Louis-B Posted November 23, 2017 ID:1185865 Share Posted November 23, 2017 Hello, My pc wont boot anymore because of mbamswissarmy.sys please help. Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2017 ID:1185887 Share Posted November 23, 2017 Hello Louis-B and welcome to Malwarebytes, Which version of Windows do you have installed, is it 32 bit or 64 bit. Do you have a USB flash drive available , 4gb < Do you have an installation DVD for your version of Windows or a Recovery Drive for your version of Windows... Thank you, Kevin... Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1185895 Share Posted November 23, 2017 Hi Kevin thanks for replying I have 64 bit Windows and a flash drive but i dont have an installation DVD or a recovery drive Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2017 ID:1185907 Share Posted November 23, 2017 Thanks for the update Louis-B, I`m assuming you have Windows 10, also access to another PC... If not please let me know... Please download Farbar Recovery Scan Tool from here:http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/ save it to a USB flash drive. Ensure to get the correct version for your system, 32 bit or 64 bitNote: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. Plug the flash drive into the infected PC. We now need to access the Recovery Environment so that we can run a scan with FRST.... To enter the Recovery Environment with Windows 10, follow the instructions in This Tutorial on TenForumsNote: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out This Tutorial on TenForums. From the Windows 10 Tutorial you should get access to the Advanced Startup Options at boot for Windows 10 From that window select "Troubleshoot" From the next window select "Advance Options" From that Window select "Command Prompt" Ensure to plug the flash drive into a USB port... You should now be in Recovery Environment with the Command Prompt Window open...... Continue with the following: Select Command Prompt In the command window type in notepad and press Enter. The notepad opens. Under File menu select Open. Select "Computer" or "My PC" and find your flash drive letter and close the notepad. In the command window type E:\frst64 or E:\frst depending on your version. Press Enter Note: Replace letter E with the drive letter of your flash drive. The tool will start to run. When the tool opens click Yes to disclaimer. Press Fix button. It will make a log (Fixlog.txt) on the flash drive. Please copy and paste it to your reply. Thank you, Kevin... Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1185994 Share Posted November 23, 2017 I did exactly what you told me to do and the program said No fixlist.txt found. The fixlist.txt should be in the same folder/directory the tool is located And there is no fixlist.txt on the USB. Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2017 ID:1186008 Share Posted November 23, 2017 Apologies, i`ve listed the wrong c/r.... Run the tool again, this time select Scan not fix... It will make a log (FRST.txt) on the flash drive. Post that to your reply... Apologies again, Kevin.... Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1186016 Share Posted November 23, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-11-2017 Ran by SYSTEM on MININT-RG0V9RJ (23-11-2017 11:31:48) Running from E:\ Platform: Windows 10 Pro Version 1709 16299.64 (X64) Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery Default: ControlSet001ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log. Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2017-08-03] (Realtek Semiconductor) HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [117760 2017-08-17] (Avid Technology, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-08-04] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1953688 2016-08-05] (Western Digital Technologies, Inc.) HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe [266752 2017-09-29] (Microsoft Corporation) GroupPolicy: Restriction <==== ATTENTION ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated) S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated) S2 AvidHubService; C:\Program Files\Avid\Cloud Client Services\Hub.exe [2249992 2017-05-23] (Avid Technology, Inc.) S2 AvidTransportClient; C:\Program Files\Avid\Cloud Client Services\TransportClient.exe [6663944 2017-05-23] (Avid Technology, Inc.) S2 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [117760 2017-08-17] (Avid Technology, Inc.) S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe [197632 2017-08-17] (Avid Technology, Inc.) S2 gobblerproxy; C:\Program Files (x86)\Media Gobbler, Inc\Downstream Proxy\downstreamproxyservice.exe [15872 2017-06-09] (Media Gobbler, Inc) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [417456 2017-08-23] () S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120032 2017-09-25] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3000168 2017-09-25] (Electronic Arts) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4297920 2017-09-29] (Microsoft Corporation) S2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248 2017-09-06] () S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.) S3 amdkmdag; C:\Windows\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.) S3 amdkmdap; C:\Windows\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.) S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices) S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-10-22] (Disc Soft Ltd) S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-10-22] (Disc Soft Ltd) S3 FocusriteUSB; C:\Windows\System32\drivers\FocusriteUSB.sys [96424 2017-06-08] (Focusrite Audio Engineering Ltd.) S3 FocusriteUSBAudio; C:\Windows\system32\drivers\FocusriteUSBAudio.sys [54440 2017-06-08] (Focusrite Audio Engineering Ltd.) S3 FocusriteUSBSwRoot; C:\Windows\System32\drivers\FocusriteUSBSwRoot.sys [97960 2017-06-08] (Focusrite Audio Engineering Ltd.) S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-21] (Malwarebytes) S3 netr28ux; C:\Windows\System32\drivers\netr28ux.sys [2224128 2017-09-29] (MediaTek Inc.) S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) S3 tap-tb-0901; C:\Windows\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project) S3 tapibvpn; C:\Windows\System32\drivers\tapibvpn.sys [35200 2017-09-19] (The OpenVPN Project) S3 tapnordvpn; C:\Windows\System32\drivers\tapnordvpn.sys [84432 2017-03-26] (The OpenVPN Project) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) S3 wovad_micarray; C:\Windows\system32\drivers\womic.sys [37984 2017-05-21] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-23 10:05 - 2017-11-23 10:05 - 000000000 ____D C:\FRST 2017-11-22 15:58 - 2017-11-22 15:58 - 000002162 _____ C:\Users\Luis Manuel\Desktop\maaware.txt 2017-11-22 15:36 - 2017-11-22 15:36 - 016207358 _____ C:\Users\Luis Manuel\Downloads\Selena Gomez & Marshmello - Wolves (Acapella).zip 2017-11-22 15:28 - 2017-11-22 15:28 - 000000000 ____D C:\Program Files (x86)\InterLok 2017-11-22 15:27 - 2017-11-22 15:27 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Antares 2017-11-22 15:27 - 2017-11-22 15:27 - 000000000 ____D C:\Program Files (x86)\Antares Audio Technologies 2017-11-22 15:26 - 2017-11-22 15:26 - 000121357 _____ C:\Windows\SysWOW64\5f53fa28.exe 2017-11-22 15:26 - 2017-11-22 15:26 - 000039553 _____ C:\Windows\SysWOW64\.exe 2017-11-22 15:25 - 2017-11-22 15:25 - 000000000 ____D C:\Users\Luis Manuel\Downloads\Antares Autotune Evo VST RTAS v6.0.9 (1) 2017-11-22 15:24 - 2017-11-22 15:24 - 010645333 _____ C:\Users\Luis Manuel\Downloads\DC1A2-win.zip 2017-11-22 15:23 - 2017-11-22 15:24 - 031747891 _____ C:\Users\Luis Manuel\Downloads\Antares Autotune Evo VST RTAS v6.0.9 (1).rar 2017-11-22 15:19 - 2017-11-22 15:19 - 000915327 _____ C:\Users\Luis Manuel\Downloads\the_fish_fillets_v1_1.zip 2017-11-22 15:19 - 2017-11-22 15:19 - 000000000 ____D C:\Users\Luis Manuel\Downloads\the_fish_fillets_v1_1 2017-11-21 19:08 - 2017-11-21 18:31 - 000000000 ____D C:\Windows.old 2017-11-21 18:42 - 2017-11-21 18:42 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2017-11-21 18:41 - 2017-11-21 18:41 - 000000000 ___HD C:\Users\Luis Manuel\MicrosoftEdgeBackups 2017-11-21 18:39 - 2017-11-21 18:39 - 000000020 ___SH C:\Users\Luis Manuel\ntuser.ini 2017-11-21 18:29 - 2017-11-21 18:30 - 000007623 _____ C:\Windows\diagwrn.xml 2017-11-21 18:29 - 2017-11-21 18:30 - 000007623 _____ C:\Windows\diagerr.xml 2017-11-21 18:29 - 2017-11-21 18:29 - 000886066 _____ C:\Windows\System32\PerfStringBackup.INI 2017-11-21 18:29 - 2017-11-21 18:29 - 000027184 _____ C:\Windows\System32\emptyregdb.dat 2017-11-21 18:28 - 2017-11-22 15:59 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2017-11-21 18:28 - 2017-11-21 18:43 - 000003388 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-130153917-2291690430-3822783157-1001 2017-11-21 18:28 - 2017-11-21 18:29 - 000003344 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-21 18:28 - 2017-11-21 18:29 - 000002784 _____ C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-H309FG8-Luis Manuel 2017-11-21 18:28 - 2017-11-21 18:29 - 000002384 _____ C:\Windows\System32\Tasks\ibVPN-NewService 2017-11-21 18:28 - 2017-11-21 18:28 - 000003120 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-21 18:28 - 2017-11-21 18:28 - 000002146 _____ C:\Windows\System32\Tasks\StartCN 2017-11-21 18:22 - 2017-11-21 18:22 - 000000000 ____D C:\ProgramData\USOShared 2017-11-21 18:15 - 2017-11-21 18:57 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Packages 2017-11-21 18:14 - 2017-11-21 18:41 - 000000000 ____D C:\users\Luis Manuel 2017-11-21 18:14 - 2017-09-29 05:41 - 002241024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll 2017-11-21 18:11 - 2017-11-22 15:14 - 000000000 ____D C:\Windows\System32\SleepStudy 2017-11-21 18:11 - 2017-11-21 18:23 - 000261464 _____ C:\Windows\System32\FNTCACHE.DAT 2017-11-20 20:12 - 2017-11-21 19:08 - 000000000 ____D C:\Windows\System32\config\bbimigrate 2017-11-20 20:08 - 2017-11-20 20:12 - 000000000 ____D C:\Windows\ServiceProfiles 2017-11-20 20:06 - 2017-11-20 20:06 - 000000000 ____D C:\Windows\containers 2017-11-20 20:04 - 2017-11-20 20:04 - 013655552 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 012687360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 006791472 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 006015200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 004648528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 004487968 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 002717392 _____ (Microsoft Corporation) C:\Windows\System32\mfmp4srcsnk.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 002465848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 002269080 _____ (Microsoft Corporation) C:\Windows\System32\mfsrcsnk.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 001970520 _____ (Microsoft Corporation) C:\Windows\System32\mfasfsrcsnk.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 001507736 _____ (Microsoft Corporation) C:\Windows\System32\mfmpeg2srcsnk.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 001454568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 001377080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 001015008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll 2017-11-20 20:04 - 2017-11-20 20:04 - 000422912 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv.sys 2017-11-20 20:04 - 2017-11-20 20:04 - 000285696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 025246208 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 023658496 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 021753344 _____ (Microsoft Corporation) C:\Windows\System32\Hydrogen.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 019339776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 018914304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 017083904 _____ (Microsoft Corporation) C:\Windows\System32\HologramCompositor.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 008590744 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2017-11-20 20:03 - 2017-11-20 20:03 - 008099328 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 007831248 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 006035968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 005906264 _____ (Microsoft Corporation) C:\Windows\System32\StartTileData.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 005615968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 004742144 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 003679232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 003670016 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 003478016 _____ (Microsoft Corporation) C:\Windows\System32\mispace.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 003334144 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 003313968 _____ C:\Windows\System32\Windows.Mirage.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 002972672 _____ (Microsoft Corporation) C:\Windows\System32\twinui.pcshell.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 002905600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 002869248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 002864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 002862080 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 002781696 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 002633216 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 002573208 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 002474584 _____ C:\Windows\SysWOW64\Windows.Mirage.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 002467840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 002400664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 002392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 002106368 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 001954048 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001856000 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001822208 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001806336 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Speech.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001667584 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Input.Inking.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001664000 _____ (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001641536 _____ (Microsoft Corporation) C:\Windows\System32\gdi32full.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001634288 _____ (Microsoft Corporation) C:\Windows\System32\user32.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001615720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001587200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001554216 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.appcore.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001547264 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001528904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001485824 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001470976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001463856 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001436432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001426152 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001323840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001322496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001280000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001261864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001246432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001200024 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe 2017-11-20 20:03 - 2017-11-20 20:03 - 001170008 _____ (Microsoft Corporation) C:\Windows\System32\AudioSes.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001167360 _____ (Microsoft Corporation) C:\Windows\System32\ISM.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 001053592 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe 2017-11-20 20:03 - 2017-11-20 20:03 - 000982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000975872 _____ C:\Windows\System32\FaceProcessor.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000956416 _____ (Microsoft Corporation) C:\Windows\System32\Spectrum.exe 2017-11-20 20:03 - 2017-11-20 20:03 - 000925184 _____ (Microsoft Corporation) C:\Windows\System32\MPSSVC.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000882688 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Mirage.Internal.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000839928 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Perception.Stub.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000812032 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000778936 _____ (Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe 2017-11-20 20:03 - 2017-11-20 20:03 - 000768512 _____ (Microsoft Corporation) C:\Windows\System32\PCPKsp.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000739696 _____ (Microsoft Corporation) C:\Windows\System32\dnsapi.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000726016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\srv2.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000710920 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000708096 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000685056 _____ (Microsoft Corporation) C:\Windows\System32\AudioEndpointBuilder.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000677280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000665600 _____ (Microsoft Corporation) C:\Windows\System32\DHolographicDisplay.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000665088 _____ (Microsoft Corporation) C:\Windows\System32\TpmCoreProvisioning.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000654848 _____ (Microsoft Corporation) C:\Windows\System32\RDXService.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000649304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe 2017-11-20 20:03 - 2017-11-20 20:03 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswstr10.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000612760 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000610712 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000603920 _____ (Microsoft Corporation) C:\Windows\System32\audiodg.exe 2017-11-20 20:03 - 2017-11-20 20:03 - 000599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000597160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000591872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000568832 _____ (Microsoft Corporation) C:\Windows\System32\TileDataRepository.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000566272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000559512 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storport.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000555416 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS 2017-11-20 20:03 - 2017-11-20 20:03 - 000542208 _____ (Microsoft Corporation) C:\Windows\System32\FirewallAPI.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000541184 _____ (Microsoft Corporation) C:\Windows\System32\HolographicExtensions.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000529408 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\nwifi.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000506256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Perception.Stub.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000487424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcSpecfc.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000479912 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000478208 _____ (Microsoft Corporation) C:\Windows\System32\NgcCtnr.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000465408 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000464416 _____ (Microsoft Corporation) C:\Windows\System32\bcryptprimitives.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000462848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000461312 _____ (Microsoft Corporation) C:\Windows\System32\wlansec.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000450048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TileDataRepository.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000442880 _____ (Microsoft Corporation) C:\Windows\System32\cryptngc.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000436120 _____ (Microsoft Corporation) C:\Windows\System32\CloudExperienceHostCommon.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000428952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000418712 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000374032 _____ (Microsoft Corporation) C:\Windows\System32\vac.exe 2017-11-20 20:03 - 2017-11-20 20:03 - 000373656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\clfs.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000372224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcLayers.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000362176 _____ (Microsoft Corporation) C:\Windows\System32\BioIso.exe 2017-11-20 20:03 - 2017-11-20 20:03 - 000354200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000353688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000339968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000336896 _____ (Microsoft Corporation) C:\Windows\System32\HolographicRuntimes.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000328192 _____ (Microsoft Corporation) C:\Windows\System32\AcGenral.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000326144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000301056 _____ (Microsoft Corporation) C:\Windows\System32\AcLayers.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000285080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000269696 _____ C:\Windows\System32\FaceProcessorCore.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000246168 _____ (Microsoft Corporation) C:\Windows\System32\browserbroker.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000232344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000227328 _____ (Microsoft Corporation) C:\Windows\System32\CapabilityAccessManager.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000187288 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dumpsd.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000184984 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000177664 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000147864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wcifs.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000140800 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000139672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000135168 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_CapabilityAccess.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000124928 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\luafv.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000123520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000114688 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UcmCx.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000097792 _____ C:\Windows\System32\runexehelper.exe 2017-11-20 20:03 - 2017-11-20 20:03 - 000095744 _____ (Microsoft Corporation) C:\Windows\System32\CapabilityAccessManagerClient.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000086016 _____ (Microsoft Corporation) C:\Windows\System32\XblAuthTokenBrokerExt.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CapabilityAccessManagerClient.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000060824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\urscx01000.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000058880 _____ (Microsoft Corporation) C:\Windows\System32\TpmTasks.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000057344 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\UcmUcsi.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000056320 _____ (Microsoft Corporation) C:\Windows\System32\AcSpecfc.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000046080 _____ (Microsoft Corporation) C:\Windows\System32\rdrleakdiag.exe 2017-11-20 20:03 - 2017-11-20 20:03 - 000045464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\storufs.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdrleakdiag.exe 2017-11-20 20:03 - 2017-11-20 20:03 - 000034816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BasicRender.sys 2017-11-20 20:03 - 2017-11-20 20:03 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcVSp1res.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000022528 _____ (Microsoft Corporation) C:\Windows\System32\msdtcVSp1res.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjint40.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2017-11-20 20:03 - 2017-11-20 20:03 - 000002560 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll 2017-11-20 19:51 - 2017-11-20 19:51 - 000000000 ____D C:\Program Files\Reference Assemblies 2017-11-20 19:51 - 2017-11-20 19:51 - 000000000 ____D C:\Program Files\MSBuild 2017-11-20 19:51 - 2017-11-20 19:51 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2017-11-20 19:51 - 2017-11-20 19:51 - 000000000 ____D C:\Program Files (x86)\MSBuild 2017-11-20 19:50 - 2017-11-20 19:50 - 001166520 _____ (Microsoft Corporation) C:\Windows\System32\PresentationNative_v0300.dll 2017-11-20 19:50 - 2017-11-20 19:50 - 000778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll 2017-11-20 19:50 - 2017-11-20 19:50 - 000124624 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll 2017-11-20 19:50 - 2017-11-20 19:50 - 000103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2017-11-20 19:50 - 2017-11-20 19:50 - 000035456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2017-11-20 19:50 - 2017-11-20 19:50 - 000035456 _____ (Microsoft Corporation) C:\Windows\System32\TsWpfWrp.exe 2017-11-20 19:38 - 2017-11-20 19:38 - 000008192 _____ C:\Windows\System32\config\userdiff 2017-11-20 17:31 - 2017-11-20 17:38 - 255251817 _____ C:\Users\Luis Manuel\Downloads\GSR_Progressive House Sample Pack.zip 2017-11-20 17:22 - 2017-11-20 17:41 - 105917464 _____ C:\Users\Luis Manuel\Downloads\WAProd_FREE_Progressive_House_drums2.zip 2017-11-20 17:16 - 2017-11-21 18:40 - 000000000 ___DC C:\Windows\Panther 2017-11-19 13:33 - 2017-11-19 13:36 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\discord 2017-11-19 13:33 - 2017-11-19 13:33 - 000002263 _____ C:\Users\Luis Manuel\Desktop\Discord.lnk 2017-11-19 13:33 - 2017-11-19 13:33 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Discord 2017-11-19 13:26 - 2017-11-19 13:29 - 054332920 _____ (Discord Inc.) C:\Users\Luis Manuel\Downloads\DiscordSetup.exe 2017-11-19 10:59 - 2017-11-19 11:04 - 208932840 _____ C:\Users\Luis Manuel\Downloads\WONDAFUL TIME Drum Kit.zip 2017-11-19 10:59 - 2017-11-19 11:02 - 072068436 _____ C:\Users\Luis Manuel\Downloads\MONEYBAGS XXX KIT.zip 2017-11-17 16:10 - 2017-11-17 16:10 - 016016498 _____ C:\Users\Luis Manuel\Downloads\glo kit-20171118T000959Z-001.zip 2017-11-17 16:06 - 2017-11-17 16:13 - 096542605 _____ C:\Users\Luis Manuel\Downloads\SAMPLEPHONICS TUBE DRUMS.zip 2017-11-14 17:23 - 2017-11-14 17:23 - 000802790 _____ C:\Users\Luis Manuel\Downloads\FUTURE BASS SYLENTH & MASSIVE & SERUM & HARMOR PACK.zip 2017-11-11 17:28 - 2017-11-11 17:28 - 000252105 _____ C:\Users\Luis Manuel\Downloads\Pimonrat Modern.zip 2017-11-11 17:11 - 2017-11-11 17:11 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign25695e87254eca39 2017-11-11 17:09 - 2017-11-11 17:09 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsignf86db2203143031c 2017-11-11 17:09 - 2017-11-11 17:09 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsigne18f044c84855189 2017-11-11 17:09 - 2017-11-11 17:09 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsignc18db6eedb22f75b 2017-11-11 10:47 - 2017-11-11 11:16 - 000000000 ____D C:\Users\Luis Manuel\Desktop\Sims 4 cc 2017-11-11 09:48 - 2017-11-11 09:48 - 007829624 _____ C:\Users\Luis Manuel\Downloads\B-L-S_NuDread.zip 2017-11-11 09:34 - 2017-11-11 09:34 - 007773885 _____ C:\Users\Luis Manuel\Downloads\Ebonix_Balenciagas.zip 2017-11-11 09:33 - 2017-11-11 09:33 - 002098341 _____ C:\Users\Luis Manuel\Downloads\BLS_Addidas Runners.zip 2017-11-11 09:33 - 2017-11-11 09:33 - 001595086 _____ C:\Users\Luis Manuel\Downloads\1345108.zip 2017-11-11 09:31 - 2017-11-11 09:31 - 003626051 _____ C:\Users\Luis Manuel\Downloads\Male shoe pack.rar 2017-11-11 09:29 - 2017-11-11 09:29 - 000617727 _____ C:\Users\Luis Manuel\Downloads\KK_oryulessTattoo.zip 2017-11-11 09:28 - 2017-11-11 09:28 - 001404635 _____ C:\Users\Luis Manuel\Downloads\TS4_KK_TShirts_7Set_male.zip 2017-11-11 09:28 - 2017-11-11 09:28 - 000249778 _____ C:\Users\Luis Manuel\Downloads\KK_Scribble_Tattoo.zip 2017-11-11 09:27 - 2017-11-11 09:27 - 004490314 _____ C:\Users\Luis Manuel\Downloads\KK_Layered_Shirts_13set_male_TS4.zip 2017-11-11 09:27 - 2017-11-11 09:27 - 003656078 _____ C:\Users\Luis Manuel\Downloads\KK_Loosefit_T_Shirts_10set_male_TS4.zip 2017-11-11 09:26 - 2017-11-11 09:27 - 003729383 _____ C:\Users\Luis Manuel\Downloads\KK_Baggy_Cropped_Pants_male_10set_ts4_Line(Fix).zip 2017-11-11 09:21 - 2017-11-11 09:21 - 000816718 _____ C:\Users\Luis Manuel\Downloads\B-L-S_AM_Sag-Jeans.zip 2017-11-11 09:04 - 2017-11-11 09:04 - 002993542 _____ C:\Users\Luis Manuel\Downloads\[seze]jacket05.zip 2017-11-11 08:48 - 2017-11-11 08:48 - 007018459 _____ C:\Users\Luis Manuel\Downloads\Ebonix_AM_LituationTopKit.zip 2017-11-11 08:46 - 2017-11-11 08:46 - 003763538 _____ C:\Users\Luis Manuel\Downloads\Ebonix_YayaMessyTopBunDreads.zip 2017-11-11 08:38 - 2017-11-11 08:38 - 000007176 _____ C:\Users\Luis Manuel\Downloads\MTS_HotDawg_1728359_Edgy.7z 2017-11-10 19:54 - 2017-11-10 19:54 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\PACE 2017-11-10 19:48 - 2017-11-10 19:49 - 000000000 ____D C:\Program Files (x86)\AIR Music Technology 2017-11-10 19:46 - 2017-11-10 19:47 - 000000000 ____D C:\Users\Luis Manuel\Downloads\Xpand!2_2.2.7_Setup 2017-11-10 19:24 - 2017-11-10 19:46 - 1446587107 _____ C:\Users\Luis Manuel\Downloads\Xpand!2_2.2.7_Setup.zip 2017-11-09 16:35 - 2017-11-21 18:24 - 000253880 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbamswissarmy.sys 2017-11-09 16:35 - 2017-11-09 16:35 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-11-09 16:35 - 2017-11-01 08:54 - 000077432 _____ C:\Windows\System32\Drivers\mbae64.sys 2017-11-09 16:34 - 2017-11-09 16:34 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2017-11-08 19:31 - 2017-11-08 19:31 - 027572518 _____ C:\Users\Luis Manuel\Desktop\XXXTENTACION - Jocylen Flores remakeprweviwe.wav 2017-11-07 16:11 - 2017-11-07 16:11 - 035806982 _____ C:\Users\Luis Manuel\Desktop\winter of youtyh.wav 2017-11-07 15:57 - 2017-11-22 15:37 - 000000000 ____D C:\Users\Luis Manuel\Documents\INSTRUMENTALS 2017-11-04 17:28 - 2017-11-04 17:28 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsigna7253fa38680e902 2017-11-04 17:28 - 2017-11-04 17:28 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign4a0a28d02e269bf2 2017-11-04 17:28 - 2017-11-04 17:28 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign16ad2b554eecae30 2017-11-04 17:27 - 2017-11-04 17:27 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign35218cff3ac92598 2017-11-04 17:27 - 2017-11-04 17:27 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign10a0c072419d412d 2017-11-02 14:29 - 2017-11-02 14:29 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign89acd24f8c01c0ed 2017-11-02 06:41 - 2017-11-02 14:50 - 000000000 ____D C:\Users\Luis Manuel\Desktop\Adobe After Effects Auto-Save 2017-11-02 06:20 - 2017-11-02 06:20 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign7db47e64137cffb2 2017-11-01 23:00 - 2017-11-01 23:00 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsignbc112cbd10cd0526 2017-11-01 23:00 - 2017-11-01 23:00 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign4c8ecf2b9c6d8881 2017-11-01 23:00 - 2017-11-01 23:00 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign30fbdd156e0e0344 2017-11-01 22:59 - 2017-11-02 18:59 - 000000000 ____D C:\Users\Luis Manuel\Desktop\Hiding_AME 2017-11-01 22:59 - 2017-11-01 22:59 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsigne43128575e49535e 2017-11-01 22:58 - 2017-11-02 15:32 - 001638433 _____ C:\Users\Luis Manuel\Desktop\Hiding.aep 2017-11-01 22:54 - 2017-11-01 22:54 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsigna1b2587272016a95 2017-11-01 22:54 - 2017-11-01 22:54 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign867cdd17271a6419 2017-11-01 22:44 - 2017-11-01 22:44 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign39e874591dabbf0f 2017-11-01 22:43 - 2017-11-01 22:43 - 001531190 _____ C:\Users\Luis Manuel\Downloads\The Official TCG Template.aep 2017-11-01 22:40 - 2017-11-01 22:40 - 003636128 _____ C:\Users\Luis Manuel\Downloads\Untitled Project.aep 2017-11-01 22:34 - 2017-11-01 22:34 - 007689833 _____ C:\Users\Luis Manuel\Downloads\Trap Nation Audio Visualizer Template.zip 2017-11-01 22:34 - 2017-11-01 22:34 - 000000000 ____D C:\Users\Luis Manuel\Desktop\Trap Nation Audio Visualizer Template 2017-11-01 22:33 - 2017-11-01 22:35 - 000000194 _____ C:\Users\Luis Manuel\Documents\Media Browser Provider Exception 2017-11-01 22:33 - 2017-11-01 22:35 - 000000172 _____ C:\Users\Luis Manuel\Documents\Recent Directories 2017-11-01 22:33 - 2017-11-01 22:35 - 000000156 _____ C:\Users\Luis Manuel\Documents\SharedView Column Settings 2017-11-01 21:45 - 2017-11-01 21:45 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsigna777baf458bf684c 2017-11-01 21:45 - 2017-11-01 21:45 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign68e2868035460a0d 2017-11-01 21:43 - 2017-11-01 21:43 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign4c5186645ce4ab35 2017-11-01 21:43 - 2017-11-01 21:43 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign1d929985ebe8afb7 2017-11-01 21:41 - 2017-11-01 21:41 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign764930dde4e101af 2017-11-01 21:41 - 2017-11-01 21:41 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign4a465012b2c367a4 2017-11-01 21:12 - 2017-11-01 21:12 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign0ef081163659ec30 2017-10-30 15:55 - 2017-10-30 15:55 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Valhalla DSP, LLC 2017-10-29 16:29 - 2017-10-29 16:29 - 006778146 _____ C:\Users\Luis Manuel\Downloads\PSP_SpringBox_1.0.0.exe 2017-10-29 16:29 - 2017-10-29 16:29 - 000000000 ____D C:\Program Files (x86)\PSPaudioware 2017-10-29 16:24 - 2017-10-29 16:25 - 000000000 ____D C:\Users\Luis Manuel\Downloads\SH-SpringReverb 2017-10-29 16:23 - 2017-10-29 16:23 - 000188175 _____ C:\Users\Luis Manuel\Downloads\SH-SpringReverb.zip 2017-10-29 16:09 - 2017-10-29 16:10 - 052765784 _____ (iZotope, Inc.) C:\Users\Luis Manuel\Downloads\iZotope_Vinyl_v1_80.exe 2017-10-29 16:04 - 2017-10-29 16:04 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsignef0dfd429fe586d1 2017-10-29 16:04 - 2017-10-29 16:04 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsigncc9428f0e2d2941b 2017-10-29 16:03 - 2017-10-29 16:03 - 003301509 _____ C:\Users\Luis Manuel\Downloads\teraflops123-10-29-18-01-12.zip 2017-10-25 17:10 - 2017-10-25 17:10 - 000000000 ____D C:\Users\Luis Manuel\Documents\Toontrack 2017-10-25 17:10 - 2017-10-25 17:10 - 000000000 ____D C:\ProgramData\Toontrack 2017-10-25 17:08 - 2017-10-25 17:08 - 000000000 ____D C:\Program Files\Common Files\DigiDesign 2017-10-25 17:08 - 2017-10-25 17:08 - 000000000 ____D C:\Program Files (x86)\Toontrack 2017-10-25 17:04 - 2017-10-25 17:04 - 000000000 ____D C:\Users\Luis Manuel\Downloads\Toontrack.Superior.Drummer.2.v2.4.1.Incl.Patch.and.Keygen-R2R 2017-10-25 16:49 - 2017-10-25 17:04 - 093174880 _____ C:\Users\Luis Manuel\Downloads\Toontrack.Superior.Drummer.2.v2.4.1.Incl.Patch.and.Keygen-R2R.rar 2017-10-25 16:31 - 2017-10-25 16:31 - 000001012 _____ C:\Users\Public\Desktop\µTorrent.lnk 2017-10-25 16:31 - 2017-10-25 16:31 - 000000000 ____D C:\Program Files (x86)\uTorrent 2017-10-25 16:30 - 2017-10-25 16:30 - 000129919 _____ C:\Users\Luis Manuel\Downloads\_=Demonoid_www.Demonoid.pw=_-LATEST_VST_PLUGGINS_MUSIC_PROGRAMS_VOL_50[PC_MAC].TORRENT 2017-10-25 16:21 - 2017-10-25 16:23 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\TunnelBear 2017-10-25 16:20 - 2017-10-25 16:23 - 000000000 ____D C:\Program Files (x86)\TunnelBear 2017-10-25 16:20 - 2017-10-25 16:20 - 000002028 _____ C:\Users\Public\Desktop\TunnelBear.lnk 2017-10-25 16:09 - 2017-10-25 16:17 - 065461936 _____ (TunnelBear) C:\Users\Luis Manuel\Downloads\TunnelBear-Installer.exe 2017-10-24 19:30 - 2017-10-24 19:30 - 002586416 _____ C:\Users\Luis Manuel\Downloads\Pryda snare.rar ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-22 15:37 - 2017-08-05 12:36 - 000000000 ____D C:\Users\Luis Manuel\Documents\Acapellas 2017-11-22 15:32 - 2017-10-07 09:57 - 000000033 _____ C:\Users\Luis Manuel\AppData\Roaming\AdobeWLCMCache.dat 2017-11-22 15:31 - 2017-08-10 17:41 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Tokyo Dawn Labs 2017-11-22 15:31 - 2017-08-10 17:07 - 000000000 ____D C:\ProgramData\ValhallaShimmer 2017-11-22 15:31 - 2017-08-03 23:51 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences 2017-11-22 15:31 - 2017-08-03 23:51 - 000000000 ____D C:\ProgramData\ValhallaRoom 2017-11-22 15:30 - 2017-08-25 15:32 - 000000000 ____D C:\Users\Luis Manuel\Documents\Addictive Keys Logs 2017-11-22 15:28 - 2017-08-03 23:07 - 000000000 ____D C:\Users\Luis Manuel\Documents\VST Plugins 2017-11-22 15:27 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF 2017-11-22 15:20 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness 2017-11-22 15:18 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps 2017-11-22 15:18 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization 2017-11-22 15:17 - 2017-10-02 17:15 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Adobe 2017-11-22 15:17 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\appcompat 2017-11-21 19:10 - 2017-09-29 05:46 - 000028672 _____ C:\Windows\System32\config\BCD-Template 2017-11-21 19:08 - 2017-10-02 17:51 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2017-11-21 19:08 - 2017-09-29 05:49 - 000000000 ____D C:\Windows\Setup 2017-11-21 19:08 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\WinBioDatabase 2017-11-21 19:08 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\spool 2017-11-21 19:08 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\NDF 2017-11-21 19:08 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports 2017-11-21 19:08 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-11-21 19:08 - 2017-03-18 13:03 - 000000000 ___HD C:\Windows\System32\GroupPolicy 2017-11-21 19:08 - 2017-03-18 13:03 - 000000000 ____D C:\Windows\System32\Tasks_Migrated 2017-11-21 18:56 - 2017-09-29 05:46 - 000000000 ___RD C:\Windows\PrintDialog 2017-11-21 18:43 - 2017-08-03 20:18 - 000000000 ___RD C:\Users\Luis Manuel\OneDrive 2017-11-21 18:40 - 2017-09-30 07:31 - 000000000 ___RD C:\Users\Luis Manuel\3D Objects 2017-11-21 18:40 - 2017-08-03 20:15 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-11-21 18:40 - 2017-08-03 20:15 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\TileDataLayer 2017-11-21 18:31 - 2017-08-25 15:30 - 000000398 __RSH C:\ProgramData\ntuser.pol 2017-11-21 18:30 - 2017-09-29 00:45 - 000032768 _____ C:\Windows\System32\config\ELAM 2017-11-21 18:29 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\Registration 2017-11-21 18:28 - 2017-09-29 05:46 - 000000000 __RHD C:\Users\Public\Libraries 2017-11-21 18:27 - 2017-08-03 22:09 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-21 18:23 - 2017-09-29 00:45 - 000524288 _____ C:\Windows\System32\config\BBI 2017-11-21 18:23 - 2017-08-03 20:28 - 000065536 _____ C:\Windows\System32\spu_storage.bin 2017-11-21 18:22 - 2017-09-29 05:46 - 000000000 ____D C:\ProgramData\USOPrivate 2017-11-21 18:17 - 2017-09-29 05:46 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2017-11-21 18:14 - 2017-08-03 20:29 - 000000000 ____D C:\Program Files (x86)\AMD 2017-11-21 18:14 - 2017-08-03 20:28 - 000000000 ____D C:\Program Files\AMD 2017-11-21 18:13 - 2017-09-29 00:45 - 000000000 ____D C:\Windows\System32\Sysprep 2017-11-21 18:13 - 2017-08-03 21:50 - 000000000 ____D C:\Windows\SysWOW64\RTCOM 2017-11-21 18:13 - 2017-08-03 21:50 - 000000000 ____D C:\Windows\System32\DAX2 2017-11-21 18:12 - 2017-08-03 20:28 - 000000000 ____D C:\AMD 2017-11-20 21:03 - 2017-08-03 22:18 - 000000000 ____D C:\Program Files (x86)\Steam 2017-11-20 20:12 - 2017-08-03 21:50 - 000000000 ____D C:\Program Files\Realtek 2017-11-20 20:12 - 2017-08-03 20:28 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\yo-NG 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\wo-SN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\vi-VN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ur-PK 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ug-CN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\tt-RU 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\tk-TM 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ti-ET 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\te-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ta-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\sw-KE 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\sq-AL 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\si-LK 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\rw-RW 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\quz-PE 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\prs-AF 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\pa-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\or-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\nn-NO 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ne-NP 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\mt-MT 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\mr-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\mn-MN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ml-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\mk-MK 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\lo-LA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\lb-LU 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ky-KG 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\kok-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\kn-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\km-KH 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ka-GE 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\is-IS 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ig-NG 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\id-ID 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\hy-AM 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\gu-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\gd-GB 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ga-IE 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\fil-PH 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\fa-IR 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\cy-GB 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\bn-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\bn-BD 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\be-BY 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\as-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\am-ET 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\SysWOW64\af-ZA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\zu-ZA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\yo-NG 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\xh-ZA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\wo-SN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\vi-VN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\uz-Latn-UZ 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ur-PK 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ug-CN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\tt-RU 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\tn-ZA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\tk-TM 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ti-ET 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\tg-Cyrl-TJ 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\te-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ta-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\sw-KE 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\sr-Cyrl-RS 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\sr-Cyrl-BA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\sq-AL 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\si-LK 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\sd-Arab-PK 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\rw-RW 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\quz-PE 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\quc-Latn-GT 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\prs-AF 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\pa-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\pa-Arab-PK 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\or-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\nso-ZA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\nn-NO 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ne-NP 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\mt-MT 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\mr-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\mn-MN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ml-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\mk-MK 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\mi-NZ 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\lo-LA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\lb-LU 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ky-KG 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ku-Arab-IQ 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\kok-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\kn-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\km-KH 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\kk-KZ 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ka-GE 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\is-IS 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ig-NG 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\id-ID 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\hy-AM 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ha-Latn-NG 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\gu-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\gd-GB 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ga-IE 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\fil-PH 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\fa-IR 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\cy-GB 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\chr-CHER-US 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\ca-ES-valencia 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\bs-Latn-BA 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\bn-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\bn-BD 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\be-BY 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\az-Latn-AZ 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\as-IN 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\am-ET 2017-11-20 20:06 - 2017-09-29 06:41 - 000000000 ____D C:\Windows\System32\af-ZA 2017-11-20 20:06 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\SysWOW64\F12 2017-11-20 20:06 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\System32\F12 2017-11-20 20:06 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\TextInput 2017-11-20 20:06 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\Dism 2017-11-20 20:06 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\WinBioPlugIns 2017-11-20 20:06 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\appraiser 2017-11-20 20:06 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp 2017-11-20 20:06 - 2017-09-29 00:45 - 000000000 ____D C:\Windows\System32\Dism 2017-11-20 17:41 - 2017-08-03 23:08 - 000000000 ____D C:\Users\Luis Manuel\Documents\Samples 2017-11-20 16:47 - 2017-08-03 20:38 - 000545440 _____ (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2017-11-19 13:33 - 2017-08-03 22:22 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\SquirrelTemp 2017-11-18 19:19 - 2017-08-25 15:28 - 000000000 ____D C:\ProgramData\Ableton 2017-11-18 19:14 - 2017-08-25 15:31 - 000000000 ____D C:\Users\Luis Manuel\Documents\Ableton 2017-11-18 19:14 - 2017-08-25 15:30 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Ableton 2017-11-18 13:15 - 2017-08-04 14:14 - 000000000 ____D C:\Users\Luis Manuel\Documents\Thngs To Sample 2017-11-16 16:30 - 2017-08-03 20:35 - 000000000 ____D C:\Windows\System32\MRT 2017-11-16 16:25 - 2017-10-10 10:18 - 127017032 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe 2017-11-16 16:25 - 2017-08-03 20:35 - 127017032 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe 2017-11-14 22:03 - 2017-08-13 21:55 - 000000000 ____D C:\Users\Luis Manuel\Documents\Cover Art 2017-11-11 11:14 - 2017-10-02 17:51 - 000000000 ___RD C:\Users\Luis Manuel\Creative Cloud Files 2017-11-10 19:48 - 2017-08-03 20:29 - 000000000 ____D C:\ProgramData\Package Cache 2017-11-08 19:36 - 2017-08-31 17:41 - 000000000 ____D C:\Users\Luis Manuel\Desktop\SOME MEH MUSCI 2017-11-05 16:24 - 2017-10-22 12:35 - 000000000 ____D C:\Users\Luis Manuel\Documents\TOTAALLY LEGAAL VDSST 2017-11-02 15:56 - 2017-08-21 16:56 - 000000000 ____D C:\Users\Luis Manuel\Downloads\Tristam & Braken Flight Remake 2017-11-01 23:00 - 2017-10-02 17:50 - 000000000 ____D C:\Users\Luis Manuel\Documents\Adobe 2017-10-31 16:37 - 2017-08-03 23:53 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Splice 2017-10-31 16:37 - 2017-08-03 22:22 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\SpliceSettings 2017-10-31 16:09 - 2017-08-03 22:22 - 000000000 ____D C:\Users\Luis Manuel\Documents\Splice 2017-10-29 16:18 - 2017-10-22 10:47 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\iZotope 2017-10-29 16:14 - 2017-10-22 10:11 - 000000000 ____D C:\Program Files (x86)\iZotope 2017-10-25 17:08 - 2017-08-03 23:04 - 000000000 ____D C:\Program Files\Common Files\VST2 2017-10-25 16:40 - 2017-10-07 10:39 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\uTorrent Some files in TEMP: ==================== 2009-10-26 16:20 - 2009-10-26 16:20 - 029044736 _____ (Antares Audio Technologies) C:\Users\Luis Manuel\AppData\Local\Temp\Auto-Tune_evo.exe 2011-07-31 22:09 - 2011-07-31 22:09 - 001945460 _____ () C:\Users\Luis Manuel\AppData\Local\Temp\mscorsvw.exe ==================== Known DLLs (Whitelisted) ========================= ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\dnsapi.dll => MD5 is legit C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Association (Whitelisted) ============= ==================== Restore Points ========================= Restore point date: 2017-11-22 15:27 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8130.06 MB Available physical RAM: 7221.82 MB Total Virtual: 8130.06 MB Available Virtual: 7256.21 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:931.02 GB) (Free:459.51 GB) NTFS Drive d: (My Passport) (Fixed) (Total:931.48 GB) (Free:327.83 GB) NTFS Drive e: (ESD-USB) (Removable) (Total:29.87 GB) (Free:29.87 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS Drive y: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.1 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 068EF095) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F) Partition: GPT. ======================================================== Disk: 2 (MBR Code: Windows 7 or 8) (Size: 29.9 GB) (Disk ID: E7CC5E0C) Partition 1: (Active) - (Size=29.9 GB) - (Type=0C) LastRegBack: 2017-11-21 18:11 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2017 ID:1186034 Share Posted November 23, 2017 Thanks for the log, continue: Save the attached file fixlist.txt to your flash drive, same place as FRST. Now please enter System Recovery Options as you did to get the log. Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Re-boot, does windows load normally..? fixlist.txt Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1186037 Share Posted November 23, 2017 Fix result of Farbar Recovery Scan Tool (x64) Version: 22-11-2017 Ran by SYSTEM (23-11-2017 13:50:24) Run:1 Running from E:\ Boot Mode: Recovery ============================================== fixlist content: ***************** Start HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\rstrui.exe [266752 2017-09-29] (Microsoft Corporation) GroupPolicy: Restriction <==== ATTENTION S0 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [253880 2017-11-21] (Malwarebytes) 2017-11-22 15:26 - 2017-11-22 15:26 - 000121357 _____ C:\Windows\SysWOW64\5f53fa28.exe 2017-11-22 15:26 - 2017-11-22 15:26 - 000039553 _____ C:\Windows\SysWOW64\.exe 2017-11-11 17:11 - 2017-11-11 17:11 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign25695e87254eca39 2017-11-11 17:09 - 2017-11-11 17:09 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsignf86db2203143031c 2017-11-11 17:09 - 2017-11-11 17:09 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsigne18f044c84855189 2017-11-11 17:09 - 2017-11-11 17:09 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsignc18db6eedb22f75b 2017-11-04 17:28 - 2017-11-04 17:28 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsigna7253fa38680e902 2017-11-04 17:28 - 2017-11-04 17:28 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign4a0a28d02e269bf2 2017-11-04 17:28 - 2017-11-04 17:28 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign16ad2b554eecae30 2017-11-04 17:27 - 2017-11-04 17:27 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign35218cff3ac92598 2017-11-04 17:27 - 2017-11-04 17:27 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign10a0c072419d412d 2017-11-02 14:29 - 2017-11-02 14:29 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign89acd24f8c01c0ed 2017-11-02 06:20 - 2017-11-02 06:20 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign7db47e64137cffb2 2017-11-01 23:00 - 2017-11-01 23:00 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsignbc112cbd10cd0526 2017-11-01 23:00 - 2017-11-01 23:00 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign4c8ecf2b9c6d8881 2017-11-01 23:00 - 2017-11-01 23:00 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign30fbdd156e0e0344 2017-11-01 22:59 - 2017-11-01 22:59 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsigne43128575e49535e 2017-11-01 22:54 - 2017-11-01 22:54 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsigna1b2587272016a95 2017-11-01 22:54 - 2017-11-01 22:54 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign867cdd17271a6419 2017-11-01 22:44 - 2017-11-01 22:44 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign39e874591dabbf0f 2017-11-01 21:45 - 2017-11-01 21:45 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsigna777baf458bf684c 2017-11-01 21:45 - 2017-11-01 21:45 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign68e2868035460a0d 2017-11-01 21:43 - 2017-11-01 21:43 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign4c5186645ce4ab35 2017-11-01 21:43 - 2017-11-01 21:43 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign1d929985ebe8afb7 2017-11-01 21:41 - 2017-11-01 21:41 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign764930dde4e101af 2017-11-01 21:41 - 2017-11-01 21:41 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign4a465012b2c367a4 2017-11-01 21:12 - 2017-11-01 21:12 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsign0ef081163659ec30 end ***************** HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\*Restore => value removed successfully C:\Windows\System32\GroupPolicy\Machine => moved successfully C:\Windows\System32\GroupPolicy\GPT.ini => moved successfully HKLM\System\ControlSet001\Services\MBAMSwissArmy => key removed successfully MBAMSwissArmy => service removed successfully C:\Windows\SysWOW64\5f53fa28.exe => moved successfully C:\Windows\SysWOW64\.exe => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign25695e87254eca39 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsignf86db2203143031c => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsigne18f044c84855189 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsignc18db6eedb22f75b => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsigna7253fa38680e902 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign4a0a28d02e269bf2 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign16ad2b554eecae30 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign35218cff3ac92598 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign10a0c072419d412d => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign89acd24f8c01c0ed => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign7db47e64137cffb2 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsignbc112cbd10cd0526 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign4c8ecf2b9c6d8881 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign30fbdd156e0e0344 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsigne43128575e49535e => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsigna1b2587272016a95 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign867cdd17271a6419 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign39e874591dabbf0f => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsigna777baf458bf684c => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign68e2868035460a0d => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign4c5186645ce4ab35 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign1d929985ebe8afb7 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign764930dde4e101af => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign4a465012b2c367a4 => moved successfully C:\Users\Luis Manuel\AppData\Local\Tempzxpsign0ef081163659ec30 => moved successfully ==== End of Fixlog 13:50:25 ==== Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1186038 Share Posted November 23, 2017 Holy Jesus it boots normally. Thank you. Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2017 ID:1186044 Share Posted November 23, 2017 We now need to fix Malwarebytes, continue please: Totally Remove Malwarebytes from your system: Download the latest version of Malwarebytes cleanup tool from here: https://downloads.malwarebytes.com/file/mb_clean and save to your Desktop.. If applicable, backup your Malwarebytes license key information and deactivate the product. Close all open applications and deactivate Malwarebytes <---- Very important, do not miss that step To deactivate Malwarebytes: Right click on tray icon, from the opened list select "Quit Malwarebytes" an UAC alert will open, select "Yes" to deactivate Malwarebytes... Double-click mb-clean.exe to run it A prompt to confirm the cleanup will appear, select Yes or No Yes - will proceed with the cleanup process <---- Select this option to start the tool No - will exit the utility The Utility will launch a Command Prompt window which will disappear once the the cleanup process completes. Once completed, a log file ("mb-cleanresult.txt") will be on your desktop and you'll be prompted to reboot We recommend an immediate reboot <--- Do Not miss out this step Suppressing the reboot may result in an incomplete cleanup Upon reboot Malwarebytes will be totally removed from your system To re-install Malwarebytes: Download Malwarebytes version 3 from the following link:https://www.malwarebytes.com/mwb-download/thankyou/ Double click on the installer and follow the prompts. If necessary select the Blue Help tab for video instructions.... When the install completes and is updated do the following: Open Malwarebytes, select > "settings" > "protection tab" Scroll down to "Scan Options" ensure Scan for Rootkits and Scan within Archives are both on.... Go back to "DashBoard" select the Blue "Scan Now" tab...... When the scan completes deal with any found entries... Then select "Export Summary" then "Text File (*.txt)" name that log and save , you can copy or attach that to your reply... Let me see that log in your reply, also tell me if there are any remaining issues or concerns... Thank you, Kevin.. Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1186051 Share Posted November 23, 2017 Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 11/23/17 Scan Time: 2:29 PM Log File: 58efdfd8-d095-11e7-b782-7085c205b301.json Administrator: Yes -Software Information- Version: 3.3.1.2183 Components Version: 1.0.236 Update Package Version: 1.0.3334 License: Trial -System Information- OS: Windows 10 (Build 16299.64) CPU: x64 File System: NTFS User: DESKTOP-H309FG8\Luis Manuel -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 387973 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 9 min, 23 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 2 Adware.EZula, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B33EE05E-0E9F-5672-5AC7-4FEDAC3DBF5C}, Quarantined, [6427], [167530],1.0.3334 Adware.EZula, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{b33ee05e-0e9f-5672-5ac7-4fedac3dbf5c}, Quarantined, [6427], [167530],1.0.3334 Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 0 (No malicious items detected) Physical Sector: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1186052 Share Posted November 23, 2017 I do not seem to have anymore issues. Thank you Kevin. Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2017 ID:1186053 Share Posted November 23, 2017 Thanks for that log and update, continue and run FRST from normal mode, lets see if there is any malware or infection remnants remaining... Download Farbar Recovery Scan Tool and save it to your desktop. Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.htmlNote: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version. If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way... Be aware FRST must be run from an account with Administrator status... Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.) Make sure Addition.txt is checkmarked under "Optional scans" Press Scan button to run the tool.... It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply. The tool will also make a log named (Addition.txt) Please attach that log to your reply. Thanks, Kevin... Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1186054 Share Posted November 23, 2017 Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2017 Ran by Luis Manuel (administrator) on DESKTOP-H309FG8 (23-11-2017 14:54:07) Running from C:\Users\Luis Manuel\Desktop Loaded Profiles: Luis Manuel (Available Profiles: Luis Manuel) Platform: Windows 10 Pro Version 1709 16299.64 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (Avid Technology, Inc.) C:\Program Files\Avid\Pro Tools First\MMERefresh.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (PACE Anti-Piracy, Inc.) C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (Media Gobbler, Inc) C:\Program Files (x86)\Media Gobbler, Inc\Downstream Proxy\downstreamproxyservice.exe (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe () C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.8.487.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe (Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\Hub.exe (Avid Technology, Inc.) C:\Program Files\Avid\Cloud Client Services\TransportClient.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) "Path" (%INTEL_DEV_REDIST%redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ -> %INTEL_DEV_REDIST%redist\intel64\compiler;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SystemRoot%\System32\WindowsPowerShell\v1.0;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\) <==== Repaired successfully HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2017-08-03] (Realtek Semiconductor) HKLM\...\Run: [DigidesignMMERefresh] => C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [117760 2017-08-17] (Avid Technology, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2407008 2017-09-20] (Adobe Systems Incorporated) HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-08-04] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1767816 2016-08-05] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1953688 2016-08-05] (Western Digital Technologies, Inc.) HKU\S-1-5-21-130153917-2291690430-3822783157-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3102496 2017-10-30] (Valve Corporation) HKU\S-1-5-21-130153917-2291690430-3822783157-1001\...\Run: [GobblerTray] => C:\Program Files (x86)\Media Gobbler, Inc\User Agent\GobblerTray.exe [1520664 2017-06-09] (Media Gobbler, Inc) HKU\S-1-5-21-130153917-2291690430-3822783157-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [15671472 2017-08-23] (NordVPN) HKU\S-1-5-21-130153917-2291690430-3822783157-1001\...\Run: [Discord] => C:\Users\Luis Manuel\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Avid Application Manager.lnk [2017-09-18] ShortcutTarget: Avid Application Manager.lnk -> C:\Program Files\Avid\Application Manager\AvidApplicationManager.exe (Avid Technology, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{21AA6893-3A93-47CF-AF3A-FBD024DC80DB}: [NameServer] 1.2.3.4 Tcpip\..\Interfaces\{3e9cf5ec-654f-4b25-99e4-d30776ae8c98}: [DhcpNameServer] 172.18.10.1 Tcpip\..\Interfaces\{950fea92-c466-4641-bdb1-393cbcbb5a7c}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-09-10] (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-10] (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll [2017-09-10] (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-09-10] (Oracle Corporation) FireFox: ======== FF DefaultProfile: 1lwkhpyl.default FF ProfilePath: C:\Users\Luis Manuel\AppData\Roaming\Mozilla\Firefox\Profiles\1lwkhpyl.default [2017-09-18] FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-10] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-10] (Oracle Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-09-20] (Adobe Systems) FF Plugin-x32: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-09-10] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files (x86)\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-09-10] (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-15] (Google Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-09-20] (Adobe Systems) Chrome: ======= CHR Profile: C:\Users\Luis Manuel\AppData\Local\Google\Chrome\User Data\Default [2017-11-23] CHR Extension: (Slides) - C:\Users\Luis Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-12] CHR Extension: (Docs) - C:\Users\Luis Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-12] CHR Extension: (Google Drive) - C:\Users\Luis Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-03] CHR Extension: (YouTube) - C:\Users\Luis Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-03] CHR Extension: (Sheets) - C:\Users\Luis Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-12] CHR Extension: (Google Docs Offline) - C:\Users\Luis Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\Luis Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-21] CHR Extension: (Gmail) - C:\Users\Luis Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-03] CHR Extension: (Chrome Media Router) - C:\Users\Luis Manuel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-11-16] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [817760 2017-09-20] (Adobe Systems Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2257016 2017-08-23] (Adobe Systems, Incorporated) R2 AvidHubService; C:\Program Files\Avid\Cloud Client Services\Hub.exe [2249992 2017-05-23] (Avid Technology, Inc.) R2 AvidTransportClient; C:\Program Files\Avid\Cloud Client Services\TransportClient.exe [6663944 2017-05-23] (Avid Technology, Inc.) R2 DigiRefresh; C:\Program Files\Avid\Pro Tools First\MMERefresh.exe [117760 2017-08-17] (Avid Technology, Inc.) [File not signed] S3 digiSPTIService64; C:\Program Files\Avid\Pro Tools First\digisptiservice64.exe [197632 2017-08-17] (Avid Technology, Inc.) [File not signed] R2 gobblerproxy; C:\Program Files (x86)\Media Gobbler, Inc\Downstream Proxy\downstreamproxyservice.exe [15872 2017-06-09] (Media Gobbler, Inc) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6234056 2017-11-01] (Malwarebytes) S2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [417456 2017-08-23] () S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2120032 2017-09-25] (Electronic Arts) S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [3000168 2017-09-25] (Electronic Arts) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4297920 2017-09-29] (Microsoft Corporation) R2 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TunnelBear.Maintenance.exe [37248 2017-09-06] () R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation) S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B} S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD} ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [49448 2016-08-18] (Advanced Micro Devices, Inc.) R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmdag.sys [38774688 2017-10-13] (Advanced Micro Devices, Inc.) R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0318486.inf_amd64_11ba0b4b7cc81d52\atikmpag.sys [549792 2017-10-13] (Advanced Micro Devices, Inc.) R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [110088 2017-04-26] (Advanced Micro Devices) S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-10-22] (Disc Soft Ltd) S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-10-22] (Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77432 2017-11-01] () R3 FocusriteUSB; C:\WINDOWS\System32\drivers\FocusriteUSB.sys [96424 2017-06-08] (Focusrite Audio Engineering Ltd.) R3 FocusriteUSBAudio; C:\WINDOWS\system32\drivers\FocusriteUSBAudio.sys [54440 2017-06-08] (Focusrite Audio Engineering Ltd.) R3 FocusriteUSBSwRoot; C:\WINDOWS\System32\drivers\FocusriteUSBSwRoot.sys [97960 2017-06-08] (Focusrite Audio Engineering Ltd.) R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193464 2017-11-23] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [110016 2017-11-23] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [46008 2017-11-23] (Malwarebytes) R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253880 2017-11-23] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [94144 2017-11-23] (Malwarebytes) R3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2017-09-29] (MediaTek Inc.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek ) R3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2017-09-06] (The OpenVPN Project) R3 tapibvpn; C:\WINDOWS\System32\drivers\tapibvpn.sys [35200 2017-09-19] (The OpenVPN Project) R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-26] (The OpenVPN Project) R0 Tpkd; C:\Windows\System32\Drivers\Tpkd.sys [103272 2009-05-21] (PACE Anti-Piracy, Inc.) [File not signed] S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation) R3 wovad_micarray; C:\WINDOWS\system32\drivers\womic.sys [37984 2017-05-21] (Windows (R) Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-23 14:54 - 2017-11-23 14:54 - 000016354 _____ C:\Users\Luis Manuel\Desktop\FRST.txt 2017-11-23 14:53 - 2017-11-23 14:53 - 002393088 _____ (Farbar) C:\Users\Luis Manuel\Desktop\FRST64.exe 2017-11-23 14:42 - 2017-11-23 14:42 - 000001425 _____ C:\Users\Luis Manuel\Desktop\Malwarebytes Summary.txt 2017-11-23 14:28 - 2017-11-23 14:40 - 000110016 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2017-11-23 14:28 - 2017-11-23 14:40 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2017-11-23 14:28 - 2017-11-23 14:40 - 000046008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2017-11-23 14:28 - 2017-11-23 14:28 - 000253880 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2017-11-23 14:28 - 2017-11-23 14:28 - 000193464 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2017-11-23 14:28 - 2017-11-23 14:28 - 000001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2017-11-23 14:28 - 2017-11-23 14:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2017-11-23 14:28 - 2017-11-23 14:28 - 000000000 ____D C:\ProgramData\Malwarebytes 2017-11-23 14:28 - 2017-11-01 08:54 - 000077432 _____ C:\WINDOWS\system32\Drivers\mbae64.sys 2017-11-23 14:27 - 2017-11-23 14:28 - 078346672 _____ (Malwarebytes ) C:\Users\Luis Manuel\Downloads\mb3-setup-consumer-3.3.1.2183.exe 2017-11-23 14:22 - 2017-11-23 14:26 - 000102937 _____ C:\Users\Luis Manuel\Desktop\mb-clean-results.txt 2017-11-23 14:20 - 2017-11-23 14:20 - 000863696 _____ (Malwarebytes) C:\Users\Luis Manuel\Desktop\mb-clean-3.1.0.1031.exe 2017-11-23 11:05 - 2017-11-23 14:54 - 000000000 ____D C:\FRST 2017-11-22 16:58 - 2017-11-22 16:58 - 000002162 _____ C:\Users\Luis Manuel\Desktop\maaware.txt 2017-11-22 16:36 - 2017-11-22 16:36 - 016207358 _____ C:\Users\Luis Manuel\Downloads\Selena Gomez & Marshmello - Wolves (Acapella).zip 2017-11-22 16:28 - 2017-11-22 16:28 - 000000000 ____D C:\Program Files (x86)\InterLok 2017-11-22 16:24 - 2017-11-22 16:24 - 010645333 _____ C:\Users\Luis Manuel\Downloads\DC1A2-win.zip 2017-11-22 16:19 - 2017-11-22 16:19 - 000915327 _____ C:\Users\Luis Manuel\Downloads\the_fish_fillets_v1_1.zip 2017-11-22 16:19 - 2017-11-22 16:19 - 000000000 ____D C:\Users\Luis Manuel\Downloads\the_fish_fillets_v1_1 2017-11-21 20:08 - 2017-11-21 19:31 - 000000000 ____D C:\Windows.old 2017-11-21 19:42 - 2017-11-21 19:42 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2017-11-21 19:41 - 2017-11-21 19:41 - 000000000 ___HD C:\Users\Luis Manuel\MicrosoftEdgeBackups 2017-11-21 19:39 - 2017-11-21 19:39 - 000000020 ___SH C:\Users\Luis Manuel\ntuser.ini 2017-11-21 19:29 - 2017-11-23 14:45 - 000939208 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-11-21 19:29 - 2017-11-21 19:30 - 000007623 _____ C:\WINDOWS\diagwrn.xml 2017-11-21 19:29 - 2017-11-21 19:30 - 000007623 _____ C:\WINDOWS\diagerr.xml 2017-11-21 19:29 - 2017-11-21 19:29 - 000027184 _____ C:\WINDOWS\system32\emptyregdb.dat 2017-11-21 19:28 - 2017-11-23 14:40 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-11-21 19:28 - 2017-11-21 19:43 - 000003388 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-130153917-2291690430-3822783157-1001 2017-11-21 19:28 - 2017-11-21 19:29 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2017-11-21 19:28 - 2017-11-21 19:29 - 000002784 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-DESKTOP-H309FG8-Luis Manuel 2017-11-21 19:28 - 2017-11-21 19:29 - 000002384 _____ C:\WINDOWS\System32\Tasks\ibVPN-NewService 2017-11-21 19:28 - 2017-11-21 19:28 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2017-11-21 19:28 - 2017-11-21 19:28 - 000002146 _____ C:\WINDOWS\System32\Tasks\StartCN 2017-11-21 19:22 - 2017-11-21 19:22 - 000000000 ____D C:\ProgramData\USOShared 2017-11-21 19:17 - 2017-11-21 19:17 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2017-11-21 19:15 - 2017-11-23 13:58 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Packages 2017-11-21 19:14 - 2017-11-21 19:41 - 000000000 ____D C:\Users\Luis Manuel 2017-11-21 19:14 - 2017-11-21 19:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings 2017-11-21 19:14 - 2017-09-29 06:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2017-11-21 19:11 - 2017-11-23 14:15 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2017-11-21 19:11 - 2017-11-21 19:23 - 000261464 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-11-20 21:12 - 2017-11-21 20:08 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate 2017-11-20 21:08 - 2017-11-20 21:12 - 000000000 ____D C:\WINDOWS\ServiceProfiles 2017-11-20 21:06 - 2017-11-20 21:06 - 000000000 ____D C:\WINDOWS\containers 2017-11-20 21:04 - 2017-11-20 21:04 - 013655552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 012687360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 006791472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 006015200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 004648528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 004487968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll 2017-11-20 21:04 - 2017-11-20 21:04 - 000422912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2017-11-20 21:04 - 2017-11-20 21:04 - 000285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 025246208 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 023658496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 021753344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 019339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 018914304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 017083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 008590744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2017-11-20 21:03 - 2017-11-20 21:03 - 008099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 007831248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 006035968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 005906264 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 004742144 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 003679232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 003313968 _____ C:\WINDOWS\system32\Windows.Mirage.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 002972672 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 002905600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 002869248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 002862080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 002781696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 002573208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 002474584 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 002467840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 002400664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 002392576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 002106368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001856000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001667584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001615720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001587200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001485824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001436432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001426152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001322496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001200024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2017-11-20 21:03 - 2017-11-20 21:03 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 001053592 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2017-11-20 21:03 - 2017-11-20 21:03 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe 2017-11-20 21:03 - 2017-11-20 21:03 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000839928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2017-11-20 21:03 - 2017-11-20 21:03 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000710920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2017-11-20 21:03 - 2017-11-20 21:03 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000612760 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000610712 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2017-11-20 21:03 - 2017-11-20 21:03 - 000599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2017-11-20 21:03 - 2017-11-20 21:03 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000465408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000464416 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe 2017-11-20 21:03 - 2017-11-20 21:03 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe 2017-11-20 21:03 - 2017-11-20 21:03 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000232344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe 2017-11-20 21:03 - 2017-11-20 21:03 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe 2017-11-20 21:03 - 2017-11-20 21:03 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe 2017-11-20 21:03 - 2017-11-20 21:03 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys 2017-11-20 21:03 - 2017-11-20 21:03 - 000028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2017-11-20 21:03 - 2017-11-20 21:03 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2017-11-20 20:51 - 2017-11-20 20:51 - 000000000 ____D C:\Program Files\Reference Assemblies 2017-11-20 20:51 - 2017-11-20 20:51 - 000000000 ____D C:\Program Files\MSBuild 2017-11-20 20:51 - 2017-11-20 20:51 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies 2017-11-20 20:51 - 2017-11-20 20:51 - 000000000 ____D C:\Program Files (x86)\MSBuild 2017-11-20 20:50 - 2017-11-20 20:50 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2017-11-20 20:50 - 2017-11-20 20:50 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2017-11-20 20:50 - 2017-11-20 20:50 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2017-11-20 20:50 - 2017-11-20 20:50 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2017-11-20 20:50 - 2017-11-20 20:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2017-11-20 20:50 - 2017-11-20 20:50 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2017-11-20 20:38 - 2017-11-20 20:38 - 000008192 _____ C:\WINDOWS\system32\config\userdiff 2017-11-20 18:31 - 2017-11-20 18:38 - 255251817 _____ C:\Users\Luis Manuel\Downloads\GSR_Progressive House Sample Pack.zip 2017-11-20 18:22 - 2017-11-20 18:41 - 105917464 _____ C:\Users\Luis Manuel\Downloads\WAProd_FREE_Progressive_House_drums2.zip 2017-11-20 18:16 - 2017-11-21 19:40 - 000000000 ___DC C:\WINDOWS\Panther 2017-11-19 14:33 - 2017-11-21 19:16 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc 2017-11-19 14:33 - 2017-11-19 14:36 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\discord 2017-11-19 14:33 - 2017-11-19 14:33 - 000002263 _____ C:\Users\Luis Manuel\Desktop\Discord.lnk 2017-11-19 14:33 - 2017-11-19 14:33 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Discord 2017-11-19 14:26 - 2017-11-19 14:29 - 054332920 _____ (Discord Inc.) C:\Users\Luis Manuel\Downloads\DiscordSetup.exe 2017-11-19 11:59 - 2017-11-19 12:04 - 208932840 _____ C:\Users\Luis Manuel\Downloads\WONDAFUL TIME Drum Kit.zip 2017-11-19 11:59 - 2017-11-19 12:02 - 072068436 _____ C:\Users\Luis Manuel\Downloads\MONEYBAGS XXX KIT.zip 2017-11-17 17:10 - 2017-11-17 17:10 - 016016498 _____ C:\Users\Luis Manuel\Downloads\glo kit-20171118T000959Z-001.zip 2017-11-17 17:06 - 2017-11-17 17:13 - 096542605 _____ C:\Users\Luis Manuel\Downloads\SAMPLEPHONICS TUBE DRUMS.zip 2017-11-14 18:23 - 2017-11-14 18:23 - 000802790 _____ C:\Users\Luis Manuel\Downloads\FUTURE BASS SYLENTH & MASSIVE & SERUM & HARMOR PACK.zip 2017-11-11 18:28 - 2017-11-11 18:28 - 000252105 _____ C:\Users\Luis Manuel\Downloads\Pimonrat Modern.zip 2017-11-11 11:47 - 2017-11-11 12:16 - 000000000 ____D C:\Users\Luis Manuel\Desktop\Sims 4 cc 2017-11-11 10:48 - 2017-11-11 10:48 - 007829624 _____ C:\Users\Luis Manuel\Downloads\B-L-S_NuDread.zip 2017-11-11 10:34 - 2017-11-11 10:34 - 007773885 _____ C:\Users\Luis Manuel\Downloads\Ebonix_Balenciagas.zip 2017-11-11 10:33 - 2017-11-11 10:33 - 002098341 _____ C:\Users\Luis Manuel\Downloads\BLS_Addidas Runners.zip 2017-11-11 10:33 - 2017-11-11 10:33 - 001595086 _____ C:\Users\Luis Manuel\Downloads\1345108.zip 2017-11-11 10:31 - 2017-11-11 10:31 - 003626051 _____ C:\Users\Luis Manuel\Downloads\Male shoe pack.rar 2017-11-11 10:29 - 2017-11-11 10:29 - 000617727 _____ C:\Users\Luis Manuel\Downloads\KK_oryulessTattoo.zip 2017-11-11 10:28 - 2017-11-11 10:28 - 001404635 _____ C:\Users\Luis Manuel\Downloads\TS4_KK_TShirts_7Set_male.zip 2017-11-11 10:28 - 2017-11-11 10:28 - 000249778 _____ C:\Users\Luis Manuel\Downloads\KK_Scribble_Tattoo.zip 2017-11-11 10:27 - 2017-11-11 10:27 - 004490314 _____ C:\Users\Luis Manuel\Downloads\KK_Layered_Shirts_13set_male_TS4.zip 2017-11-11 10:27 - 2017-11-11 10:27 - 003656078 _____ C:\Users\Luis Manuel\Downloads\KK_Loosefit_T_Shirts_10set_male_TS4.zip 2017-11-11 10:26 - 2017-11-11 10:27 - 003729383 _____ C:\Users\Luis Manuel\Downloads\KK_Baggy_Cropped_Pants_male_10set_ts4_Line(Fix).zip 2017-11-11 10:21 - 2017-11-11 10:21 - 000816718 _____ C:\Users\Luis Manuel\Downloads\B-L-S_AM_Sag-Jeans.zip 2017-11-11 10:04 - 2017-11-11 10:04 - 002993542 _____ C:\Users\Luis Manuel\Downloads\[seze]jacket05.zip 2017-11-11 09:48 - 2017-11-11 09:48 - 007018459 _____ C:\Users\Luis Manuel\Downloads\Ebonix_AM_LituationTopKit.zip 2017-11-11 09:46 - 2017-11-11 09:46 - 003763538 _____ C:\Users\Luis Manuel\Downloads\Ebonix_YayaMessyTopBunDreads.zip 2017-11-11 09:38 - 2017-11-11 09:38 - 000007176 _____ C:\Users\Luis Manuel\Downloads\MTS_HotDawg_1728359_Edgy.7z 2017-11-10 20:54 - 2017-11-10 20:54 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\PACE 2017-11-10 20:48 - 2017-11-10 20:49 - 000000000 ____D C:\Program Files (x86)\AIR Music Technology 2017-11-10 20:46 - 2017-11-10 20:47 - 000000000 ____D C:\Users\Luis Manuel\Downloads\Xpand!2_2.2.7_Setup 2017-11-10 20:24 - 2017-11-10 20:46 - 1446587107 _____ C:\Users\Luis Manuel\Downloads\Xpand!2_2.2.7_Setup.zip 2017-11-09 17:34 - 2017-11-09 17:34 - 000000000 ____D C:\ProgramData\MB3CoreBackup 2017-11-08 20:31 - 2017-11-08 20:31 - 027572518 _____ C:\Users\Luis Manuel\Desktop\XXXTENTACION - Jocylen Flores remakeprweviwe.wav 2017-11-07 17:11 - 2017-11-07 17:11 - 035806982 _____ C:\Users\Luis Manuel\Desktop\winter of youtyh.wav 2017-11-07 16:57 - 2017-11-22 16:37 - 000000000 ____D C:\Users\Luis Manuel\Documents\INSTRUMENTALS 2017-11-02 07:41 - 2017-11-02 15:50 - 000000000 ____D C:\Users\Luis Manuel\Desktop\Adobe After Effects Auto-Save 2017-11-01 23:59 - 2017-11-02 19:59 - 000000000 ____D C:\Users\Luis Manuel\Desktop\Hiding_AME 2017-11-01 23:58 - 2017-11-02 16:32 - 001638433 _____ C:\Users\Luis Manuel\Desktop\Hiding.aep 2017-11-01 23:43 - 2017-11-01 23:43 - 001531190 _____ C:\Users\Luis Manuel\Downloads\The Official TCG Template.aep 2017-11-01 23:40 - 2017-11-01 23:40 - 003636128 _____ C:\Users\Luis Manuel\Downloads\Untitled Project.aep 2017-11-01 23:34 - 2017-11-01 23:34 - 007689833 _____ C:\Users\Luis Manuel\Downloads\Trap Nation Audio Visualizer Template.zip 2017-11-01 23:34 - 2017-11-01 23:34 - 000000000 ____D C:\Users\Luis Manuel\Desktop\Trap Nation Audio Visualizer Template 2017-11-01 23:33 - 2017-11-01 23:35 - 000000194 _____ C:\Users\Luis Manuel\Documents\Media Browser Provider Exception 2017-11-01 23:33 - 2017-11-01 23:35 - 000000172 _____ C:\Users\Luis Manuel\Documents\Recent Directories 2017-11-01 23:33 - 2017-11-01 23:35 - 000000156 _____ C:\Users\Luis Manuel\Documents\SharedView Column Settings 2017-10-30 16:55 - 2017-10-30 16:55 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Valhalla DSP, LLC 2017-10-29 17:29 - 2017-11-20 21:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware 2017-10-29 17:29 - 2017-10-29 17:29 - 006778146 _____ C:\Users\Luis Manuel\Downloads\PSP_SpringBox_1.0.0.exe 2017-10-29 17:29 - 2017-10-29 17:29 - 000000000 ____D C:\Program Files (x86)\PSPaudioware 2017-10-29 17:24 - 2017-10-29 17:25 - 000000000 ____D C:\Users\Luis Manuel\Downloads\SH-SpringReverb 2017-10-29 17:23 - 2017-10-29 17:23 - 000188175 _____ C:\Users\Luis Manuel\Downloads\SH-SpringReverb.zip 2017-10-29 17:09 - 2017-10-29 17:10 - 052765784 _____ (iZotope, Inc.) C:\Users\Luis Manuel\Downloads\iZotope_Vinyl_v1_80.exe 2017-10-29 17:04 - 2017-10-29 17:04 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsignef0dfd429fe586d1 2017-10-29 17:04 - 2017-10-29 17:04 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Tempzxpsigncc9428f0e2d2941b 2017-10-29 17:03 - 2017-10-29 17:03 - 003301509 _____ C:\Users\Luis Manuel\Downloads\teraflops123-10-29-18-01-12.zip 2017-10-25 18:10 - 2017-10-25 18:10 - 000000000 ____D C:\Users\Luis Manuel\Documents\Toontrack 2017-10-25 18:10 - 2017-10-25 18:10 - 000000000 ____D C:\ProgramData\Toontrack 2017-10-25 18:08 - 2017-10-25 18:08 - 000000000 ____D C:\Program Files\Common Files\DigiDesign 2017-10-25 18:08 - 2017-10-25 18:08 - 000000000 ____D C:\Program Files (x86)\Toontrack 2017-10-25 18:04 - 2017-10-25 18:04 - 000000000 ____D C:\Users\Luis Manuel\Downloads\Toontrack.Superior.Drummer.2.v2.4.1.Incl.Patch.and.Keygen-R2R 2017-10-25 17:49 - 2017-10-25 18:04 - 093174880 _____ C:\Users\Luis Manuel\Downloads\Toontrack.Superior.Drummer.2.v2.4.1.Incl.Patch.and.Keygen-R2R.rar 2017-10-25 17:31 - 2017-10-25 17:31 - 000001012 _____ C:\Users\Public\Desktop\µTorrent.lnk 2017-10-25 17:31 - 2017-10-25 17:31 - 000000000 ____D C:\Program Files (x86)\uTorrent 2017-10-25 17:30 - 2017-10-25 17:30 - 000129919 _____ C:\Users\Luis Manuel\Downloads\_=Demonoid_www.Demonoid.pw=_-LATEST_VST_PLUGGINS_MUSIC_PROGRAMS_VOL_50[PC_MAC].TORRENT 2017-10-25 17:21 - 2017-10-25 17:23 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\TunnelBear 2017-10-25 17:20 - 2017-11-21 20:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TunnelBear 2017-10-25 17:20 - 2017-10-25 17:23 - 000000000 ____D C:\Program Files (x86)\TunnelBear 2017-10-25 17:20 - 2017-10-25 17:20 - 000002028 _____ C:\Users\Public\Desktop\TunnelBear.lnk 2017-10-25 17:09 - 2017-10-25 17:17 - 065461936 _____ (TunnelBear) C:\Users\Luis Manuel\Downloads\TunnelBear-Installer.exe 2017-10-24 20:30 - 2017-10-24 20:30 - 002586416 _____ C:\Users\Luis Manuel\Downloads\Pryda snare.rar ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-11-23 14:50 - 2017-03-18 14:03 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2017-11-23 14:45 - 2017-08-04 00:07 - 000000000 ____D C:\Users\Luis Manuel\Documents\VST Plugins 2017-11-23 14:39 - 2017-09-29 01:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2017-11-23 14:39 - 2017-08-03 21:28 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2017-11-23 14:28 - 2017-08-03 23:13 - 000000000 ____D C:\Program Files\Malwarebytes 2017-11-23 14:11 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\AppReadiness 2017-11-23 14:05 - 2017-09-29 06:46 - 000000000 ___HD C:\Program Files\WindowsApps 2017-11-23 14:01 - 2017-10-02 18:15 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\Adobe 2017-11-23 13:59 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization 2017-11-23 13:58 - 2017-09-29 06:37 - 000000000 ____D C:\WINDOWS\CbsTemp 2017-11-23 13:52 - 2017-08-25 16:30 - 000000008 __RSH C:\ProgramData\ntuser.pol 2017-11-22 16:37 - 2017-08-05 13:36 - 000000000 ____D C:\Users\Luis Manuel\Documents\Acapellas 2017-11-22 16:32 - 2017-10-07 10:57 - 000000033 _____ C:\Users\Luis Manuel\AppData\Roaming\AdobeWLCMCache.dat 2017-11-22 16:31 - 2017-08-10 18:41 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Tokyo Dawn Labs 2017-11-22 16:31 - 2017-08-10 18:07 - 000000000 ____D C:\ProgramData\ValhallaShimmer 2017-11-22 16:31 - 2017-08-04 00:51 - 000000000 ____D C:\ProgramData\ValhallaRoomPreferences 2017-11-22 16:31 - 2017-08-04 00:51 - 000000000 ____D C:\ProgramData\ValhallaRoom 2017-11-22 16:30 - 2017-08-25 16:32 - 000000000 ____D C:\Users\Luis Manuel\Documents\Addictive Keys Logs 2017-11-22 16:27 - 2017-09-29 06:44 - 000000000 ____D C:\WINDOWS\INF 2017-11-22 16:17 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\appcompat 2017-11-21 20:10 - 2017-09-29 06:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2017-11-21 20:08 - 2017-10-20 15:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN 2017-11-21 20:08 - 2017-10-07 11:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ibVPN All-In-One 2017-11-21 20:08 - 2017-10-02 18:51 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe 2017-11-21 20:08 - 2017-09-30 14:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 3 2017-11-21 20:08 - 2017-09-29 06:49 - 000000000 ____D C:\WINDOWS\Setup 2017-11-21 20:08 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase 2017-11-21 20:08 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\spool 2017-11-21 20:08 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\NDF 2017-11-21 20:08 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2017-11-21 20:08 - 2017-09-29 06:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared 2017-11-21 20:08 - 2017-09-18 18:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avid 2017-11-21 20:08 - 2017-09-15 19:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default) 2017-11-21 20:08 - 2017-09-15 19:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gobbler 2017-11-21 20:08 - 2017-09-10 13:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2017-11-21 20:08 - 2017-09-10 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft 2017-11-21 20:08 - 2017-08-31 09:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool 2017-11-21 20:08 - 2017-08-25 15:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XLN Audio 2017-11-21 20:08 - 2017-08-25 15:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite Audio Engineering Ltd 2017-11-21 20:08 - 2017-08-05 17:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam Customizer 2017-11-21 20:08 - 2017-08-04 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin 2017-11-21 20:08 - 2017-08-04 00:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line 2017-11-21 20:08 - 2017-08-03 23:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam 2017-11-21 20:08 - 2017-08-03 23:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-11-21 20:08 - 2017-08-03 22:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard 2017-11-21 20:08 - 2017-03-18 14:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2017-11-21 19:56 - 2017-09-29 06:46 - 000000000 ___RD C:\WINDOWS\PrintDialog 2017-11-21 19:43 - 2017-08-03 21:18 - 000002381 _____ C:\Users\Luis Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-11-21 19:43 - 2017-08-03 21:18 - 000000000 ___RD C:\Users\Luis Manuel\OneDrive 2017-11-21 19:40 - 2017-09-30 08:31 - 000000000 ___RD C:\Users\Luis Manuel\3D Objects 2017-11-21 19:40 - 2017-08-03 21:15 - 000000000 __RHD C:\Users\Public\AccountPictures 2017-11-21 19:40 - 2017-08-03 21:15 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\TileDataLayer 2017-11-21 19:30 - 2017-09-29 01:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2017-11-21 19:29 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\Registration 2017-11-21 19:28 - 2017-09-29 06:46 - 000000000 __RHD C:\Users\Public\Libraries 2017-11-21 19:27 - 2017-08-03 23:09 - 000002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2017-11-21 19:27 - 2017-08-03 23:09 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2017-11-21 19:22 - 2017-09-29 06:46 - 000000000 ____D C:\ProgramData\USOPrivate 2017-11-21 19:22 - 2017-08-31 09:22 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WO Mic Client 2017-11-21 19:22 - 2017-08-04 10:50 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2017-11-21 19:22 - 2017-08-04 00:04 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2 2017-11-21 19:22 - 2017-08-04 00:03 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line 2017-11-21 19:22 - 2017-08-03 23:17 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR 2017-11-21 19:17 - 2017-09-29 06:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2017-11-21 19:16 - 2017-09-15 19:43 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Softube 2017-11-21 19:16 - 2017-09-10 12:47 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2017-11-21 19:16 - 2017-08-03 23:22 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Splice 2017-11-21 19:14 - 2017-08-03 21:29 - 000000000 ____D C:\Program Files (x86)\AMD 2017-11-21 19:14 - 2017-08-03 21:28 - 000000000 ____D C:\Program Files\AMD 2017-11-21 19:13 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep 2017-11-21 19:13 - 2017-08-03 22:50 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM 2017-11-21 19:13 - 2017-08-03 22:50 - 000000000 ____D C:\WINDOWS\system32\DAX2 2017-11-21 19:12 - 2017-08-03 21:28 - 000000000 ____D C:\AMD 2017-11-20 22:03 - 2017-08-03 23:18 - 000000000 ____D C:\Program Files (x86)\Steam 2017-11-20 21:12 - 2017-10-22 21:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synapse Audio 2017-11-20 21:12 - 2017-10-22 11:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope 2017-11-20 21:12 - 2017-10-19 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2017-11-20 21:12 - 2017-09-22 23:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone 2017-11-20 21:12 - 2017-08-25 16:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite 2017-11-20 21:12 - 2017-08-18 16:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camel Audio 2017-11-20 21:12 - 2017-08-10 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tokyo Dawn Labs 2017-11-20 21:12 - 2017-08-03 22:50 - 000000000 ____D C:\Program Files\Realtek 2017-11-20 21:12 - 2017-08-03 21:28 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\zu-ZA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\yo-NG 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\xh-ZA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\wo-SN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\vi-VN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ur-PK 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ug-CN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\tt-RU 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\tn-ZA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\tk-TM 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ti-ET 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\te-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ta-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\sw-KE 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\sq-AL 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\si-LK 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\rw-RW 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\quz-PE 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\prs-AF 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\pa-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\or-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\nso-ZA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\nn-NO 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ne-NP 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\mt-MT 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\mr-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\mn-MN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ml-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\mk-MK 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\mi-NZ 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\lo-LA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\lb-LU 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ky-KG 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\kok-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\kn-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\km-KH 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\kk-KZ 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ka-GE 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\is-IS 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ig-NG 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\id-ID 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\hy-AM 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\gu-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\gd-GB 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ga-IE 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\fil-PH 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\fa-IR 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\cy-GB 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\bn-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\bn-BD 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\be-BY 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\as-IN 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\am-ET 2017-11-20 21:06 - 2017-09-29 07:41 - 000000000 ____D C:\WINDOWS\system32\af-ZA 2017-11-20 21:06 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2017-11-20 21:06 - 2017-09-29 06:46 - 000000000 ___SD C:\WINDOWS\system32\F12 2017-11-20 21:06 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\TextInput 2017-11-20 21:06 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2017-11-20 21:06 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2017-11-20 21:06 - 2017-09-29 06:46 - 000000000 ____D C:\WINDOWS\system32\appraiser 2017-11-20 21:06 - 2017-09-29 01:45 - 000000000 ____D C:\WINDOWS\system32\Dism 2017-11-20 18:41 - 2017-08-04 00:08 - 000000000 ____D C:\Users\Luis Manuel\Documents\Samples 2017-11-20 17:47 - 2017-08-03 21:38 - 000545440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2017-11-19 14:33 - 2017-08-03 23:22 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\SquirrelTemp 2017-11-18 20:19 - 2017-08-25 16:28 - 000000000 ____D C:\ProgramData\Ableton 2017-11-18 20:14 - 2017-08-25 16:31 - 000000000 ____D C:\Users\Luis Manuel\Documents\Ableton 2017-11-18 20:14 - 2017-08-25 16:30 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Ableton 2017-11-18 14:15 - 2017-08-04 15:14 - 000000000 ____D C:\Users\Luis Manuel\Documents\Thngs To Sample 2017-11-16 17:30 - 2017-08-03 21:35 - 000000000 ____D C:\WINDOWS\system32\MRT 2017-11-16 17:25 - 2017-10-10 11:18 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe 2017-11-16 17:25 - 2017-08-03 21:35 - 127017032 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2017-11-14 23:03 - 2017-08-13 22:55 - 000000000 ____D C:\Users\Luis Manuel\Documents\Cover Art 2017-11-11 12:14 - 2017-10-02 18:51 - 000000000 ___RD C:\Users\Luis Manuel\Creative Cloud Files 2017-11-10 20:48 - 2017-08-03 21:29 - 000000000 ____D C:\ProgramData\Package Cache 2017-11-08 20:36 - 2017-08-31 18:41 - 000000000 ____D C:\Users\Luis Manuel\Desktop\SOME MEH MUSCI 2017-11-05 17:24 - 2017-10-22 13:35 - 000000000 ____D C:\Users\Luis Manuel\Documents\TOTAALLY LEGAAL VDSST 2017-11-03 18:25 - 2017-09-29 06:49 - 000835568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2017-11-03 18:25 - 2017-09-29 06:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2017-11-02 16:56 - 2017-08-21 17:56 - 000000000 ____D C:\Users\Luis Manuel\Downloads\Tristam & Braken Flight Remake 2017-11-02 00:00 - 2017-10-02 18:50 - 000000000 ____D C:\Users\Luis Manuel\Documents\Adobe 2017-10-31 17:37 - 2017-08-04 00:53 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\Splice 2017-10-31 17:37 - 2017-08-03 23:22 - 000000000 ____D C:\Users\Luis Manuel\AppData\Local\SpliceSettings 2017-10-31 17:09 - 2017-08-03 23:22 - 000000000 ____D C:\Users\Luis Manuel\Documents\Splice 2017-10-29 17:18 - 2017-10-22 11:47 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\iZotope 2017-10-29 17:14 - 2017-10-22 11:11 - 000000000 ____D C:\Program Files (x86)\iZotope 2017-10-25 18:08 - 2017-08-04 00:04 - 000000000 ____D C:\Program Files\Common Files\VST2 2017-10-25 17:40 - 2017-10-07 11:39 - 000000000 ____D C:\Users\Luis Manuel\AppData\Roaming\uTorrent ==================== Files in the root of some directories ======= 2017-10-07 10:57 - 2017-11-22 16:32 - 000000033 _____ () C:\Users\Luis Manuel\AppData\Roaming\AdobeWLCMCache.dat 2011-07-25 02:48 - 2011-07-25 02:48 - 000074293 _____ () C:\Users\Luis Manuel\AppData\Roaming\Setup.1.2.exe 2017-09-01 18:47 - 2017-09-01 18:47 - 000002147 _____ () C:\Users\Luis Manuel\AppData\Local\recently-used.xbel Some files in TEMP: ==================== 2009-10-26 17:20 - 2009-10-26 17:20 - 029044736 _____ (Antares Audio Technologies) C:\Users\Luis Manuel\AppData\Local\Temp\Auto-Tune_evo.exe 2011-07-31 23:09 - 2011-07-31 23:09 - 001945460 _____ () C:\Users\Luis Manuel\AppData\Local\Temp\mscorsvw.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-11-21 19:11 ==================== End of FRST.txt ============================ Addition.txt Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2017 ID:1186058 Share Posted November 23, 2017 On checking logs, is the following private IP address known to you and trusted... Tcpip\..\Interfaces\{3e9cf5ec-654f-4b25-99e4-d30776ae8c98}: [DhcpNameServer] 172.18.10.1 Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1186059 Share Posted November 23, 2017 What do you mean Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2017 ID:1186060 Share Posted November 23, 2017 Is this private IP address known to you, do you use it to make outbound connections: 172.18.10.1 Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2017 ID:1186069 Share Posted November 23, 2017 Hello again Louis-B, Thanks for those logs, looking over the Addition.txt log i`d would assume the private IP address I asked about is not normally used... Continue as follows: Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into. "Do not open that file" NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Open FRST and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Uninstall this program :- Contextual Tool Yourprofitclub reboot when complete.. Next, Download AdwCleaner by Malwarebytes onto your Desktop. Or from this Mirror Right-click on AdwCleaner.exe and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users) Accept the EULA (I accept), then click on Scan Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply Next, Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop Ensure to get the correct version for your system....https://www.microsoft.com/en-gb/download/malicious-software-removal-tool-details.aspx Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window In the "Scan Type" window, select Quick Scan Perform a scan and Click Finish when the scan is done. Retrieve the MSRT log as follows, and post it in your next reply: 1) Select the Windows key and R key together to open the "Run" function 2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:notepad c:\windows\debug\mrt.log The log will include log details for each time MSRT has run, we only need the most recent log by date and time.... Let me see those logs in your reply, also let me know if there are any remaining issues or concerns... Thank you, Kevin fixlist.txt Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1186071 Share Posted November 23, 2017 When I try to uninstall Contextual Tool Yourprofitclub it says Windows cannot find 'C:\WINDOWS\system32\5f53fa28.exe'. Make sure you typed the name correctly, and then try again. Is this a problem? Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2017 ID:1186073 Share Posted November 23, 2017 That software is a definite problem and is known to be difficult to remove, try the following: Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information) Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required. Run the tool, the main GUI will populate with installed programs list, Left click on Contextual Tool Yourprofitclub to highlight that entry. Select Action from the Menu bar, then Uninstall from there follow the prompts. If Uninstall fails open the "Action" menu one more time and use "Force Removal" option.. Does that remove it...? Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1186074 Share Posted November 23, 2017 Yep that removed it. Now should I continue with the other steps? Link to post Share on other sites More sharing options...
kevinf80 Posted November 23, 2017 ID:1186075 Share Posted November 23, 2017 Hiya Kouis-B Yes please continue with the remaining steps, its getting late for me (UK time 23:15) I have an early start in the morning... I`ll catch up sometime tomorrow.... regards, Kevin.. Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1186076 Share Posted November 23, 2017 # AdwCleaner 7.0.4.0 - Logfile created on Thu Nov 23 23:18:22 2017 # Updated on 2017/27/10 by Malwarebytes # Running on Windows 10 Pro (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [944 B] - [2017/11/23 23:18:1] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## Link to post Share on other sites More sharing options...
Louis-B Posted November 23, 2017 Author ID:1186078 Share Posted November 23, 2017 --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.54, November 2017 (build 5.54.14383.1) Started On Thu Nov 23 16:24:53 2017 Engine: 1.1.14306.0 Signatures: 1.257.0.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Successfully Submitted MAPS Report Successfully Submitted Heartbeat Report Microsoft Windows Malicious Software Removal Tool Finished On Thu Nov 23 16:28:12 2017 Return code: 0 (0x0) Link to post Share on other sites More sharing options...
Recommended Posts