Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Occamy.c Trojan! Please help!

Started by MrMatoke , Jul 22 2018 05:25 PM
Trojan Virus Malware Occamy.c

  • Please log in to reply

#16
MrMatoke
Posted 25 July 2018 - 01:31 PM

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Download the attached fixlist.txt to the same location as FRST


Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.&&0

 

Latency Monitor shows Windows Defender is causing page faults.  Also your Clam a-v isn't very good so I would Download the free Avast:

 

https://support.avas...-Free-Antivirus

 

Save it but do not install yet.

 

Uninstall ClamWin

 

Reboot.

 

Install Avast per the instructions (right click on the downloaded file and Run As Admin).  Stick with the Basic (free version and do not accept any free trials or optional software)

 

Once you have it running and it is updated rerun Latency Monitor and post the log.  Also it would be a good idea to let Avast do a Boot-time scan tonight while you sleep:

 

It takes like 6 hours so I usually let it run at night.


Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.




 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.07.2018
Ran by Matoke (administrator) on DESKTOP-4LAFI5B (25-07-2018 16:28:43)
Running from C:\Users\amd\Downloads
Loaded Profiles: Matoke (Available Profiles: Matoke)
Platform: Windows 10 Pro Version 1803 17134.165 (X64) Language: Español (México)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTAgent.exe
(Epic Games, Inc.) C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\amd\Downloads\FRST64 (1).exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508104 2015-10-30] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2015-05-05] (alch)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [729704 2018-04-03] (Disc Soft Ltd)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3201312 2018-06-08] (Valve Corporation)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [Discord] => C:\Users\amd\AppData\Local\Discord\app-0.0.301\Discord.exe [57816920 2018-04-30] (Discord Inc.)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [32966032 2018-07-20] (Epic Games, Inc.)
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Run: [GoogleChromeAutoLaunch_75BED9BC4FE28DE71792C715C05373CF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568 2018-06-22] (Google Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 100.72.3.109 100.72.3.1
Tcpip\..\Interfaces\{54e2108c-8637-4bb9-95c6-a60275ec1987}: [DhcpNameServer] 208.67.220.220 208.67.222.222
Tcpip\..\Interfaces\{641c23af-61d5-46a6-a811-c61f189b2b88}: [DhcpNameServer] 100.72.3.109 100.72.3.1
 
Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-07-19] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-06-30] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-05-14] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-06-24] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-06-24] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-07-21] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1425245053&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1425245053&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245","hxxp://www.mystartsearch.com/?type=hppp&ts=1425245075&from=tugs&uid=WDCXWD5000LPVX-60V0TT0_WD-WX91A743J2453J245"
CHR Profile: C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default [2018-07-25]
CHR Extension: (Presentaciones) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-07-21]
CHR Extension: (Documentos) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-07-21]
CHR Extension: (Google Drive) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-07-21]
CHR Extension: (YouTube) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-07-21]
CHR Extension: (Hojas de cálculo) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-07-21]
CHR Extension: (Cablevisión Flow) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gfbnbmbkemlokfckhdoaakhjogffkinc [2018-07-21]
CHR Extension: (Documentos de Google sin conexión) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-07-21]
CHR Extension: (AdBlock) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2018-07-25]
CHR Extension: (Sistema de pagos de Chrome Web Store) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-07-21]
CHR Extension: (Gmail) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-07-21]
CHR Extension: (Chrome Media Router) - C:\Users\amd\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-07-21]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7206312 2018-07-17] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-07-13] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [3606120 2018-04-03] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-05-14] (EasyAntiCheat Ltd)
R2 GoProDeviceDetectionService; C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe [38328 2018-04-26] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-26] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-26] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 amdgpio2; C:\WINDOWS\System32\drivers\amdgpio2.sys [34696 2018-05-11] (Advanced Micro Devices, Inc)
R3 amdgpio3; C:\WINDOWS\System32\drivers\amdgpio3.sys [33144 2018-05-11] (Advanced Micro Devices, Inc)
R3 AMDPCIDev; C:\WINDOWS\System32\drivers\AMDPCIDev.sys [31592 2018-05-11] (Advanced Micro Devices)
R0 amdpsp; C:\WINDOWS\System32\drivers\amdpsp.sys [137104 2018-05-11] (Advanced Micro Devices, Inc. )
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2018-05-13] (Disc Soft Ltd)
R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2018-05-13] (Disc Soft Ltd)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvpcdi.inf_amd64_1956348608fec82f\nvlddmkm.sys [17200392 2018-06-25] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31200 2018-05-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [68112 2018-06-24] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 rspLLL; C:\WINDOWS\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2018-04-11] (Realtek )
R3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5707264 2018-04-11] (Realtek Semiconductor Corporation )
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-04-12] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-26] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-26] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-26] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-25 16:29 - 2018-07-25 16:29 - 060817408 _____ C:\Users\amd\Downloads\Sin confirmar 714983.crdownload
2018-07-25 01:56 - 2018-07-25 01:56 - 002476504 _____ (Resplendence Software Projects Sp. ) C:\Users\amd\Downloads\LatencyMon.exe
2018-07-25 01:56 - 2018-07-25 01:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LatencyMon
2018-07-25 01:56 - 2018-07-25 01:56 - 000000000 ____D C:\Program Files\LatencyMon
2018-07-25 01:56 - 2015-07-13 11:16 - 000026368 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspLLL64.sys
2018-07-25 01:55 - 2018-07-25 01:55 - 000109938 _____ C:\Users\amd\Downloads\DESKTOP-4LAFI5B.txt
2018-07-25 01:50 - 2018-07-25 01:52 - 000109938 _____ C:\Users\amd\Desktop\DESKTOP-4LAFI5B.txt
2018-07-25 01:46 - 2018-07-25 01:46 - 000018415 _____ C:\Users\amd\Downloads\NvTelemetryContainer.exe.txt
2018-07-25 01:45 - 2018-07-25 01:45 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-07-25 01:38 - 2018-07-25 01:38 - 000000000 ____D C:\Users\amd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Speccy
2018-07-25 01:38 - 2018-07-25 01:38 - 000000000 ____D C:\Program Files\Speccy
2018-07-25 01:37 - 2018-07-25 01:37 - 006889184 _____ (Piriform Ltd) C:\Users\amd\Downloads\spsetup132.exe
2018-07-25 01:36 - 2018-07-25 01:49 - 000024442 _____ C:\junk.txt
2018-07-25 01:34 - 2018-07-25 01:34 - 000016083 _____ C:\Users\amd\Downloads\Registry.txt
2018-07-25 01:31 - 2018-07-25 01:45 - 000001471 _____ C:\Users\amd\Desktop\procexp - Acceso directo.lnk
2018-07-25 01:29 - 2018-07-25 01:30 - 002724512 _____ (Sysinternals - www.sysinternals.com) C:\Users\amd\Downloads\procexp.exe
2018-07-25 00:27 - 2018-07-25 16:25 - 000001440 _____ C:\Users\amd\Downloads\Fixlog.txt
2018-07-25 00:17 - 2018-07-25 00:17 - 000001265 _____ C:\Users\amd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRST64 (1).lnk
2018-07-25 00:13 - 2018-07-25 00:13 - 002412544 _____ (Farbar) C:\Users\amd\Downloads\FRST64 (1).exe
2018-07-24 15:08 - 2018-07-25 00:37 - 000041131 _____ C:\Users\amd\Downloads\Addition.txt
2018-07-24 15:07 - 2018-07-25 16:29 - 000015250 _____ C:\Users\amd\Downloads\FRST.txt
2018-07-24 15:06 - 2018-07-25 16:28 - 000000000 ____D C:\FRST
2018-07-24 15:06 - 2018-07-24 15:06 - 002412544 _____ (Farbar) C:\Users\amd\Downloads\FRST64.exe
2018-07-24 15:03 - 2018-07-24 18:09 - 000000000 ____D C:\Users\amd\AppData\Roaming\grdsvc
2018-07-21 16:33 - 2018-07-21 16:33 - 000302336 _____ C:\WINDOWS\ntbtlog.txt
2018-07-21 04:11 - 2018-07-25 16:25 - 099090432 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-07-21 04:05 - 2018-07-21 04:11 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-07-21 00:48 - 2018-07-24 15:12 - 000002364 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-21 00:48 - 2018-07-24 15:11 - 000002411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-21 00:41 - 2018-07-21 00:41 - 000003620 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-07-21 00:41 - 2018-07-21 00:41 - 000003496 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-07-21 00:35 - 2018-07-25 16:17 - 000004222 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{73890BB9-1793-49C2-B71C-CE9860C861B9}
2018-07-20 23:03 - 2018-07-20 23:03 - 000000314 _____ C:\Users\amd\Desktop\Fortnite.url
2018-07-20 02:36 - 2018-07-20 02:36 - 000000000 ____D C:\Users\amd\AppData\Local\CrashDumps
2018-07-19 03:24 - 2018-07-19 03:24 - 000002210 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2018-07-19 03:23 - 2018-07-19 03:23 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-07-19 03:23 - 2018-06-24 12:40 - 000132032 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-07-19 03:22 - 2018-06-24 12:39 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-07-19 03:22 - 2018-06-24 12:31 - 005947520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 002612624 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 001767360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 000633792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 000451144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 000124200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-07-19 03:22 - 2018-06-24 12:31 - 000083424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-07-19 03:22 - 2018-06-20 07:52 - 008207422 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-07-19 03:21 - 2018-07-19 03:21 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-07-19 03:21 - 2018-06-25 14:26 - 000551840 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-07-19 03:21 - 2018-06-25 14:26 - 000457144 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 040346984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 035250256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 031244248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 013728120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 011273632 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 004350040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 003760672 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 002013784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439836.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001563392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001468448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439836.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001419200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001216872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 001092360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 000749472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 000626616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 000608512 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-07-19 03:15 - 2018-06-25 14:25 - 000518208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 025961336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 017750344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 015165008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 004856232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 004126128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001356816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001347664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001157392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001069416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 001063216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 000904720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 000814616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 000652344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-07-19 03:15 - 2018-06-25 14:24 - 000634760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-07-19 03:15 - 2018-06-24 14:27 - 001688848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2018-07-19 03:15 - 2018-06-24 14:27 - 000227928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2018-07-19 03:15 - 2018-06-24 14:27 - 000068112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-07-19 03:15 - 2018-06-24 14:27 - 000047648 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2018-07-19 03:15 - 2018-06-24 14:27 - 000044271 _____ C:\WINDOWS\system32\nvinfo.pb
2018-07-19 01:31 - 2018-07-19 01:31 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-07-19 01:31 - 2018-07-19 01:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office
2018-07-17 22:26 - 2018-07-17 22:26 - 000366538 _____ C:\Users\amd\Downloads\SOBRE RUEDAS-1.prproj
2018-07-17 22:24 - 2018-07-17 22:24 - 000041440 _____ C:\Users\amd\Downloads\corto dijusi 2016.veg
2018-07-16 21:09 - 2018-07-16 21:09 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:09 - 2018-07-16 21:09 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:09 - 2018-05-20 14:36 - 002496480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-07-16 21:09 - 2018-05-20 14:36 - 002164192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-07-16 21:09 - 2018-05-20 14:36 - 001312224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-07-16 21:08 - 2018-07-16 21:08 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-07-16 21:08 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-07-16 21:07 - 2018-03-15 05:47 - 000067432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2018-07-14 01:32 - 2018-05-16 21:18 - 000000916 _____ C:\Users\amd\Desktop\VLC media player.lnk
2018-07-13 14:48 - 2018-07-17 22:41 - 000000000 ____D C:\Users\amd\AppData\Local\ElevatedDiagnostics
2018-07-13 00:01 - 2018-07-25 00:48 - 000000000 ___HD C:\Users\Public\Shared Files
2018-07-13 00:01 - 2018-07-13 00:01 - 000000000 __SHD C:\MSOCache
2018-07-12 10:49 - 2018-07-12 10:49 - 001943805 _____ C:\Users\amd\Downloads\drive-download-20180712T134928Z-001.zip
2018-07-12 10:33 - 2018-07-12 10:33 - 000181871 _____ C:\Users\amd\Downloads\ESCENA 1.jpeg
2018-07-12 09:01 - 2018-06-28 22:13 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-07-12 09:01 - 2018-06-28 22:13 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-07-11 21:49 - 2018-07-06 11:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-07-11 21:49 - 2018-07-06 11:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-11 21:49 - 2018-07-06 11:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-07-11 21:49 - 2018-07-06 11:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-07-11 21:49 - 2018-07-06 11:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-07-11 21:49 - 2018-07-06 11:15 - 002266520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-07-11 21:49 - 2018-07-06 11:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-11 21:49 - 2018-07-06 10:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-11 21:49 - 2018-07-06 10:53 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2018-07-11 21:49 - 2018-07-06 10:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-07-11 21:49 - 2018-07-06 10:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-07-11 21:49 - 2018-07-06 10:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-11 21:49 - 2018-07-06 10:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-11 21:49 - 2018-07-06 10:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-07-11 21:49 - 2018-07-06 10:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-11 21:49 - 2018-07-06 10:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-11 21:49 - 2018-07-06 10:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-11 21:49 - 2018-07-06 10:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-11 21:49 - 2018-07-06 10:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-11 21:49 - 2018-07-06 10:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-11 21:49 - 2018-07-06 10:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-11 21:49 - 2018-07-06 09:12 - 001539000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-07-11 21:49 - 2018-07-06 09:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-07-11 21:49 - 2018-07-06 08:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-11 21:49 - 2018-07-06 08:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-11 21:49 - 2018-07-06 08:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-11 21:49 - 2018-07-06 08:53 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2018-07-11 21:49 - 2018-07-06 08:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-07-11 21:49 - 2018-07-06 08:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-11 21:49 - 2018-07-06 08:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-11 21:49 - 2018-07-06 08:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-11 21:49 - 2018-07-06 08:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-11 21:49 - 2018-07-06 08:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-11 21:49 - 2018-07-06 08:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-11 21:49 - 2018-07-06 08:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-11 21:49 - 2018-07-06 08:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-11 21:49 - 2018-07-06 04:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-11 21:49 - 2018-07-06 04:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-07-11 21:49 - 2018-07-06 04:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-07-11 21:49 - 2018-07-06 04:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-11 21:49 - 2018-07-06 04:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-11 21:49 - 2018-07-06 04:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-11 21:49 - 2018-07-06 04:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-11 21:49 - 2018-07-06 04:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-11 21:49 - 2018-07-06 04:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-11 21:49 - 2018-07-06 04:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-11 21:49 - 2018-07-06 04:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-11 21:49 - 2018-07-06 04:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-07-11 21:49 - 2018-07-06 04:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-11 21:49 - 2018-07-06 04:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-11 21:49 - 2018-07-06 04:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-07-11 21:49 - 2018-07-06 04:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-07-11 21:49 - 2018-07-06 04:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-11 21:49 - 2018-07-06 04:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-11 21:49 - 2018-07-06 04:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-11 21:49 - 2018-07-06 04:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-11 21:49 - 2018-07-06 04:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-11 21:49 - 2018-07-06 04:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-07-11 21:49 - 2018-07-06 04:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-07-11 21:49 - 2018-07-06 04:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-11 21:49 - 2018-07-06 04:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-07-11 21:49 - 2018-07-06 04:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-07-11 21:49 - 2018-07-06 04:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-11 21:49 - 2018-07-06 04:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-11 21:49 - 2018-07-06 04:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-11 21:49 - 2018-07-06 04:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-11 21:49 - 2018-07-06 04:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-11 21:49 - 2018-07-06 04:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-07-11 21:49 - 2018-07-06 04:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-07-11 21:49 - 2018-07-06 04:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-07-11 21:49 - 2018-07-06 04:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-07-11 21:49 - 2018-07-06 04:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-07-11 21:49 - 2018-07-06 04:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-07-11 21:49 - 2018-07-06 03:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-07-11 21:49 - 2018-07-06 03:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-11 21:49 - 2018-07-06 03:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-07-11 21:49 - 2018-07-06 03:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-07-11 21:49 - 2018-07-06 03:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-11 21:49 - 2018-07-06 03:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-07-11 21:49 - 2018-07-06 03:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-07-11 21:49 - 2018-07-06 03:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-07-11 21:49 - 2018-07-06 03:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-07-11 21:49 - 2018-07-06 03:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-07-11 21:49 - 2018-07-06 03:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-07-11 21:49 - 2018-07-06 03:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-11 21:49 - 2018-07-06 02:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-11 21:49 - 2018-06-29 01:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-11 21:49 - 2018-06-15 14:55 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-11 21:49 - 2018-06-15 14:53 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-11 21:49 - 2018-06-15 14:53 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-11 21:49 - 2018-06-15 14:50 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-11 21:49 - 2018-06-15 14:49 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-11 21:49 - 2018-06-15 14:48 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-11 21:49 - 2018-06-15 14:48 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-11 21:49 - 2018-06-15 14:35 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-11 21:49 - 2018-06-15 14:34 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-11 21:49 - 2018-06-15 14:34 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-11 21:49 - 2018-06-15 14:34 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-11 21:49 - 2018-06-15 14:33 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-11 21:49 - 2018-06-15 14:33 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-11 21:49 - 2018-06-15 14:33 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-11 21:49 - 2018-06-15 14:33 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-11 21:49 - 2018-06-15 14:32 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2018-07-11 21:49 - 2018-06-15 14:32 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2018-07-11 21:49 - 2018-06-15 14:32 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-11 21:49 - 2018-06-15 14:32 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-11 21:49 - 2018-06-15 14:31 - 002193920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2018-07-11 21:49 - 2018-06-15 14:31 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-11 21:49 - 2018-06-15 14:31 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-11 21:49 - 2018-06-15 14:31 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-11 21:49 - 2018-06-15 14:30 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-11 21:49 - 2018-06-15 14:30 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-11 21:49 - 2018-06-15 14:30 - 001186816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2018-07-11 21:49 - 2018-06-15 14:30 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2018-07-11 21:49 - 2018-06-15 14:30 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-11 21:49 - 2018-06-15 14:30 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-11 21:49 - 2018-06-15 14:30 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-07-11 21:49 - 2018-06-15 14:30 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-07-11 21:49 - 2018-06-15 14:29 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-11 21:49 - 2018-06-15 14:29 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-11 21:49 - 2018-06-15 14:29 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-11 21:49 - 2018-06-15 14:29 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-11 21:49 - 2018-06-15 14:29 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-11 21:49 - 2018-06-15 14:29 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-11 21:49 - 2018-06-15 14:28 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-11 21:49 - 2018-06-15 14:28 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-11 21:49 - 2018-06-15 14:03 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2018-07-11 21:49 - 2018-06-15 14:00 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppCore.dll
2018-07-11 21:49 - 2018-06-15 12:25 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-11 21:49 - 2018-06-15 12:22 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-11 21:49 - 2018-06-15 12:16 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-11 21:49 - 2018-06-15 12:07 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-11 21:49 - 2018-06-15 12:06 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-11 21:49 - 2018-06-15 12:06 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-11 21:49 - 2018-06-15 12:04 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-11 21:49 - 2018-06-15 12:04 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-11 21:49 - 2018-06-15 12:03 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-11 21:49 - 2018-06-15 12:03 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-11 21:49 - 2018-06-15 12:02 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-11 21:49 - 2018-06-15 12:01 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-11 21:49 - 2018-06-15 12:01 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-11 21:49 - 2018-06-15 10:23 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-11 21:49 - 2018-06-15 04:11 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-11 21:49 - 2018-06-15 04:10 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-11 21:49 - 2018-06-15 04:03 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-11 21:49 - 2018-06-15 02:21 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-11 21:49 - 2018-06-15 02:21 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-11 21:49 - 2018-06-15 02:19 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-11 21:49 - 2018-06-15 02:19 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-11 21:49 - 2018-06-15 02:19 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-11 21:49 - 2018-06-15 02:18 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-11 21:49 - 2018-06-15 02:16 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-11 21:49 - 2018-06-15 02:16 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-11 21:49 - 2018-06-15 02:15 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:15 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-11 21:49 - 2018-06-15 02:13 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-11 21:49 - 2018-06-15 02:13 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-11 21:49 - 2018-06-15 02:12 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-11 21:49 - 2018-06-15 02:11 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-11 21:49 - 2018-06-15 02:10 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-11 21:49 - 2018-06-15 02:10 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-11 21:49 - 2018-06-15 02:10 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-11 21:49 - 2018-06-15 02:10 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-11 21:49 - 2018-06-15 02:09 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-11 21:49 - 2018-06-15 02:09 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-11 21:49 - 2018-06-15 02:09 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-11 21:49 - 2018-06-15 02:08 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-11 21:49 - 2018-06-15 02:08 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-11 21:49 - 2018-06-15 02:08 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-11 21:49 - 2018-06-15 02:08 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-11 21:49 - 2018-06-15 02:08 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-11 21:49 - 2018-06-15 02:08 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-11 21:49 - 2018-06-15 02:08 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-07-11 21:49 - 2018-06-15 02:08 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-11 21:49 - 2018-06-15 02:08 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-11 21:49 - 2018-06-15 02:07 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-11 21:49 - 2018-06-15 02:07 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-11 21:49 - 2018-06-15 02:05 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-11 21:49 - 2018-06-15 02:05 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-11 21:49 - 2018-06-15 02:04 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-11 21:49 - 2018-06-15 02:03 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-11 21:49 - 2018-06-15 02:03 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-11 21:49 - 2018-06-15 01:49 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-11 21:49 - 2018-06-15 01:48 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-11 21:49 - 2018-06-15 01:48 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-11 21:49 - 2018-06-15 01:47 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-11 21:49 - 2018-06-15 01:47 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-11 21:49 - 2018-06-15 01:47 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-11 21:49 - 2018-06-15 01:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-11 21:49 - 2018-06-15 01:45 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-11 21:49 - 2018-06-15 01:45 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-11 21:49 - 2018-06-15 01:45 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-11 21:49 - 2018-06-15 01:44 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-11 21:49 - 2018-06-15 01:44 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-11 21:49 - 2018-06-15 01:43 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-11 21:49 - 2018-06-15 01:43 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-11 21:49 - 2018-06-15 01:43 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-11 21:49 - 2018-06-15 01:42 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-07-11 21:49 - 2018-06-15 01:42 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-11 21:49 - 2018-06-15 01:42 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-11 21:49 - 2018-06-15 01:42 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-11 21:49 - 2018-06-15 01:42 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-11 21:49 - 2018-06-15 01:41 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-11 21:49 - 2018-06-15 01:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-11 21:49 - 2018-06-15 01:40 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-11 21:49 - 2018-06-15 01:39 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-11 21:49 - 2018-06-15 01:38 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-11 21:49 - 2018-06-15 01:37 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-11 21:49 - 2018-06-15 01:37 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-11 21:49 - 2018-06-15 01:36 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-11 21:49 - 2018-06-01 02:18 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-10 11:03 - 2018-07-10 11:03 - 000179278 _____ C:\Users\amd\Downloads\TECNICAS (1).pdf
2018-07-09 16:57 - 2018-07-09 16:57 - 000096399 _____ C:\WINDOWS\uninstaller.dat
2018-07-09 15:26 - 2018-07-09 15:26 - 000179278 _____ C:\Users\amd\Downloads\TECNICAS.pdf
2018-07-01 19:54 - 2018-07-01 19:54 - 049232027 _____ C:\Users\amd\Downloads\Cap 12 clase .m4a
2018-06-30 21:48 - 2018-06-30 21:48 - 030474743 _____ C:\Users\amd\Downloads\Capitulo 11 clase.m4a
2018-06-27 22:09 - 2018-06-27 22:10 - 081951191 _____ C:\Users\amd\Downloads\vlc-record-2018-06-27-20h14m06s-dvd___-.mp4
2018-06-25 22:41 - 2018-07-02 19:07 - 000000000 ____D C:\Users\amd\AppData\LocalLow\BitTorrent
2018-06-25 21:19 - 2018-06-25 21:20 - 011259054 _____ C:\Users\amd\Downloads\vlc-record-2018-06-25-20h41m46s-dvd___-.zip
2018-06-25 20:40 - 2018-06-27 20:34 - 000000000 ____D C:\Users\amd\Desktop\Video Mama
2018-06-25 18:46 - 2018-06-25 18:46 - 034076823 _____ C:\Users\amd\Downloads\drive-download-20180625T214450Z-001.zip
2018-06-25 14:15 - 2018-06-25 14:15 - 000481175 _____ C:\Users\amd\Downloads\313-1049-1-PB.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-25 16:28 - 2018-05-10 16:18 - 000000000 ____D C:\ProgramData\NVIDIA
2018-07-25 16:26 - 2018-06-10 20:18 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-25 16:26 - 2018-04-11 20:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-25 16:25 - 2018-04-11 18:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-25 16:21 - 2018-06-10 20:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-25 00:36 - 2018-06-10 20:18 - 001762872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-25 00:36 - 2018-04-12 13:21 - 000781218 _____ C:\WINDOWS\system32\perfh00A.dat
2018-07-25 00:36 - 2018-04-12 13:21 - 000152030 _____ C:\WINDOWS\system32\perfc00A.dat
2018-07-25 00:36 - 2018-04-11 20:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-25 00:28 - 2018-05-26 15:59 - 000000000 ____D C:\Users\amd\AppData\LocalLow\Temp
2018-07-25 00:26 - 2018-06-10 20:07 - 000000000 ____D C:\Users\amd
2018-07-23 11:42 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-23 10:40 - 2018-05-10 15:33 - 000000000 ____D C:\Users\amd\AppData\Local\Packages
2018-07-21 01:28 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-21 00:41 - 2018-05-10 16:06 - 000000000 ____D C:\Program Files (x86)\Google
2018-07-21 00:37 - 2018-05-11 10:18 - 000000000 ____D C:\Program Files (x86)\OCCTPT
2018-07-20 22:32 - 2018-05-14 20:23 - 000000000 ____D C:\Program Files\Epic Games
2018-07-20 22:12 - 2018-04-11 20:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-19 03:37 - 2018-06-10 20:18 - 000003380 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1830811996-1437030023-4132568959-1001
2018-07-19 03:37 - 2018-06-10 20:07 - 000002361 _____ C:\Users\amd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-19 03:37 - 2018-05-10 15:34 - 000000000 ___RD C:\Users\amd\OneDrive
2018-07-19 03:24 - 2018-05-10 16:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-07-19 03:24 - 2018-05-10 16:16 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-07-19 03:23 - 2018-05-10 16:15 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-07-19 03:22 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\Help
2018-07-19 03:21 - 2018-05-10 16:17 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-07-19 03:17 - 2018-05-10 16:19 - 000000000 ____D C:\Users\amd\AppData\Local\NVIDIA
2018-07-19 01:31 - 2018-05-13 22:08 - 000002580 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype Empresarial.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002531 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002512 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002483 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-07-19 01:31 - 2018-05-13 22:08 - 000002439 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-07-19 01:29 - 2018-05-13 22:05 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-07-17 22:58 - 2018-04-11 20:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-17 22:26 - 2018-05-16 21:18 - 000000000 ____D C:\Users\amd\AppData\Roaming\vlc
2018-07-16 21:13 - 2018-05-10 16:19 - 000000000 ____D C:\Users\amd\AppData\Local\NVIDIA Corporation
2018-07-16 21:08 - 2018-06-10 20:18 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-06-10 20:18 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-06-10 20:18 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 21:08 - 2018-06-10 20:18 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-07-16 20:23 - 2018-05-10 17:44 - 000563832 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-07-13 17:04 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-12 23:33 - 2018-05-14 20:21 - 000000000 ____D C:\Users\amd\AppData\Local\UnrealEngine
2018-07-12 09:01 - 2018-06-10 20:03 - 005101584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-12 09:01 - 2018-05-10 15:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-12 09:01 - 2018-05-10 15:33 - 000000000 ___RD C:\Users\amd\3D Objects
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-12 00:56 - 2018-04-12 13:25 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-12 00:56 - 2018-04-11 20:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-11 22:48 - 2018-06-17 18:10 - 000000000 ____D C:\ProgramData\Packages
2018-07-11 21:07 - 2018-05-14 20:36 - 000000000 ____D C:\Users\amd\Desktop\MIS COSAS
2018-07-10 23:03 - 2018-05-13 22:04 - 000000000 ____D C:\Users\amd\AppData\Local\MicrosoftEdge
2018-07-10 22:30 - 2018-05-13 22:02 - 000000000 ____D C:\Program Files\KMSpico
2018-07-10 21:25 - 2018-05-10 15:49 - 000000000 ____D C:\Users\amd\AppData\Local\Comms
2018-07-10 20:44 - 2018-05-10 15:33 - 000000000 ____D C:\Users\amd\AppData\Local\ConnectedDevicesPlatform
2018-07-05 10:40 - 2018-05-23 10:54 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-07-02 23:21 - 2018-05-14 20:17 - 000000000 ____D C:\Users\amd\AppData\Roaming\BitTorrent
2018-07-01 00:07 - 2018-05-14 19:51 - 000000000 ____D C:\Program Files (x86)\Steam
2018-06-28 09:55 - 2018-06-15 19:00 - 000000000 ____D C:\Users\amd\AppData\Roaming\dvdcss
2018-06-26 21:06 - 2018-05-10 18:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 20:56 - 2018-05-10 16:19 - 000000000 ____D C:\Users\amd\AppData\Local\PlaceholderTileLogoFolder
 
==================== Files in the root of some directories =======
 
2018-07-10 22:36 - 2018-07-10 22:36 - 000032038 _____ () C:\Users\amd\AppData\Local\uninstall_temp.ico
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-10 20:03
 
==================== End of FRST.txt ============================

  • 0

Advertisements

#17
MrMatoke
Posted 25 July 2018 - 01:32 PM

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.&&0

 

Latency Monitor shows Windows Defender is causing page faults.  Also your Clam a-v isn't very good so I would Download the free Avast:

 

https://support.avas...-Free-Antivirus

 

Save it but do not install yet.

 

Uninstall ClamWin

 

Reboot.

 

Install Avast per the instructions (right click on the downloaded file and Run As Admin).  Stick with the Basic (free version and do not accept any free trials or optional software)

 

Once you have it running and it is updated rerun Latency Monitor and post the log.  Also it would be a good idea to let Avast do a Boot-time scan tonight while you sleep:

 

It takes like 6 hours so I usually let it run at night.


Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.




 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21.07.2018
Ran by Matoke (25-07-2018 16:29:58)
Running from C:\Users\amd\Downloads
Windows 10 Pro Version 1803 17134.165 (X64) (2018-06-10 23:19:43)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-1830811996-1437030023-4132568959-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1830811996-1437030023-4132568959-503 - Limited - Disabled)
Invitado (S-1-5-21-1830811996-1437030023-4132568959-501 - Limited - Disabled)
Matoke (S-1-5-21-1830811996-1437030023-4132568959-1001 - Administrator - Enabled) => C:\Users\amd
WDAGUtilityAccount (S-1-5-21-1830811996-1437030023-4132568959-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Actualización de NVIDIA 31.2.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 31.2.0.0 - NVIDIA Corporation) Hidden
Adobe After Effects CC 2015 (HKLM-x32\...\{147EC100-14BE-45EF-AB42-35BAEE7D02F0}) (Version: 13.5.0 - Adobe Systems Incorporated)
Adobe Animate CC 2015 (HKLM-x32\...\{8CEBC11D-C52F-11E5-A0D6-D44AB5E81A82}) (Version: 15.1 - Adobe Systems Incorporated)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Encore CS6 (HKLM-x32\...\{46251F95-B2F8-484A-9B5B-8C0E5A43A202}) (Version: 6.0.0 - Adobe Systems Incorporated)
Adobe Illustrator CC 2015 (HKLM-x32\...\{5680D629-B263-49CC-821E-3CEBD4507B51}) (Version: 19.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.0 - Adobe Systems Incorporated)
AMD Ryzen Master (HKLM\...\{5A1CE077-7111-4C7D-A5C5-E210D4B68AD8}) (Version: 1.3.0.0623 - Advanced Micro Devices, Inc.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 17.7 - Advanced Micro Devices, Inc.)
Balanced (HKLM-x32\...\{EFD0705E-598B-46D4-8D5B-4539431764B8}) (Version: 2.02.0000 - Nombre de su organización) Hidden
BitTorrent (HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\BitTorrent) (Version: 7.10.3.44495 - BitTorrent Inc.)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
ClamWin Free Antivirus 0.98.7 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.8.0.0410 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\Discord) (Version: 0.0.301 - Discord Inc.)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 398.36 - NVIDIA Corporation) Hidden
DMMultiView (HKLM-x32\...\{8EEBAD15-F3B7-468B-917F-97BBF6B1004B}) (Version:  - )
Epic Games Launcher (HKLM-x32\...\{79F5479A-BF71-4F4C-9C49-9D616AF923DE}) (Version: 1.1.151.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
GeoVision ADPCM (HKLM-x32\...\GeoADPCM) (Version:  - )
GeoVision Audio (HKLM-x32\...\GeoAudio) (Version:  - )
GeoVision H264 (HKLM-x32\...\Codec_264) (Version:  - )
GeoVision JPEG (HKLM-x32\...\Codec_jpeg) (Version:  - )
GeoVision MJPG (HKLM-x32\...\Codec_MJPG) (Version:  - )
GeoVision MPEG4 (HKLM-x32\...\GEOXCodec) (Version:  - )
GeoVision MPEG4 ASP (HKLM-x32\...\Codec_amp4) (Version:  - )
GeoVision MPEG4 AVC (HKLM-x32\...\Codec_AVC) (Version:  - )
GeoVision MXPG (HKLM-x32\...\Codec_MXPG) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoPro Quik (HKLM\...\{855E73D9-1EC0-4914-98D1-FD1FC7E93870}) (Version: 0.1.780 - GoPro, Inc.) Hidden
GoPro Quik (HKLM-x32\...\{e2b0610c-a7ad-4330-87ba-c30a14ff17e7}) (Version: 2.6.1.780 - GoPro, Inc.)
K-Lite Codec Pack 10.8.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.8.0 - )
LatencyMon 6.70 (HKLM\...\LatencyMon_is1) (Version:  - Resplendence Software Projects Sp.)
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Office Profesional Plus 2016 - es-es (HKLM\...\ProPlusRetail - es-es) (Version: 16.0.10228.20134 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA Controlador de 3D Vision 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 398.36 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.37.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.37.4 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 398.36 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 390.41 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 390.41 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.14.0.139 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.14.0.139 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
OEM Application Profile (HKLM-x32\...\{7F5DCD33-1039-C3B2-9538-B645B65BBA63}) (Version: 1.00.0000 - Nombre de su organización)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0C0A-0000-0000000FF1CE}) (Version: 16.0.10228.20134 - Microsoft Corporation) Hidden
Panel de control de NVIDIA 398.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 398.36 - NVIDIA Corporation) Hidden
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
Vegas Pro 13.0 (64-bit) (HKLM\...\{3934F12E-091D-11E4-A0AD-F04DA23A5C58}) (Version: 13.0.373 - Sony)
VidBlaster (HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\VidBlaster) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 3.0.2 - VideoLAN)
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinVPN (HKLM\...\{4BB9D57D-4603-4C82-B314-B7A7254F2AEE}) (Version: 1.0.2 - WinSoft)
X264 (HKLM-x32\...\Codec_X264) (Version:  - )
XVID (HKLM-x32\...\Codec_XVID) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers1: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\Program Files (x86)\Total Video Converter\TVCShellExtx64.dll [2010-07-29] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-05-16] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-05-16] (Alexander Roshal)
ContextMenuHandlers2: [DaemonShellExtDriveLite] -> {C06369D6-E77D-4626-9656-1256312BD576} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-04-03] (Disc Soft Ltd)
ContextMenuHandlers3: [DaemonShellExtImageLite] -> {1D1B5D7B-0FC9-452E-902C-12BACD4FBC20} => C:\Program Files\DAEMON Tools Lite\DTShl64.dll [2018-04-03] (Disc Soft Ltd)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2018-06-24] (NVIDIA Corporation)
ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2014-05-16] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2014-05-16] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {074B9C73-9823-4F4E-8344-47297ABF102A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {0B418509-AD9F-4396-8967-4A69554D2F2E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {13EE18BC-8863-4D47-A11B-66DD05F977F8} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
Task: {14996975-8268-4AA2-9225-FF555DA507C9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {26D1D219-3C67-4C6C-91AD-FC1D2F4FFB8C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-07-19] (Microsoft Corporation)
Task: {2A3E46A4-5658-4FBA-9E1F-FE3E5CEA08E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
Task: {34276272-4DD5-49E6-8401-A8109C63D488} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-05-20] (NVIDIA Corporation)
Task: {3A27B7E3-946E-41F0-9E51-5DA30F623B29} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {46A4B11E-936E-464E-85BA-BEB6166557A8} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {46F78853-6E37-426E-8B4A-9E896562E9EA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {4EB5D3ED-893E-4FFB-9725-0F4F39E54F2B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {59802F1B-D439-4674-BF33-04E28625723E} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {5B4F92E6-61AE-4682-B31B-CD13ABE2F287} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {6BDB7AF3-F0D0-4657-810F-30E14A3A956E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {74AD65FC-79C3-4170-892E-1839AE7735C4} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-07-19] (Microsoft Corporation)
Task: {86AFB6B7-9FFC-480E-BAC1-AF3888160B37} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-07-21] (Google Inc.)
Task: {98797121-9190-4CF5-BD30-AE63BD2B2820} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-26] (Microsoft Corporation)
Task: {9916BE9A-884D-4CBD-85E0-AD2D8889230B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-07-19] (Microsoft Corporation)
Task: {A8DE0CF1-54E9-40B5-BA0A-1D2718414C96} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-20] (NVIDIA Corporation)
Task: {B52D37BF-DC1D-4F9A-931D-7C7C5933AE86} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-13] (Microsoft Corporation)
Task: {C5BF9A08-7965-470F-A85B-BE3651106501} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-20] (NVIDIA Corporation)
Task: {CE306552-E2A6-4362-94F0-97D83C82C2B6} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-20] (NVIDIA Corporation)
Task: {DBE46C90-54F5-4420-9D17-F502676C0CD6} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-05-20] (NVIDIA Corporation)
Task: {EA79ED87-7635-4EB8-BCF0-D218CEF42F29} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-07-13] (Microsoft Corporation)
Task: {FE8A0F3D-2267-4D9E-9614-CC10BAA50857} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-20] (NVIDIA Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\amd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\amd\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --disable-quic
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-07-16 21:08 - 2018-05-20 14:36 - 001315296 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 20:34 - 2018-04-11 20:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-11 21:49 - 2018-07-06 03:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-16 20:37 - 2018-07-16 20:37 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-16 20:37 - 2018-07-16 20:37 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-16 20:37 - 2018-07-16 20:38 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-16 20:37 - 2018-07-16 20:37 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-16 20:37 - 2018-07-16 20:37 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-14 02:44 - 2018-07-14 02:44 - 004483072 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DiscSoft.NET.Common\7a74af7991087a618ce790c1a73f6a5f\DiscSoft.NET.Common.ni.dll
2018-07-14 02:45 - 2018-07-14 02:45 - 003039744 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\DotNetCommon\19a7420818774d85bb838ddb1712707a\DotNetCommon.ni.dll
2018-05-14 20:21 - 2018-05-14 20:21 - 098275328 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libcef.dll
2018-05-14 20:21 - 2018-05-14 20:21 - 003922432 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libGLESv2.dll
2018-05-14 20:21 - 2018-05-14 20:21 - 000092672 _____ () C:\Program Files (x86)\Epic Games\Launcher\Engine\Binaries\ThirdParty\CEF3\Win64\libEGL.dll
2018-07-21 00:48 - 2018-06-22 16:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-07-21 00:48 - 2018-06-22 16:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-07-16 21:08 - 2018-05-20 14:36 - 095437792 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2018-07-16 21:08 - 2018-05-20 14:36 - 003029472 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libglesv2.dll
2018-07-16 21:08 - 2018-05-20 14:36 - 000149984 _____ () C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\swiftshader\libegl.dll
2018-05-10 16:18 - 2018-05-20 14:36 - 001033184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2018-05-13 21:51 - 2005-02-08 18:23 - 000979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2018-05-13 21:51 - 2004-11-20 04:27 - 000069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2018-05-13 21:51 - 2004-10-11 21:21 - 000094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2018-05-13 21:51 - 2004-05-25 22:18 - 000057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2018-05-13 21:51 - 2004-05-25 22:18 - 000049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2018-05-13 21:51 - 2004-05-25 22:18 - 000495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2018-05-13 21:51 - 2004-05-25 22:20 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2018-05-13 21:51 - 2004-10-11 21:22 - 000315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2018-05-13 21:51 - 2004-11-20 04:27 - 000106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2018-05-13 21:51 - 2004-01-15 15:45 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2018-05-13 21:51 - 2004-11-20 04:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2018-05-13 21:51 - 2003-10-01 14:40 - 002240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2018-05-13 21:51 - 2003-10-01 12:43 - 003239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2018-05-13 21:51 - 2003-08-10 10:14 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2018-05-13 21:51 - 2004-05-25 22:17 - 000622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2018-05-13 21:51 - 2004-05-25 22:19 - 000045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [474]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-09-29 10:46 - 2018-07-10 22:37 - 002097781 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 mydownloaddomain.com
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 texttotalk.org
127.0.0.1 gambling577.xyz
127.0.0.1 htagdownload.space
127.0.0.1 mybcnmonetize.com
127.0.0.1 360devtraking.website
127.0.0.1 dscdn.pw
127.0.0.1 bcnmonetize.go2affise.com
127.0.0.1 beautifllink.xyz
5.149.252.98 www.gstatic.com
5.149.252.98 www.google-analytics.com
5.149.252.98 adservice.google.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\amd\Desktop\MIS COSAS\FOTOS\eclipse-solar-desde-espacio-5303c998cd1c9.jpg
DNS Servers: 100.72.3.109 - 100.72.3.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Off)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1830811996-1437030023-4132568959-1001\...\StartupApproved\Run: => "Discord"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{88E3E29D-109F-46CA-8ABB-4FAC74DE9764}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{232BF066-6AFA-4FB6-8B8C-258FD2AA095C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{967A078C-2787-4857-AEC4-DDEB46BA97D1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{44A7BF63-3ACC-4849-AA77-8872FFE74435}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{B298653C-6BAB-4CCA-B65C-37F519AEFE6D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe
FirewallRules: [{E2D48BAC-D002-4319-9A43-B7D6B9C52F95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe
FirewallRules: [{8E94CEDE-325F-40E0-B4A5-7EC859D283B1}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{CB1DEDE9-CF93-4715-A1C3-D7AADC51287E}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{7197B44B-2563-4E30-B626-2583CDE2BF21}] => (Allow) LPort=1688
FirewallRules: [{C12170D5-FE4C-47A9-9B16-47AE0E1DCEAC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{A1CCF4F0-1FD9-4EA2-A8A3-61ABFAD0194A}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [UDP Query User{46C1F681-5175-4812-A704-0A018D087A0F}C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{CB8558D1-FF69-4771-986A-C2983A7D5446}C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [{A4D6B4EE-7047-43BC-909B-5FF1F4911A6E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{D015CD49-13BE-4A89-BA7C-828AFA56A527}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe
FirewallRules: [{5DAFBFA5-8A8F-4773-BF75-7B6D123C593D}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProLauncher.exe
FirewallRules: [{C9725F0F-0625-4FA0-85EB-FBF7A38DCE1E}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProIDService.exe
FirewallRules: [{41A40A2A-E44C-44AD-A93A-4446FB8E4CA9}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoProMsgBus.exe
FirewallRules: [{CE208CB7-FEB1-4606-A637-A1C014A852E8}] => (Allow) C:\Program Files\GoPro\GoPro Desktop App\GoPro Quik.exe
FirewallRules: [UDP Query User{C0A02348-D406-4393-8DAB-A47F8250E9BF}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [TCP Query User{212AADF3-0D7A-4B97-BD5E-D558EFAA8095}C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe] => (Allow) C:\program files\epic games\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
FirewallRules: [{CAC2B27A-6F9D-41B6-8986-25D9E88D4F44}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3619F6DB-09BC-4709-9F36-6AF287EC7F51}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{31032BAD-1FB8-4D89-86C7-7CBF9CE10001}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{3EF15DF0-2E4C-4BD5-ABFD-FAAD5FA28EE9}C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [TCP Query User{C1D3B3D8-0520-4EC6-BD87-157489A4E2C5}C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe] => (Allow) C:\users\amd\appdata\roaming\bittorrent\bittorrent.exe
FirewallRules: [UDP Query User{1986FD76-61B9-48EB-90E8-50AB87B518ED}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [TCP Query User{C7410143-03D1-4CB0-B8BE-5CF6D10EA1C9}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{BFE94E1D-B42B-4799-B60B-6336E3F01D1F}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [TCP Query User{14BC1D4B-28B3-4AD0-A3EA-97B954B29A81}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
FirewallRules: [{881E906A-2F74-49C0-AAA0-5BE6EF13ABD7}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BDE08CFB-A8A7-4776-B108-37791A672AEB}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D3BC73DD-4794-4CA4-B22F-4FEF12DC5665}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{CC017309-7C26-4359-A151-1AE1D766CC4D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B0A0A887-684E-45D7-BF21-CD5D9C18E7A5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1EE555D1-361E-40E1-960E-5242CBF45DB8}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{A79FEC8E-8608-44A5-B830-50A08F9E4100}] => (Allow) C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
FirewallRules: [TCP Query User{378DBA21-D185-4130-9A42-F11651F8C453}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{B074AF06-8527-4F30-BDCE-8D9CE60A0D53}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{DA11FE6F-E914-4873-AFE5-297597BB43C1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{2F6A9682-729C-418B-93A2-E615DEB4DC7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{CB3F23E2-5A54-40B3-BAF2-DCBC60FD273E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{70723222-7F58-42CC-B8A5-918E7286FB4C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{D57043B8-7AB8-49A0-8243-ADF770A2B30C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{565B55D3-DF80-4157-9FB2-13114E6FD59E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{DD9E286F-A222-41C1-A22B-C83B69BD5E78}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DD02882D-50A2-4C61-B9FE-DDB64138E515}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{73087F32-2BC1-47E2-915E-6ABC1EF98E8F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5C27A3D1-B2E9-4255-976A-A7D699C045E3}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{523A9CE0-21E9-4BB9-9265-825AD07630BC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FE7CD51C-C9EC-4FD4-92DC-837F2E488155}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{5D539D63-C976-4325-AD13-6B9ABF51097F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{AB4D714C-311B-48FB-ABA6-F627127BE69F}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{7752A647-8395-435F-B743-04FCA460CCD4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{B86DB1F4-7334-4E33-9C35-CA679EE45517}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{E8B221D8-C7A2-4037-8FB3-8CB60CDAE9A9}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{C98FA12F-FB51-44C5-B43C-C56EC7B6CA33}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.85.259.0_x86__zpdnekdrzrea0\SpotifyWebHelper.exe
FirewallRules: [{940227FA-8FDA-42D7-8A86-621A79BC3ACF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{53837B31-8D2F-466C-8E38-1069A3E1C37D}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{45B402DD-CE34-43F1-830C-D0C80FF226B7}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
 
==================== Restore Points =========================
 
10-07-2018 22:42:02 Removed NativeDesktopMediaService
21-07-2018 02:02:05 Punto de control programado
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
Error: (07/25/2018 04:28:42 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: El servidor {9E175B6D-F52A-11D8-B9A5-505054503030} no se registró con DCOM dentro del tiempo de espera requerido.
 
Error: (07/25/2018 04:28:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscBrokerManager
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (07/25/2018 04:28:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: La configuración de permisos específico de la aplicación no concede el permiso Iniciar Local para la aplicación de servidor COM con CLSID 
Windows.SecurityCenter.WscDataProtection
 y APPID 
No disponible
 al usuario NT AUTHORITY\SYSTEM con SID (S-1-5-18) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
Error: (07/25/2018 04:27:17 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-4LAFI5B)
Description: La configuración de permisos específico de la aplicación no concede el permiso Activación Local para la aplicación de servidor COM con CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 y APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 al usuario DESKTOP-4LAFI5B\Matoke con SID (S-1-5-21-1830811996-1437030023-4132568959-1001) en la dirección LocalHost (con LRPC) que se ejecuta en el contenedor de aplicaciones con SID No disponible (No disponible). Este permiso de seguridad se puede modificar mediante la herramienta administrativa Servicios de componentes.
 
 
==================== Memory info =========================== 
 
Processor: AMD Ryzen 7 1700 Eight-Core Processor 
Percentage of memory in use: 37%
Total physical RAM: 8124 MB
Available physical RAM: 5080.38 MB
Total Virtual: 11964 MB
Available Virtual: 7879.56 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:930.91 GB) (Free:684.57 GB) NTFS
 
\\?\Volume{232ffcd7-c3e0-4d2a-87fa-f0a4133550f4}\ (Recuperación) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS
\\?\Volume{48d798ba-c390-4088-a209-866139d7c711}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{8965400f-570f-11e8-929b-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{89654031-570f-11e8-929b-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{d993b2da-5716-11e8-929c-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{a91aeb05-5910-11e8-92a1-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{ababae44-639b-11e8-92a7-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{ababae47-639b-11e8-92a7-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{ababae49-639b-11e8-92a7-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{7f281cfe-72ea-11e8-92b1-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
\\?\Volume{7f281d02-72ea-11e8-92b1-88d7f6df9b61}\ () (CDROM) (Total:0 GB) (Free:0 GB) 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: EA3C124C)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#18
MrMatoke
Posted 25 July 2018 - 01:43 PM

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.&&0

 

Latency Monitor shows Windows Defender is causing page faults.  Also your Clam a-v isn't very good so I would Download the free Avast:

 

https://support.avas...-Free-Antivirus

 

Save it but do not install yet.

 

Uninstall ClamWin

 

Reboot.

 

Install Avast per the instructions (right click on the downloaded file and Run As Admin).  Stick with the Basic (free version and do not accept any free trials or optional software)

 

Once you have it running and it is updated rerun Latency Monitor and post the log.  Also it would be a good idea to let Avast do a Boot-time scan tonight while you sleep:

 

It takes like 6 hours so I usually let it run at night.


Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.




 

This is the Latency Mon Log. I will be doing the scan with Avast now so see you in 6 hours aprox. Thank you very much for your help.
_________________________________________________________________________________________________________
CONCLUSION
_________________________________________________________________________________________________________
Your system appears to be suitable for handling real-time audio and other tasks without dropouts. 
LatencyMon has been analyzing your system for  0:00:20  (h:mm:ss) on all processors.
 
 
_________________________________________________________________________________________________________
SYSTEM INFORMATION
_________________________________________________________________________________________________________
Computer name:                                        DESKTOP-4LAFI5B
OS version:                                           Windows 10 , 10.0, build: 17134 (x64)
Hardware:                                             ASUSTeK COMPUTER INC., PRIME B350M-A
CPU:                                                  AuthenticAMD AMD Ryzen 7 1700 Eight-Core Processor 
Logical processors:                                   16
Processor groups:                                     1
RAM:                                                  8123 MB total
 
 
_________________________________________________________________________________________________________
CPU SPEED
_________________________________________________________________________________________________________
Reported CPU speed:                                   2994 MHz
 
Note: reported execution times may be calculated based on a fixed reported CPU speed. Disable variable speed settings like Intel Speed Step and AMD Cool N Quiet in the BIOS setup for more accurate results.
 
 
_________________________________________________________________________________________________________
MEASURED INTERRUPT TO USER PROCESS LATENCIES
_________________________________________________________________________________________________________
The interrupt to process latency reflects the measured interval that a usermode process needed to respond to a hardware request from the moment the interrupt service routine started execution. This includes the scheduling and execution of a DPC routine, the signaling of an event and the waking up of a usermode thread from an idle wait state in response to that event.
 
Highest measured interrupt to process latency (µs):   354,970823
Average measured interrupt to process latency (µs):   6,174429
 
Highest measured interrupt to DPC latency (µs):       351,209089
Average measured interrupt to DPC latency (µs):       2,068123
 
 
_________________________________________________________________________________________________________
 REPORTED ISRs
_________________________________________________________________________________________________________
Interrupt service routines are routines installed by the OS and device drivers that execute in response to a hardware interrupt signal.
 
Highest ISR routine execution time (µs):              328,957916
Driver with highest ISR routine execution time:       dxgkrnl.sys - DirectX Graphics Kernel, Microsoft Corporation
 
Highest reported total ISR routine time (%):          0,021011
Driver with highest ISR total time:                   dxgkrnl.sys - DirectX Graphics Kernel, Microsoft Corporation
 
Total time spent in ISRs (%)                          0,022667
 
ISR count (execution time <250 µs):                   7364
ISR count (execution time 250-500 µs):                0
ISR count (execution time 500-999 µs):                2
ISR count (execution time 1000-1999 µs):              0
ISR count (execution time 2000-3999 µs):              0
ISR count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
REPORTED DPCs
_________________________________________________________________________________________________________
DPC routines are part of the interrupt servicing dispatch mechanism and disable the possibility for a process to utilize the CPU while it is interrupted until the DPC has finished execution.
 
Highest DPC routine execution time (µs):              511,853707
Driver with highest DPC routine execution time:       Wdf01000.sys - Motor en tiempo de ejecución del marco de controlador en modo kernel, Microsoft Corporation
 
Highest reported total DPC routine time (%):          0,031375
Driver with highest DPC total execution time:         Wdf01000.sys - Motor en tiempo de ejecución del marco de controlador en modo kernel, Microsoft Corporation
 
Total time spent in DPCs (%)                          0,071960
 
DPC count (execution time <250 µs):                   43711
DPC count (execution time 250-500 µs):                0
DPC count (execution time 500-999 µs):                24
DPC count (execution time 1000-1999 µs):              0
DPC count (execution time 2000-3999 µs):              0
DPC count (execution time >=4000 µs):                 0
 
 
_________________________________________________________________________________________________________
 REPORTED HARD PAGEFAULTS
_________________________________________________________________________________________________________
Hard pagefaults are events that get triggered by making use of virtual memory that is not resident in RAM but backed by a memory mapped file on disk. The process of resolving the hard pagefault requires reading in the memory from disk while the process is interrupted and blocked from execution.
 
NOTE: some processes were hit by hard pagefaults. If these were programs producing audio, they are likely to interrupt the audio stream resulting in dropouts, clicks and pops. Check the Processes tab to see which programs were hit.
 
Process with highest pagefault count:                 avastsvc.exe
 
Total number of hard pagefaults                       3353
Hard pagefault count of hardest hit process:          3352
Number of processes hit:                              2
 
 
_________________________________________________________________________________________________________
 PER CPU DATA
_________________________________________________________________________________________________________
CPU 0 Interrupt cycle time (s):                       0,808257
CPU 0 ISR highest execution time (µs):                328,957916
CPU 0 ISR total execution time (s):                   0,071383
CPU 0 ISR count:                                      5914
CPU 0 DPC highest execution time (µs):                511,853707
CPU 0 DPC total execution time (s):                   0,207868
CPU 0 DPC count:                                      39323
_________________________________________________________________________________________________________
CPU 1 Interrupt cycle time (s):                       0,309833
CPU 1 ISR highest execution time (µs):                0,0
CPU 1 ISR total execution time (s):                   0,0
CPU 1 ISR count:                                      0
CPU 1 DPC highest execution time (µs):                0,0
CPU 1 DPC total execution time (s):                   0,0
CPU 1 DPC count:                                      0
_________________________________________________________________________________________________________
CPU 2 Interrupt cycle time (s):                       0,230731
CPU 2 ISR highest execution time (µs):                0,0
CPU 2 ISR total execution time (s):                   0,0
CPU 2 ISR count:                                      0
CPU 2 DPC highest execution time (µs):                17,775551
CPU 2 DPC total execution time (s):                   0,000145
CPU 2 DPC count:                                      38
_________________________________________________________________________________________________________
CPU 3 Interrupt cycle time (s):                       0,287077
CPU 3 ISR highest execution time (µs):                0,0
CPU 3 ISR total execution time (s):                   0,0
CPU 3 ISR count:                                      0
CPU 3 DPC highest execution time (µs):                0,0
CPU 3 DPC total execution time (s):                   0,0
CPU 3 DPC count:                                      0
_________________________________________________________________________________________________________
CPU 4 Interrupt cycle time (s):                       0,233366
CPU 4 ISR highest execution time (µs):                0,0
CPU 4 ISR total execution time (s):                   0,0
CPU 4 ISR count:                                      0
CPU 4 DPC highest execution time (µs):                16,793587
CPU 4 DPC total execution time (s):                   0,000196
CPU 4 DPC count:                                      37
_________________________________________________________________________________________________________
CPU 5 Interrupt cycle time (s):                       0,302602
CPU 5 ISR highest execution time (µs):                0,0
CPU 5 ISR total execution time (s):                   0,0
CPU 5 ISR count:                                      0
CPU 5 DPC highest execution time (µs):                0,0
CPU 5 DPC total execution time (s):                   0,0
CPU 5 DPC count:                                      0
_________________________________________________________________________________________________________
CPU 6 Interrupt cycle time (s):                       0,226939
CPU 6 ISR highest execution time (µs):                0,0
CPU 6 ISR total execution time (s):                   0,0
CPU 6 ISR count:                                      0
CPU 6 DPC highest execution time (µs):                5,501002
CPU 6 DPC total execution time (s):                   0,000024
CPU 6 DPC count:                                      10
_________________________________________________________________________________________________________
CPU 7 Interrupt cycle time (s):                       0,301181
CPU 7 ISR highest execution time (µs):                0,0
CPU 7 ISR total execution time (s):                   0,0
CPU 7 ISR count:                                      0
CPU 7 DPC highest execution time (µs):                0,0
CPU 7 DPC total execution time (s):                   0,0
CPU 7 DPC count:                                      0
_________________________________________________________________________________________________________
CPU 8 Interrupt cycle time (s):                       0,398561
CPU 8 ISR highest execution time (µs):                0,0
CPU 8 ISR total execution time (s):                   0,0
CPU 8 ISR count:                                      0
CPU 8 DPC highest execution time (µs):                46,222445
CPU 8 DPC total execution time (s):                   0,018460
CPU 8 DPC count:                                      3664
_________________________________________________________________________________________________________
CPU 9 Interrupt cycle time (s):                       0,362376
CPU 9 ISR highest execution time (µs):                0,0
CPU 9 ISR total execution time (s):                   0,0
CPU 9 ISR count:                                      0
CPU 9 DPC highest execution time (µs):                0,0
CPU 9 DPC total execution time (s):                   0,0
CPU 9 DPC count:                                      0
_________________________________________________________________________________________________________
CPU 10 Interrupt cycle time (s):                       0,264981
CPU 10 ISR highest execution time (µs):                0,0
CPU 10 ISR total execution time (s):                   0,0
CPU 10 ISR count:                                      0
CPU 10 DPC highest execution time (µs):                16,152305
CPU 10 DPC total execution time (s):                   0,000173
CPU 10 DPC count:                                      38
_________________________________________________________________________________________________________
CPU 11 Interrupt cycle time (s):                       0,300293
CPU 11 ISR highest execution time (µs):                0,0
CPU 11 ISR total execution time (s):                   0,0
CPU 11 ISR count:                                      0
CPU 11 DPC highest execution time (µs):                0,0
CPU 11 DPC total execution time (s):                   0,0
CPU 11 DPC count:                                      0
_________________________________________________________________________________________________________
CPU 12 Interrupt cycle time (s):                       0,263580
CPU 12 ISR highest execution time (µs):                14,428858
CPU 12 ISR total execution time (s):                   0,001013
CPU 12 ISR count:                                      1223
CPU 12 DPC highest execution time (µs):                39,348697
CPU 12 DPC total execution time (s):                   0,002241
CPU 12 DPC count:                                      370
_________________________________________________________________________________________________________
CPU 13 Interrupt cycle time (s):                       0,255429
CPU 13 ISR highest execution time (µs):                3,967936
CPU 13 ISR total execution time (s):                   0,000071
CPU 13 ISR count:                                      85
CPU 13 DPC highest execution time (µs):                42,835671
CPU 13 DPC total execution time (s):                   0,000628
CPU 13 DPC count:                                      146
_________________________________________________________________________________________________________
CPU 14 Interrupt cycle time (s):                       0,248449
CPU 14 ISR highest execution time (µs):                1,222445
CPU 14 ISR total execution time (s):                   0,000058
CPU 14 ISR count:                                      71
CPU 14 DPC highest execution time (µs):                34,288577
CPU 14 DPC total execution time (s):                   0,000652
CPU 14 DPC count:                                      93
_________________________________________________________________________________________________________
CPU 15 Interrupt cycle time (s):                       0,242574
CPU 15 ISR highest execution time (µs):                1,402806
CPU 15 ISR total execution time (s):                   0,000068
CPU 15 ISR count:                                      73
CPU 15 DPC highest execution time (µs):                18,787575
CPU 15 DPC total execution time (s):                   0,000069
CPU 15 DPC count:                                      16
_________________________________________________________________________________________________________

  • 0

#19
MrMatoke
Posted 25 July 2018 - 03:25 PM

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Download the attached fixlist.txt to the same location as FRST

Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.&&0

 

Latency Monitor shows Windows Defender is causing page faults.  Also your Clam a-v isn't very good so I would Download the free Avast:

 

https://support.avas...-Free-Antivirus

 

Save it but do not install yet.

 

Uninstall ClamWin

 

Reboot.

 

Install Avast per the instructions (right click on the downloaded file and Run As Admin).  Stick with the Basic (free version and do not accept any free trials or optional software)

 

Once you have it running and it is updated rerun Latency Monitor and post the log.  Also it would be a good idea to let Avast do a Boot-time scan tonight while you sleep:

 

It takes like 6 hours so I usually let it run at night.


Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.




 

So the boot time scan has finished. However, I can't seem to find the report log. I did as you said and made sure that any hidden files are visible. Despite that, there is no folder named report. I asked google for any other destinations where the log may be. but couldn't find it. As for the scan, yes; I verified the location of where the log was going to be saved. Apparently, avast didn't create a folder named report. Where could the report log be?

Attached Thumbnails

  • Scan.jpg

  • 0

#20
RKinner
Posted 25 July 2018 - 03:37 PM

RKinner

    Malware Expert

  • Expert
  • 21,189 posts
  • MVP

Are you able to see the C:\ProgramData\Avast Software\Avast folder OK?

 

If you open Avast and look at Protection, then Scan History (up in the right corner).  Does it show any scans?

 

Also Protection, Virus Chest.  Does it show anything in there?


  • 1

#21
MrMatoke
Posted 25 July 2018 - 03:43 PM

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Are you able to see the C:\ProgramData\Avast Software\Avast folder OK?

 

If you open Avast and look at Protection, then Scan History (up in the right corner).  Does it show any scans?

 

Also Protection, Virus Chest.  Does it show anything in there?

I can see C:\ProgramData\Avast Software\Avast perfectly. However, there is no history of any scans but, despite that, there ARE things on the Virus Chest. 


  • 0

#22
RKinner
Posted 25 July 2018 - 04:21 PM

RKinner

    Malware Expert

  • Expert
  • 21,189 posts
  • MVP

Expect the scan died for some reason.  Avast probably only creates the report at the very end.  Try the Quick scan just to get an entry in the History.  Make sure that's working then perhaps try a new boot-time scan


  • 1

#23
MrMatoke
Posted 25 July 2018 - 08:17 PM

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Expect the scan died for some reason.  Avast probably only creates the report at the very end.  Try the Quick scan just to get an entry in the History.  Make sure that's working then perhaps try a new boot-time scan

Will do. More news tomorrow. 


  • 0

#24
MrMatoke
Posted 26 July 2018 - 12:16 PM

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Expect the scan died for some reason.  Avast probably only creates the report at the very end.  Try the Quick scan just to get an entry in the History.  Make sure that's working then perhaps try a new boot-time scan

So I tried with the Boot-time scan again but had the same problem. However, I tried with the Quickscan and this time it managed to make a print on the scan history. The problem only occurs with boot-time scan.


  • 0

#25
RKinner
Posted 26 July 2018 - 08:46 PM

RKinner

    Malware Expert

  • Expert
  • 21,189 posts
  • MVP

You might try a disk check:

 

Open an Elevated Command Prompt

 

 

http://www.howtogeek...-in-windows-10/
Type:

chkdsk C: /f /r /x

Hit Enter.  Then answer the prompt with

y

and hit Enter

then reboot.

 

Some of the heavy scans like a boot-scan are sensitive to disk errors.

 

You can also try MBAR

 

https://www.malwareb...om/antirootkit/

 

See if it will run.  Just follow the instructions.


  • 1

Advertisements

#26
MrMatoke
Posted 27 July 2018 - 12:48 AM

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

You might try a disk check:

 

Open an Elevated Command Prompt

 

 

http://www.howtogeek...-in-windows-10/
Type:

chkdsk C: /f /r /x

Hit Enter.  Then answer the prompt with

y

and hit Enter

then reboot.

 

Some of the heavy scans like a boot-scan are sensitive to disk errors.

 

You can also try MBAR

 

https://www.malwareb...om/antirootkit/

 

See if it will run.  Just follow the instructions.

Did everything. The MBAR found 36 malicious things, so teorically it cleaned everything up and eliminated them. What should I do now? I mean, after all this effort my pc DOES run better, plus, there's no longer adds over google results nor unknown files consuming my CPU´S performance. But if you say there is more to it, then I believe you. 

​I have to say that you have been an incredible help.  Your prompt responses and accurate assessments really amazed me. I'm truly truly grateful. You are the savior we do not deserve.  


Edited by MrMatoke, 27 July 2018 - 12:54 AM.

  • 0

#27
RKinner
Posted 27 July 2018 - 05:18 AM

RKinner

    Malware Expert

  • Expert
  • 21,189 posts
  • MVP

Did you get a log from MBAR?  It would be nice to know if it found new stuff or just stuff in the quarantine from FRST.

 

If you feel that the system is running normally we can quit and cleanup:

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

If you use Facebook you need FB Purity: http://www.fbpurity.com/
To prevent a relatively new phishing attack:  In Firefox, type:

about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.
 "network.standard-url.punycode-host" Leave this one at default of Flase.
Close and restart firefox.

To test it you can go to:

https://www.xn--80ak6aa92e.com/

If the value is false you will see https://www.apple.cominstead of the correct value


If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent
http://www.majorgeek...ptoprevent.html

The free version. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!


Ron


  • 1

#28
MrMatoke
Posted 06 August 2018 - 03:02 PM

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Did you get a log from MBAR?  It would be nice to know if it found new stuff or just stuff in the quarantine from FRST.

 

If you feel that the system is running normally we can quit and cleanup:

 

Time to clean up:
If we used FRST to clean your PC:

right click on FRST.exe or FRST64.exe (whichever you used) and rename it to uninstall.exe.  Then right click on uninstall.exe and Run as Admin.

 
If we installed Speccy it needs to be uninstalled.  Process Explorer, VEW, AdwCleaner, JRT  and their logs and Speccy's log can just be deleted.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.  Flash is now the most malware targeted program so it must be kept up to date.  Be careful with Adobe.  They are fond of offering optional downloads like yahoo or Ask toolbars or that worthless McAfee Security Scan.  Go slow and uncheck the optional stuff.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program.  There is an exploit out there now that can use it to get on your PC.  For Adobe Reader:  Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript.  OK Close program.  It's the same for Foxit reader except you uncheck Enable Javascript Actions.


If you use Chrome/Firefox/Edge then get the Ublock Origin extension.  For IE go to adblockplus.org  and get the program.
If Chrome/Firefox is slow loading make sure it only has the current Java add-on.  Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. Close Chrome/Firefox/Skpe. Hit Optimize.   You can run it any time that Chrome/Firefox seems slow starting..

If you use Facebook you need FB Purity: http://www.fbpurity.com/
To prevent a relatively new phishing attack:  In Firefox, type:

about:config

in the URL box and hit Enter.  You should get a new page of options (if you get a notice about voiding the warranty just cancel the warning).  In the Search box put in

puny

You should only get 2 options:
"network.IDN_show_punycode"
We want it to say True but by default it is False so double click on it to toggle from False to True.
 "network.standard-url.punycode-host" Leave this one at default of Flase.
Close and restart firefox.

To test it you can go to:

https://www.xn--80ak6aa92e.com/

If the value is false you will see https://www.apple.cominstead of the correct value


If you are a Facebook user get the FB Purity extension for your browser:
http://www.fbpurity.com/
This will stop all of the suggested pages and ads so that Facebook loads much quicker.


Be warned:  If you use Limewire, utorrent or any of the other P2P programs you will probably be coming back to the Malware Removal forum.  If you must use P2P then submit any files you get to http://virustotal.combeforeyou open them.

Due to a recent rise in the number of Crytolocker infections I am now recommending you install:

CryptoPrevent
http://www.majorgeek...ptoprevent.html

The free version. When you install it the default is NONE which is kind of worthless so change it to Standard or default. If you have problems after installing CryptoPrevent you can just uninstall it.

If you have a router, log on to it today and change the default password!  If using a Wireless router you really should be using encryption on the link.  Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business.  See http://www.king5.com...0637284.htmlandhttp://www.seattlepi...ted-1344185.php for why encryption is important.  If you don't know how, visit the router maker's website.  They all have detailed step by step instructions or a wizard you can download.

Special note on Java.  Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better.  These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE.  Get the latest version from Java.com.  They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download.  Just uncheck the garbage before the download (or install) starts.  If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it.  IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level.  OK.


Recommended software: (I'm not saying you should download these just that if you have a need for a new program these are safe and work)  
Compression:  7-zip.  Avoid WinRar and WinZip as the free versions have adware.
Video Player:  VLC  Unlike Windows Medi Player it never seems to need extra files to work.
Photo organizer and editor:  Google's Picasa.  While it has been discontinued by Google you can still get it at:
http://techfilehippo...-free-download/
Office like free program:  Open Office: https://www.openoffice.org/download/
or
LibreOffice: https://www.libreoffice.org/
Free Anti-Virus:  Avast
Free Malware prevention:  MBAM: Free version at https://www.malwareb...m/mwb-download/
Can run with your anti-virus.
Paid Anti-Virus:  Kaspersky or BitDefender
Utilities:
Root Kit Detector:  MBAR: https://www.malwareb...om/antirootkit/
Process Explorer:  Show you what is running on the PC.  Like Task manager but better:  http://live.sysinter...com/procexp.exe
WhoCrashed: Why did your system crash?
http://www.resplendence.com/downloads
Then click on Download free home edition
where it says:
WhoCrashed 5.51
Comprehensible crash dump analysis tool
for Windows 10/8.1/8/7/Vista/XP/2012/2008/2003 (x86 and x64)
System Health:
Speccy:  
http://www.filehippo.com/download_speccy (Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  Decline CCleaner if offered.  Pay attention to SMART info on your hard drives and to temps.  If in doubt about temps try:
SpeedFan:  Try speedfan
http://www.filehippo...nload_speedfan/
Download, save and Install it (Win 7 or Vista right click and Run As Admin.) then run it.
Download Flash and Video.  To save flash video.  Works with Firefox.  https://addons.mozil...lash-and-video/This allows you to start a recording and then switch to a different window and record another video.

With Win 10 only there is a new Game recorder program.  It's supposed to only work for games but it works nicely to record any video you watch.  Hit the Win key + Alt + r to start the recorder.  The first time it asks you if it is looking at a game.  Just tell it yes.  After that it starts recording whenever you bring it up.  Videos are saved to the Captures folder under Videos.  You can only record what you watch so limited to only one video at a time.  Best to go to full screen before starting the recorder.

Avoid:  
Advanced System Care
SuperAntiSpyware
HitmanPro
Spybot S&D
Any P2P software especially if it comes from Conduit.
Registry Cleaners
Driver updating software.
PC fixing or Speed up software.
Running more than one anti-virus.
Seagate hard drives.  If you have one it's going to fail on you so backup your data now!


Ron

Hi Ron, sorry for the delay.

I haven't done everything you said. But partly because I started noticing that the disk on my task manager works at 100% and that can't be right. Any thoughts? 

Also, what happens when I change the FRST64.exe name to uninstall? Because nothing happened for me. 

Thanks again.

PS: Is there a way to chip as a "thank you for the effort"?


  • 0

#29
RKinner
Posted 06 August 2018 - 08:32 PM

RKinner

    Malware Expert

  • Expert
  • 21,189 posts
  • MVP

Right click on the clock and select Task manager.

(More Details)

Performance

then at the bottom click Open Resource Monitor

Then click on Disk

 

It should show you what is using the drive.  You can click on the Total column header onced or twice to sort the biggest users of the drive to the top.  What is using the drive?


  • 1

#30
MrMatoke
Posted 09 August 2018 - 05:08 PM

MrMatoke

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts

Right click on the clock and select Task manager.

(More Details)

Performance

then at the bottom click Open Resource Monitor

Then click on Disk

 

It should show you what is using the drive.  You can click on the Total column header onced or twice to sort the biggest users of the drive to the top.  What is using the drive?

This is what I see. Now it´s pretty low. However, sometimes it reaches 100% and I don´t know why. For example, just now candy crush was open (and I don't even play that game). I closed it and now the disk runs normally.

The reason why I'm still looking for things that run incorrectly in my pc is because I like to play games but lately the games I play have been running pretty bad. I have a new pc that it's basically a spaceship (the requirements are not the problem). So I started noticing things like the CPU overworking, or the disk full that might be the reason behind the bad performance. 

Are those the things that slow down my gaming experience? Do I still have a virus? Any thoughts? 

Attached Thumbnails

  • Captura de pantalla (2).png

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: Trojan, Virus, Malware, Occamy.c

5 user(s) are reading this topic

0 members, 5 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP