 10336 NVIDIA Share NVIDIA Corporation (Verified) NVIDIA Corporation
NVIDIA Share.exe 51.808 K 74.864 K 10344 NVIDIA Share NVIDIA Corporation (Verified) NVIDIA Corporation
procexp.exe 3.060 K 10.280 K 10996 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
Registry 5.264 K 65.640 K 168
RuntimeBroker.exe 4.112 K 20.160 K 8712 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 3.924 K 21.328 K 8092 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 7.544 K 23.868 K 7000 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RuntimeBroker.exe 6.636 K 19.824 K 7332 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 77.204 K 126.264 K 3356 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SecurityHealthService.exe 3.728 K 14.332 K 3392 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 6.052 K 9.924 K 888 Aplicación de servicios y controlador Microsoft Corporation (Verified) Microsoft Windows Publisher
SettingSyncHost.exe 3.240 K 4.916 K 7908 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SgrmBroker.exe 1.652 K 3.872 K 11188 Servicio Agente de supervisión en tiempo de ejecución de Protección del sistema Microsoft Corporation (Verified) Microsoft Windows Publisher
ShellExperienceHost.exe Suspended 36.952 K 72.516 K 6556 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
sihost.exe 5.368 K 22.564 K 836 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
SkypeHost.exe Suspended 39.840 K 42.716 K 7792 Microsoft Skype Microsoft Corporation (No hay ninguna firma presente en el sujeto) Microsoft Corporation
smartscreen.exe 12.436 K 22.300 K 7424 SmartScreen de Windows Defender Microsoft Corporation (Verified) Microsoft Windows
smss.exe 572 K 572 K 548 Administrador de sesión de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
spoolsv.exe 6.568 K 15.820 K 1772 Aplicación de subsistema de cola Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 992 K 3.332 K 1020 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.232 K 9.272 K 1324 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.624 K 5.364 K 1432 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.296 K 7.800 K 1088 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.388 K 6.868 K 2804 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.356 K 5.044 K 3244 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.792 K 6.156 K 3252 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.684 K 6.000 K 3260 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.004 K 7.392 K 3284 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.480 K 11.512 K 4100 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.452 K 5.052 K 5616 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.160 K 8.272 K 6124 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.532 K 6.756 K 8648 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.392 K 4.992 K 3720 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.396 K 5.380 K 1832 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.804 K 6.672 K 4976 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.004 K 7.100 K 1264 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.068 K 7.832 K 2024 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.532 K 6.460 K 8616 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.840 K 6.732 K 1116 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.804 K 5.392 K 3668 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.484 K 8.856 K 3616 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.816 K 11.080 K 2932 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.736 K 6.008 K 2648 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.220 K 7.192 K 2908 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5.016 K 8.460 K 1804 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.424 K 5.964 K 11232 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.272 K 12.936 K 2628 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.132 K 7.600 K 1852 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.388 K 15.456 K 2468 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4.304 K 14.416 K 3048 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.836 K 10.384 K 1332 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1.836 K 7.592 K 5896 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.312 K 7.592 K 8868 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6.388 K 20.668 K 6544 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 9.900 K 18.028 K 10616 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.624 K 14.996 K 5932 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.300 K 7.164 K 1944 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.476 K 8.060 K 2656 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6.428 K 15.876 K 3236 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.416 K 7.584 K 4420 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.572 K 8.712 K 3584 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.144 K 11.132 K 1480 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4.928 K 12.540 K 2544 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.924 K 16.728 K 3220 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.908 K 12.532 K 2664 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2.176 K 7.904 K 3088 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.396 K 9.140 K 2184 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5.496 K 15.884 K 3008 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4.164 K 14.148 K 10764 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3.984 K 14.584 K 5992 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 17.224 K 17.324 K 1596 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6.716 K 14.848 K 1340 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
taskhostw.exe 5.336 K 13.700 K 6380 Proceso de host para tareas de Windows Microsoft Corporation (Verified) Microsoft Windows
unsecapp.exe 1.488 K 6.924 K 5780 Sink to receive asynchronous callbacks for WMI client application Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1.692 K 6.068 K 812 Aplicación de inicio de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
winlogon.exe 2.484 K 9.872 K 736 Aplicación de inicio de sesión de Windows Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 2.232 K 8.372 K 11764 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
OfficeClickToRun.exe < 0.01 34.884 K 50.408 K 3292 Microsoft Office Click-to-Run (SxS) Microsoft Corporation (Verified) Microsoft Corporation
svchost.exe < 0.01 10.352 K 21.380 K 10696 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe < 0.01 1.880 K 4.780 K 712 Proceso en tiempo de ejecución del cliente-servidor Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 5.296 K 17.348 K 8344 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
NVDisplay.Container.exe < 0.01 27.640 K 28.668 K 2264 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
NvTelemetryContainer.exe < 0.01 9.024 K 17.176 K 3268 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
svchost.exe < 0.01 12.176 K 21.400 K 2116 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 1.676 K 7.000 K 6240 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 6.916 K 27.988 K 1552 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 8.572 K 26.836 K 1292 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
SearchIndexer.exe < 0.01 1.784 K 7.296 K 5280 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 3.364 K 14.068 K 6188 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 6.692 K 12.200 K 1068 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 4.612 K 12.260 K 3824 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
ClamTray.exe < 0.01 16.228 K 23.708 K 10012 ClamWin Antivirus alch (No hay ninguna firma presente en el sujeto) alch
svchost.exe < 0.01 2.740 K 7.744 K 1120 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2.604 K 8.852 K 1656 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 9.412 K 23.132 K 120 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 12.264 K 25.288 K 3208 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 37.296 K 56.036 K 8368 Google Chrome Google Inc. (Verified) Google Inc
NVIDIA Web Helper.exe < 0.01 35.912 K 38.272 K 4516 NVIDIA Web Helper Service Node.js (Verified) NVIDIA Corporation
chrome.exe < 0.01 41.128 K 60.812 K 8444 Google Chrome Google Inc. (Verified) Google Inc
nvcontainer.exe < 0.01 22.132 K 33.988 K 5772 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
chrome.exe < 0.01 32.756 K 44.880 K 9760 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 112.400 K 153.676 K 8860 Google Chrome Google Inc. (Verified) Google Inc
NVDisplay.Container.exe < 0.01 5.760 K 15.792 K 1700 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
nvcontainer.exe < 0.01 7.516 K 24.136 K 5840 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
nvsphelper64.exe < 0.01 2.972 K 12.384 K 4360 NVIDIA ShadowPlay Helper NVIDIA Corporation (Verified) NVIDIA Corporation
DiscSoftBusServiceLite.exe < 0.01 6.920 K 16.228 K 9316 Disc Soft Bus Service Lite Disc Soft Ltd (Verified) AVB Disc Soft
svchost.exe < 0.01 5.396 K 12.000 K 2088 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe 0.01 77.884 K 100.548 K 7300 Google Chrome Google Inc. (Verified) Google Inc
nvcontainer.exe 0.01 10.260 K 27.004 K 3200 NVIDIA Container NVIDIA Corporation (Verified) NVIDIA Corporation
svchost.exe 0.01 3.348 K 10.356 K 3276 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.03 11.016 K 20.068 K 3228 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
NVIDIA Share.exe 0.03 24.076 K 65.352 K 3100 NVIDIA Share NVIDIA Corporation (Verified) NVIDIA Corporation
explorer.exe 0.03 68.128 K 119.352 K 6664 Explorador de Windows Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.03 79.356 K 87.720 K 1844 Proceso host para los servicios de Windows Microsoft Corporation (Verified) Microsoft Windows Publisher
lsass.exe 0.05 6.308 K 15.524 K 916 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
csrss.exe 0.07 2.716 K 5.012 K 824 Proceso en tiempo de ejecución del cliente-servidor Microsoft Corporation (Verified) Microsoft Windows Publisher
EpicGamesLauncher.exe 0.09 187.984 K 137.800 K 2400 EpicGamesLauncher Epic Games, Inc. (Verified) Epic Games Inc.
System 0.11 212 K 10.636 K 4
MsMpEng.exe 0.12 159.156 K 148.204 K 3308 Antimalware Service Executable Microsoft Corporation (Verified) Microsoft Corporation
dwm.exe 0.12 57.192 K 51.296 K 1192 Administrador de ventanas de escritorio Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 0.17 6.052 K 13.232 K 4724 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.18 0 K 0 K n/a Hardware Interrupts and DPCs
procexp64.exe 0.52 40.092 K 71.952 K 4060 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System Idle Process 98.36 52 K 8 K 0

  • 0

#12
MrMatoke

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

We got most of it that time.  There is nothing active that I can see but there is a broken driver we should remove so one more fixlist:

 

Same instructions as before:

 

Let's see if it is still running slow:

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

Also try Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

Going to bed now.
 

 

This is the txt from the elevated command prompt:

 

 
Nombre de imagen               PID Servicios                                    
========================= ======== =============================================
System Idle Process              0 N/D                                          
System                           4 N/D                                          
Registry                       168 N/D                                          
smss.exe                       548 N/D                                          
csrss.exe                      712 N/D                                          
wininit.exe                    812 N/D                                          
csrss.exe                      824 N/D                                          
services.exe                   888 N/D                                          
lsass.exe                      916 KeyIso, SamSs, VaultSvc                      
svchost.exe                   1020 PlugPlay                                     
svchost.exe                    120 BrokerInfrastructure, DcomLaunch, Power,     
                                   SystemEventsBroker                           
fontdrvhost.exe                  8 N/D                                          
winlogon.exe                   736 N/D                                          
fontdrvhost.exe                804 N/D                                          
svchost.exe                   1068 RpcEptMapper, RpcSs                          
svchost.exe                   1120 LSM                                          
dwm.exe                       1192 N/D                                          
svchost.exe                   1264 gpsvc                                        
svchost.exe                   1324 NcbService                                   
svchost.exe                   1332 ProfSvc                                      
svchost.exe                   1340 Schedule                                     
svchost.exe                   1432 hidserv                                      
svchost.exe                   1480 TimeBrokerSvc                                
svchost.exe                   1596 EventLog                                     
svchost.exe                   1656 UserManager                                  
NVDisplay.Container.exe       1700 NVDisplay.ContainerLocalSystem               
svchost.exe                   1804 nsi                                          
svchost.exe                   1832 Themes                                       
svchost.exe                   1844 SysMain                                      
svchost.exe                   1852 EventSystem                                  
svchost.exe                   1944 Dhcp                                         
Memory Compression            1952 N/D                                          
svchost.exe                   2024 SENS                                         
svchost.exe                   1088 AudioEndpointBuilder                         
svchost.exe                   1116 FontCache                                    
svchost.exe                   2088 NlaSvc                                       
svchost.exe                   2116 BFE, CoreMessagingRegistrar, mpssvc          
svchost.exe                   2184 netprofm                                     
NVDisplay.Container.exe       2264 N/D                                          
svchost.exe                   2468 Audiosrv                                     
svchost.exe                   2544 StateRepository                              
svchost.exe                   2628 LicenseManager                               
svchost.exe                   2648 DusmSvc                                      
svchost.exe                   2656 Dnscache                                     
svchost.exe                   2664 Wcmsvc                                       
svchost.exe                   2804 ClipSVC                                      
svchost.exe                   2908 WinHttpAutoProxySvc                          
svchost.exe                   2932 AppXSvc                                      
svchost.exe                   3008 WlanSvc                                      
svchost.exe                   3048 ShellHWDetection                             
spoolsv.exe                   1772 Spooler                                      
svchost.exe                   3088 LanmanWorkstation                            
nvcontainer.exe               3200 NvContainerLocalSystem                       
svchost.exe                   3208 DiagTrack                                    
svchost.exe                   3220 WpnService                                   
svchost.exe                   3228 Winmgmt                                      
svchost.exe                   3244 TrkWks                                       
svchost.exe                   3236 DPS                                          
svchost.exe                   3252 DeviceAssociationService                     
svchost.exe                   3260 SstpSvc                                      
NvTelemetryContainer.exe      3268 NvTelemetryContainer                         
svchost.exe                   3276 CryptSvc                                     
svchost.exe                   3284 stisvc                                       
OfficeClickToRun.exe          3292 ClickToRunSvc                                
MsMpEng.exe                   3308 WinDefend                                    
SecurityHealthService.exe     3392 SecurityHealthService                        
svchost.exe                   3584 LanmanServer                                 
dasHost.exe                   3636 N/D                                          
svchost.exe                   3668 WdiSystemHost                                
svchost.exe                   3720 WdiServiceHost                               
svchost.exe                   3824 iphlpsvc                                     
svchost.exe                   4100 RasMan                                       
svchost.exe                   4420 SSDPSRV                                      
WmiPrvSE.exe                  4724 N/D                                          
svchost.exe                   4976 PolicyAgent                                  
SearchIndexer.exe             5280 WSearch                                      
svchost.exe                   5616 lmhosts                                      
svchost.exe                   5896 camsvc                                       
svchost.exe                   5932 lfsvc                                        
svchost.exe                   6124 NcdAutoSetup                                 
nvcontainer.exe               5840 N/D                                          
nvcontainer.exe               5772 N/D                                          
sihost.exe                     836 N/D                                          
svchost.exe                   1292 CDPUserSvc_defcd                             
svchost.exe                   1552 WpnUserService_defcd                         
svchost.exe                   6188 TokenBroker                                  
svchost.exe                   6240 TabletInputService                           
ctfmon.exe                    6336 N/D                                          
taskhostw.exe                 6380 N/D                                          
explorer.exe                  6664 N/D                                          
GoogleCrashHandler.exe        6812 N/D                                          
GoogleCrashHandler64.exe      6820 N/D                                          
ShellExperienceHost.exe       6556 N/D                                          
SearchUI.exe                  3356 N/D                                          
RuntimeBroker.exe             7000 N/D                                          
RuntimeBroker.exe             7332 N/D                                          
smartscreen.exe               7424 N/D                                          
SkypeHost.exe                 7792 N/D                                          
SettingSyncHost.exe           7908 N/D                                          
RuntimeBroker.exe             8092 N/D                                          
NVIDIA Web Helper.exe         4516 N/D                                          
conhost.exe                   1228 N/D                                          
svchost.exe                   8344 CDPSvc                                       
svchost.exe                   8648 NgcCtnrSvc                                   
RuntimeBroker.exe             8712 N/D                                          
chrome.exe                    8860 N/D                                          
svchost.exe                   8868 PcaSvc                                       
MSASCuiL.exe                  8916 N/D                                          
chrome.exe                    8976 N/D                                          
DTAgent.exe                   9036 N/D                                          
chrome.exe                    9052 N/D                                          
chrome.exe                    9192 N/D                                          
chrome.exe                    8368 N/D                                          
chrome.exe                    8444 N/D                                          
chrome.exe                    5800 N/D                                          
EpicGamesLauncher.exe         2400 N/D                                          
NisSrv.exe                    8332 WdNisSvc                                     
ClamTray.exe                 10012 N/D                                          
DiscSoftBusServiceLite.ex     9316 Disc Soft Lite Bus Service                   
chrome.exe                    7300 N/D                                          
chrome.exe                    6256 N/D                                          
audiodg.exe                   7768 N/D                                          
chrome.exe                    9760 N/D                                          
chrome.exe                    5568 N/D                                          
chrome.exe                    6084 N/D                                          
CCleaner64.exe                5836 N/D                                          
DTShellHlp.exe                9628 N/D                                          
unsecapp.exe                  5780 N/D                                          
svchost.exe                   3616 wscsvc                                       
svchost.exe                   6544 OneSyncSvc_defcd,                            
                                   PimIndexMaintenanceSvc_defcd,                
                                   UnistoreSvc_defcd, UserDataSvc_defcd         
nvsphelper64.exe              4360 N/D                                          
NVIDIA Share.exe              3100 N/D                                          
NVIDIA Share.exe             10336 N/D                                          
NVIDIA Share.exe             10344 N/D                                          
svchost.exe                  10764 DoSvc                                        
GoProDeviceDetection.exe     10876 GoProDeviceDetectionService                  
SgrmBroker.exe               11188 SgrmBroker                                   
svchost.exe                  11232 Appinfo                                      
svchost.exe                  10616 UsoSvc, wuauserv                             
WmiPrvSE.exe                 11764 N/D                                          
notepad.exe                   9300 N/D                                          
powershell.exe               10560 N/D                                          
conhost.exe                   2560 N/D                                          
tasklist.exe                 11332 N/D                                          

  • 0

#13
MrMatoke

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

This is the txt from speecy

Attached Files


  • 0

#14
MrMatoke

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 32 posts

We got most of it that time.  There is nothing active that I can see but there is a broken driver we should remove so one more fixlist:

 

Same instructions as before:

 

Let's see if it is still running slow:

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

Also try Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

Going to bed now.
 

 

And this is the Latency Mon report:

 

_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:20  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        DESKTOP-4LAFI5B
OS version:                                           Windows 10 , 10.0, build: 17134 (x64)
Hardware:                                             ASUSTeK COMPUTER INC., PRIME B350M-A
CPU:                                                  AuthenticAMD AMD Ryzen 7 1700 Eight-Core Processor 
Logical processors:                                   16
Processor groups:                                     1
RAM:                                                  8123 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   2994 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   362,835893
Average measured interrupt to process latency (µs):   5,981057
 
Highest measured interrupt to DPC latency (µs):       359,758114
Average measured interrupt to DPC latency (µs):       1,908183
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              282,154309
Driver with highest ISR routine execution time:       dxgkrnl.sys - DirectX Graphics Kernel, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0,015772
Driver with highest ISR total time:                   dxgkrnl.sys - DirectX Graphics Kernel, Microsoft Corporation
 
Total time spent in ISRs (%)                          0,016709
 
ISR count (execution time <250 µs):                   3763
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                1
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              431,212425
Driver with highest DPC routine execution time:       Wdf01000.sys - Motor en tiempo de ejecución del marco de controlador en modo kernel, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0,017229
Driver with highest DPC total execution time:         Wdf01000.sys - Motor en tiempo de ejecución del marco de controlador en modo kernel, Microsoft Corporation
 
Total time spent in DPCs (%)                          0,045860
 
DPC count (execution time <250 µs):                   31453
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                12
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 msmpeng.exe
 
Total number of hard pagefaults                       66
Hard pagefault count of hardest hit process:          64
Number of processes hit:                              2
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0,714662
CPU 0 ISR highest execution time (µs):                282,154309
CPU 0 ISR total execution time (s):                   0,053243
CPU 0 ISR count:                                      3537
CPU 0 DPC highest execution time (µs):                431,212425
CPU 0 DPC total execution time (s):                   0,131645
CPU 0 DPC count:                                      29184
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0,383387
CPU 1 ISR highest execution time (µs):                0,0
CPU 1 ISR total execution time (s):                   0,0
CPU 1 ISR count:                                      0
CPU 1 DPC highest execution time (µs):                158,196393
CPU 1 DPC total execution time (s):                   0,007837
CPU 1 DPC count:                                      1058
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0,190990
CPU 2 ISR highest execution time (µs):                0,0
CPU 2 ISR total execution time (s):                   0,0
CPU 2 ISR count:                                      0
CPU 2 DPC highest execution time (µs):                34,288577
CPU 2 DPC total execution time (s):                   0,000386
CPU 2 DPC count:                                      56
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0,254304
CPU 3 ISR highest execution time (µs):                0,0
CPU 3 ISR total execution time (s):                   0,0
CPU 3 ISR count:                                      0
CPU 3 DPC highest execution time (µs):                0,0
CPU 3 DPC total execution time (s):                   0,0
CPU 3 DPC count:                                      0
_________________________________________________________________________________________________________
CPU 4 Interrupt cycle time (s):                       0,189274
CPU 4 ISR highest execution time (µs):                0,0
CPU 4 ISR total execution time (s):                   0,0
CPU 4 ISR count:                                      0
CPU 4 DPC highest execution time (µs):                23,737475
CPU 4 DPC total execution time (s):                   0,000194
CPU 4 DPC count:                                      42
_________________________________________________________________________________________________________
CPU 5 Interrupt cycle time (s):                       0,238214
CPU 5 ISR highest execution time (µs):                0,0
CPU 5 ISR total execution time (s):                   0,0
CPU 5 ISR count:                                      0
CPU 5 DPC highest execution time (µs):                0,0
CPU 5 DPC total execution time (s):                   0,0
CPU 5 DPC count:                                      0
_________________________________________________________________________________________________________
CPU 6 Interrupt cycle time (s):                       0,217054
CPU 6 ISR highest execution time (µs):                0,0
CPU 6 ISR total execution time (s):                   0,0
CPU 6 ISR count:                                      0
CPU 6 DPC highest execution time (µs):                0,0
CPU 6 DPC total execution time (s):                   0,0
CPU 6 DPC count:                                      0
_________________________________________________________________________________________________________
CPU 7 Interrupt cycle time (s):                       0,262924
CPU 7 ISR highest execution time (µs):                0,0
CPU 7 ISR total execution time (s):                   0,0
CPU 7 ISR count:                                      0
CPU 7 DPC highest execution time (µs):                1,432866
CPU 7 DPC total execution time (s):                   0,000002
CPU 7 DPC count:                                      2
_________________________________________________________________________________________________________
CPU 8 Interrupt cycle time (s):                       0,298661
CPU 8 ISR highest execution time (µs):                0,0
CPU 8 ISR total execution time (s):                   0,0
CPU 8 ISR count:                                      0
CPU 8 DPC highest execution time (µs):                37,024048
CPU 8 DPC total execution time (s):                   0,001641
CPU 8 DPC count:                                      298
_________________________________________________________________________________________________________
CPU 9 Interrupt cycle time (s):                       0,362685
CPU 9 ISR highest execution time (µs):                0,0
CPU 9 ISR total execution time (s):                   0,0
CPU 9 ISR count:                                      0
CPU 9 DPC highest execution time (µs):                31,092184
CPU 9 DPC total execution time (s):                   0,000163
CPU 9 DPC count:                                      75
_________________________________________________________________________________________________________
CPU 10 Interrupt cycle time (s):                       0,315264
CPU 10 ISR highest execution time (µs):                0,0
CPU 10 ISR total execution time (s):                   0,0
CPU 10 ISR count:                                      0
CPU 10 DPC highest execution time (µs):                34,989980
CPU 10 DPC total execution time (s):                   0,000225
CPU 10 DPC count:                                      33
_________________________________________________________________________________________________________
CPU 11 Interrupt cycle time (s):                       0,376458
CPU 11 ISR highest execution time (µs):                0,0
CPU 11 ISR total execution time (s):                   0,0
CPU 11 ISR count:                                      0
CPU 11 DPC highest execution time (µs):                240,891784
CPU 11 DPC total execution time (s):                   0,003302
CPU 11 DPC count:                                      500
_________________________________________________________________________________________________________
CPU 12 Interrupt cycle time (s):                       0,214927
CPU 12 ISR highest execution time (µs):                8,737475
CPU 12 ISR total execution time (s):                   0,000163
CPU 12 ISR count:                                      165
CPU 12 DPC highest execution time (µs):                29,749499
CPU 12 DPC total execution time (s):                   0,000741
CPU 12 DPC count:                                      107
_________________________________________________________________________________________________________
CPU 13 Interrupt cycle time (s):                       0,239767
CPU 13 ISR highest execution time (µs):                1,202405
CPU 13 ISR total execution time (s):                   0,000017
CPU 13 ISR count:                                      19
CPU 13 DPC highest execution time (µs):                29,759519
CPU 13 DPC total execution time (s):                   0,000344
CPU 13 DPC count:                                      67
_________________________________________________________________________________________________________
CPU 14 Interrupt cycle time (s):                       0,221053
CPU 14 ISR highest execution time (µs):                2,084168
CPU 14 ISR total execution time (s):                   0,000028
CPU 14 ISR count:                                      26
CPU 14 DPC highest execution time (µs):                23,587174
CPU 14 DPC total execution time (s):                   0,000224
CPU 14 DPC count:                                      34
_________________________________________________________________________________________________________
CPU 15 Interrupt cycle time (s):                       0,226458
CPU 15 ISR highest execution time (µs):                1,352705
CPU 15 ISR total execution time (s):                   0,000016
CPU 15 ISR count:                                      17
CPU 15 DPC highest execution time (µs):                16,242485
CPU 15 DPC total execution time (s):                   0,000050
CPU 15 DPC count:                                      9
_________________________________________________________________________________________________________

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   560bytes   219 downloads

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Latency Monitor shows Windows Defender is causing page faults.  Also your Clam a-v isn't very good so I would Download the free Avast:

 

https://support.avas...-Free-Antivirus

 

Save it but do not install yet.

 

Uninstall ClamWin

 

Reboot.

 

Install Avast per the instructions (right click on the downloaded file and Run As Admin).  Stick with the Basic (free version and do not accept any free trials or optional software)

 

Once you have it running and it is updated rerun Latency Monitor and post the log.  Also it would be a good idea to let Avast do a Boot-time scan tonight while you sleep:

 

It takes like 6 hours so I usually let it run at night.


Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.




 


  • 1






Similar Topics


Also tagged with one or more of these keywords: Trojan, Virus, Malware, Occamy.c

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP