infection

fantasydank · April 25, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by jewel (administrator) on DESKTOP-MMHNUAH (25-04-2016 04:14:05)
Running from C:\Users\jewel\Desktop
Loaded Profiles: jewel (Available Profiles: jewel)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) S:\Program Files\Nod32\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Robert McNeel & Associates) C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe
() C:\Program Files (x86)\Common Files\Materialise\LicenseFiles6\LicSrv60.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
(SafeNet, Inc.) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(SafeNet, Inc) C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Malwarebytes) S:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) S:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Malwarebytes) S:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(ESET) S:\Program Files\Nod32\egui.exe
(EVGA Corp.) S:\Program Files\PrecisionX\PrecisionX_x64.exe
() S:\Program Files\AXTU\Bin\AsrXTU.exe
(EasySync Solutions) S:\Program Files\Cryptomonitor\CryptoMonitor.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Nullsoft, Inc.) S:\Program Files\Winamp\winampa.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Mega Limited) C:\Users\jewel\AppData\Local\MEGAsync\MEGAsync.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(EVGA Corp.) S:\Program Files\PrecisionX\PrecisionXServer.exe
(EVGA Corp.) S:\Program Files\PrecisionX\PXSW10_x64.exe
(Vivaldi Technologies AS) C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTgui.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
(Vivaldi Technologies AS) C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe
(Vivaldi Technologies AS) C:\Users\jewel\AppData\Local\Vivaldi\Application\vivaldi.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11860072 2011-06-09] (Realtek Semiconductor)
HKLM\...\Run: [MouseDriver] => C:\WINDOWS\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [15033976 2015-11-20] (Logitech Inc.)
HKLM\...\Run: [Corel Update Helper] => S:\Program Files\Corel\Corel PaintShop Pro X8 (64-bit)\pua.exe [2012104 2015-11-28] (Corel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => S:\Program Files\AdobeReader\Reader\Reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3776824 2015-03-17] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [WinampAgent] => S:\Program Files\Winamp\winampa.exe [85600 2013-12-12] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKLM-x32\...\Run: [Ad Muncher] => C:\Program Files (x86)\Ad Muncher\AdMunch.exe [560760 2016-04-25] (Murray Hurps Software Pty Ltd)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\Run: [Spotify Web Helper] => "C:\Users\jewel\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\Run: [Spotify] => "C:\Users\jewel\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [8619224 2016-01-15] (Piriform Ltd)
HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [22751424 2016-04-03] (Microsoft Corporation)
HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\RunOnce: [Uninstall C:\Users\jewel\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jewel\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\RunOnce: [LAST_CPU_V_SEL_VALUE] => 10
HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\RunOnce: [LastApplyCpuRatio] => 42
HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\RunOnce: [ASRXTURUNNING] => 0
HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\MountPoints2: {2c12d8cf-b497-11e5-a4dc-bc5ff41b7db6} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\MountPoints2: {51ac842d-91b6-11e5-a4c3-806e6f6e6963} - "D:\Setup.exe"
HKU\S-1-5-21-990940684-4230470255-219310112-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\jewel\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\jewel\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\jewel\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\jewel\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\jewel\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\jewel\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2016-01-12]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2016-01-12]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk [2016-01-12]
ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2016-01-12]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\jewel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\jewel.lnk [2016-04-05]
ShortcutTarget: jewel.lnk -> C:\ProgramData\fgca\fgca.exe ()
Startup: C:\Users\jewel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2016-02-23]
ShortcutTarget: MEGAsync.lnk -> C:\Users\jewel\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
Startup: C:\Users\jewel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan.exe [2015-02-20] (Almico Software (almico.com))

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{5eed34f8-e8c8-4135-9e50-00be966269fc}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-990940684-4230470255-219310112-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-04-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-04-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-22] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-04-03] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-22] (Oracle Corporation)
Toolbar: HKLM - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Toolbar: HKLM-x32 - No Name - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 15.0\HelpAsyncPluggableProtocol.dll [2015-12-07] (Intuit, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-04-03] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2015-10-30] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-25] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-25] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-04-03] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-21] (NVIDIA Corporation)
FF HKLM\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - S:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff => not found
FF HKLM-x32\...\Firefox\Extensions: [bdwteffv19@bitdefender.com] - S:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff => not found

Chrome:
=======
CHR Profile: C:\Users\jewel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bitdefender Wallet) - C:\Users\jewel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2016-04-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\jewel\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-04-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jewel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-24]
CHR HKU\S-1-5-21-990940684-4230470255-219310112-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2838768 2016-04-03] (Microsoft Corporation)
R2 ekrn; S:\Program Files\Nod32\ekrn.exe [2519904 2016-04-25] (ESET)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-29] (NVIDIA Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193144 2015-11-20] (Logitech Inc.)
R2 MatLocalLicenceServer60; C:\Program Files (x86)\Common Files\Materialise\LicenseFiles6\LicSrv60.exe [647168 2013-08-13] () [File not signed]
R2 MBAMScheduler; S:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; S:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McNeelUpdate; C:\Program Files (x86)\McNeelUpdate\5.0\McNeelUpdateService.exe [67944 2015-08-10] (Robert McNeel & Associates)
S3 npggsvc; C:\WINDOWS\SysWOW64\GameMon.des [3916368 2016-01-09] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2015-12-07] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2014-11-07] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2014-11-07] (Intuit Inc.) [File not signed]
R2 SentinelKeysServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [376832 2013-01-09] (SafeNet, Inc.) [File not signed]
R2 SentinelProtectionServer; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe [1259872 2013-01-09] (SafeNet, Inc)
R2 SentinelSecurityRuntime; C:\Program Files (x86)\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe [293216 2013-01-09] (SafeNet, Inc.)
R3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [163448 2016-03-22] (Sophos Limited)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [282000 2015-09-17] (BitDefender)
R3 AxtuDrv; C:\WINDOWS\SysWOW64\Drivers\AxtuDrv.sys [21288 2016-04-25] (RW-Everything)
S3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-10-02] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-04-25] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-07-30] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2016-04-25] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [170792 2016-04-25] (ESET)
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [68384 2015-06-10] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\drivers\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [192216 2016-04-25] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S3 nuviocir; C:\Windows\system32\DRIVERS\nuviocir_x64.sys [40464 2015-11-24] (Nuvoton Technology Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [145448 2009-09-17] (SafeNet, Inc.)
R3 SNTUSB64; C:\Windows\System32\drivers\SNTUSB64.SYS [63568 2012-12-11] (SafeNet, Inc.)
S3 ssudqcfilter; C:\Windows\System32\drivers\ssudqcfilter.sys [48896 2015-05-21] (QUALCOMM Incorporated)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [26368 2015-05-21] (DEVGURU Co., LTD.)
S3 t_mouse.sys; C:\Windows\System32\drivers\t_mouse.sys [6144 2012-12-19] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WinRing0_1_2_0; S:\Program Files\PrecisionX\WinRing0\WinRing0x64.sys [14536 2015-10-20] (OpenLibSys.org)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [36904 2016-04-24] (Wellbia.com Co., Ltd.)
S1 BdfNdisf; \??\D:\Windows\System32\DriverStore\FileRepository\netlwf.inf_amd64_47566fa3371097e5\bdfndisf6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-25 04:14 - 2016-04-25 04:14 - 00014556 _____ C:\Users\jewel\Desktop\Addition.txt
2016-04-25 04:10 - 2016-04-25 04:14 - 00024656 _____ C:\Users\jewel\Desktop\FRST.txt
2016-04-25 04:05 - 2016-04-25 04:14 - 00000000 ____D C:\FRST
2016-04-25 04:04 - 2016-04-25 04:05 - 02375680 _____ (Farbar) C:\Users\jewel\Desktop\FRST64.exe
2016-04-25 03:59 - 2016-04-25 03:59 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\jewel\Downloads\rkill.exe
2016-04-25 03:59 - 2016-04-25 03:59 - 00002816 _____ C:\Users\jewel\Desktop\Rkill.txt
2016-04-25 03:57 - 2016-04-25 03:57 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-04-25 03:57 - 2016-04-25 03:57 - 00000000 ____D C:\ProgramData\Sophos
2016-04-25 03:57 - 2016-04-25 03:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-04-25 03:57 - 2016-04-25 03:57 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-04-25 03:56 - 2016-04-25 03:56 - 148106128 _____ (Sophos Limited) C:\Users\jewel\Downloads\Sophos Virus Removal Tool.exe
2016-04-25 03:55 - 2016-04-25 03:55 - 05660058 _____ (Swearware) C:\Users\jewel\Downloads\ComboFix.exe
2016-04-25 03:47 - 2016-04-25 03:47 - 00000000 ____H C:\ProgramData\cm-lock
2016-04-25 03:44 - 2016-04-25 03:46 - 00272742 _____ C:\WINDOWS\ntbtlog.txt
2016-04-25 03:43 - 2016-04-25 04:11 - 00000000 ____D C:\Users\jewel\AppData\Roaming\Skype
2016-04-25 03:43 - 2016-04-25 03:43 - 00000000 ____D C:\Users\jewel\AppData\Roaming\NVIDIA
2016-04-25 03:43 - 2016-04-25 03:43 - 00000000 ____D C:\Users\jewel\AppData\Roaming\Adobe
2016-04-25 03:42 - 2016-04-25 03:42 - 00000000 ____D C:\Users\jewel\AppData\Roaming\Corel
2016-04-25 03:41 - 2016-04-25 03:41 - 00000000 ____D C:\Users\jewel\AppData\Roaming\Mozilla
2016-04-25 03:36 - 2016-04-25 03:36 - 00000000 ____D C:\Users\jewel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-04-25 03:03 - 2016-04-25 03:03 - 00560760 _____ (Murray Hurps Software Pty Ltd) C:\Users\jewel\Downloads\AM-Install.exe
2016-04-25 03:03 - 2016-04-25 03:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad Muncher
2016-04-25 03:03 - 2016-04-25 03:03 - 00000000 ____D C:\ProgramData\Ad Muncher
2016-04-25 03:03 - 2016-04-25 03:03 - 00000000 ____D C:\Program Files (x86)\Ad Muncher
2016-04-25 02:56 - 2016-04-25 02:56 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\subinacl.exe
2016-04-25 02:56 - 2016-04-25 02:56 - 00000000 ____D C:\Program Files (x86)\Adware Removal Tool by TSA
2016-04-25 02:54 - 2016-04-25 02:56 - 00752296 _____ C:\Users\jewel\Downloads\Adware Removal Tool by TSA.exe
2016-04-25 02:53 - 2016-04-25 02:53 - 03580480 _____ C:\Users\jewel\Downloads\adwcleaner_5.113.exe
2016-04-25 02:46 - 2016-04-25 02:46 - 20390080 _____ (Adobe Systems Incorporated) C:\Users\jewel\Downloads\install_flash_player_ppapi (1).exe
2016-04-25 02:46 - 2016-04-25 02:46 - 17507597 _____ C:\Users\jewel\Downloads\install_flash_player_osx_ppapi.dmg
2016-04-25 02:39 - 2016-04-25 02:39 - 20390080 _____ (Adobe Systems Incorporated) C:\Users\jewel\Downloads\install_flash_player_ppapi.exe
2016-04-25 02:28 - 2016-04-25 02:28 - 38810232 _____ (Vivaldi Technologies AS) C:\Users\jewel\Downloads\Vivaldi.1.0.435.42.exe
2016-04-25 02:28 - 2016-04-25 02:28 - 00002330 _____ C:\Users\jewel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2016-04-25 02:28 - 2016-04-25 02:28 - 00002322 _____ C:\Users\jewel\Desktop\Vivaldi.lnk
2016-04-25 02:28 - 2016-04-25 02:28 - 00000000 ____D C:\Users\jewel\AppData\Local\Vivaldi
2016-04-25 02:18 - 2016-04-25 02:18 - 00023398 _____ C:\Users\jewel\Downloads\FWJw6ET1.htm
2016-04-24 16:53 - 2016-04-25 03:33 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-24 16:53 - 2016-04-25 02:37 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-24 16:53 - 2016-04-24 16:53 - 00000000 ____D C:\Users\jewel\AppData\Local\Macromedia
2016-04-24 16:35 - 2016-04-24 16:35 - 00242144 _____ C:\Users\jewel\Downloads\Firefox Setup Stub 45.0.2 (1).exe
2016-04-24 16:34 - 2016-04-24 16:44 - 00000000 ____D C:\Users\jewel\AppData\Local\Mozilla
2016-04-24 16:32 - 2016-04-24 16:32 - 00242144 _____ C:\Users\jewel\Downloads\Firefox Setup Stub 45.0.2.exe
2016-04-24 16:30 - 2016-04-24 16:30 - 04621272 _____ (Google) C:\Users\jewel\Downloads\chrome_cleanup_tool.exe
2016-04-24 16:24 - 2016-04-24 16:24 - 00987728 _____ (Google Inc.) C:\Users\jewel\Downloads\ChromeSetup.exe
2016-04-24 16:13 - 2016-04-24 16:36 - 00000000 __SHD C:\ProgramData\Google
2016-04-22 10:22 - 2016-04-22 18:27 - 00000000 ____D C:\Users\jewel\Desktop\Grow4.22
2016-04-22 10:04 - 2016-04-22 10:04 - 05189184 _____ C:\Users\jewel\Downloads\RAND.stl
2016-04-22 09:55 - 2016-04-22 09:55 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-64.dll
2016-04-21 23:32 - 2016-04-22 10:23 - 00000000 ____D C:\Users\jewel\Desktop\bURDOCK
2016-04-21 16:07 - 2016-04-21 16:07 - 36658853 _____ C:\Users\jewel\Desktop\RhinoCrashDump.dmp
2016-04-21 09:36 - 2016-04-21 09:36 - 00192370 _____ C:\Users\jewel\Downloads\EligibilityNotice (1).pdf
2016-04-21 09:27 - 2016-04-21 09:27 - 00192370 _____ C:\Users\jewel\Downloads\EligibilityNotice.pdf
2016-04-20 16:21 - 2016-04-20 16:21 - 02962713 _____ C:\Users\jewel\Downloads\retb1504cad.zip
2016-04-20 01:22 - 2016-04-20 01:23 - 00000000 ____D C:\Users\jewel\Documents\Overwatch
2016-04-19 20:05 - 2016-04-19 20:05 - 02146351 _____ C:\Users\jewel\Downloads\splitshankhalo_feedback.pdf
2016-04-19 19:16 - 2016-04-19 19:16 - 00003232 _____ C:\Users\jewel\Downloads\[kat.cr]better.call.saul.s02e10.hdtv.x264.fum.ettv.torrent
2016-04-19 16:00 - 2016-04-24 23:16 - 00000000 ____D C:\Users\jewel\Desktop\Goldman
2016-04-19 14:33 - 2016-04-19 14:33 - 00000751 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-04-19 14:33 - 2016-04-19 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2016-04-19 11:37 - 2016-04-19 11:37 - 00311684 _____ C:\Users\jewel\Desktop\test.stl
2016-04-18 22:18 - 2016-04-18 22:22 - 09159484 _____ C:\Users\jewel\Downloads\PRESC 1.stl
2016-04-18 22:18 - 2016-04-18 22:20 - 03528084 _____ C:\Users\jewel\Downloads\PRESC 2.stl
2016-04-18 22:18 - 2016-04-18 22:19 - 06208084 _____ C:\Users\jewel\Downloads\LONG (2).stl
2016-04-18 21:23 - 2016-04-22 10:23 - 00000000 ____D C:\Users\jewel\Desktop\Heiston
2016-04-17 20:46 - 2016-04-22 16:57 - 00094839 _____ C:\Users\jewel\Desktop\Invoice13050.pdf
2016-04-15 17:54 - 2016-04-15 17:54 - 01371531 _____ C:\Users\jewel\Desktop\1504dtrigue.mp4
2016-04-15 16:54 - 2016-04-15 16:55 - 01596164 _____ C:\Users\jewel\Desktop\tacoriset.mp4
2016-04-15 16:54 - 2016-04-15 16:54 - 01869202 _____ C:\Users\jewel\Desktop\tacoriset.avi
2016-04-15 14:34 - 2016-04-15 14:34 - 06167538 _____ C:\Users\jewel\Desktop\Tanz.rar
2016-04-15 14:33 - 2016-04-18 22:28 - 13707984 _____ C:\Users\jewel\Desktop\Tanz.stl
2016-04-15 02:04 - 2016-04-24 13:54 - 00036904 _____ (Wellbia.com Co., Ltd.) C:\WINDOWS\xhunter1.sys
2016-04-15 02:04 - 2016-04-21 00:08 - 00000000 ____D C:\Users\jewel\Documents\Black Desert
2016-04-15 01:48 - 2016-04-15 01:48 - 00020534 _____ C:\Users\jewel\Downloads\PlayTBC.zip.torrent
2016-04-14 23:56 - 2016-04-24 13:53 - 00000000 ____D C:\Users\jewel\AppData\Local\BlackDesertOnline
2016-04-14 23:55 - 2016-04-14 23:55 - 50625480 _____ (Daum Games EU) C:\Users\jewel\Downloads\BlackDesertOnlineSetup_20160228_1005.exe
2016-04-14 23:55 - 2016-04-14 23:55 - 00000747 _____ C:\Users\Public\Desktop\Black Desert Online.lnk
2016-04-14 23:55 - 2016-04-14 23:55 - 00000747 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Black Desert Online.lnk
2016-04-14 23:55 - 2016-04-14 23:55 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-14 23:55 - 2016-04-14 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Desert Online
2016-04-14 15:42 - 2016-04-14 15:42 - 08634084 _____ C:\Users\jewel\Downloads\howard render middle yella outside white.stl
2016-04-14 14:56 - 2016-04-14 14:56 - 00565884 _____ C:\Users\jewel\Desktop\add.stl
2016-04-14 11:07 - 2016-04-14 11:07 - 00001843 _____ C:\Users\Public\Desktop\Skin Tool.lnk
2016-04-14 11:07 - 2016-04-14 11:07 - 00001768 _____ C:\Users\Public\Desktop\EVGA PrecisionX 16.lnk
2016-04-14 11:07 - 2016-04-14 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA
2016-04-14 11:04 - 2016-04-14 11:04 - 28380984 _____ C:\Users\jewel\Downloads\EVGA_PrecisionX_16_Setup_v5.3.11.zip
2016-04-13 13:07 - 2016-04-13 13:07 - 00000000 ____D C:\Users\jewel\Documents\Wizards of the Coast
2016-04-13 13:06 - 2016-04-13 13:06 - 00000000 ____D C:\Users\jewel\Documents\Duels of the Planeswalkers Dumps
2016-04-13 07:42 - 2016-04-01 23:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 07:42 - 2016-04-01 23:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 07:42 - 2016-04-01 23:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 07:42 - 2016-04-01 23:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 07:42 - 2016-04-01 22:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 07:42 - 2016-04-01 22:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 07:42 - 2016-04-01 22:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 07:42 - 2016-04-01 22:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 07:42 - 2016-04-01 22:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 07:42 - 2016-04-01 22:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 07:42 - 2016-04-01 22:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 07:42 - 2016-04-01 22:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 07:42 - 2016-04-01 22:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 07:42 - 2016-04-01 22:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 07:42 - 2016-04-01 22:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 07:42 - 2016-04-01 22:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 07:42 - 2016-04-01 22:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 07:42 - 2016-04-01 22:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 07:42 - 2016-04-01 22:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 07:42 - 2016-04-01 22:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 07:42 - 2016-04-01 22:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 07:42 - 2016-04-01 22:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 07:42 - 2016-04-01 22:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 07:42 - 2016-03-29 05:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 07:42 - 2016-03-29 05:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 07:42 - 2016-03-29 05:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 07:42 - 2016-03-29 05:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 07:42 - 2016-03-29 05:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 07:42 - 2016-03-29 05:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 07:42 - 2016-03-29 05:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 07:42 - 2016-03-29 05:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 07:42 - 2016-03-29 05:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 07:42 - 2016-03-29 05:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 07:42 - 2016-03-29 05:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 07:42 - 2016-03-29 05:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 07:42 - 2016-03-29 05:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 07:42 - 2016-03-29 04:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 07:42 - 2016-03-29 04:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 07:42 - 2016-03-29 04:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 07:42 - 2016-03-29 04:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 07:42 - 2016-03-29 04:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 07:42 - 2016-03-29 04:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 07:42 - 2016-03-29 04:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 07:42 - 2016-03-29 04:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 07:42 - 2016-03-29 04:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 07:42 - 2016-03-29 04:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 07:42 - 2016-03-29 04:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 07:42 - 2016-03-29 04:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 07:42 - 2016-03-29 04:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 07:42 - 2016-03-29 04:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 07:42 - 2016-03-29 04:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 07:42 - 2016-03-29 04:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 07:42 - 2016-03-29 04:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 07:42 - 2016-03-29 04:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 07:42 - 2016-03-29 03:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 07:42 - 2016-03-29 03:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 07:42 - 2016-03-29 03:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 07:42 - 2016-03-29 03:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 07:42 - 2016-03-29 03:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 07:42 - 2016-03-29 03:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 07:42 - 2016-03-29 03:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 07:42 - 2016-03-29 03:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 07:42 - 2016-03-29 03:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 07:42 - 2016-03-29 03:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 07:42 - 2016-03-29 03:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 07:42 - 2016-03-29 03:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 07:42 - 2016-03-29 03:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 07:42 - 2016-03-29 03:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 07:42 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 07:42 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 07:42 - 2016-03-29 03:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 07:42 - 2016-03-29 03:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 07:42 - 2016-03-29 03:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 07:42 - 2016-03-29 03:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 07:42 - 2016-03-29 03:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 07:42 - 2016-03-29 03:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 07:42 - 2016-03-29 03:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 07:42 - 2016-03-29 03:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 07:42 - 2016-03-29 03:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 07:42 - 2016-03-29 03:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 07:42 - 2016-03-29 02:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 07:42 - 2016-03-29 02:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 07:42 - 2016-03-29 02:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 07:42 - 2016-03-29 02:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 07:42 - 2016-03-29 02:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 07:42 - 2016-03-29 02:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 07:42 - 2016-03-29 02:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 07:42 - 2016-03-29 02:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 07:42 - 2016-03-29 02:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 07:42 - 2016-03-29 02:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 07:42 - 2016-03-29 02:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 07:42 - 2016-03-29 02:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 07:42 - 2016-03-29 02:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 07:42 - 2016-03-29 02:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 07:42 - 2016-03-29 02:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 07:42 - 2016-03-29 02:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 07:42 - 2016-03-29 02:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 07:42 - 2016-03-29 02:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 07:42 - 2016-03-29 02:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 07:42 - 2016-03-29 02:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 07:42 - 2016-03-29 02:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 07:42 - 2016-03-29 02:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 07:42 - 2016-03-29 02:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 07:42 - 2016-03-29 02:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 07:42 - 2016-03-29 02:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 07:42 - 2016-03-29 02:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 07:42 - 2016-03-29 02:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 07:42 - 2016-03-29 02:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 07:42 - 2016-03-29 02:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 07:42 - 2016-03-29 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 07:42 - 2016-03-29 02:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 07:42 - 2016-03-29 02:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 07:42 - 2016-03-29 02:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 07:42 - 2016-03-29 02:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 07:42 - 2016-03-29 02:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 07:42 - 2016-03-29 02:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 07:42 - 2016-03-29 02:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 07:42 - 2016-03-29 02:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 07:42 - 2016-03-29 02:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 07:42 - 2016-03-29 02:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 07:42 - 2016-03-29 02:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 07:42 - 2016-03-29 02:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 07:42 - 2016-03-29 02:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 07:42 - 2016-03-29 02:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 07:42 - 2016-03-29 02:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 07:42 - 2016-03-29 02:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 07:42 - 2016-03-29 02:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 07:42 - 2016-03-29 02:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 07:42 - 2016-03-29 02:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 07:42 - 2016-03-29 02:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 07:42 - 2016-03-29 02:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 07:42 - 2016-03-29 02:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 07:42 - 2016-03-29 02:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 07:42 - 2016-03-29 02:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 07:42 - 2016-03-29 02:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 07:42 - 2016-03-29 02:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 07:42 - 2016-03-29 02:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 07:42 - 2016-03-29 02:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 07:42 - 2016-03-29 02:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 07:42 - 2016-03-29 02:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 07:42 - 2016-03-29 02:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 07:42 - 2016-03-29 02:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 07:42 - 2016-03-29 02:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 07:42 - 2016-03-29 02:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 07:42 - 2016-03-29 02:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 07:42 - 2016-03-29 02:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 07:42 - 2016-03-29 02:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 07:42 - 2016-03-29 02:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 07:42 - 2016-03-29 02:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 07:42 - 2016-03-29 02:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 07:42 - 2016-03-29 02:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 07:42 - 2016-03-29 02:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 07:42 - 2016-03-29 02:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 07:42 - 2016-03-29 02:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 07:42 - 2016-03-29 02:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 07:42 - 2016-03-29 02:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 07:42 - 2016-03-29 02:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 07:42 - 2016-03-29 02:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 07:42 - 2016-03-29 02:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 07:42 - 2016-03-29 02:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 07:42 - 2016-03-29 02:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 07:42 - 2016-03-29 02:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 07:42 - 2016-03-29 02:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 07:42 - 2016-03-29 02:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 07:42 - 2016-03-29 02:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 07:42 - 2016-03-29 02:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 07:42 - 2016-03-29 02:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 07:42 - 2016-03-29 02:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 07:42 - 2016-03-29 02:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 07:42 - 2016-03-29 02:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 07:42 - 2016-03-29 02:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 07:42 - 2016-03-29 02:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 07:42 - 2016-03-29 02:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 07:42 - 2016-03-29 02:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 07:42 - 2016-03-29 02:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 07:42 - 2016-03-29 02:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 07:42 - 2016-03-29 02:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 07:42 - 2016-03-29 02:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 07:42 - 2016-03-29 02:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 07:42 - 2016-03-29 02:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 07:42 - 2016-03-29 02:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 07:42 - 2016-03-29 02:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 07:42 - 2016-03-29 01:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 07:42 - 2016-03-29 01:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 07:42 - 2016-03-29 01:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 07:42 - 2016-03-29 01:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 07:42 - 2016-03-29 01:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 07:42 - 2016-03-29 01:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 07:42 - 2016-03-29 01:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 07:42 - 2016-03-29 01:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 07:42 - 2016-03-29 01:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 07:42 - 2016-03-29 01:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 07:42 - 2016-03-29 01:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 07:42 - 2016-03-29 01:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 07:42 - 2016-03-29 01:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 07:42 - 2016-03-29 01:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 07:42 - 2016-03-29 01:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 07:42 - 2016-03-29 01:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 07:42 - 2016-03-29 01:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 07:42 - 2016-03-29 01:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 07:42 - 2016-03-29 01:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 07:42 - 2016-03-29 01:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 07:42 - 2016-03-29 01:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 07:42 - 2016-03-29 01:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 07:42 - 2016-03-29 01:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 07:42 - 2016-03-29 01:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 07:42 - 2016-03-29 01:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 07:42 - 2016-03-29 01:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 07:42 - 2016-03-29 01:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 07:42 - 2016-03-29 01:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 07:42 - 2016-03-29 01:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 07:42 - 2016-03-29 01:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 07:42 - 2016-03-29 01:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 07:42 - 2016-03-29 01:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 07:42 - 2016-03-29 01:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 07:42 - 2016-03-29 01:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 07:42 - 2016-03-29 01:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 07:42 - 2016-03-29 01:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 07:42 - 2016-03-29 01:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 07:42 - 2016-03-29 01:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 07:42 - 2016-03-29 01:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 07:42 - 2016-03-29 01:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 07:42 - 2016-03-29 01:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 07:42 - 2016-03-29 01:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 07:42 - 2016-03-29 01:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 07:42 - 2016-03-29 01:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 07:42 - 2016-03-29 01:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 07:42 - 2016-03-29 01:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 07:42 - 2016-03-29 01:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 07:42 - 2016-03-29 01:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 07:42 - 2016-03-29 01:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 07:42 - 2016-03-29 01:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 07:42 - 2016-03-29 01:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 07:42 - 2016-03-29 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 07:42 - 2016-03-29 01:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 07:42 - 2016-03-29 01:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 07:42 - 2016-03-29 01:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 07:42 - 2016-03-29 01:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 07:42 - 2016-03-29 01:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 07:42 - 2016-03-29 01:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 07:42 - 2016-03-29 01:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 07:42 - 2016-03-29 01:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 07:42 - 2016-03-29 01:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 07:42 - 2016-03-29 01:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 07:42 - 2016-03-29 01:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 07:42 - 2016-03-29 01:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 07:42 - 2016-03-29 01:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 07:42 - 2016-03-29 01:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 07:42 - 2016-03-29 01:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 07:42 - 2016-03-29 01:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 07:42 - 2016-03-29 01:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 07:42 - 2016-03-29 01:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 07:42 - 2016-03-29 01:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 07:42 - 2016-03-29 01:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 07:42 - 2016-03-29 01:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 07:42 - 2016-03-29 01:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 07:42 - 2016-03-29 01:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 07:42 - 2016-03-29 01:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 07:42 - 2016-03-29 00:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 07:42 - 2016-03-29 00:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 07:42 - 2016-03-29 00:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 07:42 - 2016-03-29 00:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 07:42 - 2016-03-29 00:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 07:42 - 2016-03-29 00:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 07:42 - 2016-03-29 00:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 07:42 - 2016-03-29 00:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 07:42 - 2016-03-29 00:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 07:42 - 2016-03-29 00:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 07:42 - 2016-03-29 00:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 07:42 - 2016-03-29 00:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 07:42 - 2016-03-29 00:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 07:42 - 2016-03-29 00:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 07:42 - 2016-03-29 00:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 07:42 - 2016-03-29 00:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 07:42 - 2016-03-29 00:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 07:42 - 2016-03-29 00:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 07:42 - 2016-03-29 00:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 07:42 - 2016-03-29 00:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 07:42 - 2016-03-29 00:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 07:42 - 2016-03-29 00:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 07:42 - 2016-03-29 00:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 07:42 - 2016-03-29 00:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 07:42 - 2016-03-29 00:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 07:42 - 2016-03-29 00:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 07:42 - 2016-03-29 00:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 04:35 - 2016-04-13 04:36 - 07221284 _____ C:\Users\jewel\Downloads\Chinese dragon 0416.stl
2016-04-13 04:34 - 2016-04-13 04:34 - 02250184 _____ C:\Users\jewel\Downloads\step.stl
2016-04-13 04:32 - 2016-04-13 04:35 - 02645984 _____ C:\Users\jewel\Downloads\shell_1_of_trudy bool.stl
2016-04-13 04:32 - 2016-04-13 04:32 - 00391884 _____ C:\Users\jewel\Downloads\trudy bool.stl
2016-04-13 02:35 - 2016-04-22 00:53 - 00000000 ____D C:\Users\jewel\Desktop\Diamondtrigue
2016-04-13 02:03 - 2016-04-13 02:03 - 00000000 ____D C:\Users\jewel\Tracing
2016-04-13 02:02 - 2016-04-25 04:11 - 00000000 ____D C:\ProgramData\Skype
2016-04-13 02:01 - 2016-04-13 02:01 - 01503872 _____ (Skype Technologies S.A.) C:\Users\jewel\Downloads\SkypeSetup.exe
2016-04-12 14:42 - 2016-04-12 14:42 - 00000012 _____ C:\Users\jewel\Desktop\stone.txt
2016-04-12 07:29 - 2016-04-12 07:29 - 80174088 _____ C:\Users\jewel\Downloads\Ace_Stream_Media_3.1.2_VLC_1.1.12.exe
2016-04-12 01:46 - 2016-04-12 01:46 - 17038554 _____ C:\Users\jewel\Downloads\4.9.rar
2016-04-10 23:19 - 2016-04-10 23:19 - 01613208 _____ C:\Users\jewel\Downloads\Procurement.1.9.8.zip
2016-04-10 04:25 - 2016-04-10 04:25 - 11546724 _____ C:\Users\jewel\Downloads\VIDEOmarq.mp4
2016-04-09 05:56 - 2016-04-09 05:56 - 00286984 _____ C:\Users\jewel\Downloads\shell_1_of_SMIT.stl
2016-04-09 05:56 - 2016-04-09 05:56 - 00286984 _____ C:\Users\jewel\Downloads\shell_1_of_shell_1_of_SMIT.stl
2016-04-09 05:46 - 2016-04-09 05:58 - 04993384 _____ C:\Users\jewel\Downloads\reed.stl
2016-04-09 05:46 - 2016-04-09 05:57 - 05427984 _____ C:\Users\jewel\Downloads\SMIT.stl
2016-04-09 05:37 - 2016-04-09 05:37 - 01425407 _____ C:\Users\jewel\Desktop\Starburst.mp4
2016-04-09 00:50 - 2016-04-09 00:53 - 12245284 _____ C:\Users\jewel\Downloads\Crown Kanesha.stl
2016-04-08 04:28 - 2016-04-08 04:30 - 04202384 _____ C:\Users\jewel\Downloads\DiosaLuna32516.stl
2016-04-08 03:36 - 2016-04-08 03:49 - 00791084 _____ C:\Users\jewel\Downloads\newton pauline.stl
2016-04-08 03:11 - 2016-04-08 03:51 - 08642084 _____ C:\Users\jewel\Downloads\long (1).stl
2016-04-08 03:11 - 2016-04-08 03:51 - 02705284 _____ C:\Users\jewel\Downloads\benitez anthony ROSE .stl
2016-04-08 03:11 - 2016-04-08 03:11 - 05265884 _____ C:\Users\jewel\Downloads\benitez anthony WHITE.stl
2016-04-08 01:47 - 2016-04-08 03:52 - 01425384 _____ C:\Users\jewel\Downloads\61427 Ramsey.stl
2016-04-08 01:47 - 2016-04-08 01:47 - 00995384 _____ C:\Users\jewel\Downloads\61427 Ramsey band.stl
2016-04-07 08:48 - 2016-04-07 08:48 - 00000056 _____ C:\Users\jewel\Desktop\656.txt
2016-04-07 07:40 - 2016-04-07 07:40 - 00000000 ___HD C:\Users\jewel\Documents\Corel Auto-Preserve
2016-04-07 04:56 - 2016-04-07 04:56 - 04879084 _____ C:\Users\jewel\Downloads\karu2-2.stl
2016-04-07 04:40 - 2016-04-07 04:56 - 04896484 _____ C:\Users\jewel\Downloads\krau2.stl
2016-04-07 04:39 - 2016-04-07 04:55 - 34140384 _____ C:\Users\jewel\Downloads\krau1.stl
2016-04-07 03:04 - 2016-04-07 04:06 - 11221284 _____ C:\Users\jewel\Desktop\one.stl
2016-04-07 03:04 - 2016-04-07 04:05 - 05678284 _____ C:\Users\jewel\Desktop\two.stl
2016-04-06 23:37 - 2016-04-06 23:38 - 00895884 _____ C:\Users\jewel\Downloads\42359 Reimer.stl
2016-04-06 09:17 - 2016-04-06 09:17 - 01015374 _____ C:\Users\jewel\Desktop\stepdown.mp4
2016-04-06 08:20 - 2016-04-06 08:20 - 00056931 _____ C:\Users\jewel\Downloads\[kat.cr]better.call.saul.s02e08.1080p.web.dl.dd5.1.hevc.x265.lgc.mkv.torrent
2016-04-06 08:18 - 2016-04-06 08:18 - 00015687 _____ C:\Users\jewel\Downloads\[kat.cr]better.call.saul.s02e08.1080p.web.dl.5.1ch.x264.kimo.torrent
2016-04-05 10:08 - 2016-04-06 05:05 - 00000000 __SHD C:\ProgramData\fgca
2016-04-05 09:49 - 2016-04-05 09:51 - 17141991 _____ (The qBittorrent project) C:\Users\jewel\Downloads\qbittorrent_3.3.4_setup.exe
2016-04-05 09:49 - 2016-04-05 09:49 - 00017690 _____ C:\Users\jewel\Downloads\[kat.cr]better.call.saul.s02e08.hdtv.x264.killers.mp4.torrent
2016-04-05 07:19 - 2016-04-05 07:22 - 08102584 _____ C:\Users\jewel\Downloads\THEO PHIL BIG.stl
2016-04-05 01:27 - 2016-04-05 01:27 - 00101570 _____ C:\Users\jewel\Downloads\MoM Calculation.xlsx
2016-04-03 01:39 - 2016-04-04 12:29 - 00005213 _____ C:\Users\jewel\Downloads\changelog.txt
2016-04-01 18:07 - 2016-04-01 18:07 - 00000425 _____ C:\Users\jewel\vfr_startup_errorlog.txt
2016-03-31 05:38 - 2016-03-31 05:38 - 01921045 _____ C:\Users\jewel\Downloads\Cushionplat (1).mp4
2016-03-30 12:56 - 2016-03-30 12:56 - 17262334 _____ C:\Users\jewel\Downloads\theo remake.stl
2016-03-29 20:51 - 2016-03-29 20:51 - 01878042 _____ C:\Users\jewel\Desktop\rogersrender.mp4
2016-03-29 12:54 - 2016-03-21 15:01 - 00109632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-03-29 12:54 - 2016-03-21 15:01 - 00100416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-03-28 16:58 - 2016-03-28 16:58 - 01040984 _____ C:\Users\jewel\Downloads\gc family ring.stl
2016-03-28 16:55 - 2016-03-28 16:55 - 01921045 _____ C:\Users\jewel\Downloads\Cushionplat.mp4
2016-03-28 13:44 - 2016-03-28 16:49 - 04994639 _____ C:\Users\jewel\Desktop\Untitled.3dm
2016-03-28 13:44 - 2016-03-28 13:44 - 02467859 _____ C:\Users\jewel\Desktop\Untitled.3dmbak
2016-03-28 13:35 - 2016-03-21 20:57 - 00110528 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2016-03-28 13:33 - 2016-03-21 23:08 - 42923576 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 37567424 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 25350080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 21364536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 20906168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 17755928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 17349776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 10550552 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 08659472 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 02614208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 02260024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436472.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436472.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00960056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00889400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00786872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00784824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00751552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00695864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00678520 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00632336 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00630776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00601936 _____ C:\WINDOWS\system32\nvmcumd.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00572096 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00546328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00425016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00385080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00379448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00379296 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00348216 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00317656 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00176064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00153392 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00151368 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00129208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2016-03-28 13:33 - 2016-03-21 23:08 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-03-28 13:33 - 2016-03-21 23:08 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
2016-03-27 22:11 - 2016-03-27 22:29 - 00000000 ____D C:\Users\jewel\Desktop\Trudy
2016-03-26 09:40 - 2016-03-26 09:40 - 00000003 _____ C:\WINDOWS\system32\version.html

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-25 04:12 - 2016-01-15 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2016-04-25 04:12 - 2015-12-09 17:14 - 00000000 ____D C:\Users\jewel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MeshLab
2016-04-25 04:12 - 2015-12-04 01:57 - 00000000 ____D C:\Users\jewel\AppData\Local\CrashDumps
2016-04-25 04:11 - 2016-03-11 20:17 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-04-25 04:09 - 2016-02-27 03:21 - 00000000 ____D C:\Program Files (x86)\Naturalsoft
2016-04-25 03:58 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-25 03:53 - 2015-11-23 00:54 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-25 03:48 - 2015-11-25 01:59 - 00002980 _____ C:\WINDOWS\System32\Tasks\AsrXTU
2016-04-25 03:47 - 2016-02-13 22:16 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2016-04-25 03:47 - 2015-12-02 15:12 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-25 03:47 - 2015-12-02 15:08 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-25 03:47 - 2015-11-25 01:46 - 00021288 _____ (RW-Everything) C:\WINDOWS\SysWOW64\Drivers\AxtuDrv.sys
2016-04-25 03:47 - 2015-11-23 01:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-25 03:47 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-25 03:46 - 2015-12-11 06:06 - 00000000 ____D C:\AdwCleaner
2016-04-25 03:45 - 2015-11-25 00:47 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-25 03:40 - 2015-11-23 01:53 - 00000000 ____D C:\Users\jewel\AppData\Temp
2016-04-25 03:23 - 2015-07-30 13:41 - 00264552 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2016-04-25 03:23 - 2015-07-30 13:41 - 00186784 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2016-04-25 03:23 - 2015-07-30 13:41 - 00170792 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfpr.sys
2016-04-25 02:59 - 2015-11-25 00:35 - 00000064 __RSH C:\WINDOWS\system32\Drivers\ws2ifsl.winsecurity
2016-04-25 02:59 - 2015-11-25 00:35 - 00000064 __RSH C:\WINDOWS\system32\Drivers\wmiacpi.winsecurity
2016-04-25 02:37 - 2015-11-30 23:11 - 00000000 ____D C:\Users\jewel\AppData\Local\Adobe
2016-04-25 02:13 - 2015-11-23 00:56 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B8400E71-865D-49DF-8D12-FE9E036B55A8}
2016-04-24 23:21 - 2015-12-07 16:25 - 00000000 ____D C:\3ZWorks V9
2016-04-24 23:21 - 2015-11-23 02:43 - 00000000 ____D C:\Users\jewel\AppData\Local\Battle.net
2016-04-24 16:35 - 2015-11-23 01:05 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-24 16:26 - 2015-11-23 01:05 - 00000000 ____D C:\Users\jewel\AppData\Local\Google
2016-04-23 00:07 - 2015-11-23 01:27 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-22 23:38 - 2016-03-19 11:08 - 00000000 ____D C:\Users\jewel\Documents\AutoHotKey
2016-04-22 09:58 - 2015-12-23 01:59 - 00000000 ____D C:\ProgramData\Oracle
2016-04-22 09:56 - 2016-03-05 15:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-22 09:56 - 2015-12-23 02:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-22 09:56 - 2015-12-09 03:28 - 00000000 ____D C:\ModelWorks V8
2016-04-22 09:55 - 2016-03-05 15:42 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-22 09:55 - 2015-12-23 02:00 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-04-22 09:55 - 2015-12-23 02:00 - 00000000 ____D C:\Users\jewel\.oracle_jre_usage
2016-04-22 09:55 - 2015-12-23 02:00 - 00000000 ____D C:\Program Files\Java
2016-04-22 09:50 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-22 02:28 - 2015-12-02 15:09 - 00000000 ____D C:\Users\jewel
2016-04-21 16:07 - 2016-03-09 16:15 - 00000000 _____ C:\Users\jewel\Desktop\RhinoCrashDump.3dm
2016-04-21 15:57 - 2016-03-03 14:53 - 00000000 ____D C:\Users\jewel\Desktop\CJ
2016-04-21 09:07 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-20 22:34 - 2016-01-22 19:15 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-20 22:34 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-20 18:19 - 2016-02-17 20:43 - 00000000 ____D C:\Users\jewel\Desktop\Gemclassics
2016-04-19 15:57 - 2016-01-20 19:22 - 00000000 ____D C:\Users\jewel\Desktop\todd
2016-04-19 04:31 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-18 22:14 - 2016-01-22 19:22 - 00002363 _____ C:\Users\jewel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-18 22:14 - 2015-11-23 00:53 - 00000000 ___RD C:\Users\jewel\OneDrive
2016-04-18 17:27 - 2016-02-26 14:36 - 00000000 ____D C:\Users\jewel\Desktop\Hampton
2016-04-17 22:48 - 2016-02-10 18:09 - 00000000 ____D C:\Users\jewel\Desktop\Anschar
2016-04-17 20:17 - 2016-02-05 22:42 - 00000000 ___HD C:\Users\jewel\Desktop\Corel Auto-Preserve
2016-04-17 16:13 - 2015-12-05 17:33 - 00000000 ____D C:\Users\jewel\AppData\Local\ElevatedDiagnostics
2016-04-16 16:06 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-15 00:39 - 2016-02-23 21:42 - 00000000 ____D C:\Users\jewel\AppData\Local\MEGAsync
2016-04-14 11:00 - 2015-12-02 15:08 - 00361536 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 04:43 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 04:43 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 04:43 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 04:43 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 13:11 - 2016-02-29 00:29 - 00000000 ____D C:\Users\jewel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-04-13 12:42 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 12:41 - 2015-11-23 00:56 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 12:39 - 2015-11-23 00:56 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 11:34 - 2015-11-23 00:51 - 00000000 ____D C:\Users\jewel\AppData\Local\Packages
2016-04-07 02:30 - 2016-03-12 18:19 - 01196184 _____ C:\Users\jewel\Desktop\fix.stl
2016-04-06 22:17 - 2016-03-25 23:20 - 00037074 _____ C:\Users\jewel\Downloads\macro.ahk
2016-04-06 13:32 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 13:32 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-04 12:29 - 2016-03-25 23:20 - 00000003 _____ C:\Users\jewel\Downloads\version.html
2016-04-02 23:24 - 2015-11-28 17:56 - 00000000 ____D C:\Users\jewel\AppData\Local\Spotify
2016-03-29 20:06 - 2015-11-23 01:33 - 01373680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-03-29 20:06 - 2015-11-23 01:33 - 01316000 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-03-29 20:05 - 2015-11-23 01:33 - 01767248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-03-29 20:05 - 2015-11-23 01:33 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-03-29 20:05 - 2015-11-23 01:33 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-03-29 12:54 - 2015-12-02 15:08 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-28 13:35 - 2015-12-02 15:08 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-03-28 13:35 - 2015-11-23 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-03-28 13:34 - 2015-12-02 15:08 - 00000000 ____D C:\Program Files\NVIDIA Corporation

==================== Files in the root of some directories =======

2016-03-01 15:21 - 2016-03-01 15:21 - 0000038 ___SH () C:\Users\jewel\AppData\Local\1754111884ee9ab5277ca00.95260103
2016-04-25 03:47 - 2016-04-25 03:47 - 0000000 ____H () C:\ProgramData\cm-lock

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-14 15:20

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by jewel (2016-04-25 04:14:00)
Running from C:\Users\jewel\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-02 20:13:31)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-990940684-4230470255-219310112-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-990940684-4230470255-219310112-503 - Limited - Disabled)
Guest (S-1-5-21-990940684-4230470255-219310112-501 - Limited - Disabled)
jewel (S-1-5-21-990940684-4230470255-219310112-1001 - Administrator - Enabled) => C:\Users\jewel

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 9.0.318.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 9.0.375.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Ad Muncher v4.94.34121 (Free) (HKLM-x32\...\Ad Muncher) (Version: - )
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.232 - Adobe Systems Incorporated)
Adobe Reader 8.1.1 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A81100000003}) (Version: 8.1.1 - Adobe Systems Incorporated)
ASRock eXtreme Tuner v0.1.198 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )
Autodesk T-Splines Plug-in for Rhino version 3.4 r8555 (64) (HKLM\...\{FCB0FFA0-6EB0-4D4C-8B71-8390E31B0AC9}) (Version: 3.4.8555 - Autodesk)
Autodesk T-Splines Plug-in for Rhino version 3.4 r8555 (HKLM-x32\...\{74E50912-C128-46F7-A9F4-6A1DE5084692}) (Version: 3.4.8555 - Autodesk)
AutoHotkey 1.1.23.03 (HKLM\...\AutoHotkey) (Version: 1.1.23.03 - Lexikos)
Black Desert Online (HKLM-x32\...\{C1F96C92-7B8C-485F-A9CD-37A0708A2A60}) (Version: 1.0.0.5 - Daum Games EU)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.14 - Piriform)
Corel PaintShop Pro X8 (HKLM-x32\...\_{85C69B9B-F9BD-4A60-BD83-F2B7E081ED39}) (Version: 18.1.0.67 - Corel Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
EasySync CryptoMonitor (HKLM-x32\...\EasySync CryptoMonitor 2.0.503.0) (Version: 2.0.503.0 - EasySync Solutions)
EasySync CryptoMonitor (Version: 2.0.503.0 - EasySync Solutions) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{60853F5E-E6F5-4A34-BBCD-C09D49BB5E64}) (Version: 9.0.318.0 - ESET, spol. s r.o.)
EVGA PrecisionX 16 (HKLM-x32\...\{4C5ECFC6-AF6E-42A0-988D-0A5FCBB8F0B9}) (Version: 5.3.11 - EVGA Corporation)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
ICA (x32 Version: 18.0.0.124 - Corel Corporation) Hidden
IPM_PSP_COM64 (Version: 18.0.0.124 - Corel Corporation) Hidden
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
K-Studio-Demo (HKLM\...\{5E5A6E40-A4F3-4563-AF3A-04E9914D3E09}) (Version: 1.2.4.0 - Kevvox Pte. Ltd.)
Logitech Gaming Software 8.76 (HKLM\...\Logitech Gaming Software) (Version: 8.76.155 - Logitech Inc.)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Magics 18.03 64bit (HKLM\...\{275059F7-B340-4DF3-8BE3-D45A6A937D31}) (Version: 18.0.3.16 - Materialise)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MatConvert 7.0.0.3 (x64) (HKLM\...\{07CAC6C0-3C11-45BE-BEDE-52DE211440FB}) (Version: 7.0.0.3 - Materialise)
Materialise Local License Server 6 (HKLM-x32\...\{95AF1F98-A5FA-4446-A534-FA86683B9316}) (Version: 6.6.0.17 - Materialise)
Matrix 7.5 (HKLM-x32\...\Matrix 7.5) (Version: - )
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6769.2017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.72 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.11.2.55 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.2.55 - NVIDIA Corporation)
NVIDIA Graphics Driver 364.72 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.72 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6729.1014 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment)
PSPPContent (x32 Version: 18.0.0.124 - Corel Corporation) Hidden
PSPPHelp (x32 Version: 18.0.0.124 - Corel Corporation) Hidden
PSPPro64 (Version: 18.0.0.124 - Corel Corporation) Hidden
QuickBooks (x32 Version: 25.0.4009.2506 - Intuit Inc.) Hidden
QuickBooks Enterprise Solutions: Accountant Edition 15.0 (HKLM-x32\...\{96E243B9-3193-4CDC-AB80-6784DA6177A2}) (Version: 25.0.4009.2506 - Intuit Inc.)
QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6392 - Realtek Semiconductor Corp.)
Rhinoceros 5 (64-bit) (HKLM\...\{A11AC528-0FEA-4956-B3D9-004DB18B40C6}) (Version: 5.12.50810.13095 - Robert McNeel & Associates)
Rhinoceros 5 (HKLM-x32\...\{DB2E5232-C968-4E26-9D1F-A1656C1AF381}) (Version: 5.12.50810.13095 - Robert McNeel & Associates)
Rhinoceros 5.0 Help Media (HKLM-x32\...\{B247EAD4-805E-4F13-A4D3-E3A80CD0EC36}) (Version: 5.1.20828.1435 - Robert McNeel & Associates)
Rhinoceros 5.0 Language Pack Installer (en-US) (HKLM-x32\...\{FB358CAB-5782-4294-8D9F-FF7E171CDFCB}) (Version: 5.1.20927.2215 - Robert McNeel & Associates)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Sentinel Protection Installer 7.6.6 (HKLM-x32\...\{8C2218AC-D1B1-4530-9E67-15164E0E52AB}) (Version: 7.6.6 - SafeNet, Inc.)
Setup (x32 Version: 18.0.0.124 - Corel Corporation) Hidden
SHIELD Streaming (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.11.2.55 - NVIDIA Corporation) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Spotify (HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
Swiff Player 1.7.2 (HKLM-x32\...\Swiff Player_is1) (Version: 1.7.2 - GlobFX Technologies)
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.)
Vivaldi (HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\Vivaldi) (Version: 1.0.435.42 - Vivaldi)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinDirStat 1.1.2 (HKU\S-1-5-21-990940684-4230470255-219310112-1001\...\WinDirStat) (Version: - )
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
ZBrush 4R7 (HKLM-x32\...\ZBrush 4R7 4R7) (Version: 4R7 - Pixologic)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-990940684-4230470255-219310112-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\jewel\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0A0814F3-CCDF-4DFF-9A0C-243D578E1536} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-01-15] (Piriform Ltd)
Task: {3341530A-822D-459C-A60C-2928746401C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-04-03] (Microsoft Corporation)
Task: {5649CD20-E643-4E4A-8A5E-C8301B6F3C3A} - System32\Tasks\AsrXTU => S:\Program Files\AXTU\Bin\AsrXTU.exe [2012-03-30] ()
Task: {80025287-03E5-4474-8428-7A219D1636EE} - System32\Tasks\EVGAPrecisionX => S:\Program Files\PrecisionX\PrecisionX_x64.exe [2016-04-12] (EVGA Corp.)
Task: {9440BA4D-580E-49A0-802D-55CE690610C2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {94739D97-BDA5-4495-9935-E403EAC93B57} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-04-03] (Microsoft Corporation)
Task: {9F2A08B6-16A6-434B-B851-8B3F2FF8683B} - System32\Tasks\AsrAPPShop => S:\Program Files\APP Shop\AsrAPPShop.exe
Task: {C26AE235-CB0E-4729-86B8-355D9ACDC805} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {C701BA41-7837-416A-BA3D-68413012910D} - System32\Tasks\KMSAutoNet => C:\ProgramData\KMSAutoS\KMSAuto Net.exe
Task: {CB47EF6D-D5A2-4FD5-9659-6205986EB9B4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-04-03] (Microsoft Corporation)
Task: {DDBE2300-60EF-4A0E-BB3C-7A42E90F319A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-25] (Adobe Systems Incorporated)
Task: {F8F5A81B-D54A-4D5F-A42F-2764F6A1BE7A} - System32\Tasks\CryptoMonitor_SU => S:\Program Files\Cryptomonitor\CryptoMonitor.exe [2015-06-30] (EasySync Solutions)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Maurice Naggar · June 26, 2016

We're sorry. It looks like your topic was somehow overlooked. Due to the length of time we'll go ahead and close this topic now but if you still actually need help please send a private message to one of the Moderators and we'll assist you.
Thank you and sorry we missed your topic.

Sign In

infection

Recommended Posts

fantasydank

Link to post

Share on other sites

Maurice Naggar

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information