Jump to content

Website blocked: rundll32.exe making outbound connections


jenksy

Recommended Posts

Suspecting I have an infection I installed Malwarebytes and sure enough I'm receiving several notifications indicating a Website is blocked, each time with a different (very-suspicious) domain and IP address.  It appears to be coming from C:\Windows\System32\rundll32.exe (screenshot attached).

I've attached my Additiional.txt and my FRST.txt is below:  PLEASE HELP, and THANK YOU in advance!!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-02-2017
Ran by jenksy (administrator) on R5 (05-02-2017 21:49:09)
Running from C:\Users\jenksy\Desktop
Loaded Profiles: jenksy (Available Profiles: jenksy)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
(Code 42 Software) C:\Program Files\CrashPlan\CrashPlanService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Juniper Networks, Inc.) C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Flexera Software LLC) C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.152.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Alienware) C:\Program Files\Alienware\Command Center\ThermalController.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe
(TechSmith Corporation) C:\Program Files (x86)\Snagit 11\Snagit32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Blue Jeans) C:\Users\jenksy\AppData\Local\Blue Jeans\App\BlueJeans.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(TechSmith Corporation) C:\Program Files (x86)\Snagit 11\TscHelp.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(TechSmith Corporation) C:\Program Files (x86)\Snagit 11\SnagPriv.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(TechSmith Corporation) C:\Program Files (x86)\Snagit 11\SnagitEditor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamuseragent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Alienware Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Alienware\Alienware Product Registration\PRSvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell) C:\Program Files\Alienware\Dell Foundation Services\DFS.Common.Agent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8861208 2016-09-15] (Realtek Semiconductor)
HKLM\...\Run: [Command Center Controllers] => C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13720 2016-03-09] (Alienware)
HKLM\...\Run: [Marcs Updater] => C:\Program Files\Marcs Updater\Marcs Updater.exe [879976 2013-04-19] (Marc Hörsken)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16286840 2016-08-29] (Logitech Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322120 2016-04-28] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26219896 2017-01-30] (Dropbox, Inc.)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2011-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2904984 2011-09-05] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [11054800 2016-09-14] (Corsair Components, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2881824 2017-01-18] (Valve Corporation)
HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\...\Run: [Zoom] => 0
HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\...\Run: [Windows Performance Monitor] => rundll32.exe "C:\Users\jenksy\AppData\Local\Microsoft\Performance\Monitor\PerformanceMonitor.dll",DllInstall
HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2017-01-16] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-01-30] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-08-30]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 11.lnk [2016-09-17]
ShortcutTarget: Snagit 11.lnk -> C:\Program Files (x86)\Snagit 11\Snagit32.exe (TechSmith Corporation)
Startup: C:\Users\jenksy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bluejeans-helper.vbs [2017-01-09] ()
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 208.67.220.220 192.168.1.1
Tcpip\..\Interfaces\{5aa050e3-13d0-4405-bc58-87d702a282cb}: [DhcpNameServer] 208.67.220.220 192.168.1.1
Tcpip\..\Interfaces\{c5a78410-b9d5-4dc1-8211-eaaf75f28749}: [DhcpNameServer] 208.67.220.220 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell17win10.msn.com/?pc=DCTE
HKU\S-1-5-21-1846019180-1375671099-2972171178-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.alienwarearena.com/welcome-ca-e
SearchScopes: HKU\S-1-5-21-1846019180-1375671099-2972171178-1001 -> DefaultScope {3C836957-33F4-4444-BC38-E60B25473EFB} URL = 
SearchScopes: HKU\S-1-5-21-1846019180-1375671099-2972171178-1001 -> {3C836957-33F4-4444-BC38-E60B25473EFB} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-01-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin\ssv.dll [2017-01-22] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-01-28] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-01-22] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-01-28] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2016-08-11] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-01-28] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2011-09-05] (Adobe Systems Incorporated)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} hxxps://akamaicdn.webex.com/client/WBXclient-T30L10NSP14-10100/webex/ieatgpc1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://access.neteller.com/dana-cached/sc/JuniperSetupClient.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-01-28] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 7ciyjm5s.default
FF ProfilePath: C:\Users\jenksy\AppData\Roaming\Mozilla\Firefox\Profiles\7ciyjm5s.default [2016-12-24]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2016-10-08] [not signed]
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-01-22] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-01-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-01-28] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-12-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2011-09-05] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://jordan/
CHR StartupUrls: Default -> "hxxps://ca.search.yahoo.com/?fr=spigot-yhp-gcmac&ilc=12&type=997063"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default [2017-02-05]
CHR Extension: (Google Slides) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-09-07]
CHR Extension: (BetterTTV) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2016-10-08]
CHR Extension: (Google Docs) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-09-07]
CHR Extension: (Google Drive) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-09-07]
CHR Extension: (Regex Search) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcdabfmndggphffkchfdcekcokmbnkjl [2016-09-07]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-09-07]
CHR Extension: (WhatsChrome) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgkodfmeijboinjdegggmkbkjfiagaan [2016-09-07]
CHR Extension: (Signal Private Messenger) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikioccmkafdpakkkcpdbppfkghcmihk [2017-01-30]
CHR Extension: (YouTube) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-09-07]
CHR Extension: (Google Cast) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-12-28]
CHR Extension: (Chromoji - Emoji for Google Chrome) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2016-10-24]
CHR Extension: (DownAlbum) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgjnhhjpfcdhbhlcmmjppicjmgfkppok [2017-01-30]
CHR Extension: (Pushbullet) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-10-27]
CHR Extension: (Open Tab In New Process) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmabfeonjnioeecnjdgdjleoemncbfpg [2016-09-07]
CHR Extension: (Tampermonkey) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-01-03]
CHR Extension: (Innovative Exams Screensharing) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkbjhjljfaagngbdhomnlcheiiangfle [2016-12-22]
CHR Extension: (Postman - REST Client) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdmmgilgnpjigdojojpjoooidkmcomcm [2016-09-17]
CHR Extension: (Google Sheets) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-09-07]
CHR Extension: (Postman) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2016-12-14]
CHR Extension: (Window Expander For YouTube) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkpaakpeehepibjpdmoocdaonognfiog [2016-09-07]
CHR Extension: (Chrome Remote Desktop) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-09-07]
CHR Extension: (The QR Code Generator) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcmhlmapohffdglflokbgknlknnmogbb [2016-09-07]
CHR Extension: (Google Docs Offline) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-07]
CHR Extension: (AdBlock) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-01-30]
CHR Extension: (TweetDeck by Twitter) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2016-09-07]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-01-30]
CHR Extension: (AirDroid) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkgndiocipalkpejnpafdbdlfdjihomd [2016-09-07]
CHR Extension: (90`s Games) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\illbbfoihflomkbpcaaakhijinbnejom [2016-09-07]
CHR Extension: (Dropbox) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2016-09-07]
CHR Extension: (Multi Forward for Gmail) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjmdplljmniahpamcmabdnahmjdlikpm [2016-11-07]
CHR Extension: (Markdown Preview) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmchmkecamhbiokiopfpnfgbidieafmd [2016-09-07]
CHR Extension: (Web Scraper) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnhgnonknehpejjnehehllkliplmbmhn [2016-11-16]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-12-18]
CHR Extension: (Any.do Extension) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdadialhpiikehpdeejjeiikopddkjem [2016-09-07]
CHR Extension: (Wave Accounting) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\knpkfcpnjfbniadmfchjpcigfhookhaa [2016-09-07]
CHR Extension: (CodinGame Sync - Ext) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldjnbdgcceengbjkalemckffhaajkehd [2016-09-07]
CHR Extension: (Unofficial HipChat) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdomahdfnkdhjfkennlfhagbjamalkb [2016-09-07]
CHR Extension: (cookie.txt export) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lopabhfecdfhgogdbojmaicoicjekelh [2016-09-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-18]
CHR Extension: (Blue Jeans Meeting) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodamnmigpadbnfioofpbacngdlcidgn [2017-02-01]
CHR Extension: (Visualping) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2016-09-07]
CHR Extension: (Evernote Web Clipper) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-12-20]
CHR Extension: (Gmail) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-09-07]
CHR Extension: (Chrome Media Router) - C:\Users\jenksy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AlienFXWindowsService; C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [14744 2016-03-09] (Alienware)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-09-07] ()
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\56.0.2924.51\remoting_host.exe [72024 2017-01-03] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3697352 2017-01-29] (Microsoft Corporation)
S2 CLKMSVC10_3CD7F304; C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD14\Common\NavFilter\KmSvc.exe [312088 2016-05-09] (CyberLink)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\IntelCpHeciSvc.exe [301528 2016-11-24] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\IntelCpHDCPSvc.exe [480216 2016-11-24] (Intel Corporation)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [266112 2016-10-17] (Code 42 Software)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-09-07] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46400 2017-01-30] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Alienware\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Alienware Update\DellUpService.exe [229376 2016-05-02] (Dell Inc.)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-08-11] (Futuremark)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1039376 2017-01-16] (Garmin Ltd. or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18504 2016-04-28] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\igfxCUIService.exe [341976 2016-11-24] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-07-06] (Intel Corporation) [File not signed]
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 IRMTService; c:\Program Files\Intel\Intel(R) Ready Mode Technology\IRMTService.exe [182336 2015-09-10] (Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-07-06] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [207648 2016-01-21] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [454872 2016-02-12] (Rivet Networks)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-08-29] (Logitech Inc.)
S2 Marcs Updater; C:\Program Files\Marcs Updater\Marcs Updater.exe [879976 2013-04-19] (Marc Hörsken) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-10-28] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-05] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [464440 2017-01-05] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [459832 2016-12-11] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [427064 2017-01-05] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2121736 2017-01-28] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2183696 2017-01-28] (Electronic Arts)
R2 Product Registration; C:\Program Files\Alienware\Alienware Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2015-09-02] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [332048 2016-09-15] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 ThermalsWindowsService; C:\Program Files\Alienware\Command Center\ThermalsWindowsService.exe [14232 2016-03-09] (Alienware)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-10-28] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [144456 2016-02-12] (Rivet Networks, LLC.)
S3 blackberryncm; C:\WINDOWS\System32\drivers\blackberryncm6_AMD64.sys [36360 2016-04-06] (BlackBerry)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45056 2016-09-09] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22520 2016-09-09] (Corsair)
S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-05] (Dell Computer Corporation)
S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2017-01-20] ()
S3 iaLPSS2_SPI; C:\WINDOWS\System32\drivers\iaLPSS2_SPI.sys [152376 2016-01-22] (Intel Corporation)
R3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281400 2016-01-22] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\ki119562.inf_amd64_6a130ba6366a3570\igdkmd64.sys [11039704 2016-11-24] (Intel Corporation)
R3 IntelReadyModeDriver; C:\WINDOWS\System32\drivers\IntelReadyModeDriver.sys [33512 2015-09-10] (Intel Corporation)
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [162456 2016-02-12] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-08-29] (Logitech Inc.)
R3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2016-08-29] (Logitech Inc.)
S3 ManyCam; C:\WINDOWS\system32\DRIVERS\mcvidrv.sys [49312 2014-11-10] (Visicom Media Inc.)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176584 2017-02-05] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [110536 2017-02-05] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-02-05] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251848 2017-02-05] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-02-05] (Malwarebytes)
S3 mc2avs; C:\WINDOWS\System32\Drivers\mc2avs.sys [358520 2012-06-06] (Native Instruments GmbH)
S3 mc2usb_svc; C:\WINDOWS\System32\Drivers\mc2usb.sys [81016 2012-06-06] (Native Instruments GmbH)
S3 mcaudrv_simple; C:\WINDOWS\system32\drivers\mcaudrv_x64.sys [36000 2014-11-10] (Visicom Media Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7116288 2016-07-16] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvddi.inf_amd64_ecf4171f88569c29\nvlddmkm.sys [14200880 2016-12-12] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2017-01-05] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-05] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [59448 2017-01-05] (NVIDIA Corporation)
R3 Phosgene; C:\WINDOWS\system32\DRIVERS\Phosgene.sys [34136 2015-09-02] (Adoriasoft LLC)
U5 PROCMON23; C:\Windows\System32\Drivers\PROCMON23.sys [92344 2017-02-03] (Sysinternals - www.sysinternals.com)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2017-01-16] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2017-01-16] (Oracle Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-05 21:43 - 2017-02-05 21:49 - 00043094 _____ C:\Users\jenksy\Desktop\FRST.txt
2017-02-05 21:43 - 2017-02-05 21:49 - 00000000 ____D C:\FRST
2017-02-05 21:39 - 2017-02-05 21:42 - 02421248 _____ (Farbar) C:\Users\jenksy\Desktop\FRST64.exe
2017-02-05 21:31 - 2017-02-05 21:33 - 47683808 _____ (Microsoft Corporation) C:\Users\jenksy\Downloads\Windows-KB890830-x64-V5.44 (1).exe
2017-02-05 21:30 - 2017-02-05 21:31 - 00000345 _____ C:\Users\jenksy\Downloads\fixlist.txt
2017-02-05 21:24 - 2017-02-05 21:37 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-05 21:24 - 2017-02-05 21:37 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-05 21:24 - 2017-02-05 21:37 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-05 21:24 - 2017-02-05 21:37 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-05 21:24 - 2017-02-05 21:24 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-05 21:23 - 2017-02-05 21:23 - 47683808 _____ (Microsoft Corporation) C:\Users\jenksy\Downloads\Windows-KB890830-x64-V5.44.exe
2017-02-05 21:23 - 2017-02-05 21:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-05 21:23 - 2017-02-05 21:23 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-05 21:23 - 2017-02-05 21:23 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-05 21:23 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-05 21:22 - 2017-02-05 21:22 - 55566792 _____ (Malwarebytes ) C:\Users\jenksy\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-04 23:56 - 2017-02-04 23:56 - 74520472 _____ (Logitech, Inc.) C:\Users\jenksy\Downloads\lws280.exe
2017-02-04 23:06 - 2017-02-04 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2017-02-04 23:05 - 2017-02-04 23:06 - 123323224 _____ (Oracle Corporation) C:\Users\jenksy\Downloads\VirtualBox-5.1.14-112924-Win.exe
2017-02-04 22:17 - 2017-02-04 22:17 - 00000000 ____D C:\Users\jenksy\AppData\Local\aaa01f1d
2017-02-04 22:01 - 2017-02-04 22:07 - 00000000 ___HD C:\Users\jenksy\AppData\Local\SysHashTable
2017-02-04 21:59 - 2017-02-04 21:59 - 00622104 _____ C:\Users\jenksy\Downloads\White pencil.mcv
2017-02-04 21:59 - 2017-02-04 21:59 - 00189560 _____ C:\Users\jenksy\Downloads\Type.mcv
2017-02-04 21:59 - 2017-02-04 21:59 - 00163872 _____ C:\Users\jenksy\Downloads\Stained Glass.mcv
2017-02-04 21:59 - 2017-02-04 21:59 - 00107752 _____ C:\Users\jenksy\Downloads\Contours.mcv
2017-02-04 21:59 - 2017-02-04 21:59 - 00095376 _____ C:\Users\jenksy\Downloads\Black Contours.mcv
2017-02-04 21:59 - 2017-02-04 21:59 - 00095312 _____ C:\Users\jenksy\Downloads\White Contours.mcv
2017-02-04 21:59 - 2017-02-04 21:59 - 00082504 _____ C:\Users\jenksy\Downloads\Black Gradient.mcv
2017-02-04 21:59 - 2017-02-04 21:59 - 00065520 _____ C:\Users\jenksy\Downloads\Black Blobs.mcv
2017-02-04 21:59 - 2017-02-04 21:59 - 00055768 _____ C:\Users\jenksy\Downloads\Gray Lines.mcv
2017-02-04 21:59 - 2017-02-04 21:59 - 00048080 _____ C:\Users\jenksy\Downloads\Brush Art.mcv
2017-02-04 21:58 - 2017-02-04 22:01 - 00000000 ____D C:\Users\jenksy\Downloads\ManyCam 5.5
2017-02-04 21:58 - 2017-02-04 21:58 - 00064192 _____ C:\Users\jenksy\Downloads\Blur.mcv
2017-02-04 21:57 - 2017-02-04 22:03 - 00000000 ____D C:\Users\jenksy\AppData\LocalLow\uTorrent
2017-02-04 21:50 - 2017-02-04 21:54 - 00000000 ____D C:\Program Files (x86)\ManyCam
2017-02-04 21:48 - 2017-02-04 21:48 - 58509578 _____ C:\Users\jenksy\Downloads\ManyCam.Enterprise.4.1.0.12.rar
2017-02-04 20:03 - 2017-02-04 20:03 - 00000754 _____ C:\Users\jenksy\Desktop\PSX.lnk
2017-02-04 18:33 - 2017-02-04 18:33 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\Blender Foundation
2017-02-04 14:23 - 2017-02-04 14:23 - 00666176 _____ C:\Users\jenksy\Downloads\pSX_1_13.rar
2017-02-04 14:22 - 2017-02-04 14:22 - 00241675 _____ C:\Users\jenksy\Downloads\SCPH7003.zip
2017-02-04 14:20 - 2017-02-04 14:20 - 00241658 _____ C:\Users\jenksy\Downloads\SCPH1001.zip
2017-02-04 14:19 - 2017-02-04 14:20 - 01381554 _____ C:\Users\jenksy\Downloads\ePSXe205.zip
2017-02-04 14:14 - 2017-02-04 14:14 - 00002116 _____ C:\Users\jenksy\Downloads\745BA8031DB4D2ED7F63266723BF420CDE4996AE.torrent
2017-02-04 14:13 - 2017-02-04 14:13 - 00000000 ____D C:\Users\jenksy\Downloads\PaRappa the Rapper (USA) (En,Fr,De,Es,It)
2017-02-04 14:07 - 2017-02-05 17:16 - 00000000 ____D C:\tmp
2017-02-04 13:39 - 2017-02-04 13:39 - 00000000 ____D C:\Users\jenksy\.thumbnails
2017-02-04 13:38 - 2017-02-04 13:38 - 00000950 _____ C:\Users\jenksy\Desktop\blender.lnk
2017-02-04 13:38 - 2017-02-04 13:38 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender
2017-02-04 13:38 - 2017-02-04 13:38 - 00000000 ____D C:\Program Files\Blender
2017-02-04 13:34 - 2017-02-04 13:35 - 88088716 _____ C:\Users\jenksy\Downloads\blender-2.78a-windows64.msi
2017-02-03 21:41 - 2017-02-03 21:41 - 00000132 _____ C:\Users\jenksy\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-02-03 21:34 - 2017-02-03 21:34 - 00554148 _____ C:\Users\jenksy\Downloads\Vintage-TV.zip
2017-02-03 21:01 - 2017-02-03 21:01 - 00092344 ____H (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCMON23.SYS
2017-02-03 21:01 - 2016-08-15 08:24 - 02135712 ____N (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Procmon.exe
2017-02-03 21:01 - 2016-08-15 08:17 - 00063582 ____N C:\WINDOWS\system32\procmon.chm
2017-02-03 21:00 - 2016-11-18 07:26 - 02720928 ____N (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\procexp.exe
2017-02-03 21:00 - 2016-11-18 07:18 - 01457312 ____N (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\procexp64.exe
2017-02-03 21:00 - 2016-11-18 07:10 - 00072154 ____N C:\WINDOWS\system32\procexp.chm
2017-02-03 21:00 - 2016-03-03 21:44 - 00007490 ____N C:\WINDOWS\system32\Eula.txt
2017-02-03 20:59 - 2017-02-03 20:59 - 01932769 _____ C:\Users\jenksy\Downloads\ProcessExplorer.zip
2017-02-03 20:59 - 2017-02-03 20:59 - 00998093 _____ C:\Users\jenksy\Downloads\ProcessMonitor.zip
2017-02-03 20:58 - 2017-02-03 20:58 - 120703968 _____ (obsproject.com) C:\Users\jenksy\Downloads\OBS-Studio-17.0.2-Full-Installer.exe
2017-02-03 18:53 - 2017-02-03 18:53 - 06791967 _____ C:\Users\jenksy\Downloads\nukkit-1.0-SNAPSHOT.jar
2017-02-03 12:02 - 2017-02-03 12:02 - 02415543 _____ C:\Users\jenksy\Downloads\Jenken, Jesse - New Account Forms 01172017-signed (1).pdf
2017-02-03 12:01 - 2017-02-03 12:01 - 04142449 _____ C:\Users\jenksy\Downloads\Photos.zip
2017-02-03 11:52 - 2017-02-03 11:52 - 02415543 _____ C:\Users\jenksy\Downloads\Jenken, Jesse - New Account Forms 01172017-signed.pdf
2017-02-03 11:01 - 2017-02-03 11:01 - 00798033 _____ C:\Users\jenksy\Downloads\Jenken, Jesse - New Account Forms 01172017.pdf
2017-02-02 22:40 - 2017-02-02 22:40 - 00732896 _____ C:\Users\jenksy\Downloads\UnityDownloadAssistant-5.5.1f1.exe
2017-02-02 22:08 - 2017-02-02 22:08 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\Notzombies
2017-02-01 13:34 - 2017-02-01 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-30 07:02 - 2017-01-30 07:02 - 00046400 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-01-30 07:02 - 2017-01-30 07:02 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-01-30 07:02 - 2017-01-30 07:02 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-01-30 07:02 - 2017-01-30 07:02 - 00046192 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-01-29 17:26 - 2017-01-29 17:26 - 00000000 ____D C:\Users\jenksy\Documents\FaceRig Avatars
2017-01-29 15:22 - 2017-01-29 15:22 - 00000000 ____D C:\Users\jenksy\AppData\LocalLow\Dodge Roll
2017-01-27 22:25 - 2017-01-27 22:25 - 00000000 ____D C:\Users\jenksy\AppData\LocalLow\Free Lives
2017-01-27 10:54 - 2017-01-27 10:54 - 00003266 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-27 08:17 - 2017-01-27 08:17 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-24 19:52 - 2016-12-21 00:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-24 19:52 - 2016-12-20 21:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2017-01-24 09:26 - 2017-01-24 09:26 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-01-24 09:26 - 2017-01-24 09:26 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-01-21 08:33 - 2017-01-21 08:33 - 00276992 _____ C:\Users\jenksy\Downloads\pftest.exe
2017-01-21 08:11 - 2017-01-05 18:10 - 00158264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-01-21 08:11 - 2017-01-05 18:10 - 00126008 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-01-21 08:11 - 2017-01-05 18:10 - 00059448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-01-18 06:24 - 2017-01-18 06:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-01-16 17:38 - 2017-01-16 17:38 - 00205440 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetLwf.sys
2017-01-16 17:38 - 2017-01-16 17:38 - 00131144 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxNetAdp6.sys
2017-01-11 21:14 - 2017-01-11 21:14 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\com.treefortress.Bardbarian
2017-01-10 17:16 - 2016-12-21 01:08 - 00245600 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2017-01-10 17:16 - 2016-12-21 01:08 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll
2017-01-10 17:16 - 2016-12-21 01:04 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-01-10 17:16 - 2016-12-21 00:49 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-01-10 17:16 - 2016-12-21 00:46 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-01-10 17:16 - 2016-12-21 00:43 - 04130440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-01-10 17:16 - 2016-12-21 00:43 - 01454504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-01-10 17:16 - 2016-12-21 00:43 - 01071736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-01-10 17:16 - 2016-12-21 00:43 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-01-10 17:16 - 2016-12-21 00:42 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-01-10 17:16 - 2016-12-21 00:42 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-01-10 17:16 - 2016-12-21 00:42 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-01-10 17:16 - 2016-12-21 00:42 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-01-10 17:16 - 2016-12-21 00:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-01-10 17:16 - 2016-12-21 00:41 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-01-10 17:16 - 2016-12-21 00:37 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-01-10 17:16 - 2016-12-21 00:15 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-01-10 17:16 - 2016-12-21 00:14 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2017-01-10 17:16 - 2016-12-21 00:13 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2017-01-10 17:16 - 2016-12-21 00:12 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2017-01-10 17:16 - 2016-12-21 00:10 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2017-01-10 17:16 - 2016-12-21 00:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-01-10 17:16 - 2016-12-21 00:09 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-01-10 17:16 - 2016-12-21 00:08 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-01-10 17:16 - 2016-12-21 00:08 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-01-10 17:16 - 2016-12-21 00:08 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-01-10 17:16 - 2016-12-21 00:08 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-01-10 17:16 - 2016-12-21 00:08 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-01-10 17:16 - 2016-12-21 00:08 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-01-10 17:16 - 2016-12-21 00:07 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-01-10 17:16 - 2016-12-21 00:06 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-01-10 17:16 - 2016-12-21 00:06 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-01-10 17:16 - 2016-12-21 00:06 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-01-10 17:16 - 2016-12-21 00:06 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-01-10 17:16 - 2016-12-21 00:05 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-01-10 17:16 - 2016-12-21 00:05 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-01-10 17:16 - 2016-12-21 00:05 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-01-10 17:16 - 2016-12-21 00:01 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-01-10 17:16 - 2016-12-21 00:00 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2017-01-10 17:16 - 2016-12-20 23:59 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-01-10 17:16 - 2016-12-20 23:59 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-01-10 17:16 - 2016-12-20 23:58 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-01-10 17:16 - 2016-12-20 23:57 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-01-10 17:16 - 2016-12-20 23:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2017-01-10 17:16 - 2016-12-20 23:56 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-01-10 17:16 - 2016-12-20 23:55 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-01-10 17:16 - 2016-12-20 23:55 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-01-10 17:16 - 2016-12-20 23:54 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2017-01-10 17:16 - 2016-12-20 23:53 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-01-10 17:16 - 2016-12-20 23:53 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-01-10 17:16 - 2016-12-20 23:53 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-01-10 17:16 - 2016-12-20 23:51 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-01-10 17:16 - 2016-12-20 23:51 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-01-10 17:16 - 2016-12-20 23:51 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-01-10 17:16 - 2016-12-20 23:50 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-01-10 17:16 - 2016-12-20 23:49 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-01-10 17:16 - 2016-12-20 23:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-01-10 17:16 - 2016-12-20 23:49 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-01-10 17:16 - 2016-12-20 23:47 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-01-10 17:16 - 2016-12-20 22:59 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2017-01-10 17:16 - 2016-12-20 22:09 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-01-10 17:16 - 2016-12-20 22:02 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-01-10 17:16 - 2016-12-20 22:02 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-01-10 17:16 - 2016-12-20 22:02 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-01-10 17:16 - 2016-12-20 22:02 - 01277344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-01-10 17:16 - 2016-12-20 22:02 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-01-10 17:16 - 2016-12-20 22:02 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-01-10 17:16 - 2016-12-20 22:01 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-01-10 17:16 - 2016-12-20 21:46 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2017-01-10 17:16 - 2016-12-20 21:43 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-01-10 17:16 - 2016-12-20 21:41 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2017-01-10 17:16 - 2016-12-20 21:41 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-01-10 17:16 - 2016-12-20 21:40 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-01-10 17:16 - 2016-12-20 21:40 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2017-01-10 17:16 - 2016-12-20 21:40 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-01-10 17:16 - 2016-12-20 21:40 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-01-10 17:16 - 2016-12-20 21:39 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-01-10 17:16 - 2016-12-20 21:39 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-01-10 17:16 - 2016-12-20 21:38 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-01-10 17:16 - 2016-12-20 21:35 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-01-10 17:16 - 2016-12-20 21:35 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2017-01-10 17:16 - 2016-12-20 21:34 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-01-10 17:16 - 2016-12-20 21:33 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-01-10 17:16 - 2016-12-20 21:32 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-01-10 17:16 - 2016-12-20 21:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2017-01-10 17:16 - 2016-12-20 21:30 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-01-10 17:16 - 2016-12-20 21:27 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-01-10 17:16 - 2016-12-20 21:26 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2017-01-10 17:16 - 2016-12-20 21:25 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-01-10 17:16 - 2016-12-20 21:25 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-01-10 17:16 - 2016-12-20 21:24 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-01-10 17:16 - 2016-12-20 21:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-01-10 17:16 - 2016-12-20 21:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-01-10 17:16 - 2016-12-20 21:24 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-01-10 17:16 - 2016-12-20 21:22 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-01-10 17:16 - 2016-12-20 21:22 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-01-10 17:16 - 2016-12-13 22:41 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-01-10 17:16 - 2016-12-13 22:41 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-01-10 17:16 - 2016-12-13 22:34 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 02169184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 01669984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 01400160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 01356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-01-10 17:16 - 2016-12-13 22:33 - 01054048 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 00992096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 00822624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-01-10 17:16 - 2016-12-13 22:33 - 00813408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 00779616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 00752992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 00571744 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 00513376 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 00406368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-01-10 17:16 - 2016-12-13 22:33 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2017-01-10 17:16 - 2016-12-13 22:33 - 00190816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVDllSurrogate.exe
2017-01-10 17:16 - 2016-12-13 22:26 - 01469792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-01-10 17:16 - 2016-12-13 22:23 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-01-10 17:16 - 2016-12-13 22:21 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2017-01-10 17:16 - 2016-12-13 22:19 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-01-10 17:16 - 2016-12-13 22:18 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-01-10 17:16 - 2016-12-13 22:18 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2017-01-10 17:16 - 2016-12-13 22:17 - 00319288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2017-01-10 17:16 - 2016-12-13 22:14 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-01-10 17:16 - 2016-12-13 22:14 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2017-01-10 17:16 - 2016-12-13 22:14 - 00089416 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2017-01-10 17:16 - 2016-12-13 22:08 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-01-10 17:16 - 2016-12-13 22:06 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-01-10 17:16 - 2016-12-13 22:01 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-01-10 17:16 - 2016-12-13 22:01 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2017-01-10 17:16 - 2016-12-13 22:01 - 00076984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2017-01-10 17:16 - 2016-12-13 21:48 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-01-10 17:16 - 2016-12-13 21:46 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-01-10 17:16 - 2016-12-13 21:46 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2017-01-10 17:16 - 2016-12-13 21:45 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2017-01-10 17:16 - 2016-12-13 21:43 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-01-10 17:16 - 2016-12-13 21:42 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2017-01-10 17:16 - 2016-12-13 21:42 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2017-01-10 17:16 - 2016-12-13 21:42 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 17:16 - 2016-12-13 21:42 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2017-01-10 17:16 - 2016-12-13 21:41 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-01-10 17:16 - 2016-12-13 21:40 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-01-10 17:16 - 2016-12-13 21:40 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2017-01-10 17:16 - 2016-12-13 21:40 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-01-10 17:16 - 2016-12-13 21:40 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-01-10 17:16 - 2016-12-13 21:40 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2017-01-10 17:16 - 2016-12-13 21:39 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-01-10 17:16 - 2016-12-13 21:39 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-01-10 17:16 - 2016-12-13 21:39 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2017-01-10 17:16 - 2016-12-13 21:38 - 17188864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-01-10 17:16 - 2016-12-13 21:38 - 13869056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-01-10 17:16 - 2016-12-13 21:38 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-01-10 17:16 - 2016-12-13 21:38 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2017-01-10 17:16 - 2016-12-13 21:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-01-10 17:16 - 2016-12-13 21:36 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-01-10 17:16 - 2016-12-13 21:36 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-01-10 17:16 - 2016-12-13 21:36 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-01-10 17:16 - 2016-12-13 21:35 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-01-10 17:16 - 2016-12-13 21:35 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-01-10 17:16 - 2016-12-13 21:35 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-01-10 17:16 - 2016-12-13 21:35 - 00553984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptui.dll
2017-01-10 17:16 - 2016-12-13 21:32 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2017-01-10 17:16 - 2016-12-13 21:32 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-01-10 17:16 - 2016-12-13 21:26 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-01-10 17:16 - 2016-12-13 21:26 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-01-10 17:16 - 2016-12-13 21:25 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2017-01-10 17:16 - 2016-12-13 21:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2017-01-10 17:16 - 2016-12-13 21:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-01-10 17:16 - 2016-12-13 21:23 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-01-10 17:16 - 2016-12-13 21:23 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-01-10 17:16 - 2016-12-13 21:22 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-01-10 17:16 - 2016-12-13 21:22 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-01-10 17:16 - 2016-12-13 21:22 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-01-10 17:16 - 2016-12-13 21:22 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-01-10 17:16 - 2016-12-13 21:22 - 00707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-01-10 17:16 - 2016-12-13 21:22 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-01-10 17:16 - 2016-12-13 21:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-01-10 17:16 - 2016-11-02 05:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-01-10 17:16 - 2016-11-02 04:00 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-01-10 17:16 - 2016-11-02 03:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-01-10 17:16 - 2016-11-02 03:22 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-01-10 17:16 - 2016-11-02 03:21 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-01-10 17:16 - 2016-08-01 21:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-01-09 07:46 - 2017-01-09 07:46 - 00002169 _____ C:\Users\jenksy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blue Jeans.lnk
2017-01-09 07:46 - 2017-01-09 07:46 - 00000000 ____D C:\Users\jenksy\AppData\LocalLow\Blue Jeans
2017-01-09 07:46 - 2017-01-09 07:46 - 00000000 ____D C:\Users\jenksy\AppData\Local\Blue Jeans
2017-01-09 07:45 - 2017-01-09 07:45 - 00240336 _____ C:\Users\jenksy\Downloads\Blue Jeans Launcher.exe
2017-01-08 00:26 - 2017-01-08 00:27 - 51965139 _____ C:\Users\jenksy\Downloads\KSP Real Skybox.zip
2017-01-07 22:37 - 2017-01-07 22:41 - 00001372 _____ C:\Users\jenksy\Downloads\mods.ckan

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-05 21:43 - 2016-09-07 21:34 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-05 21:43 - 2016-04-25 12:58 - 02001650 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-05 21:39 - 2016-09-23 06:57 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-05 21:38 - 2016-09-08 20:29 - 135657872 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-05 21:38 - 2016-09-08 13:50 - 00000000 ____D C:\Users\jenksy\AppData\Local\CrashDumps
2017-02-05 21:37 - 2016-09-23 07:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-05 21:37 - 2016-09-07 18:45 - 00000000 __SHD C:\Users\jenksy\IntelGraphicsProfiles
2017-02-05 21:37 - 2016-08-30 10:28 - 00190664 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_3CD7F304.sys
2017-02-05 21:37 - 2016-07-15 23:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-05 21:36 - 2016-09-23 06:58 - 00000000 ____D C:\Users\jenksy
2017-02-05 21:22 - 2016-10-08 17:01 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\obs-studio
2017-02-05 20:53 - 2016-09-23 06:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-05 00:02 - 2016-09-09 21:54 - 00000000 ____D C:\Users\jenksy\.VirtualBox
2017-02-04 23:55 - 2016-12-28 19:50 - 00000000 ____D C:\Program Files\Common Files\logishrd
2017-02-04 23:55 - 2016-07-16 04:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-04 23:04 - 2016-11-12 00:37 - 00000000 ____D C:\Users\jenksy\.chatty
2017-02-04 22:03 - 2016-09-07 18:56 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\uTorrent
2017-02-04 12:53 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-03 21:32 - 2016-09-21 18:28 - 00000000 ____D C:\Users\jenksy\AppData\Local\Adobe
2017-02-03 21:05 - 2016-09-08 18:30 - 00001281 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2017-02-03 09:33 - 2016-07-16 04:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-03 09:32 - 2016-08-30 10:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-03 09:31 - 2016-07-16 04:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-01 13:34 - 2016-09-07 20:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-31 16:17 - 2016-09-07 18:55 - 00000000 ____D C:\Program Files (x86)\Google
2017-01-30 20:16 - 2016-09-09 23:15 - 00000600 _____ C:\Users\jenksy\AppData\Local\PUTTY.RND
2017-01-30 18:47 - 2016-08-30 10:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alienware
2017-01-30 18:47 - 2016-08-30 10:12 - 00000000 ____D C:\Program Files\Alienware
2017-01-29 16:24 - 2016-10-16 14:56 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\.minecraft
2017-01-29 14:09 - 2016-09-07 20:49 - 00000000 ___RD C:\Users\jenksy\Dropbox
2017-01-29 00:44 - 2016-10-31 19:43 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\vlc
2017-01-29 00:29 - 2016-09-08 13:54 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\Origin
2017-01-29 00:29 - 2016-09-08 13:51 - 00000000 ____D C:\ProgramData\Origin
2017-01-28 23:51 - 2016-10-14 16:31 - 00001249 _____ C:\Users\Public\Desktop\Battlefield 1.lnk
2017-01-28 23:51 - 2016-08-30 10:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-01-28 23:36 - 2016-09-08 13:51 - 00000000 ____D C:\Program Files (x86)\Origin
2017-01-27 22:25 - 2016-09-09 20:51 - 00000000 ____D C:\Users\jenksy\Documents\My Games
2017-01-27 11:41 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-01-27 10:54 - 2016-09-07 18:47 - 00002372 _____ C:\Users\jenksy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-01-27 10:54 - 2016-09-07 18:47 - 00000000 ___RD C:\Users\jenksy\OneDrive
2017-01-27 08:17 - 2016-08-30 10:06 - 00000000 ____D C:\Intel
2017-01-25 20:17 - 2016-09-13 20:52 - 00002244 _____ C:\Users\jenksy\Desktop\Discord.lnk
2017-01-25 20:17 - 2016-09-13 20:52 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-01-25 20:17 - 2016-09-13 20:52 - 00000000 ____D C:\Users\jenksy\AppData\Roaming\discord
2017-01-25 20:17 - 2016-09-13 20:52 - 00000000 ____D C:\Users\jenksy\AppData\Local\Discord
2017-01-25 16:50 - 2016-09-08 07:39 - 00002340 ____H C:\Users\jenksy\Documents\Default.rdp
2017-01-25 10:19 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-01-24 21:43 - 2016-07-16 04:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-22 13:20 - 2016-09-30 22:31 - 00000000 ____D C:\ProgramData\Oracle
2017-01-22 10:20 - 2016-09-30 22:31 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2017-01-22 10:20 - 2016-09-30 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2017-01-22 10:20 - 2016-09-30 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-01-22 10:20 - 2016-09-07 18:56 - 00000000 ____D C:\Program Files\Java
2017-01-21 08:23 - 2016-09-23 06:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-01-21 08:12 - 2016-09-08 18:49 - 00000000 ____D C:\Users\jenksy\AppData\Local\NVIDIA Corporation
2017-01-21 08:11 - 2017-01-01 18:50 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-21 08:11 - 2017-01-01 18:50 - 00001491 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-01-21 08:11 - 2016-09-23 07:02 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-21 08:11 - 2016-09-23 07:02 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-21 08:11 - 2016-09-23 07:02 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-21 08:11 - 2016-09-23 07:02 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-21 08:11 - 2016-09-23 07:02 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-21 08:11 - 2016-09-23 07:02 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-21 08:11 - 2016-09-23 06:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-21 08:11 - 2016-09-23 06:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-18 06:24 - 2016-10-15 09:10 - 00003624 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2017-01-18 06:24 - 2016-10-15 09:10 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-01-16 17:38 - 2016-09-09 21:54 - 00959720 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxDrv.sys
2017-01-16 17:38 - 2016-09-09 21:54 - 00149304 _____ (Oracle Corporation) C:\WINDOWS\system32\Drivers\VBoxUSBMon.sys
2017-01-13 17:24 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-10 20:02 - 2016-04-25 13:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-01-10 19:51 - 2017-01-01 18:50 - 00005701 _____ C:\ProgramData\NvTelemetryContainer.log_backup1
2017-01-10 19:51 - 2016-09-23 06:56 - 05169936 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-01-10 19:50 - 2016-07-16 04:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-01-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-01-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-01-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-01-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-01-10 19:50 - 2016-07-16 04:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-01-10 19:06 - 2016-09-08 20:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-01-10 18:51 - 2017-01-04 17:37 - 00000000 ____D C:\Users\jenksy\Desktop\Taxes
2017-01-10 17:56 - 2016-09-08 12:34 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-01-10 17:56 - 2016-09-08 12:33 - 00000000 ____D C:\Program Files\Rockstar Games
2017-01-09 22:55 - 2016-09-09 21:55 - 00000000 ____D C:\Users\jenksy\VirtualBox VMs

==================== Files in the root of some directories =======

2017-02-03 21:41 - 2017-02-03 21:41 - 0000132 _____ () C:\Users\jenksy\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-09-09 23:15 - 2017-01-30 20:16 - 0000600 _____ () C:\Users\jenksy\AppData\Local\PUTTY.RND
2016-09-11 19:29 - 2016-10-30 16:18 - 0007631 _____ () C:\Users\jenksy\AppData\Local\Resmon.ResmonCfg
2016-09-23 06:57 - 2016-09-23 06:57 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-09-09 22:02 - 2016-09-09 22:02 - 0000016 _____ () C:\ProgramData\mntemp
2017-01-01 18:50 - 2017-01-21 08:11 - 0014245 _____ () C:\ProgramData\NvTelemetryContainer.log
2017-01-01 18:50 - 2017-01-10 19:51 - 0005701 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
2016-08-30 10:26 - 2016-08-30 10:27 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2016-08-30 10:28 - 2016-08-30 10:28 - 0000105 _____ () C:\ProgramData\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}.log
2016-08-30 10:28 - 2016-08-30 10:28 - 0000100 _____ () C:\ProgramData\{6BADCD73-E925-46F7-A295-FF2448632728}.log
2016-08-30 10:28 - 2016-08-30 10:28 - 0000098 _____ () C:\ProgramData\{CEF5334F-B91A-4327-ACAE-AA50DCE3F995}.log

Some files in TEMP:
====================
2017-01-07 19:01 - 2017-01-07 19:01 - 0005120 _____ () C:\Users\jenksy\AppData\Local\Temp\2a8f28d5-aea1-4c7d-be57-d46d45b07c50.exe
2016-11-17 19:06 - 2016-11-17 19:06 - 0914432 _____ (Igor Pavlov) C:\Users\jenksy\AppData\Local\Temp\7z.dll
2016-10-26 19:08 - 2016-10-26 19:08 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-1199825974582821648.dll
2016-10-26 19:15 - 2016-10-26 19:15 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-1276457462488333738.dll
2016-10-27 18:51 - 2016-10-27 18:51 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-2900208450124874458.dll
2016-10-27 18:28 - 2016-10-27 18:28 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-3392305107059323784.dll
2016-10-26 19:09 - 2016-10-26 19:09 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-4082226969068755312.dll
2016-10-26 19:17 - 2016-10-26 19:17 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-4858948843905633503.dll
2016-10-26 19:58 - 2016-10-26 19:58 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-5172998115970190908.dll
2016-10-26 19:35 - 2016-10-26 19:35 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-606422466675757122.dll
2016-10-26 20:25 - 2016-10-26 20:25 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-7783225489100015593.dll
2016-10-26 19:05 - 2016-10-26 19:05 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-8600104877528286630.dll
2016-10-26 19:34 - 2016-10-26 19:34 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-8874951839601360887.dll
2016-10-26 19:53 - 2016-10-26 19:53 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-9180780194298208281.dll
2016-10-26 19:09 - 2016-10-26 19:09 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-91873735403389908.dll
2016-10-26 19:19 - 2016-10-26 19:19 - 0019968 ____N (Red Hat®, Inc.) C:\Users\jenksy\AppData\Local\Temp\jansi-64-git-Bukkit-0ebb9c7-9189453557189547304.dll
2016-11-12 00:37 - 2017-02-04 22:17 - 0000000 _____ () C:\Users\jenksy\AppData\Local\Temp\JIntellitype.dll
2016-10-19 13:44 - 2016-10-19 13:44 - 0737856 _____ (Oracle Corporation) C:\Users\jenksy\AppData\Local\Temp\jre-8u111-windows-au.exe
2017-01-22 10:20 - 2017-01-22 10:20 - 0739904 _____ (Oracle Corporation) C:\Users\jenksy\AppData\Local\Temp\jre-8u121-windows-au.exe
2016-09-23 07:08 - 2016-09-23 07:08 - 2449544 _____ () C:\Users\jenksy\AppData\Local\Temp\neoNCSetup64.exe
2016-09-17 09:56 - 2016-11-24 12:22 - 0747648 _____ (NVIDIA Corporation) C:\Users\jenksy\AppData\Local\Temp\nvSCPAPI.dll
2016-09-17 09:56 - 2016-11-24 12:22 - 0860960 _____ (NVIDIA Corporation) C:\Users\jenksy\AppData\Local\Temp\nvSCPAPI64.dll
2016-10-17 13:27 - 2016-11-24 12:22 - 0353336 _____ (NVIDIA Corporation) C:\Users\jenksy\AppData\Local\Temp\nvStInst.exe
2016-09-14 21:30 - 2016-11-24 13:53 - 1135552 _____ (NVIDIA Corporation) C:\Users\jenksy\AppData\Local\Temp\NvTelemetry.dll
2016-09-14 21:30 - 2016-12-12 16:36 - 0253376 _____ (NVIDIA Corporation) C:\Users\jenksy\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-09-14 21:30 - 2016-12-12 16:36 - 0334272 _____ (NVIDIA Corporation) C:\Users\jenksy\AppData\Local\Temp\NvTelemetryAPI64.dll
2016-10-12 20:06 - 2016-09-17 19:19 - 4235264 _____ (New Technology Studio) C:\Users\jenksy\AppData\Local\Temp\ovi-uninstall.exe
2016-11-17 19:06 - 2016-11-17 19:06 - 0163840 _____ (Igor Pavlov) C:\Users\jenksy\AppData\Local\Temp\sevnz.exe
2016-10-26 19:17 - 2016-10-26 19:17 - 0515584 _____ () C:\Users\jenksy\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-01-28 08:50

==================== End of FRST.txt ============================

 

 

popup.png

Addition.txt

Link to post
Share on other sites

Hello jenksy and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file"
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Open FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Open Malwarebytes, select > "settings" > "protection tab"

Scroll down to "Scan Options" ensure Scan for Rootkits and Scan Scan within Archives are both on.... Leave all other settings to default..

Go back to "DashBoard" select the Blue "Scan Now" tab......

When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply...

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Go here and click 'SCAN NOW' under 'ESET Online Scanner' save to your Desktop.

Turn off the real-time scanner of any existing antivirus program before performing the online scan. Here's how

Right click on user posted image and select "Run as Administrator"

In the new Window accept the terms of service

user posted image

In the new Window select "Enable detection of potentially unwanted applictions" then expand "Advanced Settings"

user posted image

In the new Window checkmark (tick) the entries as shown, make sure "Clean threats automatically" is not checkmarked. Now select "Scan"

user posted image

In the new Window new virus database signatures will download, Do Not Select Stop

user posted image

The Window will progress showing the scan in action....

user posted image

In the new Window if no threats are found, select "Delete applications data on close" then select "Finish" no log is produced, confirm that in your reply...

user posted image

If threats are found the following Window will open:

user posted image

Click on "Select All" then "Save to Text file" name and save that file, attach to your reply.

Now select "Do not clean" and then close out....

Let me see those logs in your reply.... Also tell me if there are any remaining issues or concerns.

Thank you,

Kevin...

fixlist.txt

Link to post
Share on other sites

Kevin! I think you did it!

 

After performing a _full_ scan with Malwarebytes, the popups ceased.  This took some time.

I ran the scans you suggested and have not had a single website connection atttempt blocked since!

I'm currently at work, but wanted to follow up; most of this was performed yesterday.  If logs are still important I can paste what was created, but I'm less concerned now that the connections appear to have ceased.

 

Many, MANY thanks! 

Link to post
Share on other sites

  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.