cropflOp Posted November 2, 2017 ID:1178334 Share Posted November 2, 2017 So I wanted to clean my pc because of a recent virus I got. I was successful upon removing most of the virus with Malwarebytes but am unaware if my pc is completely clean yet so I installed Malwarebytes Anti Rootkit, but when it runs for like 30 seconds or so it gives me the Blue Screen of Death with the error of "PAGE_FAULT_IN_NONPAGED_AREA". I am currently suspecting one of my tasks as a virus because it has random letters but I can't seem to kill the task because it gives me "Access Denied". Link to post Share on other sites More sharing options...
Aura Posted November 2, 2017 ID:1178336 Share Posted November 2, 2017 Hi cropflOp My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state. As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry! If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off; Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely goneThis being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread This being said, it's time to clean-up some malware, so let's get started, shall we? Follow the instructions in the thread below. Make sure to download the MBAR version linked in it. Let me know if you're not able to launch it and run a scan. https://forums.malwarebytes.com/topic/198907-requested-resource-is-in-use-error-unable-to-start-malwarebytes/ If you manage to run a scan, delete everything it finds, and then copy/paste the content of the mbar-log-DATE-(TIME).txt log that is located in the MBAR folder here after. Link to post Share on other sites More sharing options...
cropflOp Posted November 2, 2017 Author ID:1178342 Share Posted November 2, 2017 I get the BSOD as soon as I hit Scan "PAGE_FAULT_IN_NONPAGED_AREA" Link to post Share on other sites More sharing options...
Aura Posted November 2, 2017 ID:1178343 Share Posted November 2, 2017 Ah sorry, I linked you the wrong instructions. Here, follow the ones here and provide me the FRST logs. Farbar Recovery Scan Tool (FRST) - Scan mode Follow the instructions below to download and execute a scan on your system with FRST, and provide the logs in your next reply. Download the right version of FRST for your system:FRST 32-bit FRST 64-bitNote: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using. Move the executable (FRST.exe or FRST64.exe) on your Desktop Right-click on the executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds Make sure the Addition.txt box is checked Click on the Scan button On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files Copy and paste the content of both FRST.txt and Addition.txt in your next reply Link to post Share on other sites More sharing options...
cropflOp Posted November 2, 2017 Author ID:1178344 Share Posted November 2, 2017 FRST - Notepad Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-11-2017 Ran by buffe (administrator) on DESKTOP-QVMQE15 (01-11-2017 18:59:30) Running from F:\Users\buffe\Downloads Loaded Profiles: buffe (Available Profiles: buffe) Platform: Windows 10 Home Version 1703 15063.674 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (TOSHIBA CORPORATION) C:\Windows\System32\dsdmkivsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe () C:\Windows\System32\PnkBstrA.exe (Intel(R) Corporation) C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Electronic Arts) F:\Origin\OriginWebHelperService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (TODO: <Company name>) F:\Program Files (x86)\ASUS\ASUS Gamepad\ap\AsusGamepadServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Valve Corporation) F:\Steam\Steam.exe (Akamai Technologies, Inc.) C:\Users\buffe\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) C:\Users\buffe\AppData\Local\Akamai\netsession_win.exe (BitTorrent Inc.) C:\Users\buffe\AppData\Roaming\uTorrent\uTorrent.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (BitTorrent Inc.) C:\Users\buffe\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe (EVGA) F:\Program Files (x86)\EVGA\EVGA Unleash Mouse Tuning Utility\X10Monitor.exe (BitTorrent Inc.) C:\Users\buffe\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe (Valve Corporation) F:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) F:\Steam\bin\cef\cef.win7\steamwebhelper.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9181696 2016-12-08] (Realtek Semiconductor) HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM-x32\...\Run: [EVGA TORQ Unleash Software] => F:\Program Files (x86)\EVGA\EVGA Unleash Mouse Tuning Utility\X10Monitor.exe [224736 2015-03-13] (EVGA) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-340033465-448931462-1049182933-1003\...\Run: [Steam] => F:\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation) HKU\S-1-5-21-340033465-448931462-1049182933-1003\...\Run: [Akamai NetSession Interface] => C:\Users\buffe\AppData\Local\Akamai\netsession_win.exe [4490200 2017-09-08] (Akamai Technologies, Inc.) HKU\S-1-5-21-340033465-448931462-1049182933-1003\...\Run: [uTorrent] => C:\Users\buffe\AppData\Roaming\uTorrent\uTorrent.exe [1982144 2017-10-02] (BitTorrent Inc.) HKU\S-1-5-21-340033465-448931462-1049182933-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [10021040 2017-10-18] (Piriform Ltd) HKU\S-1-5-21-340033465-448931462-1049182933-1003\...\Run: [GoogleChromeAutoLaunch_632847B04C438BAEAE27890FC45688BE] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1556312 2017-10-25] (Google Inc.) Startup: C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eyed.lnk [2017-10-31] ShortcutTarget: eyed.lnk -> C:\Program Files (x86)\Sensors\ultrasounds.exe (No File) Startup: C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSIAfterburner - Shortcut.lnk [2017-10-02] ShortcutTarget: MSIAfterburner - Shortcut.lnk -> F:\MSI Afterburner\MSIAfterburner.exe () GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: Hosts file not detected in the default directory Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{5AFEAD5F-C822-45BC-AB61-C80D6981027E}: [NameServer] 104.200.128.69,8.8.8.8 Tcpip\..\Interfaces\{5c63611e-bdaf-11e7-9130-806e6f6e6963}: [NameServer] 104.200.128.69,8.8.8.8 Tcpip\..\Interfaces\{a8c96047-f3a0-45d0-8b27-fbeead914344}: [NameServer] 104.200.128.69,8.8.8.8 Tcpip\..\Interfaces\{aed5dd8e-bbfc-4d1d-9e01-ed2dfe3026dd}: [NameServer] 104.200.128.69,8.8.8.8 Tcpip\..\Interfaces\{b679ec59-9418-4958-96a3-c840db583a53}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{b679ec59-9418-4958-96a3-c840db583a53}: [DhcpNameServer] 75.75.75.75 75.75.76.76 Tcpip\..\Interfaces\{e7243b0e-665d-4375-887d-212c0c289dc5}: [NameServer] 104.200.128.69,8.8.8.8 Internet Explorer: ================== HKU\S-1-5-21-340033465-448931462-1049182933-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem17win10.msn.com/?pc=NMTE HKU\S-1-5-21-340033465-448931462-1049182933-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP SearchScopes: HKU\S-1-5-21-340033465-448931462-1049182933-1003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 SearchScopes: HKU\S-1-5-21-340033465-448931462-1049182933-1003 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 SearchScopes: HKU\S-1-5-21-340033465-448931462-1049182933-1003 -> {9D825E1D-057D-4728-8F64-0608FB9D5669} URL = FireFox: ======== FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-01] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-11-01] (Google Inc.) Chrome: ======= CHR DefaultSearchURL: Default -> hxxps://forums.malwarebytes.com/topic/213889-bsod-when-running-mbar/ CHR Profile: C:\Users\buffe\AppData\Local\Google\Chrome\User Data\Default [2017-11-01] CHR Extension: (Google Drive) - C:\Users\buffe\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-01] CHR Extension: (YouTube) - C:\Users\buffe\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-01] CHR Extension: (Fair AdBlocker App) - C:\Users\buffe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcnofaichneijfbkdkghmhjjbepjmble [2017-11-01] CHR Extension: (Google Docs Offline) - C:\Users\buffe\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-11-01] CHR Extension: (Fair AdBlocker) - C:\Users\buffe\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgblnfidahcdcjddiepkckcfdhpknnjh [2017-11-01] CHR Extension: (Chrome Web Store Payments) - C:\Users\buffe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-11-01] CHR Extension: (Gmail) - C:\Users\buffe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-01] CHR Extension: (Chrome Media Router) - C:\Users\buffe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-01] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1548808 2017-10-11] () S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-09-12] (EasyAntiCheat Ltd) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation) R3 Intel(R) Online Connect; C:\Program Files\Intel\Intel(R) Online Connect\ioc.exe [25824 2016-10-04] (Intel Corporation) S2 Intel(R) Online Connect Helper; C:\Program Files\Intel\Intel(R) Online Connect\iocHelperService.exe [22752 2016-10-04] (Intel Corporation) S3 Intel(R) Online Connect Software Asset Manager; C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [18152 2016-09-29] (Intel Corporation) R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel\Intel(R) Online Connect Access\LegacyCsLoaderService.exe [173288 2016-10-05] (Intel(R) Corporation) R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel\Intel(R) Online Connect Access\IntelTechnologyAccessService.exe [496872 2016-10-05] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-20] (Intel Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation) R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation) R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-10-27] (NVIDIA Corporation) R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [460920 2017-10-27] (NVIDIA Corporation) S3 Origin Client Service; F:\Origin\OriginClientService.exe [2123104 2017-10-09] (Electronic Arts) R2 Origin Web Helper Service; F:\Origin\OriginWebHelperService.exe [3002720 2017-10-09] (Electronic Arts) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2017-10-01] () R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2017-10-01] () R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-07-10] (Microsoft Corporation) S2 AESMService; "C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe" [X] S2 avgsvc; "C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe" [X] R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X] S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 hmce; C:\WINDOWS\System32\drivers\oocn.sys [79064 2017-11-01] (Malwarebytes) S3 IaNVMe; C:\WINDOWS\System32\drivers\IaNVMe.sys [101872 2016-01-26] (Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [174568 2017-06-22] (Intel Corporation) S4 jwlp; C:\WINDOWS\System32\drivers\cgdqmq.sys [79064 2017-10-31] (Malwarebytes) S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [192952 2017-11-01] (Malwarebytes) R1 ndisrd; C:\WINDOWS\system32\DRIVERS\ndisrfl.sys [59792 2016-09-13] (Intel Corporation) R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7218176 2017-03-18] (Intel Corporation) R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvgbdi.inf_amd64_4cc90e2d08e794ec\nvlddmkm.sys [16936048 2017-10-28] (NVIDIA Corporation) S3 nvme; C:\WINDOWS\System32\drivers\nvme.sys [119840 2015-12-16] (Samsung Electronics Co., Ltd) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-10-27] (NVIDIA Corporation) R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-10-27] (NVIDIA Corporation) S3 ocznvme; C:\WINDOWS\System32\drivers\ocznvme.sys [99592 2016-06-10] (TOSHIBA CORPORATION) S3 ocztrimfilter; C:\WINDOWS\System32\drivers\ocztrimfilter.sys [29064 2016-06-10] (TOSHIBA CORPORATION) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek ) R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2015-09-14] (Scarlet.Crush Productions) S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] () S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [52824 2016-05-18] (Windows (R) Win 7 DDK provider) S4 srrmw; C:\WINDOWS\System32\drivers\kowe.sys [79064 2017-10-31] (Malwarebytes) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) S3 xhunter1; C:\Windows\xhunter1.sys [46584 2017-09-18] (Wellbia.com Co., Ltd.) S4 yonsoukc; C:\WINDOWS\System32\drivers\irtfw.sys [79064 2017-10-31] (Malwarebytes) S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-01 18:58 - 2017-11-01 18:59 - 000000000 ____D C:\FRST 2017-11-01 18:54 - 2017-11-01 18:54 - 000808860 _____ C:\WINDOWS\Minidump\110117-6984-01.dmp 2017-11-01 18:54 - 2017-11-01 18:54 - 000000000 ____D C:\Users\buffe\AppData\LocalLow\uTorrent 2017-11-01 18:30 - 2017-11-01 18:30 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps 2017-11-01 18:27 - 2017-11-01 18:27 - 000137552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mbbuybeh.sys 2017-11-01 18:04 - 2017-11-01 18:04 - 000815748 _____ C:\WINDOWS\Minidump\110117-7000-01.dmp 2017-11-01 18:03 - 2017-11-01 18:53 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\5646E390.sys 2017-11-01 18:01 - 2017-11-01 18:01 - 000813964 _____ C:\WINDOWS\Minidump\110117-6796-01.dmp 2017-11-01 18:01 - 2017-11-01 18:01 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\6244F7BA.sys 2017-11-01 18:00 - 2017-11-01 18:53 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2017-11-01 17:52 - 2017-11-01 17:55 - 000000000 ____D C:\AdwCleaner 2017-11-01 16:54 - 2017-11-01 18:54 - 002881536 _____ (TOSHIBA CORPORATION) C:\WINDOWS\system32\dsdmkivsvc.exe 2017-11-01 16:53 - 2017-11-01 16:53 - 000079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\oocn.sys 2017-11-01 01:55 - 2017-11-01 01:55 - 000003538 _____ C:\WINDOWS\System32\Tasks\ASUS Gamepad 2017-11-01 01:55 - 2017-11-01 01:55 - 000000000 ____D C:\Program Files\DIFX 2017-11-01 01:18 - 2017-11-01 01:18 - 000723692 _____ C:\WINDOWS\Minidump\110117-6031-01.dmp 2017-11-01 00:13 - 2017-11-01 15:10 - 000002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-01 00:13 - 2017-11-01 15:10 - 000002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-01 00:12 - 2017-11-01 00:12 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-01 00:12 - 2017-11-01 00:12 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-10-31 20:21 - 2017-11-01 18:54 - 880088405 _____ C:\WINDOWS\MEMORY.DMP 2017-10-31 20:21 - 2017-11-01 18:54 - 000000000 ____D C:\WINDOWS\Minidump 2017-10-31 20:21 - 2017-10-31 20:21 - 000779532 _____ C:\WINDOWS\Minidump\103117-6109-01.dmp 2017-10-31 19:06 - 2017-10-31 19:06 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2017-10-31 18:41 - 2017-10-31 18:41 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Google 2017-10-31 18:38 - 2017-10-31 18:38 - 000079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\cgdqmq.sys 2017-10-31 18:36 - 2017-10-31 18:36 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2017-10-31 18:36 - 2017-10-31 18:36 - 000002870 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2017-10-31 18:36 - 2017-10-31 18:36 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2017-10-31 18:36 - 2017-10-31 18:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2017-10-31 18:36 - 2017-10-31 18:36 - 000000000 ____D C:\Program Files\CCleaner 2017-10-31 17:42 - 2017-10-31 17:42 - 000079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\irtfw.sys 2017-10-31 17:09 - 2017-10-31 17:09 - 000079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\kowe.sys 2017-10-31 17:07 - 2017-11-01 18:07 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-10-31 17:06 - 2017-11-01 18:43 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2017-10-31 17:06 - 2017-10-31 17:34 - 000001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2017-10-31 17:06 - 2017-10-31 17:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2017-10-31 17:06 - 2017-10-31 17:06 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2017-10-31 17:06 - 2016-03-10 14:09 - 000065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2017-10-31 17:06 - 2016-03-10 14:08 - 000027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-10-31 16:58 - 2017-10-31 17:06 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-10-31 16:58 - 2017-10-31 16:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-10-31 16:58 - 2017-10-04 13:15 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-10-31 16:56 - 2017-10-31 16:56 - 000000000 ___HD C:\$AV_AVG 2017-10-31 16:55 - 2017-10-31 16:55 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump 2017-10-31 16:30 - 2017-10-31 20:21 - 000000000 ____D C:\WINDOWS\system32\%LOCALAPPDATA% 2017-10-31 16:08 - 2017-10-31 17:42 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-10-31 16:07 - 2017-10-31 16:07 - 000000000 ____D C:\WINDOWS\pss 2017-10-31 16:06 - 2017-10-31 16:06 - 000000258 __RSH C:\Users\buffe\ntuser.pol 2017-10-31 15:46 - 2017-10-31 16:01 - 000000000 _____ C:\WINDOWS\system32\last.dump 2017-10-31 15:45 - 2017-10-31 15:45 - 000000004 _____ C:\ProgramData\rwi.fcad 2017-10-31 15:43 - 2017-10-31 20:11 - 000000000 ____D C:\Users\buffe\AppData\Local\AvgSetupLog 2017-10-31 15:43 - 2017-10-31 20:11 - 000000000 ____D C:\ProgramData\Avg 2017-10-31 15:43 - 2017-10-31 20:11 - 000000000 ____D C:\Program Files (x86)\AVG 2017-10-31 15:43 - 2017-10-31 20:08 - 000000000 ____D C:\Users\buffe\AppData\Local\Avg 2017-10-31 15:42 - 2017-10-31 16:56 - 000000000 ____D C:\Users\buffe\AppData\Local\cgseimn 2017-10-31 15:42 - 2017-10-31 15:42 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Macromedia 2017-10-31 15:41 - 2017-10-31 15:41 - 000001291 _____ C:\Users\buffe\Desktop\Google Chrome.lnk 2017-10-31 15:40 - 2017-10-31 17:09 - 000000000 ___HD C:\Program Files (x86)\Sightless 2017-10-31 15:40 - 2017-10-31 17:09 - 000000000 ____D C:\Program Files (x86)\Sensors 2017-10-31 15:40 - 2017-10-31 17:07 - 000000000 ____D C:\Users\buffe\AppData\Local\vsackpd 2017-10-31 15:40 - 2017-10-31 15:48 - 000000000 ___HD C:\Program Files (x86)\danes 2017-10-31 15:40 - 2017-10-31 15:48 - 000000000 ____D C:\ProgramData\dacfService 2017-10-31 15:40 - 2017-10-31 15:40 - 000024434 _____ C:\WINDOWS\System32\Tasks\{7F087A47-0979-7E09-0D11-7E780E0C117A} 2017-10-31 15:40 - 2017-10-31 15:40 - 000016886 _____ C:\WINDOWS\System32\Tasks\Mini Permanent component 2017-10-31 15:40 - 2017-10-31 15:40 - 000016760 _____ C:\WINDOWS\System32\Tasks\YOCX 2017-10-31 15:40 - 2017-10-31 15:40 - 000000258 __RSH C:\ProgramData\ntuser.pol 2017-10-31 15:40 - 2017-10-31 15:40 - 000000020 _____ C:\WINDOWS\b17003466 2017-10-31 15:40 - 2017-10-31 15:40 - 000000000 ____D C:\WINDOWS\SysWOW64\avcxwid 2017-10-31 15:40 - 2017-10-31 15:40 - 000000000 ____D C:\WINDOWS\system32\avcxwid 2017-10-31 15:40 - 2017-10-31 15:40 - 000000000 ____D C:\ProgramData\XAPersonalD 2017-10-31 15:40 - 2017-10-31 15:40 - 000000000 ____D C:\Program Files (x86)\uneconomic 2017-10-30 14:56 - 2017-09-29 22:49 - 001004136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2017-10-30 14:56 - 2017-09-29 22:45 - 000511896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2017-10-30 14:56 - 2017-09-29 22:42 - 000820120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2017-10-30 14:56 - 2017-09-29 22:41 - 000259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2017-10-30 14:56 - 2017-09-29 22:40 - 000336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe 2017-10-30 14:56 - 2017-09-29 22:40 - 000173976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2017-10-30 14:56 - 2017-09-29 22:36 - 002672024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2017-10-30 14:56 - 2017-09-29 19:29 - 001408536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-10-30 14:56 - 2017-09-29 19:29 - 000804784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2017-10-30 14:56 - 2017-09-29 19:26 - 001333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2017-10-30 14:56 - 2017-09-29 19:26 - 001292872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-10-30 14:56 - 2017-09-29 19:10 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2017-10-30 14:56 - 2017-09-29 19:10 - 000606072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2017-10-30 14:56 - 2017-09-29 19:10 - 000508344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2017-10-30 14:56 - 2017-09-29 19:10 - 000480920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2017-10-30 14:56 - 2017-09-29 19:09 - 002259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2017-10-30 14:56 - 2017-09-29 19:09 - 000787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2017-10-30 14:56 - 2017-09-29 19:06 - 004471368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2017-10-30 14:56 - 2017-09-29 19:05 - 005827744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2017-10-30 14:56 - 2017-09-29 19:05 - 002603744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreUAPCommonProxyStub.dll 2017-10-30 14:56 - 2017-09-29 19:05 - 001266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2017-10-30 14:56 - 2017-09-29 19:05 - 000750488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2017-10-30 14:56 - 2017-09-29 19:05 - 000559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2017-10-30 14:56 - 2017-09-29 19:04 - 004215184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll 2017-10-30 14:56 - 2017-09-29 19:04 - 000612120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll 2017-10-30 14:56 - 2017-09-29 19:04 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2017-10-30 14:56 - 2017-09-29 19:04 - 000438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll 2017-10-30 14:56 - 2017-09-29 19:04 - 000347544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-10-30 14:56 - 2017-09-29 19:04 - 000182680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2017-10-30 14:56 - 2017-09-29 19:03 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2017-10-30 14:56 - 2017-09-29 19:03 - 006768288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2017-10-30 14:56 - 2017-09-29 19:03 - 001439032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2017-10-30 14:56 - 2017-09-29 19:02 - 000175512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll 2017-10-30 14:56 - 2017-09-29 19:01 - 000124544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2017-10-30 14:56 - 2017-09-29 00:45 - 002953216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-10-30 14:56 - 2017-09-29 00:44 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2017-10-30 14:56 - 2017-09-29 00:43 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2017-10-30 14:56 - 2017-09-29 00:43 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll 2017-10-30 14:56 - 2017-09-29 00:43 - 000060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll 2017-10-30 14:56 - 2017-09-29 00:42 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mgmtapi.dll 2017-10-30 14:56 - 2017-09-29 00:41 - 013844992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2017-10-30 14:56 - 2017-09-29 00:41 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BitLockerCsp.dll 2017-10-30 14:56 - 2017-09-29 00:40 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2017-10-30 14:56 - 2017-09-29 00:40 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll 2017-10-30 14:56 - 2017-09-29 00:40 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2017-10-30 14:56 - 2017-09-29 00:39 - 020511232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-10-30 14:56 - 2017-09-29 00:39 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2017-10-30 14:56 - 2017-09-29 00:38 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2017-10-30 14:56 - 2017-09-29 00:38 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2017-10-30 14:56 - 2017-09-29 00:38 - 001135616 ____R (The ICU Project) C:\WINDOWS\SysWOW64\icuuc.dll 2017-10-30 14:56 - 2017-09-29 00:38 - 000471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll 2017-10-30 14:56 - 2017-09-29 00:38 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll 2017-10-30 14:56 - 2017-09-29 00:38 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2017-10-30 14:56 - 2017-09-29 00:38 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2017-10-30 14:56 - 2017-09-29 00:38 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll 2017-10-30 14:56 - 2017-09-29 00:37 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll 2017-10-30 14:56 - 2017-09-29 00:37 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll 2017-10-30 14:56 - 2017-09-29 00:36 - 019337216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-10-30 14:56 - 2017-09-29 00:36 - 000590336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-10-30 14:56 - 2017-09-29 00:35 - 003654656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-10-30 14:56 - 2017-09-29 00:34 - 006255616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-10-30 14:56 - 2017-09-29 00:34 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-10-30 14:56 - 2017-09-29 00:34 - 000798720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2017-10-30 14:56 - 2017-09-29 00:34 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2017-10-30 14:56 - 2017-09-29 00:34 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll 2017-10-30 14:56 - 2017-09-29 00:33 - 007598080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2017-10-30 14:56 - 2017-09-29 00:33 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll 2017-10-30 14:56 - 2017-09-29 00:33 - 001506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2017-10-30 14:56 - 2017-09-29 00:32 - 002782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll 2017-10-30 14:56 - 2017-09-29 00:32 - 002340864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2017-10-30 14:56 - 2017-09-29 00:32 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-10-30 14:56 - 2017-09-29 00:32 - 001244160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll 2017-10-30 14:56 - 2017-09-29 00:32 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2017-10-30 14:56 - 2017-09-29 00:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2017-10-30 14:56 - 2017-09-29 00:31 - 003107328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2017-10-30 14:56 - 2017-09-29 00:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2017-10-30 14:56 - 2017-09-29 00:31 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2017-10-30 14:56 - 2017-09-29 00:31 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll 2017-10-30 14:56 - 2017-09-29 00:29 - 001460736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2017-10-30 14:56 - 2017-09-29 00:29 - 001318912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2017-10-30 14:56 - 2017-09-29 00:29 - 000724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2017-10-30 14:56 - 2017-09-29 00:29 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll 2017-10-30 14:56 - 2017-09-29 00:29 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2017-10-30 14:56 - 2017-09-29 00:29 - 000083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2017-10-30 14:56 - 2017-09-29 00:28 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2017-10-30 14:56 - 2017-09-29 00:28 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2017-10-30 14:56 - 2017-09-29 00:28 - 000458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2017-10-30 14:56 - 2017-09-29 00:28 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2017-10-30 14:56 - 2017-09-29 00:28 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe 2017-10-30 14:56 - 2017-09-29 00:28 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cipher.exe 2017-10-30 14:56 - 2017-09-29 00:27 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2017-10-30 14:56 - 2017-09-29 00:27 - 000350720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll 2017-10-30 14:56 - 2017-09-29 00:26 - 008213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2017-10-30 14:56 - 2017-09-29 00:25 - 008199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-10-30 14:56 - 2017-09-29 00:24 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2017-10-30 14:56 - 2017-09-29 00:24 - 001628672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll 2017-10-30 14:56 - 2017-09-29 00:23 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-10-30 14:56 - 2017-09-29 00:21 - 003304448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2017-10-30 14:56 - 2017-09-29 00:21 - 000414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2017-10-30 14:56 - 2017-09-29 00:20 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2017-10-30 14:56 - 2017-09-29 00:20 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2017-10-30 14:56 - 2017-09-29 00:19 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll 2017-10-30 14:56 - 2017-09-29 00:18 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe 2017-10-30 14:56 - 2017-09-29 00:18 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe 2017-10-30 14:56 - 2017-09-28 22:40 - 000804312 _____ C:\WINDOWS\SysWOW64\locale.nls 2017-10-30 14:56 - 2017-09-28 22:40 - 000804312 _____ C:\WINDOWS\system32\locale.nls 2017-10-30 14:56 - 2017-09-20 08:08 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll 2017-10-30 14:56 - 2017-09-20 08:08 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-10-30 14:56 - 2017-09-20 08:08 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll 2017-10-30 14:56 - 2017-09-18 16:09 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2017-10-30 14:56 - 2017-09-18 15:20 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll 2017-10-30 14:56 - 2017-09-18 15:15 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll 2017-10-30 14:55 - 2017-09-29 22:52 - 001595152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-10-30 14:55 - 2017-09-29 22:51 - 001458320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2017-10-30 14:55 - 2017-09-29 22:51 - 001147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-10-30 14:55 - 2017-09-29 22:51 - 000661224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2017-10-30 14:55 - 2017-09-29 22:50 - 001346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-10-30 14:55 - 2017-09-29 22:50 - 001068208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2017-10-30 14:55 - 2017-09-29 22:50 - 001024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-10-30 14:55 - 2017-09-29 22:49 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2017-10-30 14:55 - 2017-09-29 22:49 - 000135576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-10-30 14:55 - 2017-09-29 22:48 - 008319384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-10-30 14:55 - 2017-09-29 22:48 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2017-10-30 14:55 - 2017-09-29 22:48 - 002327448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-10-30 14:55 - 2017-09-29 22:48 - 000644696 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2017-10-30 14:55 - 2017-09-29 22:47 - 002969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll 2017-10-30 14:55 - 2017-09-29 22:47 - 001194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2017-10-30 14:55 - 2017-09-29 22:44 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2017-10-30 14:55 - 2017-09-29 22:44 - 000181912 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2017-10-30 14:55 - 2017-09-29 22:43 - 007318888 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2017-10-30 14:55 - 2017-09-29 22:43 - 002442136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-10-30 14:55 - 2017-09-29 22:42 - 004848952 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2017-10-30 14:55 - 2017-09-29 22:42 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2017-10-30 14:55 - 2017-09-29 22:41 - 005477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll 2017-10-30 14:55 - 2017-09-29 22:41 - 005304496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2017-10-30 14:55 - 2017-09-29 22:41 - 002086808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll 2017-10-30 14:55 - 2017-09-29 22:41 - 000961944 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll 2017-10-30 14:55 - 2017-09-29 22:41 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2017-10-30 14:55 - 2017-09-29 22:41 - 000651672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2017-10-30 14:55 - 2017-09-29 22:41 - 000257432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2017-10-30 14:55 - 2017-09-29 22:41 - 000228248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-10-30 14:55 - 2017-09-29 22:40 - 000724704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll 2017-10-30 14:55 - 2017-09-29 22:40 - 000642680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-10-30 14:55 - 2017-09-29 22:40 - 000558912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll 2017-10-30 14:55 - 2017-09-29 22:40 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-10-30 14:55 - 2017-09-29 22:40 - 000184728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys 2017-10-30 14:55 - 2017-09-29 22:40 - 000072944 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe 2017-10-30 14:55 - 2017-09-29 22:39 - 021351760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2017-10-30 14:55 - 2017-09-29 22:39 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll 2017-10-30 14:55 - 2017-09-29 22:38 - 007910072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2017-10-30 14:55 - 2017-09-29 22:38 - 002239136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2017-10-30 14:55 - 2017-09-29 22:36 - 000057976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2017-10-30 14:55 - 2017-09-29 19:10 - 001150776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2017-10-30 14:55 - 2017-09-29 00:46 - 023678976 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-10-30 14:55 - 2017-09-29 00:39 - 011888640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2017-10-30 14:55 - 2017-09-29 00:34 - 017370624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2017-10-30 14:55 - 2017-09-29 00:34 - 003669504 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-10-30 14:55 - 2017-09-29 00:33 - 000658944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-10-30 14:55 - 2017-09-29 00:33 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2017-10-30 14:55 - 2017-09-29 00:32 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2017-10-30 14:55 - 2017-09-29 00:32 - 000209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll 2017-10-30 14:55 - 2017-09-29 00:32 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll 2017-10-30 14:55 - 2017-09-29 00:32 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2017-10-30 14:55 - 2017-09-29 00:32 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll 2017-10-30 14:55 - 2017-09-29 00:32 - 000023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll 2017-10-30 14:55 - 2017-09-29 00:31 - 000113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll 2017-10-30 14:55 - 2017-09-29 00:31 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll 2017-10-30 14:55 - 2017-09-29 00:30 - 023686144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-10-30 14:55 - 2017-09-29 00:30 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2017-10-30 14:55 - 2017-09-29 00:30 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll 2017-10-30 14:55 - 2017-09-29 00:30 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll 2017-10-30 14:55 - 2017-09-29 00:30 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2017-10-30 14:55 - 2017-09-29 00:30 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2017-10-30 14:55 - 2017-09-29 00:29 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2017-10-30 14:55 - 2017-09-29 00:29 - 000550400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2017-10-30 14:55 - 2017-09-29 00:29 - 000461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2017-10-30 14:55 - 2017-09-29 00:29 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll 2017-10-30 14:55 - 2017-09-29 00:29 - 000304640 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll 2017-10-30 14:55 - 2017-09-29 00:29 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ServiceWorkerHost.exe 2017-10-30 14:55 - 2017-09-29 00:28 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll 2017-10-30 14:55 - 2017-09-29 00:28 - 000556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2017-10-30 14:55 - 2017-09-29 00:28 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2017-10-30 14:55 - 2017-09-29 00:28 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2017-10-30 14:55 - 2017-09-29 00:28 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll 2017-10-30 14:55 - 2017-09-29 00:27 - 012803072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2017-10-30 14:55 - 2017-09-29 00:27 - 001321984 ____R (The ICU Project) C:\WINDOWS\system32\icuuc.dll 2017-10-30 14:55 - 2017-09-29 00:27 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll 2017-10-30 14:55 - 2017-09-29 00:27 - 000565760 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll 2017-10-30 14:55 - 2017-09-29 00:27 - 000538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2017-10-30 14:55 - 2017-09-29 00:27 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2017-10-30 14:55 - 2017-09-29 00:27 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2017-10-30 14:55 - 2017-09-29 00:26 - 002809344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2017-10-30 14:55 - 2017-09-29 00:26 - 001468928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2017-10-30 14:55 - 2017-09-29 00:26 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2017-10-30 14:55 - 2017-09-29 00:26 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-10-30 14:55 - 2017-09-29 00:26 - 000356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2017-10-30 14:55 - 2017-09-29 00:26 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll 2017-10-30 14:55 - 2017-09-29 00:25 - 004175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2017-10-30 14:55 - 2017-09-29 00:25 - 002760704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll 2017-10-30 14:55 - 2017-09-29 00:25 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2017-10-30 14:55 - 2017-09-29 00:24 - 003307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-10-30 14:55 - 2017-09-29 00:24 - 002503680 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2017-10-30 14:55 - 2017-09-29 00:24 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2017-10-30 14:55 - 2017-09-29 00:24 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2017-10-30 14:55 - 2017-09-29 00:24 - 000684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 003140096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 002730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe 2017-10-30 14:55 - 2017-09-29 00:23 - 002446336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 002055680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-10-30 14:55 - 2017-09-29 00:23 - 001887744 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 001460224 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 001398784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 001052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 000986624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 000756224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 000647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2017-10-30 14:55 - 2017-09-29 00:23 - 000512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll 2017-10-30 14:55 - 2017-09-29 00:22 - 002829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2017-10-30 14:55 - 2017-09-29 00:22 - 001802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-10-30 14:55 - 2017-09-29 00:22 - 001438208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll 2017-10-30 14:55 - 2017-09-29 00:22 - 000407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-10-30 14:55 - 2017-09-29 00:21 - 000722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2017-10-30 14:55 - 2017-09-29 00:21 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2017-10-30 14:55 - 2017-09-29 00:21 - 000324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2017-10-30 14:55 - 2017-09-29 00:21 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvc.dll 2017-10-30 14:55 - 2017-09-29 00:21 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll 2017-10-30 14:55 - 2017-09-29 00:21 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2017-10-30 14:55 - 2017-09-29 00:20 - 001811456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2017-10-30 14:55 - 2017-09-29 00:20 - 000804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2017-10-30 14:55 - 2017-09-29 00:20 - 000194560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll 2017-10-30 14:55 - 2017-09-29 00:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiexe.dll 2017-10-30 14:55 - 2017-09-29 00:19 - 002088448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2017-10-30 14:55 - 2017-09-29 00:19 - 000325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2017-10-30 14:55 - 2017-09-29 00:19 - 000208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2017-10-30 14:55 - 2017-09-29 00:18 - 002438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2017-10-30 14:55 - 2017-09-29 00:18 - 001527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe 2017-10-30 14:55 - 2017-09-29 00:18 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2017-10-30 14:55 - 2017-09-29 00:18 - 000603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2017-10-30 14:55 - 2017-09-29 00:18 - 000347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2017-10-30 14:55 - 2017-09-29 00:18 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe 2017-10-30 14:55 - 2017-09-29 00:18 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\cipher.exe 2017-10-30 14:55 - 2017-09-18 16:20 - 001065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2017-10-30 14:55 - 2017-09-18 16:20 - 000900376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2017-10-30 14:55 - 2017-09-18 16:18 - 000965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2017-10-30 14:55 - 2017-09-18 16:17 - 001395664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2017-10-30 14:55 - 2017-09-18 16:17 - 001186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2017-10-30 14:55 - 2017-09-18 16:17 - 000821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2017-10-30 14:55 - 2017-09-18 16:11 - 001018272 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2017-10-30 14:55 - 2017-09-18 15:26 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll 2017-10-30 14:55 - 2017-09-18 15:25 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll 2017-10-30 14:55 - 2017-09-18 15:23 - 000210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll 2017-10-30 14:55 - 2017-09-18 15:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll 2017-10-30 14:47 - 2017-10-30 14:47 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2017-10-30 14:47 - 2017-10-27 10:50 - 000532088 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll 2017-10-30 14:47 - 2017-10-27 10:50 - 000437696 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll 2017-10-30 14:47 - 2017-10-27 09:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe 2017-10-30 14:47 - 2017-09-13 16:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll 2017-10-30 14:47 - 2017-09-13 16:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe 2017-10-30 14:47 - 2017-09-13 16:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll 2017-10-30 14:47 - 2017-09-13 16:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe 2017-10-30 14:46 - 2017-10-27 10:50 - 040237688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 036239480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 035156928 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 029270976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 023262280 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 019037416 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 013864048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 013254520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 011779328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 010882720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 004201592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 003614328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 001989056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438813.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 001673848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438813.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 001331200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 001321448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 001135464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 001099712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 001044848 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 001038680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 001031104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 000981112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 000932288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 000885680 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 000794392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 000739448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 000634224 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 000618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 000615544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 000598464 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 000505976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 000045496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll 2017-10-30 14:46 - 2017-10-27 10:50 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json 2017-10-30 14:46 - 2017-10-27 10:50 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json 2017-10-30 13:15 - 2017-10-30 13:15 - 000085784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialUIBroker.exe 2017-10-30 13:15 - 2017-10-30 13:15 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll 2017-10-30 13:15 - 2017-10-30 13:15 - 000000000 ____D C:\Windows.old 2017-10-30 13:14 - 2017-10-30 13:14 - 007337472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 004708504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 004671832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 004462120 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 004330920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 003116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 003059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002972552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002680320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002647224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002476712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002166808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 002078720 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2017-10-30 13:14 - 2017-10-30 13:14 - 002009600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2017-10-30 13:14 - 2017-10-30 13:14 - 002006528 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001930840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001736704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001668344 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001639936 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001619816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001320344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001178624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001146176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001143296 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001106904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001077248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001051136 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 001013912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000958664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000871448 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000852480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000844288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000832000 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000810496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000803328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE 2017-10-30 13:14 - 2017-10-30 13:14 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000773120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000772096 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000742912 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000739840 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000703056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000685512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000657408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000627080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000610720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000569264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000563200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000546816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2017-10-30 13:14 - 2017-10-30 13:14 - 000546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000499712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthHFSrv.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000430592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2017-10-30 13:14 - 2017-10-30 13:14 - 000422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000413184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000410168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000387936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\tpmvsc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000381824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000359560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000316320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000291904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000280480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000221696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000213504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000189344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE 2017-10-30 13:14 - 2017-10-30 13:14 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcrecovery.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000169376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000159648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\csplte.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE 2017-10-30 13:14 - 2017-10-30 13:14 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CfgSPCellular.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAPNCsp.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasman.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srpapi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000115792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasman.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\datamarketsvc.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000081176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000064680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntprint.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe 2017-10-30 13:14 - 2017-10-30 13:14 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000052768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000049720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbs.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000042456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbs.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys 2017-10-30 13:14 - 2017-10-30 13:14 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrPS.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin 2017-10-30 13:14 - 2017-10-30 13:14 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll 2017-10-30 13:14 - 2017-10-30 13:14 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe 2017-10-30 13:12 - 2017-10-30 13:12 - 000424448 _____ C:\WINDOWS\ad89bb4e7b7109ca76f3a54ccf23e569.exe 2017-10-30 13:12 - 2017-10-30 13:12 - 000051634 _____ C:\WINDOWS\uninstaller.dat 2017-10-30 13:11 - 2017-11-01 16:53 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2017-10-30 13:11 - 2017-10-30 13:11 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2017-10-30 13:10 - 2017-10-30 13:10 - 000000000 ____D C:\Program Files\Reference Assemblies 2017-10-30 13:10 - 2017-10-30 13:10 - 000000000 ____D C:\Program Files\MSBuild 2017-10-30 13:10 - 2017-10-30 13:10 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2017-10-30 13:10 - 2017-10-30 13:10 - 000000000 ____D C:\Program Files (x86)\MSBuild 2017-10-30 13:10 - 2017-02-10 12:26 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2017-10-30 13:10 - 2017-02-10 12:26 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2017-10-30 13:10 - 2017-02-10 12:26 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2017-10-30 13:10 - 2017-02-10 12:21 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2017-10-30 13:10 - 2017-02-10 12:21 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2017-10-30 13:10 - 2017-02-10 12:21 - 000035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2017-10-30 12:43 - 2017-10-30 12:43 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2017-10-30 12:41 - 2017-10-30 12:41 - 000000020 ___SH C:\Users\buffe\ntuser.ini 2017-10-30 12:41 - 2017-10-30 12:41 - 000000000 ____D C:\Users\buffe\AppData\Local\MicrosoftEdge 2017-10-30 12:41 - 2017-10-30 12:41 - 000000000 ____D C:\Users\buffe\AppData\Local\DBG 2017-10-30 12:31 - 2017-10-30 12:31 - 000000000 ____D C:\ProgramData\USOShared 2017-10-30 12:25 - 2017-11-01 18:34 - 001229480 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-10-30 12:22 - 2017-10-31 23:07 - 000024768 _____ C:\WINDOWS\diagwrn.xml 2017-10-30 12:22 - 2017-10-31 23:07 - 000024768 _____ C:\WINDOWS\diagerr.xml 2017-10-30 12:21 - 2017-11-01 18:54 - 000003102 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner 2017-10-30 12:21 - 2017-11-01 18:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-10-30 12:21 - 2017-10-30 14:48 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-10-30 12:21 - 2017-10-30 14:48 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-10-30 12:21 - 2017-10-30 14:48 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-10-30 12:21 - 2017-10-30 14:48 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-10-30 12:21 - 2017-10-30 14:48 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-10-30 12:21 - 2017-10-30 14:48 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-10-30 12:21 - 2017-10-30 14:48 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-10-30 12:21 - 2017-10-30 14:48 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2017-10-30 12:21 - 2017-10-30 12:21 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2017-10-30 12:21 - 2017-10-30 12:21 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification 2017-10-30 12:21 - 2017-10-30 12:21 - 000003074 _____ C:\WINDOWS\System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 2017-10-30 12:21 - 2017-10-30 12:21 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2017-10-30 12:21 - 2017-10-30 12:21 - 000002848 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-340033465-448931462-1049182933-500 2017-10-30 12:21 - 2017-10-30 12:21 - 000002708 _____ C:\WINDOWS\System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon 2017-10-30 12:20 - 2017-10-30 12:20 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-10-30 12:19 - 2017-10-30 12:20 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2017-10-30 12:19 - 2017-03-18 13:56 - 002233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2017-10-30 12:18 - 2017-11-01 18:54 - 000000000 ____D C:\ProgramData\NVIDIA 2017-10-30 12:18 - 2017-11-01 18:01 - 000000000 ____D C:\Users\buffe 2017-10-30 12:18 - 2017-10-30 14:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2017-10-30 12:18 - 2017-10-30 14:48 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2017-10-30 12:18 - 2017-10-30 14:48 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2017-10-30 12:18 - 2017-10-30 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2017-10-30 12:18 - 2017-10-30 12:18 - 000000000 ____H C:\ProgramData\DP45977C.lfl 2017-10-30 12:18 - 2017-10-30 12:18 - 000000000 ____D C:\WINDOWS\system32\DAX3 2017-10-30 12:18 - 2017-10-30 12:18 - 000000000 ____D C:\WINDOWS\system32\DAX2 2017-10-30 12:18 - 2017-10-30 12:18 - 000000000 ____D C:\ProgramData\Audyssey Labs 2017-10-30 12:18 - 2017-10-30 12:18 - 000000000 ____D C:\Program Files\Realtek 2017-10-30 12:18 - 2017-10-27 10:50 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat 2017-10-30 12:18 - 2017-10-27 09:12 - 005960824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll 2017-10-30 12:18 - 2017-10-27 09:12 - 002587768 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll 2017-10-30 12:18 - 2017-10-27 09:12 - 001766520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll 2017-10-30 12:18 - 2017-10-27 09:12 - 000607168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll 2017-10-30 12:18 - 2017-10-27 09:12 - 000449656 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll 2017-10-30 12:18 - 2017-10-27 09:12 - 000123000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll 2017-10-30 12:18 - 2017-10-27 09:12 - 000081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll 2017-10-30 12:18 - 2017-10-25 03:33 - 007802921 _____ C:\WINDOWS\system32\nvcoproc.bin 2017-10-30 12:17 - 2017-10-31 23:45 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-10-30 12:17 - 2017-10-31 13:51 - 000248568 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-10-29 20:10 - 2017-10-30 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.7 2017-10-10 16:28 - 2017-10-31 19:57 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-10-06 21:56 - 2017-10-27 10:50 - 000057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys 2017-10-06 21:53 - 2017-10-27 10:50 - 001796216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll 2017-10-06 21:53 - 2017-10-27 10:50 - 001578104 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll 2017-10-06 21:53 - 2017-10-27 10:50 - 000919160 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll 2017-10-06 21:53 - 2017-10-27 10:50 - 000186488 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2017-10-06 21:53 - 2017-10-27 10:50 - 000152696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2017-10-06 21:53 - 2017-10-27 10:50 - 000050808 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2017-10-06 21:53 - 2017-09-19 00:20 - 001755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll 2017-10-06 21:53 - 2017-09-19 00:20 - 001317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll 2017-10-06 20:14 - 2017-10-06 20:18 - 000000000 ____D C:\Users\buffe\AppData\Local\Adobe 2017-10-03 16:27 - 2017-10-03 16:27 - 000000000 ____D C:\Users\buffe\AppData\Local\Spectrasonics 2017-10-03 15:55 - 2017-10-03 15:55 - 000000000 ____D C:\Program Files\Common Files\Avid 2017-10-03 15:50 - 2017-10-03 16:25 - 000000000 ____D C:\ProgramData\Spectrasonics 2017-10-02 20:44 - 2017-10-02 20:44 - 000000000 ____D C:\Program Files (x86)\Origin Games ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-01 18:54 - 2017-09-16 00:03 - 000000000 ____D C:\Users\buffe\AppData\Roaming\uTorrent 2017-11-01 18:28 - 2017-03-18 04:40 - 016515072 _____ C:\WINDOWS\system32\config\HARDWARE 2017-11-01 18:27 - 2017-03-18 04:40 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2017-11-01 16:27 - 2017-09-12 20:39 - 000000000 ____D C:\Users\buffe\AppData\Local\CrashDumps 2017-11-01 15:09 - 2017-03-18 14:03 - 000000000 ___HD C:\Program Files\WindowsApps 2017-11-01 15:09 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-11-01 04:17 - 2017-09-15 02:26 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst 2017-11-01 04:17 - 2017-09-15 02:26 - 000000000 ____D C:\Program Files (x86)\GamersFirst 2017-11-01 04:13 - 2017-09-12 19:12 - 000000000 ____D C:\Users\buffe\AppData\Local\Google 2017-11-01 02:22 - 2017-09-12 19:07 - 000000000 ____D C:\Users\buffe\AppData\Local\ElevatedDiagnostics 2017-11-01 01:56 - 2017-03-18 14:01 - 000000000 ____D C:\WINDOWS\INF 2017-11-01 01:30 - 2017-09-29 08:04 - 000000000 ___HD C:\$WINDOWS.~BT 2017-11-01 01:30 - 2017-09-16 16:38 - 000000000 ___DC C:\WINDOWS\Panther 2017-11-01 00:13 - 2017-09-12 19:13 - 000000000 ____D C:\Program Files (x86)\Google 2017-10-31 22:57 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Registration 2017-10-31 20:35 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-10-31 20:18 - 2017-09-12 22:18 - 000000000 ____D C:\Program Files\UNP 2017-10-31 20:14 - 2017-09-12 18:52 - 000000000 ___RD C:\Users\buffe\OneDrive 2017-10-31 19:57 - 2017-09-14 12:47 - 126925120 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-10-31 19:49 - 2016-09-08 14:02 - 000000000 ____D C:\Program Files\Microsoft Office 2017-10-31 19:29 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2017-10-31 18:38 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\L2Schemas 2017-10-31 17:46 - 2017-04-10 16:15 - 000000000 ____D C:\ProgramData\Intel 2017-10-31 17:46 - 2017-04-10 16:10 - 000000000 ____D C:\Program Files\Intel 2017-10-31 17:45 - 2017-09-12 22:18 - 000000000 ____D C:\Program Files\rempl 2017-10-31 17:09 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Globalization 2017-10-31 17:09 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\YOCX 2017-10-31 17:09 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Mini Permanent component 2017-10-31 15:40 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy 2017-10-31 13:54 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\appcompat 2017-10-31 13:52 - 2016-08-31 11:56 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-10-30 23:26 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\ShellExperiences 2017-10-30 23:26 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Provisioning 2017-10-30 23:25 - 2017-03-18 14:03 - 000230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll 2017-10-30 23:25 - 2017-03-18 14:03 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll 2017-10-30 14:58 - 2017-03-18 13:51 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-10-30 14:50 - 2017-09-12 18:50 - 000000000 ____D C:\Users\buffe\AppData\Local\NVIDIA 2017-10-30 14:48 - 2017-04-10 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2017-10-30 14:47 - 2017-09-15 02:41 - 000000000 ____D C:\Users\buffe\AppData\Roaming\NVIDIA 2017-10-30 13:17 - 2017-03-18 14:03 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2017-10-30 13:16 - 2017-03-18 14:06 - 000000000 ____D C:\WINDOWS\Setup 2017-10-30 13:15 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2017-10-30 13:15 - 2017-03-18 14:03 - 000000000 ___SD C:\WINDOWS\system32\F12 2017-10-30 13:15 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata 2017-10-30 13:15 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\SysWOW64\setup 2017-10-30 13:15 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata 2017-10-30 13:15 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-10-30 13:15 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\setup 2017-10-30 13:15 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\oobe 2017-10-30 13:15 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer 2017-10-30 13:15 - 2017-03-18 14:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer 2017-10-30 13:13 - 2017-09-12 18:50 - 000000000 ____D C:\Users\buffe\AppData\Local\Packages 2017-10-30 12:42 - 2017-09-12 18:50 - 000000000 ____D C:\Users\buffe\AppData\Local\ConnectedDevicesPlatform 2017-10-30 12:41 - 2017-03-18 14:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-10-30 12:31 - 2017-03-18 14:03 - 000000000 ____D C:\ProgramData\USOPrivate 2017-10-30 12:23 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\rescache 2017-10-30 12:22 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2017-10-30 12:22 - 2017-03-18 04:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2017-10-30 12:22 - 2016-07-16 04:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2017-10-30 12:21 - 2017-03-18 19:31 - 000000000 ____D C:\WINDOWS\HoloShell 2017-10-30 12:21 - 2017-03-18 14:03 - 000000000 __RHD C:\Users\Public\Libraries 2017-10-30 12:20 - 2017-10-01 15:13 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z 2017-10-30 12:20 - 2017-09-16 00:32 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 2017-10-30 12:20 - 2017-09-16 00:26 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2017-10-30 12:20 - 2017-09-16 00:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line 2017-10-30 12:20 - 2017-09-16 00:13 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-10-30 12:20 - 2017-09-16 00:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-10-30 12:20 - 2017-09-12 20:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch 2017-10-30 12:20 - 2017-09-12 20:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App 2017-10-30 12:20 - 2017-09-12 20:04 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-10-30 12:20 - 2017-09-12 19:54 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server 2017-10-30 12:20 - 2017-09-12 19:51 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner 2017-10-30 12:20 - 2017-09-12 19:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-10-30 12:20 - 2017-04-10 16:14 - 000000000 ____D C:\WINDOWS\system32\RTCOM 2017-10-30 12:19 - 2017-09-19 17:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX 2017-10-30 12:19 - 2017-09-18 02:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EVGA 2017-10-30 12:19 - 2017-09-13 01:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games 2017-10-30 12:19 - 2017-09-12 19:18 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2017-10-30 12:19 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\spool 2017-10-30 12:19 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2017-10-30 12:19 - 2016-08-31 11:56 - 000000000 ___HD C:\WINDOWS\OEM 2017-10-30 12:18 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\Help 2017-10-30 12:18 - 2017-03-18 04:40 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2017-10-27 10:50 - 2017-09-13 04:40 - 004485048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll 2017-10-27 10:50 - 2017-09-13 04:40 - 003817584 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll 2017-10-27 10:50 - 2017-09-13 04:40 - 001615472 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll 2017-10-27 10:50 - 2017-09-13 04:40 - 000225208 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys 2017-10-27 10:50 - 2017-09-13 04:40 - 000048442 _____ C:\WINDOWS\system32\nvinfo.pb 2017-10-27 10:50 - 2017-04-10 16:21 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat 2017-10-26 04:17 - 2017-09-15 17:51 - 000000000 ____D C:\ProgramData\Origin 2017-10-26 04:16 - 2017-09-15 17:53 - 000000000 ____D C:\Users\buffe\AppData\Roaming\Origin 2017-10-22 03:14 - 2017-09-12 20:38 - 000000000 ____D C:\Program Files (x86)\Blizzard App 2017-10-22 03:14 - 2017-09-12 20:33 - 000000000 ____D C:\Users\buffe\AppData\Local\Battle.net 2017-10-18 22:17 - 2017-09-12 20:39 - 000000000 ____D C:\Program Files (x86)\Overwatch 2017-10-12 17:21 - 2017-03-18 14:06 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-10-12 17:21 - 2017-03-18 14:06 - 000177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-10-10 16:29 - 2017-09-14 12:47 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-10-07 17:41 - 2017-09-12 18:52 - 000000000 ____D C:\Users\buffe\AppData\Local\NVIDIA Corporation 2017-10-07 01:27 - 2017-09-16 04:04 - 000226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe 2017-10-07 01:27 - 2017-09-16 04:04 - 000214392 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0 2017-10-06 00:56 - 2017-09-15 18:17 - 000000922 _____ C:\Users\Public\Desktop\Battlefield 1.lnk ==================== Files in the root of some directories ======= 2017-09-20 19:53 - 2017-09-20 19:53 - 000000017 _____ () C:\Users\buffe\AppData\Local\resmon.resmoncfg 2017-10-30 12:18 - 2017-10-30 12:18 - 000000000 ____H () C:\ProgramData\DP45977C.lfl 2017-10-31 15:45 - 2017-10-31 15:45 - 000000004 _____ () C:\ProgramData\rwi.fcad Some files in TEMP: ==================== 2017-10-31 15:38 - 2017-10-31 15:38 - 000016384 _____ (Dallas, TX 75240 ) C:\Users\buffe\AppData\Local\Temp\capi.exe 2017-10-31 15:39 - 2017-10-31 15:39 - 000020480 _____ (Anaheim, CA 92801) C:\Users\buffe\AppData\Local\Temp\cuinsta.exe 2017-10-31 15:40 - 2017-10-31 15:40 - 000268800 _____ () C:\Users\buffe\AppData\Local\Temp\dnschanger.exe 2017-10-31 15:38 - 2017-10-31 15:38 - 001792071 _____ () C:\Users\buffe\AppData\Local\Temp\pi.exe 2017-10-31 15:39 - 2017-10-31 15:39 - 005046272 _____ (It was commissi) C:\Users\buffe\AppData\Local\Temp\s2s.exe 2017-10-31 15:40 - 2017-10-31 15:40 - 001199825 _____ () C:\Users\buffe\AppData\Local\Temp\unins000.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-10-30 12:17 ==================== End of FRST.txt ============================ Addition - Notepad Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-11-2017 Ran by buffe (01-11-2017 18:59:49) Running from F:\Users\buffe\Downloads Windows 10 Home Version 1703 15063.674 (X64) (2017-10-30 19:23:42) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-340033465-448931462-1049182933-500 - Administrator - Disabled) buffe (S-1-5-21-340033465-448931462-1049182933-1003 - Administrator - Enabled) => C:\Users\buffe DefaultAccount (S-1-5-21-340033465-448931462-1049182933-503 - Limited - Disabled) Guest (S-1-5-21-340033465-448931462-1049182933-501 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-340033465-448931462-1049182933-1003\...\uTorrent) (Version: 3.5.0.44090 - BitTorrent Inc.) Akamai NetSession Interface (HKU\S-1-5-21-340033465-448931462-1049182933-1003\...\Akamai) (Version: - Akamai Technologies, Inc) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.12 - Michael Tippach) ASUS Gamepad (HKLM-x32\...\{15717D9B-FB39-4700-8F9D-2464BB14A1E9}) (Version: 4.0.9 - ASUS) Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.8.2.48475 - Electronic Arts) Battlefield™ 1 (HKLM-x32\...\{335B50BC-6130-4BAF-9A6A-F1561270587B}) (Version: 1.0.51.8749 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB) Blizzard App (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) CCleaner (HKLM\...\CCleaner) (Version: 5.36 - Piriform) Cheat Engine 6.7 (HKLM-x32\...\Cheat Engine 6.7_is1) (Version: - Cheat Engine) Discord (HKU\S-1-5-21-340033465-448931462-1049182933-1003\...\Discord) (Version: 0.0.298 - Discord Inc.) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) EVGA Unleash Mouse Tuning Utility (HKLM-x32\...\{4C94DDFD-5000-4A88-972A-651967B19FD1}) (Version: 1.9.4 - EVGA) FL Studio 12 (HKLM-x32\...\FL Studio 12) (Version: - Image-Line) FL Studio ASIO (HKLM-x32\...\FL Studio ASIO) (Version: - Image-Line) GamersFirst LIVE! (HKU\S-1-5-21-340033465-448931462-1049182933-1003\...\GamersFirst LIVE!) (Version: - GamersFirst) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 62.0.3202.75 - Google Inc.) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games) IL Download Manager (HKLM-x32\...\IL Download Manager) (Version: - Image-Line) Intel(R) Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel(R) Corporation) Hidden Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1036 - Intel Corporation) Intel(R) Online Connect Software Asset Manager (HKLM-x32\...\{AE956AB9-CD98-4F1E-8B9E-C3C66E290D64}) (Version: 3.4.2072 - Intel Corporation) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD) NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation) NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation) NVIDIA GeForce Experience 3.10.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.10.0.95 - NVIDIA Corporation) NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation) NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation) Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.8528.2147 - Microsoft Corporation) Hidden Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.8326.2107 - Microsoft Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 10.5.4.63358 - Electronic Arts, Inc.) Overwatch (HKLM-x32\...\Overwatch) (Version: - Blizzard Entertainment) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8010 - Realtek Semiconductor Corp.) reFX Nexus VSTi RTAS v2.2.0 (HKLM-x32\...\reFX Nexus_is1) (Version: - ) RivaTuner Statistics Server 6.5.0 (HKLM-x32\...\RTSS) (Version: 6.5.0 - Unwinder) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.2.0 - Rockstar Games) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version: - TechPowerUp) Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22175 - Microsoft Corporation) Windows Driver Package - ASUS (AGP) HIDClass (09/14/2015 10.0.0.14) (HKLM\...\12A217E3B4780BD3B485676534D3F12EF65E5AC7) (Version: 09/14/2015 10.0.0.14 - ASUS) WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-340033465-448931462-1049182933-1003_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\buffe\AppData\Local\Microsoft\OneDrive\17.3.7074.1023_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-340033465-448931462-1049182933-1003_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\buffe\AppData\Local\Microsoft\OneDrive\17.3.7074.1023_1\amd64\FileSyncShell64.dll => No File CustomCLSID: HKU\S-1-5-21-340033465-448931462-1049182933-1003_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\buffe\AppData\Local\Microsoft\OneDrive\17.3.7074.1023_1\amd64\FileSyncShell64.dll => No File ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\Program Files (x86)\WinRar\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\Program Files (x86)\WinRar\rarext32.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamext.dll [2016-03-10] (Malwarebytes) ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => F:\Program Files (x86)\WinRar\rarext.dll [2017-08-11] (Alexander Roshal) ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => F:\Program Files (x86)\WinRar\rarext32.dll [2017-08-11] (Alexander Roshal) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {007BA7E0-D8BA-457E-A3C6-676351752708} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2017-10-18] (Piriform Ltd) Task: {012D8339-4D23-4348-ADC0-06B128C31B03} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7-Logon => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-29] (Intel Corporation) Task: {025EC9EF-2DE4-4496-B516-CC43105BDAC6} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe Task: {170D3692-D7DA-43D7-A17E-F1717A90F734} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-340033465-448931462-1049182933-500 => C:\Users\buffe\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {2F6DBA98-7EAB-474F-BB46-11AE58E5DF38} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-01] (Google Inc.) Task: {38A460D2-8C57-4B16-B208-F349C16AF7E7} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-27] (NVIDIA Corporation) Task: {51089CEA-5323-4ED9-BA44-15FF7415FAD6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-10-18] (Piriform Ltd) Task: {53DEE8E9-08E1-4BE4-BB93-2EB3D5C802DC} - System32\Tasks\Mini Permanent component => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\Mini Permanent component\Mini Permanent component.dll",ksIxztMVRlNk <==== ATTENTION Task: {595797C0-1959-4492-976A-8A14C62DEBC3} - System32\Tasks\IntelIOC-Upgrade-f1c8187b-2653-47cd-a9be-b554b98f68a7 => C:\Program Files (x86)\Intel\Intel(R) Online Connect Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2016-09-29] (Intel Corporation) Task: {5B0A6950-283C-482C-87A4-7B9C9420B74B} - System32\Tasks\MSIAfterburner => F:\MSI Afterburner\MSIAfterburner.exe [2016-10-24] () Task: {74D658C9-FC94-4665-82F2-15E5BEA3D7CD} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-10-27] (NVIDIA Corporation) Task: {863D8D2F-AF44-4175-B178-8F8B0CBDE29A} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-27] (NVIDIA Corporation) Task: {8B034CFA-B96B-4E52-8712-16ED6EA8D1F2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-27] (NVIDIA Corporation) Task: {8C4213F1-C1D0-4721-B8BD-2EAF585711AA} - System32\Tasks\ASUS Gamepad => F:\Program Files (x86)\ASUS\ASUS Gamepad\ap\AsusGamepadServer.exe [2015-09-14] (TODO: <Company name>) Task: {9E6CF0DF-E15A-42A0-BF7E-C84F32F941B3} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-27] (NVIDIA Corporation) Task: {A03A0F90-DA93-49A6-9E26-A570A21C7178} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-10-27] (NVIDIA Corporation) Task: {A5F12865-82FE-4878-BD12-3E2D4087BAA6} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel(R) Corporation) Task: {C49467DC-A3FA-4F35-876A-C8137C56091E} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-27] (NVIDIA Corporation) Task: {CABA1DD4-7BBF-4FC0-BA6C-4B1BEA9B8DF8} - System32\Tasks\YOCX => C:\WINDOWS\system32\rundll32.exe "C:\Program Files\YOCX\YOCX.dll",PBjOLaxrg <==== ATTENTION Task: {CDE4E34A-6F70-4AF8-A005-A10B04EAF8C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-01] (Google Inc.) Task: {FFD94164-9CED-4327-B757-AF2E7C048220} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-27] (NVIDIA Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Fair AdBlocker App.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dcnofaichneijfbkdkghmhjjbepjmble ==================== Loaded Modules (Whitelisted) ============== 2016-10-05 12:15 - 2016-10-05 12:15 - 000107752 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\libglog.dll 2016-10-05 12:15 - 2016-10-05 12:15 - 000412904 _____ () C:\Program Files\Intel\Intel(R) Online Connect Access\JsonCpp.dll 2017-10-06 21:53 - 2017-10-27 10:50 - 001267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-10-01 18:11 - 2017-10-01 18:11 - 000076152 _____ () C:\Windows\system32\PnkBstrA.exe 2017-10-30 14:48 - 2017-10-27 10:50 - 000019064 _____ () c:\program files\nvidia corporation\nvstreamsrv\detoured.dll 2017-03-18 13:58 - 2017-03-18 13:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll 2017-03-18 13:59 - 2017-03-18 19:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-11-01 15:10 - 2017-10-25 23:30 - 004135768 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.75\libglesv2.dll 2017-11-01 15:10 - 2017-10-25 23:30 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\62.0.3202.75\libegl.dll 2016-10-04 17:09 - 2016-10-04 17:09 - 000253664 _____ () C:\Program Files\Intel\Intel(R) Online Connect\CSLibWrapper.dll 2017-03-18 13:58 - 2017-03-18 13:58 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll 2017-07-10 22:40 - 2017-07-10 22:40 - 002331136 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll 2017-07-10 22:40 - 2017-07-10 22:40 - 002836480 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll 2017-10-06 21:53 - 2017-10-27 10:50 - 001040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll 2017-10-06 21:53 - 2017-10-27 10:50 - 070806136 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll 2017-10-30 14:48 - 2017-10-27 10:50 - 000019064 _____ () c:\program files (x86)\nvidia corporation\nvstreamsrv\detoured.dll 2017-10-12 14:34 - 2017-09-09 12:25 - 000688416 _____ () F:\Steam\SDL2.dll 2017-10-31 16:07 - 2017-10-30 20:22 - 002546976 _____ () F:\Steam\video.dll 2017-09-13 18:31 - 2016-08-31 18:02 - 004969248 _____ () F:\Steam\v8.dll 2017-09-13 18:31 - 2016-01-27 00:49 - 000491008 _____ () F:\Steam\libavformat-56.dll 2017-09-13 18:31 - 2016-01-27 00:49 - 000332800 _____ () F:\Steam\libavresample-2.dll 2017-09-13 18:31 - 2016-01-27 00:49 - 000442880 _____ () F:\Steam\libavutil-54.dll 2017-09-13 18:31 - 2016-01-27 00:49 - 002549760 _____ () F:\Steam\libavcodec-56.dll 2017-09-13 18:31 - 2016-01-27 00:49 - 000485888 _____ () F:\Steam\libswscale-3.dll 2017-09-13 18:31 - 2016-08-31 18:02 - 001195296 _____ () F:\Steam\icuuc.dll 2017-09-13 18:31 - 2016-08-31 18:02 - 001563936 _____ () F:\Steam\icui18n.dll 2017-10-31 16:07 - 2017-10-30 20:22 - 000901408 _____ () F:\Steam\bin\chromehtml.DLL 2017-09-18 02:37 - 2015-03-13 15:07 - 002838496 _____ () F:\Program Files (x86)\EVGA\EVGA Unleash Mouse Tuning Utility\X10Osd.dll 2017-10-12 14:34 - 2017-09-06 19:04 - 000678400 _____ () F:\Steam\bin\cef\cef.win7\SDL2.dll 2017-10-12 14:34 - 2017-08-16 15:28 - 073130272 _____ () F:\Steam\bin\cef\cef.win7\libcef.dll 2017-09-13 18:31 - 2015-09-24 16:52 - 000119208 _____ () F:\Steam\winh264.dll 2016-10-20 01:28 - 2016-10-20 01:28 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mbamchameleon => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) HKU\S-1-5-21-340033465-448931462-1049182933-1003\Software\Classes\regfile: regedit.exe "%1" <==== ATTENTION ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-340033465-448931462-1049182933-1003\Control Panel\Desktop\\Wallpaper -> F:\Users\buffe\Desktop\wallpapers\a.jpg DNS Servers: 8.8.8.8 - 8.8.4.4 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == HKU\S-1-5-21-340033465-448931462-1049182933-1003\...\StartupApproved\StartupFolder: => "GamersFirst LIVE!.lnk" HKU\S-1-5-21-340033465-448931462-1049182933-1003\...\StartupApproved\Run: => "DAEMON Tools Lite Automount" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{04207181-7FA6-45C3-9A57-CF8EF7CD8715}] => (Allow) F:\Steam\steamapps\common\America's Army\AAPG\Binaries\Win32\AALauncher32.exe FirewallRules: [{0D49FEAC-B088-4272-8BDD-34FD32DA7EF5}] => (Allow) F:\Steam\steamapps\common\America's Army\AAPG\Binaries\Win32\AALauncher32.exe FirewallRules: [{030535E9-6D50-4D7A-9FEC-9EA2936A2FA4}] => (Allow) F:\Steam\steamapps\common\America's Army\AAPG\Binaries\Win32\AAGame.exe FirewallRules: [{E6D93128-8F2F-4074-813F-C7E07DE0911A}] => (Allow) F:\Steam\steamapps\common\America's Army\AAPG\Binaries\Win32\AAGame.exe FirewallRules: [{06C621FC-42AD-42B0-86D7-660ED09BE9CB}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{3DF6640C-2F1F-44B7-993A-7E541E9CDAD5}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{297EB2A8-B9DD-44A1-8E0C-4252EC92BCBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{F01E2213-2EC0-41F0-833D-83A1F7633260}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{117EDC72-00F7-4F82-9C88-1B244202B8AB}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe FirewallRules: [{56C50CB6-F3C4-4FFF-A033-EA523444F9B3}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 1\bf1.exe FirewallRules: [{F9E7E6A9-7A55-47EE-961A-E4C184F5A4E8}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe FirewallRules: [{02B6637E-51AD-461F-81A4-91D005CFBDF7}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 1\bf1Trial.exe FirewallRules: [UDP Query User{47E7E7F0-29C8-481E-882D-699B2F27FFEC}F:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) F:\program files (x86)\origin games\battlefield 4\bf4.exe FirewallRules: [TCP Query User{7C3FDD92-7037-4741-B9AE-52E4F8BA7B95}F:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) F:\program files (x86)\origin games\battlefield 4\bf4.exe FirewallRules: [{274EB77F-017D-4363-81EA-673D808CE4A1}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe FirewallRules: [{08BD142C-81F6-419D-BB70-2740883DC6A0}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher_x86.exe FirewallRules: [{62EEC017-1A6C-4774-8847-047ACAA3199C}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe FirewallRules: [{708743FE-36A3-4792-AF51-1BF5FEC3F5E0}] => (Allow) F:\Program Files (x86)\Origin Games\Battlefield 4\BFLauncher.exe FirewallRules: [{57529878-6767-4CA9-A5C4-567839494CA6}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{47408553-EA01-4D37-A5CA-0CA844F5412C}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{6F0082C5-CF05-4954-BC69-8A8646EBF008}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{4D37B177-7DE5-4378-BB6D-A1E18920EC2A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{054EFE9D-7925-4C9E-9E64-72D35629D3D8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{1D8BA2BA-9D76-4337-8775-2CCEFA5F87F0}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{7D51F3CF-F996-4580-977D-C8B978059F81}] => (Allow) C:\SteamLibrary\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe FirewallRules: [{11BA43F6-CBE6-4635-83B5-9400A12C796F}] => (Allow) C:\SteamLibrary\steamapps\common\Call of Duty WWII Beta\s2_mp64_ship.exe FirewallRules: [UDP Query User{EE727E85-1790-4A2F-9B7E-666ECC39773F}C:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [TCP Query User{D5F37A7F-9DB9-470A-9B92-B70EC10DA7E4}C:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\steamlibrary\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [{BDA459BB-1CE3-42EC-9237-53B416BD29B7}] => (Allow) C:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe FirewallRules: [{A4698001-5BDE-4CEA-8986-665D33CF5E3A}] => (Allow) C:\SteamLibrary\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe FirewallRules: [{3A43DDCC-79BB-4B19-8805-008593FA0984}] => (Allow) F:\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe FirewallRules: [{06605CE7-AD87-4849-B06F-0CD1CF9ACB56}] => (Allow) F:\Steam\steamapps\common\PUBG\TslGame\Binaries\Win64\TslGame_BE.exe FirewallRules: [{15FBCFED-2E66-49EE-8043-20BF86F72D3F}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe FirewallRules: [{D52EAD8C-B34D-491F-A05A-447C9D6FBBC0}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\VivoxVoiceService.exe FirewallRules: [{C29A0602-C378-4962-8012-E56E0B7F05F3}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe FirewallRules: [{3D6C5C44-0D00-43E8-83B2-39A3F41E12D6}] => (Allow) C:\Program Files (x86)\GamersFirst\APB Reloaded\Binaries\APB.exe FirewallRules: [{BE8720CB-3851-43A5-8864-1704E68E765E}] => (Allow) C:\Users\buffe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{219C708E-0092-4EF7-AA00-D1047D666690}] => (Allow) C:\Users\buffe\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [UDP Query User{35A02076-90BC-49C1-84EF-C60628C0A941}C:\users\buffe\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\buffe\appdata\local\akamai\netsession_win.exe FirewallRules: [TCP Query User{A97F8EB7-0477-47C5-AB22-29578FEEBF8D}C:\users\buffe\appdata\local\akamai\netsession_win.exe] => (Block) C:\users\buffe\appdata\local\akamai\netsession_win.exe FirewallRules: [{ADDC9B9C-DE0E-42AA-B72E-C0573EC5BCA3}] => (Allow) F:\Steam\steamapps\common\Rust\Rust.exe FirewallRules: [{D24FADED-A43F-4C5E-B496-9D6FC79E4F36}] => (Allow) F:\Steam\steamapps\common\Rust\Rust.exe FirewallRules: [UDP Query User{2D678145-C21B-48D3-ABC3-DC7B31D1C23D}F:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [TCP Query User{E9FDE269-1AE1-497A-A31E-94D9877A9BDC}F:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) F:\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [{C16F3148-30DD-4512-9CE6-FB4B3BD629FF}] => (Allow) F:\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{8851EDEC-EA36-4AB5-8893-0D25676B5DEE}] => (Allow) F:\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{DAA703E1-8BDC-447D-A998-2DA61E0634F4}] => (Allow) F:\Steam\Steam.exe FirewallRules: [{E41F31F5-215E-4862-B47F-10A9827033CD}] => (Allow) F:\Steam\Steam.exe FirewallRules: [UDP Query User{561E3AA4-4128-4954-8992-AF18D20E57FC}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [TCP Query User{FAAF2481-ABA9-45A1-9106-5EE051D0C8E4}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe FirewallRules: [UDP Query User{8AE7CEB1-4FB2-48F5-8109-F464E85E741D}F:\gta5.exe] => (Allow) F:\gta5.exe FirewallRules: [TCP Query User{2078EE86-7908-46A1-B85B-FB9E037AFA72}F:\gta5.exe] => (Allow) F:\gta5.exe FirewallRules: [{3D1B625D-9CF5-4787-A375-FC8C5D802CCF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe FirewallRules: [{C433DE2F-D477-426D-9E02-3425B80B0E36}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe FirewallRules: [UDP Query User{D92B980A-D8F1-4027-9847-7E126FE974AF}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [TCP Query User{4ED4AB46-3921-4DD0-AF2C-06080A349F3B}C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\pubg\tslgame\binaries\win64\tslgame.exe FirewallRules: [{D607D3A3-9F3F-44B2-957D-E0C2ED615752}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{A1FBD48F-E1F0-47D6-AD9A-8F2F88E97C5D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe FirewallRules: [{1966D48E-1D36-400F-8CD8-09AFCEFDC606}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{FFB56B02-AA03-4A1F-9AF5-50F4AF84B4AD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{C1575F5C-7BCB-4A61-9AFF-F52B3F6CBF5C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{21F1A80C-CC07-4C31-9489-76038536FFA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{86D8B11F-3D58-49DD-B382-3B3FA956E0C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe FirewallRules: [{193A9C0B-9E52-4CDB-9CB8-9343F3E60092}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{FB002983-B418-43E9-A9E3-9FFF21FE3C70}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe FirewallRules: [{509A2EC4-A3AD-49DA-B6C4-3FD4080594D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe FirewallRules: [{074D89E5-3DE4-489D-BFCC-FA76BE25ED3C}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{D72B21B4-219F-492C-87B9-039C2A17349B}] => (Allow) C:\Program Files (x86)\Sensors\ultrasounds.exe FirewallRules: [{54300FB4-2960-454A-ADC2-64AFC114B796}] => (Allow) C:\Program Files (x86)\Sightless\ultrasounds.exe FirewallRules: [{5FDC9490-75E1-4FB4-A625-868A38FE00B8}] => (Allow) C:\WINDOWS\system32\rundll32.exe FirewallRules: [{2193779A-E37F-4620-A377-17B19EED88F8}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{75DFF323-FFFA-442D-B991-9E7AE445B6EC}] => (Allow) C:\Windows\System32\rundll32.exe FirewallRules: [{315A84E2-BBD7-4E98-97D2-EFC60CCD0446}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (11/01/2017 04:27:02 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: utorrentie.exe, version: 1.0.0.44090, time stamp: 0x59a491fe Faulting module name: jscript9.dll, version: 11.0.15063.674, time stamp: 0x27e44617 Exception code: 0xc0000005 Fault offset: 0x0011f4a0 Faulting process id: 0x16ac Faulting application start time: 0x01d35366f14c31fb Faulting application path: C:\Users\buffe\AppData\Roaming\uTorrent\updates\3.5.0_44090\utorrentie.exe Faulting module path: C:\Windows\System32\jscript9.dll Report Id: 7521f78d-a59f-48c0-9985-50217c361b44 Faulting package full name: Faulting package-relative application ID: Error: (11/01/2017 03:10:16 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe". Dependent Assembly 62.0.3202.75,language="*",type="win32",version="62.0.3202.75" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/01/2017 03:09:42 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe". Dependent Assembly 62.0.3202.75,language="*",type="win32",version="62.0.3202.75" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/01/2017 03:09:39 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe". Dependent Assembly 62.0.3202.75,language="*",type="win32",version="62.0.3202.75" could not be found. Please use sxstrace.exe for detailed diagnosis. Error: (11/01/2017 03:07:12 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program uTorrent.exe version 3.5.0.44090 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1774 Start Time: 01d3535db569bbf2 Termination Time: 4294967295 Application Path: C:\Users\buffe\AppData\Roaming\uTorrent\uTorrent.exe Report Id: 390513b1-9b17-4df8-9b93-62ce2d245b1f Faulting package full name: Faulting package-relative application ID: Error: (11/01/2017 03:06:34 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: appdrive.exe, version: 0.0.0.0, time stamp: 0x59ef8014 Faulting module name: appdrive.exe, version: 0.0.0.0, time stamp: 0x59ef8014 Exception code: 0xc0000005 Fault offset: 0x00005850 Faulting process id: 0x1b24 Faulting application start time: 0x01d3535dadca4f6e Faulting application path: C:\ProgramData\XAPersonalD\support\__apdd\appdrive.exe Faulting module path: C:\ProgramData\XAPersonalD\support\__apdd\appdrive.exe Report Id: dbd8f260-e3d1-4831-9c81-8b1f2e574ed1 Faulting package full name: Faulting package-relative application ID: Error: (11/01/2017 04:28:45 AM) (Source: IntelDalJhi) (EventID: 4) (User: ) Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid. Error: (11/01/2017 04:28:45 AM) (Source: IntelDalJhi) (EventID: 4) (User: ) Description: Intel(R) Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid. Error: (10/31/2017 08:36:48 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 10.0.15063.0, time stamp: 0x02799ef5 Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b Exception code: 0xc0000409 Fault offset: 0x00000000000aa020 Faulting process id: 0x1190 Faulting application start time: 0x01d352c10e3e26f6 Faulting application path: c:\windows\system32\svchost.exe Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll Report Id: 6e71aba9-a753-4a17-9628-15585b77d27a Faulting package full name: Faulting package-relative application ID: Error: (10/31/2017 08:32:16 PM) (Source: SideBySide) (EventID: 33) (User: ) Description: Activation context generation failed for "F:\MSI Afterburner\MSIAfterburner.exe". Dependent Assembly Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found. Please use sxstrace.exe for detailed diagnosis. System errors: ============= Error: (11/01/2017 06:56:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Intel® SGX AESM service failed to start due to the following error: The system cannot find the file specified. Error: (11/01/2017 06:55:13 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Intel(R) Online Connect Helper service. Error: (11/01/2017 06:54:45 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (11/01/2017 06:54:45 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (11/01/2017 06:54:45 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (11/01/2017 06:54:45 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (11/01/2017 06:54:45 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (11/01/2017 06:54:45 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (11/01/2017 06:54:45 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. Error: (11/01/2017 06:54:45 PM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk0\DR0. CodeIntegrity: =================================== Date: 2017-11-01 17:14:41.447 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.14393.0_none_d3ff7fe68f928203\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-01 17:14:41.445 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.14393.0_none_d3ff7fe68f928203\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-01 17:14:41.444 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.14393.0_none_d3ff7fe68f928203\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-01 17:14:24.196 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.14393.1715_none_4546cf5d2340c8ec\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-01 17:14:24.183 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.14393.1715_none_4546cf5d2340c8ec\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-01 17:14:24.174 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.14393.1715_none_4546cf5d2340c8ec\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-01 17:14:22.880 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.14393.1715_none_be86fee9b6759f50\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-01 17:14:22.874 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.14393.1715_none_be86fee9b6759f50\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-01 17:14:22.870 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\WinSxS\wow64_microsoft-xbox-gameoverlay_31bf3856ad364e35_10.0.14393.1715_none_be86fee9b6759f50\GamePanel.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2017-11-01 17:14:16.557 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows.old\Windows\WinSxS\wow64_microsoft-windows-s..-credentialprovider_31bf3856ad364e35_10.0.14393.1378_none_63192f664a3276f0\BioCredProv.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz Percentage of memory in use: 24% Total physical RAM: 16351.86 MB Available physical RAM: 12349.03 MB Total Virtual: 19295.86 MB Available Virtual: 15045.86 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:110.41 GB) (Free:43.15 GB) NTFS Drive f: (New Volume) (Fixed) (Total:1862.89 GB) (Free:1322.4 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 111.8 GB) (Disk ID: 6437ED14) Partition: GPT. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Aura Posted November 2, 2017 ID:1178345 Share Posted November 2, 2017 Alright, so this is a SmartService infection. Do you have a USB Flash Drive? If so, how big is it? Also, follow the instructions below. Farbar Recovery Scan Tool (FRST) - Fix mode Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply. Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located) Right-click on the FRST executable and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Click on the Fix button On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad Copy and paste its content in your next reply fixlist.txt Link to post Share on other sites More sharing options...
cropflOp Posted November 2, 2017 Author ID:1178346 Share Posted November 2, 2017 Sadly I have yet to ever own a USB Flash Drive Link to post Share on other sites More sharing options...
Aura Posted November 2, 2017 ID:1178347 Share Posted November 2, 2017 You're going to need one for this infection if MBAR is causing a BSOD. Which options are you enabling when you run a scan with MBAR? The 3 options are Drivers, Sectors and System. Link to post Share on other sites More sharing options...
cropflOp Posted November 2, 2017 Author ID:1178348 Share Posted November 2, 2017 Fixlog - Notepad Fix result of Farbar Recovery Scan Tool (x64) Version: 01-11-2017 Ran by buffe (01-11-2017 19:07:39) Run:1 Running from F:\Users\buffe\Desktop Loaded Profiles: buffe (Available Profiles: buffe) Boot Mode: Normal ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes CMD: fltmc instances CMD: dir C:\Windows\system32\drivers ***************** ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= ========= fltmc instances ========= Filter Volume Name Altitude Instance Name Frame SprtFtrs VlStatus -------------------- ------------------------------------- ------------ ---------------------- ----- -------- -------- FileInfo 40500 FileInfo 0 00000003 FileInfo \Device\HarddiskVolume2 40500 FileInfo 0 00000003 FileInfo C: 40500 FileInfo 0 00000003 FileInfo 40500 FileInfo 0 00000003 FileInfo F: 40500 FileInfo 0 00000003 FileInfo \Device\Mup 40500 FileInfo 0 00000003 WdFilter 328010 WdFilter Instance 0 00000007 WdFilter \Device\HarddiskVolume2 328010 WdFilter Instance 0 00000007 WdFilter C: 328010 WdFilter Instance 0 00000007 WdFilter 328010 WdFilter Instance 0 00000007 WdFilter F: 328010 WdFilter Instance 0 00000007 WdFilter \Device\Mup 328010 WdFilter Instance 0 00000007 Wof 40700 Wof Instance 0 00000003 Wof C: 40700 Wof Instance 0 00000003 Wof 40700 Wof Instance 0 00000003 Wof F: 40700 Wof Instance 0 00000003 luafv C: 135000 luafv 0 00000003 npsvctrig \Device\NamedPipe 46000 npsvctrig 0 00000000 wcifs C: 189900 wcifs Instance 0 00000000 zmopasue C: 45666 zmopasue Instance 0 00000000 zmopasue \Device\Mup 45666 zmopasue Instance 0 00000000 ========= End of CMD: ========= ========= dir C:\Windows\system32\drivers ========= Volume in drive C has no label. Volume Serial Number is 08E9-FC99 Directory of C:\Windows\system32\drivers 11/01/2017 06:54 PM <DIR> . 11/01/2017 06:54 PM <DIR> .. 03/18/2017 01:56 PM 238,080 1394ohci.sys 03/18/2017 01:56 PM 107,424 3ware.sys 11/01/2017 06:53 PM 255,928 5646E390.sys 11/01/2017 06:01 PM 255,928 6244F7BA.sys 10/30/2017 01:14 PM 723,360 acpi.sys 03/18/2017 01:56 PM 20,480 AcpiDev.sys 03/18/2017 01:56 PM 127,392 acpiex.sys 03/18/2017 01:56 PM 12,800 acpipagr.sys 03/18/2017 01:56 PM 14,848 acpipmi.sys 03/18/2017 01:56 PM 14,336 acpitime.sys 03/18/2017 01:56 PM 1,135,512 adp80xx.sys 10/30/2017 01:14 PM 610,720 afd.sys 03/18/2017 01:58 PM 108,544 agilevpn.sys 03/18/2017 01:57 PM 239,616 ahcache.sys 03/18/2017 01:56 PM 176,640 amdk8.sys 03/18/2017 01:56 PM 172,544 amdppm.sys 03/18/2017 01:56 PM 83,352 amdsata.sys 03/18/2017 01:56 PM 259,488 amdsbs.sys 03/18/2017 01:56 PM 27,040 amdxata.sys 09/29/2017 10:40 PM 184,728 appid.sys 03/18/2017 01:58 PM 17,920 applockerfltr.sys 03/18/2017 01:56 PM 132,000 arcsas.sys 03/18/2017 01:57 PM 28,672 asyncmac.sys 03/18/2017 01:56 PM 29,088 atapi.sys 03/18/2017 01:56 PM 194,464 ataport.sys 03/18/2017 01:56 PM 57,344 BasicDisplay.sys 09/29/2017 12:32 AM 35,840 BasicRender.sys 03/18/2017 01:56 PM 36,256 battc.sys 03/18/2017 01:56 PM 9,728 bcmfn2.sys 03/18/2017 01:57 PM 10,240 beep.sys 03/18/2017 01:56 PM 101,888 bowser.sys 10/30/2017 01:14 PM 115,712 bridge.sys 03/18/2017 01:56 PM 23,552 BtaMPM.sys 03/18/2017 01:56 PM 43,520 BthAvrcpTg.sys 10/30/2017 01:14 PM 105,472 bthenum.sys 10/30/2017 01:14 PM 97,792 bthhfenum.sys 03/18/2017 01:56 PM 32,256 BthhfHid.sys 03/18/2017 01:56 PM 66,560 bthmodem.sys 10/30/2017 01:14 PM 130,560 bthpan.sys 10/30/2017 01:14 PM 982,016 bthport.sys 03/18/2017 01:56 PM 85,504 BTHUSB.SYS 10/30/2017 01:14 PM 39,424 buttonconverter.sys 03/18/2017 01:56 PM 533,920 bxvbda.sys 03/18/2017 01:56 PM 53,664 CAD.sys 03/18/2017 01:56 PM 122,880 capimg.sys 03/18/2017 01:57 PM 93,184 cdfs.sys 03/18/2017 01:56 PM 160,256 cdrom.sys 03/18/2017 01:57 PM 77,216 CEA.sys 10/31/2017 06:38 PM 79,064 cgdqmq.sys 03/18/2017 01:56 PM 102,816 cht4dx64.sys 03/18/2017 01:56 PM 347,032 cht4sx64.sys 03/18/2017 01:56 PM 2,104,224 cht4vx64.sys 03/18/2017 01:56 PM 49,152 circlass.sys 03/18/2017 01:57 PM 391,584 Classpnp.sys 03/18/2017 01:58 PM 12,288 cldflt.sys 10/30/2017 01:14 PM 382,368 clfs.sys 03/18/2017 01:58 PM 877,472 ClipSp.sys 03/18/2017 01:56 PM 30,208 CmBatt.sys 03/18/2017 01:56 PM 28,064 cmimcext.sys 09/29/2017 10:40 PM 642,680 cng.sys 03/18/2017 01:57 PM 39,840 cnghwassist.sys 03/18/2017 01:57 PM 56,224 condrv.sys 03/18/2017 01:57 PM 86,432 crashdmp.sys 07/10/2017 10:40 PM 112,544 dam.sys 03/18/2017 01:56 PM 45,568 devauthe.sys 03/18/2017 01:57 PM 150,528 dfsc.sys 03/18/2017 01:56 PM 102,816 disk.sys 03/18/2017 01:58 PM 38,816 Diskdump.sys 03/18/2017 01:57 PM 15,360 Dmpusbstor.sys 03/18/2017 01:56 PM 47,104 dmvsc.sys 03/18/2017 01:56 PM 97,280 drmk.sys 03/18/2017 01:56 PM 16,232 drmkaud.sys 03/18/2017 01:57 PM 35,744 Dumpata.sys 03/18/2017 01:59 PM 91,152 dumpfve.sys 10/30/2017 01:14 PM 189,344 dumpsd.sys 03/18/2017 01:58 PM 32,256 dumpsdport.sys 03/18/2017 01:57 PM 25,600 Dumpstorport.sys 09/29/2017 10:43 PM 2,442,136 dxgkrnl.sys 07/10/2017 10:40 PM 409,504 dxgmms1.sys 09/29/2017 10:44 PM 712,600 dxgmms2.sys 09/17/2017 08:19 PM 781,864 EasyAntiCheat.sys 03/18/2017 01:57 PM 88,992 EhStorClass.sys 03/18/2017 01:56 PM 119,200 EhStorTcgDrv.sys 03/18/2017 07:31 PM <DIR> en-US 03/18/2017 01:56 PM 13,824 errdev.sys 10/31/2017 05:52 PM <DIR> etc 03/18/2017 01:56 PM 3,419,040 evbda.sys 03/18/2017 01:57 PM 347,136 exfat.sys 07/10/2017 10:40 PM 363,424 fastfat.sys 03/18/2017 01:56 PM 32,768 fdc.sys 03/18/2017 01:56 PM 54,272 filecrypt.sys 03/18/2017 01:57 PM 86,432 fileinfo.sys 03/18/2017 01:57 PM 36,864 filetrace.sys 03/18/2017 01:56 PM 26,624 flpydisk.sys 03/18/2017 01:57 PM 386,464 fltMgr.sys 03/18/2017 01:56 PM 63,904 fsdepends.sys 03/18/2017 01:57 PM 33,688 fs_rec.sys 10/30/2017 01:14 PM 715,168 fvevol.sys 03/18/2017 01:57 PM 419,744 FWPKCLNT.SYS 03/18/2017 01:56 PM 21,504 genericusbfn.sys 03/18/2017 01:57 PM 3,440,660 gm.dls 03/18/2017 01:57 PM 646 gmreadme.txt 03/18/2017 01:58 PM 8,192 gpuenergydrv.sys 07/10/2017 10:40 PM 86,528 hdaudbus.sys 03/18/2017 01:56 PM 38,296 hidbatt.sys 10/30/2017 01:14 PM 107,008 hidbth.sys 03/18/2017 01:56 PM 180,736 hidclass.sys 03/18/2017 01:56 PM 52,224 hidi2c.sys 03/18/2017 01:56 PM 51,104 hidinterrupt.sys 03/18/2017 01:56 PM 46,592 hidir.sys 03/18/2017 01:56 PM 40,960 hidparse.sys 03/18/2017 01:56 PM 40,960 hidusb.sys 03/18/2017 01:56 PM 64,416 HpSAMD.sys 07/10/2017 10:40 PM 1,106,848 http.sys 03/18/2017 01:57 PM 74,648 hvservice.sys 03/18/2017 01:56 PM 118,688 hvsocket.sys 03/18/2017 01:57 PM 29,600 hwpolicy.sys 03/18/2017 01:56 PM 16,896 hyperkbd.sys 03/18/2017 01:56 PM 115,200 i8042prt.sys 03/18/2017 01:56 PM 33,280 iagpio.sys 03/18/2017 01:56 PM 81,408 iai2c.sys 03/18/2017 01:56 PM 70,656 iaLPSS2i_GPIO2.sys 03/18/2017 01:56 PM 85,504 iaLPSS2i_GPIO2_BXT_P.sys 03/18/2017 01:56 PM 165,376 iaLPSS2i_I2C.sys 03/18/2017 01:56 PM 168,448 iaLPSS2i_I2C_BXT_P.sys 03/18/2017 01:56 PM 38,128 iaLPSSi_GPIO.sys 03/18/2017 01:56 PM 113,152 iaLPSSi_I2C.sys 01/26/2016 11:29 AM 101,872 IaNVMe.sys 03/18/2017 01:56 PM 673,184 iaStorAV.sys 03/18/2017 01:56 PM 412,064 iaStorV.sys 03/18/2017 01:56 PM 526,240 ibbus.sys 06/22/2017 02:56 PM 174,568 ibtusb.sys 03/18/2017 01:58 PM 36,864 IndirectKmd.sys 03/18/2017 01:56 PM 19,360 intelide.sys 10/19/2016 10:24 PM 18,720 IntelMEFWVer.dll 03/18/2017 01:56 PM 74,840 intelpep.sys 03/18/2017 01:56 PM 193,536 intelppm.sys 03/18/2017 01:57 PM 49,568 iorate.sys 03/18/2017 01:57 PM 87,040 ipfltdrv.sys 03/18/2017 01:56 PM 92,064 IPMIDrv.sys 03/18/2017 01:58 PM 214,528 ipnat.sys 03/18/2017 01:57 PM 120,320 irda.sys 03/18/2017 01:57 PM 19,968 irenum.sys 10/31/2017 05:42 PM 79,064 irtfw.sys 03/18/2017 01:56 PM 22,944 isapnp.sys 03/18/2017 01:56 PM 64,416 kbdclass.sys 03/18/2017 01:56 PM 40,448 kbdhid.sys 03/18/2017 01:56 PM 23,040 kdnic.sys 10/31/2017 05:09 PM 79,064 kowe.sys 03/18/2017 01:58 PM 390,144 ks.sys 09/29/2017 10:49 PM 135,576 ksecdd.sys 03/18/2017 01:58 PM 170,912 ksecpkg.sys 07/10/2017 10:40 PM 27,136 ksthunk.sys 03/18/2017 01:58 PM 66,560 lltdio.sys 03/18/2017 01:56 PM 108,960 lsi_sas.sys 03/18/2017 01:56 PM 123,808 lsi_sas2i.sys 03/18/2017 01:56 PM 103,328 lsi_sas3i.sys 03/18/2017 01:56 PM 82,848 lsi_sss.sys 03/18/2017 01:57 PM 124,928 luafv.sys 03/18/2017 01:56 PM 405,408 mausbhost.sys 03/18/2017 01:56 PM 51,104 mausbip.sys 10/04/2017 01:15 PM 77,440 mbae64.sys 03/10/2016 02:08 PM 27,008 mbam.sys 11/01/2017 06:43 PM 192,952 mbamchameleon.sys 11/01/2017 06:07 PM 192,216 MBAMSwissArmy.sys 11/01/2017 06:27 PM 137,552 mbbuybeh.sys 03/18/2017 01:57 PM 23,552 mcd.sys 03/18/2017 01:56 PM 59,808 megasas.sys 03/18/2017 01:56 PM 64,416 MegaSas2i.sys 03/18/2017 01:56 PM 575,904 megasr.sys 10/30/2017 01:14 PM 97,280 Microsoft.Bluetooth.Legacy.LEEnumerator.sys 03/18/2017 01:56 PM 842,656 mlx4_bus.sys 03/18/2017 01:57 PM 50,688 mmcss.sys 03/18/2017 01:57 PM 42,496 modem.sys 03/18/2017 01:56 PM 39,424 monitor.sys 03/18/2017 01:56 PM 60,320 mouclass.sys 03/18/2017 01:56 PM 33,280 mouhid.sys 03/18/2017 01:57 PM 105,880 mountmgr.sys 03/18/2017 01:58 PM 76,800 mpsdrv.sys 03/18/2017 01:57 PM 144,384 mrxdav.sys 03/18/2017 01:57 PM 467,352 mrxsmb.sys 09/29/2017 12:20 AM 286,208 mrxsmb10.sys 09/29/2017 10:41 PM 228,248 mrxsmb20.sys 03/18/2017 01:57 PM 31,744 msfs.sys 07/16/2016 04:42 AM 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf 03/18/2017 01:57 PM 169,888 msgpioclx.sys 03/18/2017 01:56 PM 49,056 msgpiowin32.sys 03/18/2017 01:57 PM 8,704 mshidkmdf.sys 03/18/2017 01:57 PM 12,288 mshidumdf.sys 03/18/2017 01:56 PM 19,352 msisadrv.sys 10/30/2017 01:14 PM 279,968 msiscsi.sys 07/10/2017 10:40 PM 32,768 mskssrv.sys 03/18/2017 01:57 PM 83,456 mslldp.sys 03/18/2017 01:58 PM 10,752 mspclock.sys 03/18/2017 01:58 PM 10,752 mspqm.sys 03/18/2017 01:57 PM 367,000 msrpc.sys 03/18/2017 01:56 PM 44,960 mssmbios.sys 03/18/2017 01:58 PM 12,800 mstee.sys 03/18/2017 01:56 PM 16,896 MTConfig.sys 03/18/2017 01:57 PM 123,808 mup.sys 03/18/2017 01:56 PM 63,904 mvumis.sys 03/10/2016 02:09 PM 65,408 mwac.sys 03/18/2017 01:56 PM 108,960 ndfltr.sys 10/30/2017 01:14 PM 1,242,528 ndis.sys 03/18/2017 01:57 PM 50,688 ndiscap.sys 03/18/2017 01:57 PM 128,512 NdisImPlatform.sys 09/13/2016 03:41 PM 59,792 ndisrfl.sys 03/18/2017 01:58 PM 27,136 ndistapi.sys 03/18/2017 01:58 PM 65,536 ndisuio.sys 03/18/2017 01:57 PM 20,992 NdisVirtualBus.sys 03/18/2017 01:58 PM 192,000 ndiswan.sys 03/18/2017 01:58 PM 62,464 ndproxy.sys 03/18/2017 01:58 PM 127,488 Ndu.sys 03/18/2017 01:57 PM 122,368 NetAdapterCx.sys 03/18/2017 01:57 PM 57,760 netbios.sys 10/30/2017 01:14 PM 305,152 netbt.sys 10/30/2017 01:14 PM 519,584 netio.sys 07/10/2017 10:40 PM 118,784 netvsc.sys 03/18/2017 01:56 PM 9,212,864 Netwfw04.dat 03/18/2017 01:56 PM 7,218,176 Netwtw04.sys 03/18/2017 01:57 PM 69,120 npfs.sys 03/18/2017 01:56 PM 27,136 npsvctrig.sys 10/30/2017 01:14 PM 43,520 nsiproxy.sys 09/29/2017 10:48 PM 2,327,448 ntfs.sys 03/18/2017 01:57 PM 20,376 ntosext.sys 03/18/2017 01:57 PM 7,680 null.sys 03/18/2017 01:56 PM 80,896 nvdimmn.sys 10/27/2017 10:50 AM 225,208 nvhda64v.sys 12/16/2015 08:55 AM 119,840 nvme.sys 03/18/2017 01:56 PM 150,432 nvraid.sys 03/18/2017 01:56 PM 166,304 nvstor.sys 03/31/2017 05:41 PM 478,264 nvstusb.sys 10/27/2017 10:50 AM 50,808 nvvad64v.sys 10/27/2017 10:50 AM 57,976 nvvhci.sys 09/29/2017 12:29 AM 550,400 nwifi.sys 06/10/2016 05:58 AM 99,592 ocznvme.sys 06/10/2016 05:58 AM 148,520 ocztrimcoinstaller.dll 06/10/2016 05:58 AM 29,064 ocztrimfilter.sys 11/01/2017 04:53 PM 79,064 oocn.sys 03/18/2017 01:57 PM 152,992 pacer.sys 03/18/2017 01:56 PM 97,792 parport.sys 10/30/2017 01:14 PM 159,648 partmgr.sys 03/18/2017 01:56 PM 353,696 pci.sys 03/18/2017 01:56 PM 16,800 pciide.sys 03/18/2017 01:56 PM 53,656 pciidex.sys 03/18/2017 01:56 PM 120,224 pcmcia.sys 03/18/2017 01:57 PM 52,640 pcw.sys 07/10/2017 10:40 PM 117,664 pdc.sys 03/18/2017 01:58 PM 741,376 PEAuth.sys 03/18/2017 01:56 PM 58,784 percsas2i.sys 03/18/2017 01:56 PM 61,848 percsas3i.sys 03/18/2017 01:56 PM 101,376 pmem.sys 03/18/2017 01:56 PM 373,248 portcls.sys 03/18/2017 01:56 PM 172,032 processr.sys 10/31/2017 07:06 PM 41,800 PROCEXP152.SYS 03/18/2017 01:57 PM 49,664 qwavedrv.sys 03/18/2017 01:57 PM 17,920 rasacd.sys 03/18/2017 01:58 PM 107,008 rasl2tp.sys 03/18/2017 01:57 PM 81,920 raspppoe.sys 03/18/2017 01:58 PM 97,792 raspptp.sys 03/18/2017 01:58 PM 79,872 rassstp.sys 03/18/2017 01:57 PM 434,080 rdbss.sys 03/18/2017 07:31 PM 27,136 rdpbus.sys 03/18/2017 07:31 PM 183,296 rdpdr.sys 03/18/2017 07:31 PM 30,624 rdpvideominiport.sys 03/18/2017 01:57 PM 282,528 rdyboost.sys 03/18/2017 01:57 PM 1,735,584 refs.sys 03/18/2017 01:57 PM 936,864 refsv1.sys 03/18/2017 01:57 PM 14,336 registry.sys 10/30/2017 01:14 PM 180,736 rfcomm.sys 03/18/2017 01:56 PM 40,960 RfxVmt.sys 03/18/2017 01:57 PM 150,016 rmcast.sys 03/18/2017 01:57 PM 34,816 RNDISMP.sys 07/10/2017 10:40 PM 13,312 rootmdm.sys 03/18/2017 01:58 PM 82,432 rspndr.sys 08/22/2016 01:19 PM 943,112 rt640x64.sys 12/08/2016 05:35 PM 7,890,895 RTAIODAT.DAT 12/08/2016 05:35 PM 1,920,919 rtkSSTsetting.dat 12/08/2016 05:35 PM 5,539,328 RTKVHD64.sys 12/08/2016 05:35 PM 5,804,772 rtvienna.dat 03/18/2017 01:56 PM 110,496 sbp2port.sys 03/18/2017 01:57 PM 43,520 scfilter.sys 03/18/2017 01:56 PM 91,040 scmbus.sys 09/14/2015 06:58 PM 39,168 ScpVBus.sys 03/18/2017 01:57 PM 175,520 scsiport.sys 10/30/2017 01:14 PM 287,648 sdbus.sys 03/18/2017 01:56 PM 31,128 SDFRd.sys 03/18/2017 01:56 PM 98,208 sdport.sys 03/18/2017 01:56 PM 94,624 sdstor.sys 03/18/2017 01:57 PM 75,680 SerCx.sys 03/18/2017 01:57 PM 154,016 SerCx2.sys 03/18/2017 01:56 PM 26,112 serenum.sys 03/18/2017 01:56 PM 84,480 serial.sys 03/18/2017 01:56 PM 28,672 sermouse.sys 03/18/2017 01:56 PM 18,432 sfloppy.sys 05/18/2016 12:20 PM 52,824 sgx_driver.sys 03/18/2017 01:56 PM 44,960 sisraid2.sys 03/18/2017 01:56 PM 81,824 sisraid4.sys 03/18/2017 01:58 PM 32,672 SleepStudyHelper.sys 03/18/2017 01:57 PM 21,504 smclib.sys 03/18/2017 01:56 PM 167,328 spacedump.sys 03/18/2017 01:56 PM 587,168 spaceport.sys 03/18/2017 07:31 PM 40,352 SpatialGraphFilter.sys 03/18/2017 01:57 PM 80,288 SpbCx.sys 09/29/2017 12:21 AM 414,208 srv.sys 09/29/2017 12:21 AM 722,944 srv2.sys 10/30/2017 01:14 PM 254,976 srvnet.sys 03/18/2017 01:56 PM 31,136 stexstor.sys 07/10/2017 10:40 PM 144,288 storahci.sys 03/18/2017 01:56 PM 95,648 stornvme.sys 10/30/2017 01:14 PM 546,208 storport.sys 03/18/2017 01:58 PM 79,872 storqosflt.sys 03/18/2017 01:56 PM 36,760 storufs.sys 03/18/2017 01:56 PM 36,768 storvsc.sys 03/18/2017 01:57 PM 75,776 stream.sys 03/18/2017 01:56 PM 18,336 swenum.sys 03/18/2017 01:56 PM 64,512 Synth3dVsc.sys 03/18/2017 01:57 PM 31,232 tape.sys 03/18/2017 01:57 PM 28,064 tbs.sys 09/29/2017 10:36 PM 2,672,024 tcpip.sys 03/18/2017 01:57 PM 51,712 tcpipreg.sys 03/18/2017 01:57 PM 40,352 tdi.sys 10/30/2017 01:14 PM 119,712 tdx.sys 09/22/2016 11:40 PM 204,896 TeeDriverW8x64.sys 03/18/2017 07:31 PM 37,280 terminpt.sys 07/10/2017 10:40 PM 130,464 tm.sys 07/10/2017 10:40 PM 219,040 tpm.sys 03/18/2017 01:56 PM 61,440 TsUsbFlt.sys 03/18/2017 01:56 PM 35,328 TsUsbGD.sys 03/18/2017 01:58 PM 162,304 tunnel.sys 03/18/2017 01:56 PM 78,752 uaspstor.sys 10/30/2017 01:14 PM 104,960 UcmCx.sys 03/18/2017 01:58 PM 179,200 UcmTcpciCx.sys 10/30/2017 01:14 PM 51,712 UcmUcsi.sys 03/18/2017 01:56 PM 213,920 Ucx01000.sys 03/18/2017 01:56 PM 45,568 Udecx.sys 03/18/2017 01:57 PM 324,096 udfs.sys 03/18/2017 01:56 PM 29,600 uefi.sys 03/18/2017 01:58 PM 263,584 ufx01000.sys 03/18/2017 01:56 PM 98,712 UfxChipidea.sys 03/18/2017 01:56 PM 138,656 ufxsynopsys.sys 03/18/2017 01:56 PM 57,856 umbus.sys 10/30/2017 01:15 PM <DIR> UMDF 03/18/2017 01:56 PM 14,336 umpass.sys 03/18/2017 01:56 PM 29,600 urschipidea.sys 03/18/2017 01:58 PM 59,288 urscx01000.sys 03/18/2017 01:56 PM 28,064 urssynopsys.sys 03/18/2017 01:57 PM 23,040 usb8023.sys 03/18/2017 01:57 PM 37,888 USBCAMD2.sys 09/29/2017 10:40 PM 173,976 usbccgp.sys 03/18/2017 01:56 PM 103,424 usbcir.sys 03/18/2017 01:56 PM 32,160 usbd.sys 03/18/2017 01:56 PM 98,200 usbehci.sys 09/29/2017 10:45 PM 511,896 usbhub.sys 09/18/2017 04:09 PM 554,400 USBHUB3.SYS 03/18/2017 01:56 PM 30,720 usbohci.sys 03/18/2017 01:56 PM 466,336 usbport.sys 03/18/2017 01:56 PM 27,136 usbprint.sys 03/18/2017 01:56 PM 32,768 usbrpm.sys 10/30/2017 01:14 PM 71,680 usbser.sys 03/18/2017 01:56 PM 131,488 USBSTOR.SYS 03/18/2017 01:56 PM 35,328 usbuhci.sys 07/10/2017 10:40 PM 388,000 USBXHCI.SYS 03/18/2017 01:56 PM 54,176 vdrvroot.sys 03/18/2017 01:57 PM 215,456 VerifierExt.sys 07/10/2017 10:40 PM 730,016 vhdmp.sys 03/18/2017 01:56 PM 35,328 vhf.sys 03/18/2017 01:57 PM 49,664 videoprt.sys 10/30/2017 01:14 PM 82,336 vmbkmcl.sys 10/30/2017 01:14 PM 83,968 vmbkmclr.sys 03/18/2017 01:56 PM 107,424 vmbus.sys 03/18/2017 01:56 PM 25,088 VMBusHID.sys 03/18/2017 01:56 PM 13,824 vmgencounter.sys 03/18/2017 01:56 PM 10,240 vmgid.sys 03/18/2017 01:56 PM 9,216 vms3cap.sys 03/18/2017 01:56 PM 47,520 vmstorfl.sys 03/18/2017 01:56 PM 83,360 volmgr.sys 03/18/2017 01:57 PM 373,664 volmgrx.sys 03/18/2017 01:57 PM 397,216 volsnap.sys 03/18/2017 01:56 PM 16,288 volume.sys 03/18/2017 01:56 PM 74,656 vpci.sys 03/18/2017 01:56 PM 166,816 vsmraid.sys 03/18/2017 01:56 PM 305,568 VSTXRAID.SYS 03/18/2017 01:58 PM 27,136 vwifibus.sys 03/18/2017 01:58 PM 77,312 vwififlt.sys 03/18/2017 01:58 PM 41,472 vwifimp.sys 03/18/2017 01:56 PM 30,720 wacompen.sys 03/18/2017 01:58 PM 81,408 wanarp.sys 03/18/2017 01:57 PM 55,808 watchdog.sys 07/10/2017 10:40 PM 142,752 wcifs.sys 03/18/2017 01:57 PM 72,192 wcnfs.sys 03/18/2017 01:56 PM 44,632 WdBoot.sys 03/18/2017 01:57 PM 902,376 Wdf01000.sys 03/18/2017 01:56 PM 294,816 WdFilter.sys 03/18/2017 01:57 PM 61,672 WdfLdr.sys 07/10/2017 10:40 PM 757,248 WdiWiFi.sys 03/18/2017 01:56 PM 121,248 WdNisDrv.sys 03/18/2017 01:57 PM 46,488 werkernel.sys 03/18/2017 01:57 PM 164,768 wfplwfs.sys 03/18/2017 01:57 PM 35,744 wimmount.sys 03/18/2017 01:58 PM 70,232 WindowsTrustedRT.sys 03/18/2017 01:56 PM 18,520 WindowsTrustedRTProxy.sys 03/18/2017 01:56 PM 31,648 winhv.sys 03/18/2017 01:57 PM 55,296 winhvr.sys 03/18/2017 01:56 PM 32,160 winmad.sys 03/18/2017 01:58 PM 217,088 winnat.sys 03/18/2017 01:56 PM 90,112 winusb.sys 03/18/2017 01:56 PM 64,920 winverbs.sys 03/18/2017 01:56 PM 18,432 wmiacpi.sys 03/18/2017 01:57 PM 20,384 wmilib.sys 03/18/2017 01:57 PM 208,288 wof.sys 03/18/2017 01:59 PM 30,624 WpdUpFltr.sys 03/18/2017 01:57 PM 33,184 WppRecorder.sys 03/18/2017 01:57 PM 23,552 ws2ifsl.sys 03/18/2017 01:57 PM 100,864 WUDFPf.sys 03/18/2017 01:57 PM 220,672 WUDFRd.sys 07/10/2017 10:40 PM 277,504 xboxgip.sys 03/18/2017 01:56 PM 46,592 xinputhid.sys 415 File(s) 115,857,487 bytes 5 Dir(s) 46,324,842,496 bytes free ========= End of CMD: ========= ==== End of Fixlog 19:07:40 ==== Link to post Share on other sites More sharing options...
cropflOp Posted November 2, 2017 Author ID:1178349 Share Posted November 2, 2017 I have them all Enabled. Link to post Share on other sites More sharing options...
cropflOp Posted November 2, 2017 Author ID:1178352 Share Posted November 2, 2017 What USB Flash Drive would you recommend and also, how serious is this infection? Link to post Share on other sites More sharing options...
Aura Posted November 2, 2017 ID:1178354 Share Posted November 2, 2017 If you are to buy one, a 8GB one will do the trick. If you can borrow one, then any size will do (at least 1GB). And the infection isn't so serious in a way where your data is compromised and/or Windows needs to be reinstalled. It just needs to be removed the right way and if MBAR cannot get rid of it, then we'll need a USB Flash Drive as we're going to remove it from the Recovery Environment. Link to post Share on other sites More sharing options...
cropflOp Posted November 2, 2017 Author ID:1178356 Share Posted November 2, 2017 Ok. I'll borrow an 8GB Flash Drive from my friend tomorrow in the morning (it's 7:23 PM PST right now). For now I am extremely grateful for you assistance. I will get back to you as soon as I get my hands on a USB Flash Drive. Link to post Share on other sites More sharing options...
Aura Posted November 2, 2017 ID:1178357 Share Posted November 2, 2017 No worries, I'll be waiting Link to post Share on other sites More sharing options...
cropflOp Posted November 2, 2017 Author ID:1178431 Share Posted November 2, 2017 So I'm getting this BSOD "ATTEMPTED_EXECUTE_OF_NOEXECUTE_MEMORY" while I was playing PUBG. Could this be part of the infection that is on my pc? Link to post Share on other sites More sharing options...
Aura Posted November 2, 2017 ID:1178450 Share Posted November 2, 2017 Most likely, yes. This infection have takes a really deep hold on the system (as it uses rootkit components), it can easily interfere with the everyday use of your computer. Link to post Share on other sites More sharing options...
cropflOp Posted November 3, 2017 Author ID:1178817 Share Posted November 3, 2017 Ok. I've finally got a USB Flash Drive in hand. 2 GB. Link to post Share on other sites More sharing options...
Aura Posted November 3, 2017 ID:1178820 Share Posted November 3, 2017 Alright, now for the fun part. Farbar Recovery Scan Tool (FRST) - Recovery Environment Scan Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply. Item(s) required: USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media) CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small) Another computer (optional: only needed if you cannot work from the infected computer directly) Preparing the USB Flash Drive Download the right version of FRST for your system: FRST 64-bit Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive Download the attached fixlist.txt, and move it on your USB Flash Drive as well Boot in the Recovery Environment Plug your USB Flash Drive in the infected computer To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:Restart the computer Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears Use the arrow keys to select Repair your computer, and press on Enter Select your keyboard layout (US, French, etc.) and click on Next Click on Command Prompt to open the command promptNote:If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums. To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForumsNote:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial. To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForumsNote:If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums. Once in the command prompt In the command prompt, type notepad and press on Enter Notepad will open. Click on the File menu and select Open Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter Note: Replace the letter e with the drive letter of your USB Flash Drive FRST will open Click on Yes to accept the disclaimer Click on the Fix button and wait for the scan to complete A log called fixlog.txt will be saved on your USB Flash Drive. Attach it in your next reply Link to post Share on other sites More sharing options...
cropflOp Posted November 3, 2017 Author ID:1178838 Share Posted November 3, 2017 Ok so I give you the Logs after I do all the steps. Link to post Share on other sites More sharing options...
cropflOp Posted November 3, 2017 Author ID:1178845 Share Posted November 3, 2017 Fixlog - Notepad Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017 Ran by SYSTEM (03-11-2017 13:58:11) Run:2 Running from e:\ Boot Mode: Recovery ============================================== fixlist content: ***************** CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes CMD: bcdedit.exe /set {default} recoveryenabled yes CMD: fltmc instances CMD: dir C:\Windows\system32\drivers ***************** ========= bcdedit.exe /set {bootmgr} displaybootmenu yes ========= The operation completed successfully. ========= End of CMD: ========= ========= bcdedit.exe /set {default} recoveryenabled yes ========= The operation completed successfully. ========= End of CMD: ========= ========= fltmc instances ========= Filter Volume Name Altitude Instance Name Frame SprtFtrs VlStatus -------------------- ------------------------------------- ------------ ---------------------- ----- -------- -------- FBWF X: 226000 Fbwf Instance 0 00000004 FileInfo 40500 FileInfo 0 00000003 FileInfo \Device\HarddiskVolume2 40500 FileInfo 0 00000003 FileInfo C: 40500 FileInfo 0 00000003 FileInfo G: 40500 FileInfo 0 00000003 FileInfo D: 40500 FileInfo 0 00000003 FileInfo E: 40500 FileInfo 0 00000003 FileInfo \Device\Mup 40500 FileInfo 0 00000003 FileInfo X: 40500 FileInfo 0 00000003 WimFsf X: 161000 Wimfsf Instance 0 00000000 Wof 40700 Wof Instance 0 00000003 Wof C: 40700 Wof Instance 0 00000003 Wof G: 40700 Wof Instance 0 00000003 Wof D: 40700 Wof Instance 0 00000003 Wof X: 40700 Wof Instance 0 00000003 ========= End of CMD: ========= ========= dir C:\Windows\system32\drivers ========= Volume in drive C has no label. Volume Serial Number is 08E9-FC99 Directory of C:\Windows\system32\drivers 11/03/2017 12:56 PM <DIR> . 11/03/2017 12:56 PM <DIR> .. 03/18/2017 12:56 PM 238,080 1394ohci.sys 03/18/2017 12:56 PM 107,424 3ware.sys 11/01/2017 05:53 PM 255,928 5646E390.sys 11/01/2017 05:01 PM 255,928 6244F7BA.sys 10/30/2017 12:14 PM 723,360 acpi.sys 03/18/2017 12:56 PM 20,480 AcpiDev.sys 03/18/2017 12:56 PM 127,392 acpiex.sys 03/18/2017 12:56 PM 12,800 acpipagr.sys 03/18/2017 12:56 PM 14,848 acpipmi.sys 03/18/2017 12:56 PM 14,336 acpitime.sys 03/18/2017 12:56 PM 1,135,512 adp80xx.sys 10/30/2017 12:14 PM 610,720 afd.sys 03/18/2017 12:58 PM 108,544 agilevpn.sys 03/18/2017 12:57 PM 239,616 ahcache.sys 03/18/2017 12:56 PM 176,640 amdk8.sys 03/18/2017 12:56 PM 172,544 amdppm.sys 03/18/2017 12:56 PM 83,352 amdsata.sys 03/18/2017 12:56 PM 259,488 amdsbs.sys 03/18/2017 12:56 PM 27,040 amdxata.sys 09/29/2017 09:40 PM 184,728 appid.sys 03/18/2017 12:58 PM 17,920 applockerfltr.sys 03/18/2017 12:56 PM 132,000 arcsas.sys 03/18/2017 12:57 PM 28,672 asyncmac.sys 03/18/2017 12:56 PM 29,088 atapi.sys 03/18/2017 12:56 PM 194,464 ataport.sys 03/18/2017 12:56 PM 57,344 BasicDisplay.sys 09/28/2017 11:32 PM 35,840 BasicRender.sys 03/18/2017 12:56 PM 36,256 battc.sys 03/18/2017 12:56 PM 9,728 bcmfn2.sys 03/18/2017 12:57 PM 10,240 beep.sys 03/18/2017 12:56 PM 101,888 bowser.sys 10/30/2017 12:14 PM 115,712 bridge.sys 03/18/2017 12:56 PM 23,552 BtaMPM.sys 03/18/2017 12:56 PM 43,520 BthAvrcpTg.sys 10/30/2017 12:14 PM 105,472 bthenum.sys 10/30/2017 12:14 PM 97,792 bthhfenum.sys 03/18/2017 12:56 PM 32,256 BthhfHid.sys 03/18/2017 12:56 PM 66,560 bthmodem.sys 10/30/2017 12:14 PM 130,560 bthpan.sys 10/30/2017 12:14 PM 982,016 bthport.sys 03/18/2017 12:56 PM 85,504 BTHUSB.SYS 10/30/2017 12:14 PM 39,424 buttonconverter.sys 03/18/2017 12:56 PM 533,920 bxvbda.sys 03/18/2017 12:56 PM 53,664 CAD.sys 03/18/2017 12:56 PM 122,880 capimg.sys 03/18/2017 12:57 PM 93,184 cdfs.sys 03/18/2017 12:56 PM 160,256 cdrom.sys 03/18/2017 12:57 PM 77,216 CEA.sys 10/31/2017 05:38 PM 79,064 cgdqmq.sys 03/18/2017 12:56 PM 102,816 cht4dx64.sys 03/18/2017 12:56 PM 347,032 cht4sx64.sys 03/18/2017 12:56 PM 2,104,224 cht4vx64.sys 03/18/2017 12:56 PM 49,152 circlass.sys 03/18/2017 12:57 PM 391,584 Classpnp.sys 03/18/2017 12:58 PM 12,288 cldflt.sys 10/30/2017 12:14 PM 382,368 clfs.sys 03/18/2017 12:58 PM 877,472 ClipSp.sys 03/18/2017 12:56 PM 30,208 CmBatt.sys 03/18/2017 12:56 PM 28,064 cmimcext.sys 09/29/2017 09:40 PM 642,680 cng.sys 03/18/2017 12:57 PM 39,840 cnghwassist.sys 03/18/2017 12:57 PM 56,224 condrv.sys 03/18/2017 12:57 PM 86,432 crashdmp.sys 07/10/2017 09:40 PM 112,544 dam.sys 03/18/2017 12:56 PM 45,568 devauthe.sys 03/18/2017 12:57 PM 150,528 dfsc.sys 03/18/2017 12:56 PM 102,816 disk.sys 03/18/2017 12:58 PM 38,816 Diskdump.sys 03/18/2017 12:57 PM 15,360 Dmpusbstor.sys 03/18/2017 12:56 PM 47,104 dmvsc.sys 03/18/2017 12:56 PM 97,280 drmk.sys 03/18/2017 12:56 PM 16,232 drmkaud.sys 03/18/2017 12:57 PM 35,744 Dumpata.sys 03/18/2017 12:59 PM 91,152 dumpfve.sys 10/30/2017 12:14 PM 189,344 dumpsd.sys 03/18/2017 12:58 PM 32,256 dumpsdport.sys 03/18/2017 12:57 PM 25,600 Dumpstorport.sys 09/29/2017 09:43 PM 2,442,136 dxgkrnl.sys 07/10/2017 09:40 PM 409,504 dxgmms1.sys 09/29/2017 09:44 PM 712,600 dxgmms2.sys 09/17/2017 07:19 PM 781,864 EasyAntiCheat.sys 03/18/2017 12:57 PM 88,992 EhStorClass.sys 03/18/2017 12:56 PM 119,200 EhStorTcgDrv.sys 03/18/2017 06:31 PM <DIR> en-US 03/18/2017 12:56 PM 13,824 errdev.sys 10/31/2017 04:52 PM <DIR> etc 03/18/2017 12:56 PM 3,419,040 evbda.sys 03/18/2017 12:57 PM 347,136 exfat.sys 07/10/2017 09:40 PM 363,424 fastfat.sys 03/18/2017 12:56 PM 32,768 fdc.sys 03/18/2017 12:56 PM 54,272 filecrypt.sys 03/18/2017 12:57 PM 86,432 fileinfo.sys 03/18/2017 12:57 PM 36,864 filetrace.sys 03/18/2017 12:56 PM 26,624 flpydisk.sys 03/18/2017 12:57 PM 386,464 fltMgr.sys 03/18/2017 12:56 PM 63,904 fsdepends.sys 03/18/2017 12:57 PM 33,688 fs_rec.sys 10/30/2017 12:14 PM 715,168 fvevol.sys 03/18/2017 12:57 PM 419,744 FWPKCLNT.SYS 03/18/2017 12:56 PM 21,504 genericusbfn.sys 03/18/2017 12:57 PM 3,440,660 gm.dls 03/18/2017 12:57 PM 646 gmreadme.txt 03/18/2017 12:58 PM 8,192 gpuenergydrv.sys 07/10/2017 09:40 PM 86,528 hdaudbus.sys 03/18/2017 12:56 PM 38,296 hidbatt.sys 10/30/2017 12:14 PM 107,008 hidbth.sys 03/18/2017 12:56 PM 180,736 hidclass.sys 03/18/2017 12:56 PM 52,224 hidi2c.sys 03/18/2017 12:56 PM 51,104 hidinterrupt.sys 03/18/2017 12:56 PM 46,592 hidir.sys 03/18/2017 12:56 PM 40,960 hidparse.sys 03/18/2017 12:56 PM 40,960 hidusb.sys 03/18/2017 12:56 PM 64,416 HpSAMD.sys 07/10/2017 09:40 PM 1,106,848 http.sys 03/18/2017 12:57 PM 74,648 hvservice.sys 03/18/2017 12:56 PM 118,688 hvsocket.sys 03/18/2017 12:57 PM 29,600 hwpolicy.sys 03/18/2017 12:56 PM 16,896 hyperkbd.sys 03/18/2017 12:56 PM 115,200 i8042prt.sys 03/18/2017 12:56 PM 33,280 iagpio.sys 03/18/2017 12:56 PM 81,408 iai2c.sys 03/18/2017 12:56 PM 70,656 iaLPSS2i_GPIO2.sys 03/18/2017 12:56 PM 85,504 iaLPSS2i_GPIO2_BXT_P.sys 03/18/2017 12:56 PM 165,376 iaLPSS2i_I2C.sys 03/18/2017 12:56 PM 168,448 iaLPSS2i_I2C_BXT_P.sys 03/18/2017 12:56 PM 38,128 iaLPSSi_GPIO.sys 03/18/2017 12:56 PM 113,152 iaLPSSi_I2C.sys 01/26/2016 10:29 AM 101,872 IaNVMe.sys 03/18/2017 12:56 PM 673,184 iaStorAV.sys 03/18/2017 12:56 PM 412,064 iaStorV.sys 03/18/2017 12:56 PM 526,240 ibbus.sys 06/22/2017 01:56 PM 174,568 ibtusb.sys 03/18/2017 12:58 PM 36,864 IndirectKmd.sys 03/18/2017 12:56 PM 19,360 intelide.sys 10/19/2016 09:24 PM 18,720 IntelMEFWVer.dll 03/18/2017 12:56 PM 74,840 intelpep.sys 03/18/2017 12:56 PM 193,536 intelppm.sys 03/18/2017 12:57 PM 49,568 iorate.sys 03/18/2017 12:57 PM 87,040 ipfltdrv.sys 03/18/2017 12:56 PM 92,064 IPMIDrv.sys 03/18/2017 12:58 PM 214,528 ipnat.sys 03/18/2017 12:57 PM 120,320 irda.sys 03/18/2017 12:57 PM 19,968 irenum.sys 10/31/2017 04:42 PM 79,064 irtfw.sys 03/18/2017 12:56 PM 22,944 isapnp.sys 03/18/2017 12:56 PM 64,416 kbdclass.sys 03/18/2017 12:56 PM 40,448 kbdhid.sys 03/18/2017 12:56 PM 23,040 kdnic.sys 10/31/2017 04:09 PM 79,064 kowe.sys 03/18/2017 12:58 PM 390,144 ks.sys 09/29/2017 09:49 PM 135,576 ksecdd.sys 03/18/2017 12:58 PM 170,912 ksecpkg.sys 07/10/2017 09:40 PM 27,136 ksthunk.sys 03/18/2017 12:58 PM 66,560 lltdio.sys 03/18/2017 12:56 PM 108,960 lsi_sas.sys 03/18/2017 12:56 PM 123,808 lsi_sas2i.sys 03/18/2017 12:56 PM 103,328 lsi_sas3i.sys 03/18/2017 12:56 PM 82,848 lsi_sss.sys 03/18/2017 12:57 PM 124,928 luafv.sys 03/18/2017 12:56 PM 405,408 mausbhost.sys 03/18/2017 12:56 PM 51,104 mausbip.sys 10/04/2017 12:15 PM 77,440 mbae64.sys 03/10/2016 01:08 PM 27,008 mbam.sys 11/01/2017 05:43 PM 192,952 mbamchameleon.sys 11/01/2017 06:52 PM 192,216 MBAMSwissArmy.sys 11/03/2017 12:56 PM 137,552 mbbruybe.sys 03/18/2017 12:57 PM 23,552 mcd.sys 03/18/2017 12:56 PM 59,808 megasas.sys 03/18/2017 12:56 PM 64,416 MegaSas2i.sys 03/18/2017 12:56 PM 575,904 megasr.sys 10/30/2017 12:14 PM 97,280 Microsoft.Bluetooth.Legacy.LEEnumerator.sys 03/18/2017 12:56 PM 842,656 mlx4_bus.sys 03/18/2017 12:57 PM 50,688 mmcss.sys 03/18/2017 12:57 PM 42,496 modem.sys 03/18/2017 12:56 PM 39,424 monitor.sys 03/18/2017 12:56 PM 60,320 mouclass.sys 03/18/2017 12:56 PM 33,280 mouhid.sys 03/18/2017 12:57 PM 105,880 mountmgr.sys 03/18/2017 12:58 PM 76,800 mpsdrv.sys 03/18/2017 12:57 PM 144,384 mrxdav.sys 03/18/2017 12:57 PM 467,352 mrxsmb.sys 09/28/2017 11:20 PM 286,208 mrxsmb10.sys 09/29/2017 09:41 PM 228,248 mrxsmb20.sys 03/18/2017 12:57 PM 31,744 msfs.sys 07/16/2016 03:42 AM 3 MsftWdf_Kernel_01019_Inbox_Critical.Wdf 03/18/2017 12:57 PM 169,888 msgpioclx.sys 03/18/2017 12:56 PM 49,056 msgpiowin32.sys 03/18/2017 12:57 PM 8,704 mshidkmdf.sys 03/18/2017 12:57 PM 12,288 mshidumdf.sys 03/18/2017 12:56 PM 19,352 msisadrv.sys 10/30/2017 12:14 PM 279,968 msiscsi.sys 07/10/2017 09:40 PM 32,768 mskssrv.sys 03/18/2017 12:57 PM 83,456 mslldp.sys 03/18/2017 12:58 PM 10,752 mspclock.sys 03/18/2017 12:58 PM 10,752 mspqm.sys 03/18/2017 12:57 PM 367,000 msrpc.sys 03/18/2017 12:56 PM 44,960 mssmbios.sys 03/18/2017 12:58 PM 12,800 mstee.sys 03/18/2017 12:56 PM 16,896 MTConfig.sys 03/18/2017 12:57 PM 123,808 mup.sys 03/18/2017 12:56 PM 63,904 mvumis.sys 03/10/2016 01:09 PM 65,408 mwac.sys 03/18/2017 12:56 PM 108,960 ndfltr.sys 10/30/2017 12:14 PM 1,242,528 ndis.sys 03/18/2017 12:57 PM 50,688 ndiscap.sys 03/18/2017 12:57 PM 128,512 NdisImPlatform.sys 09/13/2016 02:41 PM 59,792 ndisrfl.sys 03/18/2017 12:58 PM 27,136 ndistapi.sys 03/18/2017 12:58 PM 65,536 ndisuio.sys 03/18/2017 12:57 PM 20,992 NdisVirtualBus.sys 03/18/2017 12:58 PM 192,000 ndiswan.sys 03/18/2017 12:58 PM 62,464 ndproxy.sys 03/18/2017 12:58 PM 127,488 Ndu.sys 03/18/2017 12:57 PM 122,368 NetAdapterCx.sys 03/18/2017 12:57 PM 57,760 netbios.sys 10/30/2017 12:14 PM 305,152 netbt.sys 10/30/2017 12:14 PM 519,584 netio.sys 07/10/2017 09:40 PM 118,784 netvsc.sys 03/18/2017 12:56 PM 9,212,864 Netwfw04.dat 03/18/2017 12:56 PM 7,218,176 Netwtw04.sys 03/18/2017 12:57 PM 69,120 npfs.sys 03/18/2017 12:56 PM 27,136 npsvctrig.sys 10/30/2017 12:14 PM 43,520 nsiproxy.sys 09/29/2017 09:48 PM 2,327,448 ntfs.sys 03/18/2017 12:57 PM 20,376 ntosext.sys 03/18/2017 12:57 PM 7,680 null.sys 03/18/2017 12:56 PM 80,896 nvdimmn.sys 10/27/2017 09:50 AM 225,208 nvhda64v.sys 12/16/2015 07:55 AM 119,840 nvme.sys 03/18/2017 12:56 PM 150,432 nvraid.sys 03/18/2017 12:56 PM 166,304 nvstor.sys 03/31/2017 04:41 PM 478,264 nvstusb.sys 10/27/2017 09:50 AM 50,808 nvvad64v.sys 10/27/2017 09:50 AM 57,976 nvvhci.sys 09/28/2017 11:29 PM 550,400 nwifi.sys 06/10/2016 04:58 AM 99,592 ocznvme.sys 06/10/2016 04:58 AM 148,520 ocztrimcoinstaller.dll 06/10/2016 04:58 AM 29,064 ocztrimfilter.sys 11/01/2017 03:53 PM 79,064 oocn.sys 03/18/2017 12:57 PM 152,992 pacer.sys 03/18/2017 12:56 PM 97,792 parport.sys 10/30/2017 12:14 PM 159,648 partmgr.sys 03/18/2017 12:56 PM 353,696 pci.sys 03/18/2017 12:56 PM 16,800 pciide.sys 03/18/2017 12:56 PM 53,656 pciidex.sys 03/18/2017 12:56 PM 120,224 pcmcia.sys 03/18/2017 12:57 PM 52,640 pcw.sys 07/10/2017 09:40 PM 117,664 pdc.sys 03/18/2017 12:58 PM 741,376 PEAuth.sys 03/18/2017 12:56 PM 58,784 percsas2i.sys 03/18/2017 12:56 PM 61,848 percsas3i.sys 03/18/2017 12:56 PM 101,376 pmem.sys 03/18/2017 12:56 PM 373,248 portcls.sys 03/18/2017 12:56 PM 172,032 processr.sys 10/31/2017 06:06 PM 41,800 PROCEXP152.SYS 03/18/2017 12:57 PM 49,664 qwavedrv.sys 03/18/2017 12:57 PM 17,920 rasacd.sys 03/18/2017 12:58 PM 107,008 rasl2tp.sys 03/18/2017 12:57 PM 81,920 raspppoe.sys 03/18/2017 12:58 PM 97,792 raspptp.sys 03/18/2017 12:58 PM 79,872 rassstp.sys 03/18/2017 12:57 PM 434,080 rdbss.sys 03/18/2017 06:31 PM 27,136 rdpbus.sys 03/18/2017 06:31 PM 183,296 rdpdr.sys 03/18/2017 06:31 PM 30,624 rdpvideominiport.sys 03/18/2017 12:57 PM 282,528 rdyboost.sys 03/18/2017 12:57 PM 1,735,584 refs.sys 03/18/2017 12:57 PM 936,864 refsv1.sys 03/18/2017 12:57 PM 14,336 registry.sys 10/30/2017 12:14 PM 180,736 rfcomm.sys 03/18/2017 12:56 PM 40,960 RfxVmt.sys 03/18/2017 12:57 PM 150,016 rmcast.sys 03/18/2017 12:57 PM 34,816 RNDISMP.sys 07/10/2017 09:40 PM 13,312 rootmdm.sys 03/18/2017 12:58 PM 82,432 rspndr.sys 08/22/2016 12:19 PM 943,112 rt640x64.sys 12/08/2016 04:35 PM 7,890,895 RTAIODAT.DAT 12/08/2016 04:35 PM 1,920,919 rtkSSTsetting.dat 12/08/2016 04:35 PM 5,539,328 RTKVHD64.sys 12/08/2016 04:35 PM 5,804,772 rtvienna.dat 03/18/2017 12:56 PM 110,496 sbp2port.sys 03/18/2017 12:57 PM 43,520 scfilter.sys 03/18/2017 12:56 PM 91,040 scmbus.sys 09/14/2015 05:58 PM 39,168 ScpVBus.sys 03/18/2017 12:57 PM 175,520 scsiport.sys 10/30/2017 12:14 PM 287,648 sdbus.sys 03/18/2017 12:56 PM 31,128 SDFRd.sys 03/18/2017 12:56 PM 98,208 sdport.sys 03/18/2017 12:56 PM 94,624 sdstor.sys 03/18/2017 12:57 PM 75,680 SerCx.sys 03/18/2017 12:57 PM 154,016 SerCx2.sys 03/18/2017 12:56 PM 26,112 serenum.sys 03/18/2017 12:56 PM 84,480 serial.sys 03/18/2017 12:56 PM 28,672 sermouse.sys 03/18/2017 12:56 PM 18,432 sfloppy.sys 05/18/2016 11:20 AM 52,824 sgx_driver.sys 03/18/2017 12:56 PM 44,960 sisraid2.sys 03/18/2017 12:56 PM 81,824 sisraid4.sys 03/18/2017 12:58 PM 32,672 SleepStudyHelper.sys 03/18/2017 12:57 PM 21,504 smclib.sys 03/18/2017 12:56 PM 167,328 spacedump.sys 03/18/2017 12:56 PM 587,168 spaceport.sys 03/18/2017 06:31 PM 40,352 SpatialGraphFilter.sys 03/18/2017 12:57 PM 80,288 SpbCx.sys 09/28/2017 11:21 PM 414,208 srv.sys 09/28/2017 11:21 PM 722,944 srv2.sys 10/30/2017 12:14 PM 254,976 srvnet.sys 03/18/2017 12:56 PM 31,136 stexstor.sys 07/10/2017 09:40 PM 144,288 storahci.sys 03/18/2017 12:56 PM 95,648 stornvme.sys 10/30/2017 12:14 PM 546,208 storport.sys 03/18/2017 12:58 PM 79,872 storqosflt.sys 03/18/2017 12:56 PM 36,760 storufs.sys 03/18/2017 12:56 PM 36,768 storvsc.sys 03/18/2017 12:57 PM 75,776 stream.sys 03/18/2017 12:56 PM 18,336 swenum.sys 03/18/2017 12:56 PM 64,512 Synth3dVsc.sys 03/18/2017 12:57 PM 31,232 tape.sys 03/18/2017 12:57 PM 28,064 tbs.sys 09/29/2017 09:36 PM 2,672,024 tcpip.sys 03/18/2017 12:57 PM 51,712 tcpipreg.sys 03/18/2017 12:57 PM 40,352 tdi.sys 10/30/2017 12:14 PM 119,712 tdx.sys 09/22/2016 10:40 PM 204,896 TeeDriverW8x64.sys 03/18/2017 06:31 PM 37,280 terminpt.sys 07/10/2017 09:40 PM 130,464 tm.sys 07/10/2017 09:40 PM 219,040 tpm.sys 03/18/2017 12:56 PM 61,440 TsUsbFlt.sys 03/18/2017 12:56 PM 35,328 TsUsbGD.sys 03/18/2017 12:58 PM 162,304 tunnel.sys 03/18/2017 12:56 PM 78,752 uaspstor.sys 10/30/2017 12:14 PM 104,960 UcmCx.sys 03/18/2017 12:58 PM 179,200 UcmTcpciCx.sys 10/30/2017 12:14 PM 51,712 UcmUcsi.sys 03/18/2017 12:56 PM 213,920 Ucx01000.sys 03/18/2017 12:56 PM 45,568 Udecx.sys 03/18/2017 12:57 PM 324,096 udfs.sys 03/18/2017 12:56 PM 29,600 uefi.sys 03/18/2017 12:58 PM 263,584 ufx01000.sys 03/18/2017 12:56 PM 98,712 UfxChipidea.sys 03/18/2017 12:56 PM 138,656 ufxsynopsys.sys 03/18/2017 12:56 PM 57,856 umbus.sys 11/03/2017 12:22 PM <DIR> UMDF 03/18/2017 12:56 PM 14,336 umpass.sys 03/18/2017 12:56 PM 29,600 urschipidea.sys 03/18/2017 12:58 PM 59,288 urscx01000.sys 03/18/2017 12:56 PM 28,064 urssynopsys.sys 03/18/2017 12:57 PM 23,040 usb8023.sys 03/18/2017 12:57 PM 37,888 USBCAMD2.sys 09/29/2017 09:40 PM 173,976 usbccgp.sys 03/18/2017 12:56 PM 103,424 usbcir.sys 03/18/2017 12:56 PM 32,160 usbd.sys 03/18/2017 12:56 PM 98,200 usbehci.sys 09/29/2017 09:45 PM 511,896 usbhub.sys 09/18/2017 03:09 PM 554,400 USBHUB3.SYS 03/18/2017 12:56 PM 30,720 usbohci.sys 03/18/2017 12:56 PM 466,336 usbport.sys 03/18/2017 12:56 PM 27,136 usbprint.sys 03/18/2017 12:56 PM 32,768 usbrpm.sys 10/30/2017 12:14 PM 71,680 usbser.sys 03/18/2017 12:56 PM 131,488 USBSTOR.SYS 03/18/2017 12:56 PM 35,328 usbuhci.sys 07/10/2017 09:40 PM 388,000 USBXHCI.SYS 03/18/2017 12:56 PM 54,176 vdrvroot.sys 03/18/2017 12:57 PM 215,456 VerifierExt.sys 07/10/2017 09:40 PM 730,016 vhdmp.sys 03/18/2017 12:56 PM 35,328 vhf.sys 03/18/2017 12:57 PM 49,664 videoprt.sys 10/30/2017 12:14 PM 82,336 vmbkmcl.sys 10/30/2017 12:14 PM 83,968 vmbkmclr.sys 03/18/2017 12:56 PM 107,424 vmbus.sys 03/18/2017 12:56 PM 25,088 VMBusHID.sys 03/18/2017 12:56 PM 13,824 vmgencounter.sys 03/18/2017 12:56 PM 10,240 vmgid.sys 03/18/2017 12:56 PM 9,216 vms3cap.sys 03/18/2017 12:56 PM 47,520 vmstorfl.sys 03/18/2017 12:56 PM 83,360 volmgr.sys 03/18/2017 12:57 PM 373,664 volmgrx.sys 03/18/2017 12:57 PM 397,216 volsnap.sys 03/18/2017 12:56 PM 16,288 volume.sys 03/18/2017 12:56 PM 74,656 vpci.sys 03/18/2017 12:56 PM 166,816 vsmraid.sys 03/18/2017 12:56 PM 305,568 VSTXRAID.SYS 03/18/2017 12:58 PM 27,136 vwifibus.sys 03/18/2017 12:58 PM 77,312 vwififlt.sys 03/18/2017 12:58 PM 41,472 vwifimp.sys 03/18/2017 12:56 PM 30,720 wacompen.sys 03/18/2017 12:58 PM 81,408 wanarp.sys 03/18/2017 12:57 PM 55,808 watchdog.sys 07/10/2017 09:40 PM 142,752 wcifs.sys 03/18/2017 12:57 PM 72,192 wcnfs.sys 03/18/2017 12:56 PM 44,632 WdBoot.sys 03/18/2017 12:57 PM 902,376 Wdf01000.sys 03/18/2017 12:56 PM 294,816 WdFilter.sys 03/18/2017 12:57 PM 61,672 WdfLdr.sys 07/10/2017 09:40 PM 757,248 WdiWiFi.sys 03/18/2017 12:56 PM 121,248 WdNisDrv.sys 03/18/2017 12:57 PM 46,488 werkernel.sys 03/18/2017 12:57 PM 164,768 wfplwfs.sys 03/18/2017 12:57 PM 35,744 wimmount.sys 03/18/2017 12:58 PM 70,232 WindowsTrustedRT.sys 03/18/2017 12:56 PM 18,520 WindowsTrustedRTProxy.sys 03/18/2017 12:56 PM 31,648 winhv.sys 03/18/2017 12:57 PM 55,296 winhvr.sys 03/18/2017 12:56 PM 32,160 winmad.sys 03/18/2017 12:58 PM 217,088 winnat.sys 03/18/2017 12:56 PM 90,112 winusb.sys 03/18/2017 12:56 PM 64,920 winverbs.sys 03/18/2017 12:56 PM 18,432 wmiacpi.sys 03/18/2017 12:57 PM 20,384 wmilib.sys 03/18/2017 12:57 PM 208,288 wof.sys 03/18/2017 12:59 PM 30,624 WpdUpFltr.sys 03/18/2017 12:57 PM 33,184 WppRecorder.sys 03/18/2017 12:57 PM 23,552 ws2ifsl.sys 03/18/2017 12:57 PM 100,864 WUDFPf.sys 03/18/2017 12:57 PM 220,672 WUDFRd.sys 07/10/2017 09:40 PM 277,504 xboxgip.sys 03/18/2017 12:56 PM 46,592 xinputhid.sys 415 File(s) 115,857,487 bytes 5 Dir(s) 50,269,323,264 bytes free ========= End of CMD: ========= ==== End of Fixlog 13:58:12 ==== Link to post Share on other sites More sharing options...
Aura Posted November 4, 2017 ID:1178898 Share Posted November 4, 2017 Ah my bad I provided you the wrong fixlist... Here, use this one and follow the steps again please. Sorry about that. fixlist.txt Link to post Share on other sites More sharing options...
cropflOp Posted November 4, 2017 Author ID:1178901 Share Posted November 4, 2017 That is ok. I'm just glad you're the one helping me with this. Fixlog - Notepad Fix result of Farbar Recovery Scan Tool (x64) Version: 02-11-2017 Ran by SYSTEM (03-11-2017 20:15:51) Run:3 Running from e:\ Boot Mode: Recovery ============================================== fixlist content: ***************** DeleteKey: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zmopasue HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION Startup: C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eyed.lnk [2017-10-31] ShortcutTarget: eyed.lnk -> C:\Program Files (x86)\Sensors\ultrasounds.exe (No File) GroupPolicy: Restriction - Chrome <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION S4 hmce; C:\WINDOWS\System32\drivers\oocn.sys [79064 2017-11-01] (Malwarebytes) S4 jwlp; C:\WINDOWS\System32\drivers\cgdqmq.sys [79064 2017-10-31] (Malwarebytes) S4 srrmw; C:\WINDOWS\System32\drivers\kowe.sys [79064 2017-10-31] (Malwarebytes) S4 yonsoukc; C:\WINDOWS\System32\drivers\irtfw.sys [79064 2017-10-31] (Malwarebytes) C:\Program Files\Mini Permanent component C:\Program Files\YOCX C:\Program Files (x86)\danes C:\Program Files (x86)\Sensors C:\Program Files (x86)\Sightless C:\Program Files (x86)\uneconomic C:\ProgramData\dacfService C:\ProgramData\XAPersonalD C:\ProgramData\ntuser.pol C:\ProgramData\rwi.fcad C:\Users\buffe\ntuser.pol C:\Users\buffe\AppData\Local\cgseimn C:\Users\buffe\AppData\Local\vsackpd C:\WINDOWS\b17003466 C:\WINDOWS\ad89bb4e7b7109ca76f3a54ccf23e569.exe C:\WINDOWS\uninstaller.dat C:\WINDOWS\system32\avcxwid C:\Windows\System32\dsdmkivsvc.exe C:\Windows\System32\drivers\mbb*.sys C:\WINDOWS\system32\Drivers\5646E390.sys C:\WINDOWS\system32\Drivers\6244F7BA.sys C:\WINDOWS\System32\drivers\oocn.sys C:\WINDOWS\System32\drivers\cgdqmq.sys C:\WINDOWS\System32\drivers\kowe.sys C:\WINDOWS\System32\drivers\irtfw.sys C:\WINDOWS\system32\Drivers\mbbuybeh.sys C:\WINDOWS\SysWOW64\avcxwid ***************** HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zmopasue => key removed successfully HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully C:\Users\buffe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\eyed.lnk => moved successfully C:\Program Files => FRST is scripted not to move this directory. C:\Windows\System32\GroupPolicy\Machine => moved successfully C:\Windows\System32\GroupPolicy\GPT.ini => moved successfully CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION => Error: The entry should be fixed outside recovery mode. HKLM\System\ControlSet001\Services\hmce => key removed successfully hmce => service removed successfully HKLM\System\ControlSet001\Services\jwlp => key removed successfully jwlp => service removed successfully HKLM\System\ControlSet001\Services\srrmw => key removed successfully srrmw => service removed successfully HKLM\System\ControlSet001\Services\yonsoukc => key removed successfully yonsoukc => service removed successfully C:\Program Files\Mini Permanent component => moved successfully C:\Program Files\YOCX => moved successfully C:\Program Files (x86)\danes => moved successfully C:\Program Files (x86)\Sensors => moved successfully C:\Program Files (x86)\Sightless => moved successfully C:\Program Files (x86)\uneconomic => moved successfully C:\ProgramData\dacfService => moved successfully C:\ProgramData\XAPersonalD => moved successfully C:\ProgramData\ntuser.pol => moved successfully C:\ProgramData\rwi.fcad => moved successfully C:\Users\buffe\ntuser.pol => moved successfully C:\Users\buffe\AppData\Local\cgseimn => moved successfully C:\Users\buffe\AppData\Local\vsackpd => moved successfully C:\WINDOWS\b17003466 => moved successfully C:\WINDOWS\ad89bb4e7b7109ca76f3a54ccf23e569.exe => moved successfully C:\WINDOWS\uninstaller.dat => moved successfully C:\WINDOWS\system32\avcxwid => moved successfully C:\Windows\System32\dsdmkivsvc.exe => moved successfully =========== "C:\Windows\System32\drivers\mbb*.sys" ========== C:\Windows\System32\drivers\mbbhlorv.sys => moved successfully ========= End -> "C:\Windows\System32\drivers\mbb*.sys" ======== C:\WINDOWS\system32\Drivers\5646E390.sys => moved successfully C:\WINDOWS\system32\Drivers\6244F7BA.sys => moved successfully C:\WINDOWS\System32\drivers\oocn.sys => moved successfully C:\WINDOWS\System32\drivers\cgdqmq.sys => moved successfully C:\WINDOWS\System32\drivers\kowe.sys => moved successfully C:\WINDOWS\System32\drivers\irtfw.sys => moved successfully "C:\WINDOWS\system32\Drivers\mbbuybeh.sys" => not found. C:\WINDOWS\SysWOW64\avcxwid => moved successfully ==== End of Fixlog 20:15:52 ==== Link to post Share on other sites More sharing options...
Aura Posted November 4, 2017 ID:1178902 Share Posted November 4, 2017 No problem Now you should be able to install and run a scan with Malwarebytes. Malwarebytes - Clean Mode Download and install the free version of MalwarebytesNote: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan Let the scan run, the time required to complete the scan depends of your system and computer specs Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected buttonIf it asks you to restart your computer to complete the removal, do so Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply Link to post Share on other sites More sharing options...
cropflOp Posted November 4, 2017 Author ID:1178908 Share Posted November 4, 2017 Malwarebytes Scan: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/3/17 Scan Time: 8:49 PM Log File: 39a163ae-c113-11e7-808d-309c23226bf7.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3170 License: Free -System Information- OS: Windows 10 (Build 15063.674) CPU: x64 File System: NTFS User: DESKTOP-QVMQE15\buffe -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 353477 Threats Detected: 1 Threats Quarantined: 1 Time Elapsed: 0 min, 30 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 1 PUP.Optional.SpeeDownloader, HKU\S-1-5-21-340033465-448931462-1049182933-1003\SOFTWARE\WOW6432NODE\Speedownloader0099, Quarantined, [8176], [453126],1.0.3170 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
cropflOp Posted November 4, 2017 Author ID:1178909 Share Posted November 4, 2017 wow the random lettered process is now gone... Link to post Share on other sites More sharing options...
Recommended Posts