Jump to content
Ands

Help with possible trojan or miner

Recommended Posts

Hello, 

My name is Andrea and I am writing here because i have notice a problem with my PC since a bit and only now I have  realized it could be infected by a miner or similar.

I have noticed, thanks to Adterburner tray icons, that my Laptop uses 99% of the GPU when idle with consequent heating. The weird thing is that the usage instantly drops as I open  task manager or process explorer. As soon as I close them back, the usage rise again to 99%.

I did some rearch online and it occured it could be a trojan or a miner. However, I did not find a solution to the problem.

I have the premium version of Malwarebytes and i tried to do a few scann (even the full rootkit one) without finding  anything.

I would be very gratefull if anyone could help me addressing the problem.

I apologize for my English (I'm Italian).

 

Andrea

Share this post


Link to post
Share on other sites

***This is an automated reply***

Hi,

Thanks for posting in the Malware Removal for Windows Help forum. Being infected is not fun and can be very frustrating to resolve, but don't worry because we have a team of experts here help you!!

Note: Please be patient. When the site is busy it can take up to 48 hours before a malware removal helper can assist you. If no one has replied to your new topic after 48 hours please contact a Moderator or Administrator to let them know.

 

First, if you haven't done so, please run a Threat Scan with the latest version of Malwarebytes. This may resolve your malware infection issue without the need for additional support. Click "Reveal Hidden Contents" below for details:

Spoiler

Malwarebytes can detect and remove most malware with no further actions required for free.

If you do not have Malwarebytes, please download it here and install. Be sure to post back the log as shown below.

  1. Open Malwarebytes for Windows
  2. To the left, click Scan > Scan Types.
    image.png
  3. Select Threat Scan. Threat Scan is the most thorough and recommended scan method available.
    image.png
  4. Click Start Scan

Next, if you're still experiencing issues after running Malwarebytes, then technical logs will be required to assist you. Click "Reveal Hidden Contents" below and follow the instructions to run the Farbar Recovery Scan Tool:

Spoiler

Don't use any temporary file cleaners unless requested - this can cause data loss and make a recovery difficult.

Please download the Farbar Recovery Scan Tool here and save it to your desktop. Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  1. Double-click to run it. When the tool opens click Yes to the disclaimer.
  2. Press the Scan button.
    _frst_scan.jpg.d10e66dc03e35ede4fdcba12b
  3. It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  4. The first time the tool is run, it also makes another log (Addition.txt). If you've run it before it may not and you may need to select it manually.

Finally, attach the Malwarebytes Threat Scan, FRST.txt and Additional.txt logs to your reply. Before submitting your reply, be sure to enable "Notify me of replies" like so: notify me.jpeg

Click "Reveal Hidden Contents" below for details on how to add attachments to your post.
Note: If you are unable to attach files, please copy and past the contents of the requested files in your Reply instead. 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

_mb_attach.jpg.a0465aaafd6cae688aa38ab16

Please Note the Following:

  • One of our expert helpers will give you one-on-one assistance when one becomes available.
  • Refrain from making any further changes to your computer (such as Install/Uninstall programs, using special fix tools, delete files, edit the registry, etc...) unless advised by a malware removal helper. Doing so can result in system changes which may hinder the attempts by a helper to clean your machine.
  • Do not 'bump' or add a reply to your topic once it is started. Topics which appear to have replies are considered to have a helper assisting them and may be overlooked, resulting in a longer waiting period for help
  • If you're using Peer 2 Peer software such as uTorrent or similar, please completely disable it from running while being assisted here.

Troubleshooting Tips

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by camma (administrator) on ANDS-PC (22-05-2018 18:52:49)
Running from D:\Ands\Desktop
Loaded Profiles: camma (Available Profiles: camma)
Platform: Windows 10 Home Version 1803 17134.48 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
( ) C:\Windows\System32\dldocoms.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
() C:\Program Files (x86)\NordVPN\nordvpn-service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingKey.exe
(uWebb Software) C:\ThrottleStop\ThrottleStop.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
() C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AgileBits Inc.) C:\Users\camma\AppData\Local\1password\app\6\AgileBits.OnePassword.Desktop.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Mailbird) C:\Program Files (x86)\Mailbird\Mailbird.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NordVPN) C:\Program Files (x86)\NordVPN\NordVPN.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(AgileBits Inc.) C:\Users\camma\AppData\Local\1password\app\6\1Password.NativeMessagingHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(SoundMixer) C:\Users\camma\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe
(SoundMixer) C:\Users\camma\AppData\Roaming\Microsoft\SoundMixer\North\SoundN.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17494136 2017-04-06] (Logitech Inc.)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [1871344 2018-05-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135928 2018-05-03] (Intel)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-239023402-308236190-3282040628-1001\...\Run: [1Password 6] => C:\Users\camma\AppData\Local\1password\app\6\AgileBits.OnePassword.Desktop.exe [3155856 2018-04-03] (AgileBits Inc.)
HKU\S-1-5-21-239023402-308236190-3282040628-1001\...\Run: [Mailbird] => C:\Program Files (x86)\Mailbird\Mailbird.exe [8527016 2018-05-11] (Mailbird)
HKU\S-1-5-21-239023402-308236190-3282040628-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [886768 2018-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-239023402-308236190-3282040628-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421224 2017-10-09] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-239023402-308236190-3282040628-1001\...\Run: [NordVPN] => C:\Program Files (x86)\NordVPN\NordVPN.exe [5852920 2018-05-02] (NordVPN)
HKU\S-1-5-21-239023402-308236190-3282040628-1001\...\Command Processor: @mode 20,5 & tasklist /FI "IMAGENAME eq SoundMixer.exe" 2>NUL | find /I /N "SoundMixer.exe">NUL && exit & if exist "C:\Users\camma\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" ( start /MIN "" "C:\Users\camma\AppData\Roaming\Microsoft\SoundMixer\SoundMixer.exe" & tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) else ( tasklist /FI "IMAGENAME eq explorer.exe" 2>NUL | find /I /N "explorer.exe">NUL && exit & explorer.exe & exit ) <==== ATTENTION
HKU\S-1-5-18\...\Run: [] => [X]
HKU\S-1-5-18\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [18126312 2018-05-04] (Plex, Inc.)
Lsa: [Authentication Packages] msv1_0 SshdPinAuthLsa

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7fb987fc-cb8e-4a52-bcc4-34fb2ede9978}: [NameServer] 1.1.1.1,1.0.0.1
Tcpip\..\Interfaces\{7fb987fc-cb8e-4a52-bcc4-34fb2ede9978}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{b22419b6-056b-458e-8809-5a901f9f1016}: [DhcpNameServer] 103.86.96.100 103.86.99.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = 
HKU\S-1-5-21-239023402-308236190-3282040628-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus17win10.msn.com/?pc=ASTE
HKU\S-1-5-21-239023402-308236190-3282040628-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus17win10.msn.com/?pc=ASTE
SearchScopes: HKU\S-1-5-21-239023402-308236190-3282040628-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-239023402-308236190-3282040628-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-04-30] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2017-04-05] (Adobe Systems Incorporated)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-04-30] (Microsoft Corporation)

Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-239023402-308236190-3282040628-1001 -> hxxp://google.it/
Edge Extension: (1Password: Password Manager and Secure Wallet) -> EdgeExtension_DC5C65101Password_2v019pwa6amcg => C:\Program Files\WindowsApps\DC5C6510.1Password_7.0.545.0_x64__2v019pwa6amcg [2018-05-10]

FireFox:
========
FF DefaultProfile: zi612o2a.default
FF ProfilePath: C:\Users\camma\AppData\Roaming\Mozilla\Firefox\Profiles\zi612o2a.default [2018-03-17]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2018-02-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-04-03] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-05-07] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-05-07] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.google.com/
CHR Profile: C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default [2018-05-22]
CHR Extension: (SEOquake) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2018-01-27]
CHR Extension: (1Password extension (desktop app required)) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2018-05-09]
CHR Extension: (Google Drive) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-06-06]
CHR Extension: (YouTube) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-06-06]
CHR Extension: (uBlock Origin) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-18]
CHR Extension: (Open options.) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\eiadekoaikejlgdbkbdfeijglgfdalml [2018-05-17]
CHR Extension: (NordVPN Proxy Extension - Privacy & Security) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjoaledfpmneenckfbpdfhkmimnjocfa [2018-02-15]
CHR Extension: (Wappalyzer) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gppongmhjkpfnbhagpmjfkannfbllamg [2018-04-20]
CHR Extension: (Google Maps) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-06-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-06-06]
CHR Extension: (Chrome Media Router) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-04-24]
CHR Extension: (Privacy Badger) - C:\Users\camma\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2018-05-11]
CHR Profile: C:\Users\camma\AppData\Local\Google\Chrome\User Data\System Profile [2018-03-17]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-09-07] (Apple Inc.)
R2 AsHidService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [126648 2016-06-16] (ASUSTek Computer Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6076936 2018-03-27] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8566448 2018-05-12] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-06-06] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-05-14] (Dropbox, Inc.)
R2 dldo_device; C:\WINDOWS\system32\dldocoms.exe [1044720 2007-10-05] ( )
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22776 2018-05-03] (Intel)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [780928 2018-05-10] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2215168 2016-11-01] (Intel Corporation)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2018-04-23] (Futuremark)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-04-19] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [177440 2016-10-05] (Intel Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-04-06] (Logitech Inc.)
S3 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [606592 2018-02-13] (Mailbird)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [265864 2018-03-19] ()
R2 nordvpn-service; C:\Program Files (x86)\NordVPN\nordvpn-service.exe [430840 2018-05-02] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
R3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [764896 2018-05-20] (NVIDIA Corporation)
S3 Origin Client Service; D:\Games\Origin\OriginClientService.exe [2158400 2018-05-18] (Electronic Arts)
S2 Origin Web Helper Service; D:\Games\Origin\OriginWebHelperService.exe [3028808 2018-05-18] (Electronic Arts)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2215912 2018-05-04] (Plex, Inc.)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76152 2017-06-07] ()
S3 ROGGamingCenterService; C:\Program Files (x86)\ASUS\ROG Gaming Center\ROGGamingCenterService.exe [42680 2016-11-24] (ASUSTeK COMPUTER INC.)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970752 2018-03-10] ()
S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286208 2018-04-10] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2015968 2016-08-15] (Intel Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-04-26] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-04-26] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel(R) Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3848328 2018-03-19] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AsusHFilter; C:\WINDOWS\System32\drivers\AsusHFilter.sys [30200 2016-12-22] ()
R3 AsusPTPDrv; C:\WINDOWS\System32\drivers\AsusPTPFilter.sys [99320 2016-10-11] (ASUS Corporation)
S3 bsitf; C:\WINDOWS\system32\DRIVERS\bsitf.sys [37208 2018-05-18] (ASUSTek Computer Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [71232 2016-11-01] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66616 2016-11-01] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-11-01] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [76192 2018-03-19] ()
S3 GeneStor; C:\WINDOWS\system32\DRIVERS\GeneStor.sys [131248 2017-09-01] (GenesysLogic)
S3 GLCKIO; C:\Program Files (x86)\Common Files\InstallShield\Driver\9\Intel 32\690b33e1-0462-4e84-9bea-c7552b45432a.sys [18712 2017-06-07] ()
R1 HWiNFO; C:\Users\camma\AppData\Local\Temp\HWiNFO64A.SYS [55960 2018-05-01] (REALiX(tm)) <==== ATTENTION
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [27552 2018-02-07] (REALiX(tm))
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136216 2018-04-19] (Intel Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-06] (Logitech Inc.)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193768 2018-04-27] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-22] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-21] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102112 2018-05-22] (Malwarebytes)
R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation)
R1 netfilter2; C:\WINDOWS\System32\drivers\netfilter2.sys [79504 2016-09-18] (Windows (R) Win 7 DDK provider)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8742976 2018-03-23] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_bab342ed51c72a38\nvlddmkm.sys [17168744 2018-05-08] (NVIDIA Corporation)
R0 nvpciflt; C:\WINDOWS\System32\DriverStore\FileRepository\nvami.inf_amd64_bab342ed51c72a38\nvpciflt.sys [48384 2018-05-08] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31200 2018-05-20] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [67432 2018-03-15] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [68112 2018-04-28] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-22] (Realtek )
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14024 2017-08-27] ()
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [43008 2018-04-06] ()
R3 SteamStreamingMicrophone; C:\WINDOWS\system32\drivers\SteamStreamingMicrophone.sys [40736 2017-07-28] ()
R3 SteamStreamingSpeakers; C:\WINDOWS\system32\drivers\SteamStreamingSpeakers.sys [40736 2017-07-21] ()
R3 tapnordvpn; C:\WINDOWS\System32\drivers\tapnordvpn.sys [84432 2017-03-27] (The OpenVPN Project)
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [631200 2017-07-13] (IDRIX)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-04-26] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313888 2018-04-26] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-04-26] (Microsoft Corporation)
R3 WinRing0_1_2_0; C:\ThrottleStop\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-22 18:52 - 2018-05-22 18:52 - 000000000 ____D C:\FRST
2018-05-22 01:39 - 2018-05-22 01:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TT Isle of Man
2018-05-22 01:17 - 2018-05-22 01:17 - 000003976 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-22 01:17 - 2018-05-22 01:17 - 000003940 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-22 01:17 - 2018-05-20 19:36 - 002496480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2018-05-22 01:17 - 2018-05-20 19:36 - 002164192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2018-05-22 01:17 - 2018-05-20 19:36 - 001312224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvRtmpStreamer64.dll
2018-05-22 01:16 - 2018-05-22 01:16 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-22 01:16 - 2018-05-22 01:16 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-22 01:16 - 2018-05-22 01:16 - 000003926 _____ C:\WINDOWS\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-21 19:23 - 2018-05-21 19:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2018-05-21 19:13 - 2018-05-21 19:13 - 000000000 ____D C:\WINDOWS\Panther
2018-05-19 10:53 - 2018-05-22 18:44 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-19 10:45 - 2018-05-19 10:45 - 000001087 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2018.lnk
2018-05-18 01:01 - 2018-05-18 01:01 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-05-18 00:57 - 2018-05-18 01:02 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-05-18 00:57 - 2018-05-18 00:57 - 000003762 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-05-18 00:57 - 2018-05-18 00:57 - 000003528 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-05-18 00:57 - 2018-05-18 00:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-05-17 22:03 - 2018-05-17 22:03 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-05-15 00:32 - 2018-05-15 00:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-14 13:45 - 2018-05-14 13:45 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-05-14 13:45 - 2018-05-14 13:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-05-14 13:45 - 2018-05-14 13:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-05-14 13:45 - 2018-05-14 13:45 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-05-13 12:34 - 2018-05-13 12:34 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-13 12:34 - 2018-05-07 21:26 - 000132488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-05-13 12:34 - 2018-03-02 04:04 - 000828216 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-05-13 12:34 - 2018-03-02 04:03 - 000960312 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-05-13 12:34 - 2018-03-02 04:03 - 000683832 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-05-13 12:34 - 2018-03-02 04:03 - 000575800 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-05-13 12:32 - 2018-05-18 00:59 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-05-13 12:31 - 2018-05-08 23:22 - 001990688 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439764.dll
2018-05-13 12:31 - 2018-05-08 23:22 - 001561504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2018-05-13 12:31 - 2018-05-08 23:22 - 001467992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439764.dll
2018-05-13 12:31 - 2018-05-08 23:22 - 001417816 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2018-05-13 12:31 - 2018-05-08 23:22 - 001215576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2018-05-13 12:31 - 2018-05-08 23:22 - 001091432 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2018-05-13 12:31 - 2018-05-08 23:22 - 000749928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2018-05-13 12:31 - 2018-05-08 23:22 - 000626776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2018-05-13 12:31 - 2018-05-08 23:22 - 000608704 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2018-05-13 12:31 - 2018-05-08 23:22 - 000517888 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 040346984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 035250776 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 031273728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 025987296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 013725744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 011271400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 004347832 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 003758496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 001358536 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 001349712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 001157392 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 001070504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 001064424 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 000904720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 000813912 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 000652344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2018-05-13 12:31 - 2018-05-08 23:21 - 000634576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2018-05-13 12:31 - 2018-05-08 23:20 - 017779440 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2018-05-13 12:31 - 2018-05-08 23:20 - 015191088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2018-05-11 14:55 - 2018-05-11 14:55 - 000000000 ____D C:\Users\camma\AppData\Local\RiverGame
2018-05-10 23:55 - 2018-05-10 23:55 - 000000000 __SHD C:\82ace7d6-0197-474d-bf4b-a2043e72329b
2018-05-08 21:43 - 2018-04-28 16:19 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-08 21:43 - 2018-04-28 13:20 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-08 21:43 - 2018-04-28 13:17 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-08 21:43 - 2018-04-28 06:28 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-08 21:43 - 2018-04-28 06:27 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-08 21:43 - 2018-04-28 06:13 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-08 21:43 - 2018-04-28 06:11 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-08 21:43 - 2018-04-28 06:05 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-08 21:43 - 2018-04-28 06:04 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-08 21:43 - 2018-04-28 06:04 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-08 21:43 - 2018-04-28 06:00 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-08 21:43 - 2018-04-28 05:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-08 21:42 - 2018-04-28 16:17 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-08 21:42 - 2018-04-28 16:04 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-08 21:42 - 2018-04-28 16:03 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-08 21:42 - 2018-04-28 16:03 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-08 21:42 - 2018-04-28 16:03 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-08 21:42 - 2018-04-28 16:02 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-08 21:42 - 2018-04-28 16:02 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-08 21:42 - 2018-04-28 16:01 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-08 21:42 - 2018-04-28 16:00 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-08 21:42 - 2018-04-28 15:59 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-08 21:42 - 2018-04-28 15:59 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-08 21:42 - 2018-04-28 15:58 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-08 21:42 - 2018-04-28 15:58 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-08 21:42 - 2018-04-28 15:58 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-08 21:42 - 2018-04-28 15:58 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-08 21:42 - 2018-04-28 15:31 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-08 21:42 - 2018-04-28 15:28 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-08 21:42 - 2018-04-28 15:18 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-08 21:42 - 2018-04-28 15:17 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-08 21:42 - 2018-04-28 15:16 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-08 21:42 - 2018-04-28 15:16 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-08 21:42 - 2018-04-28 15:14 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-08 21:42 - 2018-04-28 15:14 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-08 21:42 - 2018-04-28 15:14 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-08 21:42 - 2018-04-28 15:13 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-08 21:42 - 2018-04-28 15:13 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-08 21:42 - 2018-04-28 15:12 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-08 21:42 - 2018-04-28 13:04 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-08 21:42 - 2018-04-28 13:02 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-08 21:42 - 2018-04-28 12:58 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-08 21:42 - 2018-04-28 12:58 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-08 21:42 - 2018-04-28 11:33 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-08 21:42 - 2018-04-28 11:30 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-08 21:42 - 2018-04-28 08:18 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-08 21:42 - 2018-04-28 06:37 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-08 21:42 - 2018-04-28 06:35 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-08 21:42 - 2018-04-28 06:35 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-08 21:42 - 2018-04-28 06:31 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-08 21:42 - 2018-04-28 06:31 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-08 21:42 - 2018-04-28 06:30 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-08 21:42 - 2018-04-28 06:29 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-08 21:42 - 2018-04-28 06:29 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-08 21:42 - 2018-04-28 06:29 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-08 21:42 - 2018-04-28 06:29 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-08 21:42 - 2018-04-28 06:29 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-08 21:42 - 2018-04-28 06:29 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-08 21:42 - 2018-04-28 06:29 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-08 21:42 - 2018-04-28 06:29 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-08 21:42 - 2018-04-28 06:29 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-08 21:42 - 2018-04-28 06:29 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-08 21:42 - 2018-04-28 06:28 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-08 21:42 - 2018-04-28 06:28 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-08 21:42 - 2018-04-28 06:28 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-08 21:42 - 2018-04-28 06:27 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-08 21:42 - 2018-04-28 06:27 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-08 21:42 - 2018-04-28 06:27 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-08 21:42 - 2018-04-28 06:27 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-08 21:42 - 2018-04-28 06:27 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-08 21:42 - 2018-04-28 06:27 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-08 21:42 - 2018-04-28 06:27 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-08 21:42 - 2018-04-28 06:14 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-08 21:42 - 2018-04-28 06:14 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-08 21:42 - 2018-04-28 06:13 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-08 21:42 - 2018-04-28 06:13 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-08 21:42 - 2018-04-28 06:13 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-08 21:42 - 2018-04-28 06:13 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-08 21:42 - 2018-04-28 06:13 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-08 21:42 - 2018-04-28 06:12 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-08 21:42 - 2018-04-28 06:12 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-08 21:42 - 2018-04-28 06:12 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-08 21:42 - 2018-04-28 06:04 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-08 21:42 - 2018-04-28 06:03 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-08 21:42 - 2018-04-28 06:03 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-08 21:42 - 2018-04-28 06:03 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-08 21:42 - 2018-04-28 06:03 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-08 21:42 - 2018-04-28 06:02 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-08 21:42 - 2018-04-28 06:02 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-08 21:42 - 2018-04-28 06:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-08 21:42 - 2018-04-28 06:02 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-08 21:42 - 2018-04-28 06:02 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-08 21:42 - 2018-04-28 06:01 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-08 21:42 - 2018-04-28 06:01 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-08 21:42 - 2018-04-28 06:01 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-08 21:42 - 2018-04-28 06:00 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-08 21:42 - 2018-04-28 06:00 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-08 21:42 - 2018-04-28 06:00 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-08 21:42 - 2018-04-28 05:59 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-08 21:42 - 2018-04-28 05:59 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-08 21:42 - 2018-04-28 05:59 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-08 21:42 - 2018-04-28 05:59 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-08 21:42 - 2018-04-28 05:59 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-08 21:42 - 2018-04-28 05:59 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-08 21:42 - 2018-04-28 05:59 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-08 21:42 - 2018-04-28 05:58 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-08 21:42 - 2018-04-28 05:58 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-08 21:42 - 2018-04-28 05:58 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-08 21:42 - 2018-04-28 05:58 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-08 21:42 - 2018-04-28 05:58 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-08 21:42 - 2018-04-28 05:57 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-08 21:42 - 2018-04-28 05:57 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-08 21:42 - 2018-04-28 05:57 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-08 21:42 - 2018-04-28 05:57 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-08 21:42 - 2018-04-28 05:56 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-08 21:42 - 2018-04-28 05:56 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-08 21:42 - 2018-04-28 05:56 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-08 21:42 - 2018-04-28 05:56 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-08 21:42 - 2018-04-28 05:56 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-08 21:42 - 2018-04-28 05:56 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-08 21:42 - 2018-04-28 05:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-08 21:42 - 2018-04-28 05:56 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-08 21:42 - 2018-04-28 05:56 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-08 21:42 - 2018-04-28 05:56 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-08 21:42 - 2018-04-28 05:56 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-08 21:42 - 2018-04-28 05:55 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-08 21:42 - 2018-04-28 05:55 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-08 21:42 - 2018-04-28 05:55 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-08 21:42 - 2018-04-28 05:55 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-08 21:42 - 2018-04-28 05:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-08 21:42 - 2018-04-28 05:55 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-08 21:42 - 2018-04-28 05:55 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-08 21:42 - 2018-04-28 05:55 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-08 21:42 - 2018-04-28 05:54 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-08 21:42 - 2018-04-28 05:54 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-08 21:42 - 2018-04-28 05:53 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-08 21:42 - 2018-04-28 05:53 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-08 21:42 - 2018-04-28 05:53 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-08 21:42 - 2018-04-28 05:53 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-08 21:42 - 2018-04-28 05:53 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-08 21:42 - 2018-04-28 05:52 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-08 21:42 - 2018-04-28 05:52 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-08 21:42 - 2018-04-28 05:52 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-08 21:42 - 2018-04-28 05:52 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-08 21:42 - 2018-04-28 05:52 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-08 21:42 - 2018-04-28 05:51 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-08 21:42 - 2018-04-28 05:51 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-08 21:42 - 2018-04-28 05:51 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-08 21:42 - 2018-04-28 04:43 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-08 21:42 - 2018-04-28 04:42 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-08 01:13 - 2018-05-08 01:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NordVPN
2018-05-06 20:51 - 2018-05-06 20:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2018-05-06 20:51 - 2018-05-06 20:51 - 000000000 ____D C:\Program Files\qBittorrent
2018-05-05 00:04 - 2018-05-08 20:28 - 000000471 _____ C:\Users\Public\Desktop\Destiny 2.lnk
2018-05-05 00:04 - 2018-05-05 00:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Destiny 2
2018-05-02 19:56 - 2018-05-02 19:56 - 000000000 ____D C:\Users\camma\AppData\Local\EpicGamesLauncher
2018-05-02 19:55 - 2018-05-10 23:36 - 000000000 ____D C:\ProgramData\Epic
2018-05-02 19:55 - 2018-05-02 19:55 - 000000881 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk
2018-05-01 19:27 - 2018-04-11 03:45 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll
2018-05-01 19:27 - 2018-04-10 21:09 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdPinAuthLsa.dll
2018-05-01 19:27 - 2018-04-10 21:09 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\debugregsvcapi.dll
2018-05-01 19:27 - 2018-04-10 21:09 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperTools.ProxyStub.dll
2018-05-01 19:27 - 2018-04-10 21:08 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdp.dll
2018-05-01 19:27 - 2018-04-10 21:08 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdBroker.dll
2018-05-01 19:27 - 2018-04-10 21:08 - 000090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevToolsLauncher.exe
2018-05-01 19:27 - 2018-04-10 21:08 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeployUtil.exe
2018-05-01 19:27 - 2018-04-10 21:07 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe
2018-05-01 19:27 - 2018-04-10 21:07 - 000449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe
2018-05-01 19:27 - 2018-04-10 21:07 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll
2018-05-01 19:27 - 2018-04-10 21:07 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperToolsSvc.exe
2018-05-01 19:27 - 2018-04-10 21:07 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\debugregsvc.dll
2018-05-01 19:27 - 2018-04-10 21:06 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll
2018-05-01 19:27 - 2018-04-10 21:05 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe
2018-05-01 19:27 - 2018-04-10 21:05 - 000913408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll
2018-05-01 15:10 - 2018-05-01 15:12 - 000866304 _____ C:\WINDOWS\system32\UserMgrLog.etl
2018-05-01 15:10 - 2018-05-01 15:12 - 000021504 _____ C:\WINDOWS\system32\umstartup.etl
2018-05-01 14:36 - 2018-05-01 14:24 - 000000000 ____D C:\Windows.old
2018-05-01 14:34 - 2018-05-01 14:36 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-01 14:34 - 2018-05-01 14:34 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-01 14:34 - 2018-05-01 14:34 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-01 14:32 - 2018-05-22 18:50 - 000779544 _____ C:\WINDOWS\system32\perfh010.dat
2018-05-01 14:32 - 2018-05-22 18:50 - 000145812 _____ C:\WINDOWS\system32\perfc010.dat
2018-05-01 14:32 - 2018-05-01 14:32 - 000341166 _____ C:\WINDOWS\system32\perfi010.dat
2018-05-01 14:32 - 2018-05-01 14:32 - 000039860 _____ C:\WINDOWS\system32\perfd010.dat
2018-05-01 14:32 - 2018-05-01 14:32 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-05-01 14:32 - 2018-05-01 14:32 - 000000000 ____D C:\WINDOWS\SysWOW64\it
2018-05-01 14:32 - 2018-05-01 14:32 - 000000000 ____D C:\WINDOWS\system32\it
2018-05-01 14:30 - 2018-05-01 14:30 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-01 14:30 - 2018-05-01 14:30 - 000000000 ____D C:\Program Files\MSBuild
2018-05-01 14:30 - 2018-05-01 14:30 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-01 14:30 - 2018-05-01 14:30 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-01 14:30 - 2018-04-11 08:48 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-01 14:30 - 2018-04-11 08:45 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-01 14:30 - 2018-04-11 08:41 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-01 14:30 - 2018-04-11 07:14 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-01 14:30 - 2018-04-11 07:12 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-01 14:30 - 2018-04-11 07:09 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-01 14:30 - 2018-04-10 23:12 - 004176384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0010.dll
2018-05-01 14:30 - 2018-04-10 23:10 - 004176384 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0010.dll
2018-05-01 14:30 - 2018-04-10 23:09 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0010.dll
2018-05-01 14:30 - 2018-04-10 23:08 - 000166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0010.dll
2018-05-01 14:30 - 2018-04-10 23:07 - 004384256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MLS6.dll
2018-05-01 14:30 - 2018-04-10 23:03 - 004434944 _____ (Microsoft Corporation) C:\WINDOWS\system32\MLS6.dll
2018-05-01 14:30 - 2018-03-05 18:07 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-01 14:30 - 2018-03-05 18:07 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-01 14:30 - 2018-03-05 18:07 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-01 14:30 - 2018-02-14 18:21 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-01 14:30 - 2018-02-14 18:21 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-01 14:30 - 2018-02-14 18:21 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-01 14:30 - 2017-10-29 20:03 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-01 14:30 - 2017-10-29 18:42 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-01 12:47 - 2018-05-22 18:50 - 001751752 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-01 12:46 - 2018-05-01 12:46 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-01 12:44 - 2018-05-22 18:47 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{FB119B9C-7172-48D5-87C9-BB865523AB97}
2018-05-01 12:44 - 2018-05-22 18:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-01 12:44 - 2018-05-22 10:47 - 000003126 _____ C:\WINDOWS\System32\Tasks\MSIAfterburner
2018-05-01 12:44 - 2018-05-22 01:16 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-01 12:44 - 2018-05-22 01:16 - 000004106 _____ C:\WINDOWS\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-01 12:44 - 2018-05-22 01:16 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-01 12:44 - 2018-05-22 01:16 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-01 12:44 - 2018-05-22 01:16 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-01 12:44 - 2018-05-22 01:16 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-01 12:44 - 2018-05-19 10:28 - 000003998 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-01 12:44 - 2018-05-19 10:28 - 000003766 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-01 12:44 - 2018-05-18 01:08 - 000003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-05-01 12:44 - 2018-05-18 00:59 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-01 12:44 - 2018-05-18 00:59 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-01 12:44 - 2018-05-16 23:55 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-01 12:44 - 2018-05-01 12:44 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-05-01 12:44 - 2018-05-01 12:44 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-05-01 12:44 - 2018-05-01 12:44 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-05-01 12:44 - 2018-05-01 12:44 - 000003024 _____ C:\WINDOWS\System32\Tasks\WpsExternal_20161111081738
2018-05-01 12:44 - 2018-05-01 12:44 - 000002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2018-05-01 12:44 - 2018-05-01 12:44 - 000002804 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-cammarata84@gmail.com
2018-05-01 12:44 - 2018-05-01 12:44 - 000002758 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-cammarata84@gmail.com
2018-05-01 12:44 - 2018-05-01 12:44 - 000002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2018-05-01 12:44 - 2018-05-01 12:44 - 000002562 _____ C:\WINDOWS\System32\Tasks\Nvbackend_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-01 12:44 - 2018-05-01 12:44 - 000002556 _____ C:\WINDOWS\System32\Tasks\ThrottleStop
2018-05-01 12:44 - 2018-05-01 12:44 - 000002520 _____ C:\WINDOWS\System32\Tasks\ROG Gaming Center
2018-05-01 12:44 - 2018-05-01 12:44 - 000002452 _____ C:\WINDOWS\System32\Tasks\CAM
2018-05-01 12:44 - 2018-05-01 12:44 - 000002404 _____ C:\WINDOWS\System32\Tasks\SS2UILauncherRun
2018-05-01 12:44 - 2018-05-01 12:44 - 000002392 _____ C:\WINDOWS\System32\Tasks\SS2Svc64Run
2018-05-01 12:44 - 2018-05-01 12:44 - 000002384 _____ C:\WINDOWS\System32\Tasks\SS2Svc32Run
2018-05-01 12:44 - 2018-05-01 12:44 - 000002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2018-05-01 12:44 - 2018-05-01 12:44 - 000002340 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2018-05-01 12:44 - 2018-05-01 12:44 - 000002310 _____ C:\WINDOWS\System32\Tasks\Adobe Uninstaller
2018-05-01 12:44 - 2018-05-01 12:44 - 000002282 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-05-01 12:44 - 2018-05-01 12:44 - 000002262 _____ C:\WINDOWS\System32\Tasks\UMonitor Task
2018-05-01 12:44 - 2018-05-01 12:44 - 000002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2018-05-01 12:44 - 2018-05-01 12:44 - 000000020 ___SH C:\Users\camma\ntuser.ini
2018-05-01 12:44 - 2018-05-01 12:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-239023402-308236190-3282040628-1001
2018-05-01 12:44 - 2018-05-01 12:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2018-05-01 12:44 - 2018-05-01 12:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\Games
2018-05-01 12:44 - 2018-05-01 12:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUSTek Computer Inc
2018-05-01 12:44 - 2018-05-01 12:44 - 000000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2018-05-01 12:40 - 2018-05-01 12:40 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-01 12:39 - 2018-05-22 10:47 - 000000000 ____D C:\Users\camma
2018-05-01 12:39 - 2018-05-01 12:39 - 000000000 ____D C:\ProgramData\USOShared
2018-05-01 12:38 - 2018-04-23 07:03 - 000553104 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-05-01 12:38 - 2018-04-23 07:03 - 000457776 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2018-05-01 12:38 - 2018-04-12 01:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-01 12:37 - 2018-05-22 18:44 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-01 12:37 - 2018-05-08 21:50 - 000512264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-01 01:02 - 2018-05-01 01:31 - 000000000 ____D C:\ESD
2018-04-30 23:13 - 2018-05-19 10:48 - 000000000 ____D C:\Users\camma\AppData\Local\D3DSCache
2018-04-30 22:45 - 2018-05-22 18:44 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-04-30 22:45 - 2018-05-22 18:44 - 000102112 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-04-30 22:45 - 2018-05-21 20:05 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-04-30 22:45 - 2018-04-27 11:55 - 000193768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-04-30 22:45 - 2018-03-19 12:57 - 000076192 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2018-04-30 22:33 - 2018-05-01 14:36 - 000000000 __RSD C:\WINDOWS\SysWOW64\WindowsDevicePortal
2018-04-30 22:33 - 2018-05-01 14:36 - 000000000 __RSD C:\WINDOWS\system32\WindowsDevicePortal
2018-04-30 22:33 - 2018-05-01 14:36 - 000000000 ___RD C:\WINDOWS\WebManagement
2018-04-28 14:30 - 2018-04-28 14:30 - 000000000 ____D C:\Users\camma\AppData\Local\My Games
2018-04-28 14:29 - 2018-04-28 14:33 - 000000000 ____D C:\Users\camma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Twitch Games
2018-04-28 14:20 - 2018-04-28 14:20 - 000000000 ____D C:\Users\camma\AppData\Roaming\.mono
2018-04-28 13:32 - 2018-05-20 19:38 - 000000000 ____D C:\Users\camma\AppData\Roaming\Origin
2018-04-28 13:31 - 2018-05-01 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2018-04-28 13:29 - 2018-05-20 19:43 - 000000000 ____D C:\ProgramData\Origin
2018-04-28 13:29 - 2018-04-28 13:35 - 000000000 ____D C:\Users\camma\AppData\Local\Origin
2018-04-28 13:29 - 2018-04-28 13:29 - 000000000 ____D C:\Users\camma\.QtWebEngineProcess
2018-04-28 13:29 - 2018-04-28 13:29 - 000000000 ____D C:\Users\camma\.Origin
2018-04-28 12:31 - 2018-05-20 11:53 - 000000000 ____D C:\Users\camma\AppData\Local\Battle.net
2018-04-28 12:31 - 2018-04-28 14:24 - 000000000 ____D C:\Users\camma\AppData\Roaming\Battle.net
2018-04-28 12:30 - 2018-05-01 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlestate Games
2018-04-28 12:30 - 2018-05-01 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-04-28 12:30 - 2018-04-28 12:30 - 000000881 _____ C:\Users\Public\Desktop\Battlestate Games Launcher.lnk
2018-04-28 12:28 - 2018-04-28 12:28 - 000000000 ____D C:\Users\camma\AppData\Local\Blizzard
2018-04-27 17:34 - 2018-04-27 17:34 - 000001165 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CC 2018.lnk
2018-04-27 17:29 - 2018-04-27 17:29 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Pro CC 2018.lnk
2018-04-27 17:23 - 2018-04-27 17:23 - 000001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom Classic CC.lnk
2018-04-27 17:17 - 2018-04-27 17:17 - 000001300 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-04-26 13:52 - 2018-04-26 14:10 - 000000000 ____D C:\Users\camma\AppData\Roaming\Surviving Mars
2018-04-26 13:44 - 2018-04-26 13:44 - 000000000 ____D C:\Users\camma\AppData\Roaming\Milestone
2018-04-25 17:18 - 2018-05-08 23:20 - 004814040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2018-04-25 17:18 - 2018-05-08 23:20 - 004089240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2018-04-25 17:18 - 2018-05-07 23:04 - 000044277 _____ C:\WINDOWS\system32\nvinfo.pb
2018-04-25 17:18 - 2018-04-28 02:25 - 000068112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2018-04-25 17:18 - 2018-04-23 07:00 - 001468616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6439731.dll
2018-04-25 17:18 - 2018-04-23 06:59 - 001991216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6439731.dll
2018-04-24 20:14 - 2018-04-24 20:14 - 000000000 ____D C:\Program Files (x86)\Futuremark
2018-04-22 12:05 - 2018-05-01 14:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-22 18:52 - 2017-06-06 17:40 - 000000000 ____D C:\Users\camma\AppData\Local\CrashDumps
2018-05-22 18:50 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-22 18:47 - 2018-04-20 22:02 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-22 18:46 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-22 18:44 - 2017-12-11 12:59 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-22 18:44 - 2016-11-11 10:17 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-05-22 01:57 - 2018-03-11 15:13 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-05-22 01:53 - 2017-09-06 16:14 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-05-22 01:26 - 2017-06-10 12:37 - 000000000 ____D C:\Users\camma\AppData\Roaming\qBittorrent
2018-05-22 01:17 - 2017-12-11 12:59 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-22 01:17 - 2017-09-01 11:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-22 01:17 - 2017-09-01 11:33 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-22 01:16 - 2017-06-06 18:30 - 000000000 ____D C:\Program Files (x86)\Steam
2018-05-21 23:41 - 2017-09-25 10:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-05-21 19:30 - 2018-02-06 20:46 - 000000000 ____D C:\Program Files (x86)\MSI Afterburner
2018-05-21 19:29 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-21 19:28 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-21 19:23 - 2017-03-23 13:19 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-21 19:13 - 2017-06-06 17:26 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-21 19:13 - 2017-06-06 17:26 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-21 18:56 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-20 17:30 - 2017-12-11 12:59 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2018-05-20 02:40 - 2018-01-30 00:36 - 000000000 ____D C:\Users\camma\AppData\Roaming\TS3Client
2018-05-19 12:15 - 2017-10-23 19:52 - 000000000 ___HD C:\Users\camma\MicrosoftEdgeBackups
2018-05-19 10:45 - 2017-06-06 17:20 - 000000000 ____D C:\Users\camma\AppData\Roaming\Adobe
2018-05-19 10:30 - 2017-06-07 23:01 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-05-19 10:30 - 2017-06-07 08:14 - 000000000 ____D C:\Users\camma\AppData\Local\Adobe
2018-05-19 10:29 - 2017-12-11 12:59 - 000000000 ____D C:\Users\camma\AppData\Local\NVIDIA
2018-05-19 01:31 - 2017-07-14 10:25 - 000000000 ____D C:\Users\camma\AppData\Roaming\WhatsApp
2018-05-19 00:45 - 2017-06-06 18:33 - 000000000 ____D C:\Users\camma\AppData\Local\Steam
2018-05-18 01:08 - 2017-08-27 14:26 - 000000000 ____D C:\Users\camma\AppData\Local\Ubisoft Game Launcher
2018-05-18 01:01 - 2017-03-23 13:23 - 000000000 ____D C:\ProgramData\Intel
2018-05-18 01:01 - 2017-03-23 13:23 - 000000000 ____D C:\Program Files (x86)\Intel
2018-05-18 01:00 - 2018-04-17 20:49 - 000037208 _____ (ASUSTek Computer Inc.) C:\WINDOWS\system32\Drivers\bsitf.sys
2018-05-18 00:59 - 2017-03-23 13:19 - 000000000 ____D C:\Program Files\Intel
2018-05-17 22:03 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-17 22:03 - 2017-03-23 13:39 - 000000000 ____D C:\Program Files\Microsoft Office
2018-05-16 23:55 - 2017-06-30 15:31 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2018-05-16 23:55 - 2017-06-30 15:31 - 000002116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2018-05-16 20:13 - 2017-06-06 20:07 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-15 00:46 - 2018-04-13 18:00 - 000000000 ____D C:\Users\camma\AppData\Local\Sports Interactive
2018-05-15 00:33 - 2017-06-06 17:26 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-13 18:48 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-13 16:45 - 2017-06-06 21:04 - 000000000 ____D C:\Users\camma\AppData\Roaming\discord
2018-05-12 09:08 - 2017-06-22 19:05 - 000000000 ____D C:\Program Files (x86)\Mailbird
2018-05-11 14:55 - 2017-06-06 20:20 - 000000000 ____D C:\Users\camma\AppData\Local\UnrealEngine
2018-05-10 23:50 - 2017-08-18 20:59 - 000000000 ____D C:\Users\camma\AppData\Roaming\EasyAntiCheat
2018-05-10 18:44 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-08 22:00 - 2018-04-12 18:16 - 000000000 ____D C:\WINDOWS\OCR
2018-05-08 22:00 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-05-08 22:00 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-08 21:50 - 2017-06-14 16:47 - 000000000 ___RD C:\Users\camma\3D Objects
2018-05-08 21:50 - 2017-03-23 13:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-08 21:49 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-08 21:49 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-08 21:46 - 2017-06-07 01:24 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-08 21:44 - 2017-10-11 17:21 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-08 21:44 - 2017-06-07 01:24 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-08 21:13 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-08 01:14 - 2017-11-23 19:53 - 000000000 ____D C:\Users\camma\AppData\Roaming\NordVPN
2018-05-08 01:14 - 2017-11-23 19:53 - 000000000 ____D C:\Program Files (x86)\NordVPN
2018-05-08 00:10 - 2018-02-01 13:20 - 000000000 ____D C:\Users\camma\AppData\Local\ElevatedDiagnostics
2018-05-07 21:15 - 2018-04-20 22:02 - 005947976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2018-05-07 21:15 - 2018-04-20 22:02 - 002612520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2018-05-07 21:15 - 2018-04-20 22:02 - 001767552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2018-05-07 21:15 - 2018-04-20 22:02 - 000634952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2018-05-07 21:15 - 2018-04-20 22:02 - 000450856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2018-05-07 21:15 - 2018-04-20 22:02 - 000124384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2018-05-07 21:15 - 2018-04-20 22:02 - 000083240 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2018-05-05 18:31 - 2017-10-23 17:57 - 000000000 ____D C:\Users\camma\AppData\Local\WhatsApp
2018-05-05 18:31 - 2017-07-14 10:25 - 000000000 ____D C:\Users\camma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-05-05 18:30 - 2017-06-06 21:04 - 000000000 ____D C:\Users\camma\AppData\Local\SquirrelTemp
2018-05-02 18:48 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-01 23:22 - 2018-04-12 01:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 23:22 - 2018-04-12 01:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-01 19:35 - 2017-10-23 19:45 - 000000000 ____D C:\Users\camma\AppData\Local\Packages
2018-05-01 19:27 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SystemApps
2018-05-01 19:25 - 2017-06-06 21:04 - 000000000 ____D C:\Users\camma\AppData\Local\Discord
2018-05-01 14:36 - 2018-04-12 01:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-01 14:36 - 2018-04-12 01:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-01 14:36 - 2018-04-12 01:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-01 14:36 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-01 14:36 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-01 14:36 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-01 14:36 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Help
2018-05-01 14:36 - 2018-02-26 21:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-01 14:36 - 2018-02-15 10:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mailbird
2018-05-01 14:36 - 2018-02-07 22:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2018-05-01 14:36 - 2018-02-07 08:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor 3
2018-05-01 14:36 - 2017-12-19 09:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-05-01 14:36 - 2017-09-25 15:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-05-01 14:36 - 2017-08-20 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2018-05-01 14:36 - 2017-07-25 13:32 - 000000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2018-05-01 14:36 - 2017-07-13 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2018-05-01 14:36 - 2017-07-13 19:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-01 14:36 - 2017-07-10 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photomatix Pro 6.0
2018-05-01 14:36 - 2017-06-24 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-05-01 14:36 - 2017-06-11 18:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookSmart
2018-05-01 14:36 - 2017-06-07 08:17 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-05-01 14:36 - 2017-06-06 19:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2018-05-01 14:36 - 2017-06-06 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-05-01 14:36 - 2017-03-23 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Thunderbolt(TM) Software
2018-05-01 14:36 - 2017-03-23 13:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-05-01 14:36 - 2017-03-23 13:27 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-05-01 14:34 - 2018-01-08 21:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
2018-05-01 14:34 - 2017-06-06 18:19 - 000000000 ____D C:\WINDOWS\system32\Intel
2018-05-01 14:34 - 2017-06-06 18:19 - 000000000 ____D C:\Program Files\Realtek
2018-05-01 14:33 - 2018-04-12 18:13 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-05-01 14:33 - 2018-04-12 18:13 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-05-01 14:33 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-05-01 14:33 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-05-01 14:33 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-05-01 14:33 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-05-01 14:33 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-05-01 14:32 - 2018-04-12 18:13 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-05-01 14:32 - 2018-04-12 18:13 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-05-01 14:32 - 2018-04-12 18:13 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-05-01 14:32 - 2018-04-12 18:13 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-05-01 14:32 - 2018-04-12 18:13 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-05-01 14:32 - 2018-04-12 18:13 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-05-01 14:32 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-05-01 14:32 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-05-01 14:32 - 2018-04-12 01:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-05-01 14:32 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-05-01 14:32 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-05-01 14:32 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-05-01 14:32 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-05-01 14:32 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-05-01 14:32 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\com
2018-05-01 14:32 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-05-01 14:32 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\IME
2018-05-01 14:32 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Common Files\system
2018-05-01 14:32 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-05-01 14:32 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-05-01 14:32 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\servicing
2018-05-01 14:30 - 2018-04-12 18:17 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2018-05-01 14:30 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-01 14:30 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-01 14:30 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-01 14:30 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-01 14:30 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-01 14:30 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-01 14:30 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-01 14:30 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-01 12:45 - 2017-10-24 15:43 - 000000000 ____D C:\Users\camma\AppData\Local\PlaceholderTileLogoFolder
2018-05-01 12:44 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-01 12:44 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-01 12:44 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-01 12:44 - 2018-04-11 23:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-01 12:43 - 2017-06-06 18:23 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-01 12:43 - 2017-03-23 13:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek
2018-05-01 12:42 - 2018-04-12 01:38 - 000000000 __RSD C:\WINDOWS\media
2018-05-01 12:40 - 2018-02-06 20:46 - 000000000 ____D C:\Users\camma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2018-05-01 12:40 - 2017-11-27 20:23 - 000000000 ____D C:\Users\camma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2018-05-01 12:40 - 2017-09-01 10:50 - 000000000 ____D C:\Users\camma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinDirStat
2018-05-01 12:40 - 2017-06-23 12:39 - 000000000 ____D C:\Users\camma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2018-05-01 12:39 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-01 12:39 - 2017-08-27 14:26 - 000000000 ____D C:\Users\camma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2018-05-01 12:39 - 2017-06-06 21:04 - 000000000 ____D C:\Users\camma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2018-05-01 12:39 - 2017-06-06 18:19 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-05-01 12:38 - 2017-06-06 18:19 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-05-01 09:33 - 2018-02-10 17:00 - 001366546 _____ C:\WINDOWS\ntbtlog.txt
2018-05-01 09:33 - 2017-09-01 11:29 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-05-01 00:56 - 2018-04-10 08:17 - 000000000 ____D C:\Windows10Upgrade
2018-05-01 00:05 - 2017-06-06 17:22 - 000000000 ____D C:\Users\camma\AppData\Local\Comms
2018-04-28 15:02 - 2017-08-29 18:53 - 000000000 ____D C:\Users\camma\AppData\Roaming\TeamViewer
2018-04-28 13:30 - 2018-03-30 14:37 - 000000000 ____D C:\Users\camma\AppData\Roaming\Twitch
2018-04-28 12:30 - 2018-04-03 18:18 - 000000000 ____D C:\Users\camma\AppData\Roaming\Battlestate Games
2018-04-28 12:30 - 2018-04-03 18:18 - 000000000 ____D C:\Users\camma\AppData\Local\Battlestate Games
2018-04-28 12:23 - 2017-08-02 14:28 - 000000000 ____D C:\Users\camma\AppData\Roaming\968 Series
2018-04-27 18:32 - 2017-12-11 12:59 - 000209192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2018-04-27 18:32 - 2017-12-11 12:59 - 000169256 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2018-04-27 17:51 - 2017-06-23 12:39 - 000000000 ____D C:\Users\camma\AppData\Roaming\HandBrake
2018-04-27 17:34 - 2017-06-07 08:16 - 000000000 ____D C:\Program Files\Adobe
2018-04-27 17:29 - 2017-06-08 08:18 - 000000000 ____D C:\Program Files\Common Files\Adobe
2018-04-27 17:05 - 2018-02-26 21:25 - 000000000 ____D C:\Users\camma\AppData\Roaming\vlc
2018-04-27 08:49 - 2017-12-11 12:59 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2018-04-27 08:05 - 2017-11-22 19:53 - 000001042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-04-26 16:58 - 2018-02-27 17:03 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-25 08:18 - 2018-04-20 22:02 - 008173402 _____ C:\WINDOWS\system32\nvcoproc.bin
2018-04-24 22:36 - 2017-08-30 14:30 - 000000000 ____D C:\Users\camma\AppData\LocalLow\Mozilla
2018-04-24 21:13 - 2018-04-21 14:03 - 000000000 ____D C:\Users\camma\.oracle_jre_usage
2018-04-24 21:13 - 2017-06-14 01:34 - 000000000 ____D C:\ProgramData\Futuremark
2018-04-24 20:15 - 2017-10-04 19:09 - 000000000 ____D C:\temp
2018-04-24 18:48 - 2018-04-19 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine

==================== Files in the root of some directories =======

2017-06-10 18:52 - 2018-02-01 13:49 - 000007597 _____ () C:\Users\camma\AppData\Local\Resmon.ResmonCfg
2018-03-01 21:48 - 2018-03-01 21:48 - 000000032 RSHOT () C:\Users\camma\AppData\Local\t70rc.dat
2018-03-09 21:05 - 2018-03-09 21:05 - 000000032 RSHOT () C:\Users\camma\AppData\Local\t80.dat
2018-01-21 09:38 - 2018-01-21 09:38 - 000003937 _____ () C:\Users\camma\AppData\Local\Tempbannercash.tmp
2018-01-21 09:38 - 2018-01-21 09:38 - 000028582 _____ () C:\Users\camma\AppData\Local\Tempnewscash.tmp

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. 

LastRegBack: 2018-05-01 12:37

==================== End of FRST.txt ============================

FRST.txt

Addition.txt

Threat Scan.txt

Share this post


Link to post
Share on other sites

Hello @Ands and :welcome:

The logs don't seem to indicate there is an infection.

ATTENTION: ==> Could not access BCD

That is a bit odd but could be a temporary issue possibly.

Please run the following which will clean temp files and run a full disk check.

NOTE: The full disk check can take several hours to complete depending on the disk size and speed of your computer. Please let it complete on it's own.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks

Ron

 

 

Share this post


Link to post
Share on other sites

Hello @AdvancedSetup,

You help is very much appreciated.

I have applied the fix, it was actually quite a fast process. After that the computer restarted and attached you can find the log.

Unluckily that didn't do the trick. As I rebooted the problem started again. the GPU is at 99% of its power and It lowers to 0 as soon as I open the task manager (See screenshot).

What could be a next step I can try?

Andrea

Fixlog.txt

InkedCapture_LI.jpg

Share this post


Link to post
Share on other sites

Hi Andrea

There is no way a full disk check could have run that quickly unless this is a brand spanking new system with an SSD drive. Normally a minimum of 10 minutes to run a full disk check. It sounds like it did not run.

Please shut down the computer. Wait a minute. Then power it back on and see if the disk check will run.

 

Share this post


Link to post
Share on other sites

Should I apply the fix again?

I do have an SSD as primary disk and an hdd as secondary one.

Share this post


Link to post
Share on other sites

Did you see a black screen or a blue one with the words saying a disk check was running?

 

Let me get the Disk Check report back please to see what it found and, or fixed, or if it ran.


Check Disk report:

  • Press the WindowsKey.png + R on your keyboard at the same time. Type powershell.exe and click OK.
  • Copy and paste the following command inside the powershell window and press Enter:
    get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername –match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt
  • This will create a log file named CHKDSKResults.txt on your desktop.
  • Paste the contents of that log into your next reply please.

 

Share this post


Link to post
Share on other sites

There is something wrong. The log has been generated but it's empty ?

 

BTW after the reboot the issue is gone, but even before applying the fix it wasn't always doing the problem.

Edited by Ands

Share this post


Link to post
Share on other sites

It's empty almost certainly because the disk check did not run.

Go ahead and run the fix from my original reply again. See if it will run on reboot this time.

 

Share this post


Link to post
Share on other sites

I have tried again but it won't do the check. It creates a restore point, empty the temp and then ask for the reboot.

 

Btw after this reboot the problem is back again.

 

Fixlog.txt

Share this post


Link to post
Share on other sites

I look at the guide you suggested. the problem is that when I open the task manager or the process explorer the GPU stop running  at max power. As I close them it start running max power again. Therefore, It is not possible to see which svhost is taking GPU.

I tried the command from powershell but it says the command is not good (attached the screenshot. Am I missing something?

 

1.JPG

Share this post


Link to post
Share on other sites

Probably due to copy/paste. The website is using MS Word quotes instead of real quotes. Though this probably won't help us, especially since the issue goes away when being used.

This one should work.

tasklist /svc |find "svchost.exe"

 

Though Windows 10 has a much better tool than before, the tool below is still much better at monitoring this. Please download and run this tool. Leave the computer alone while it's on screen and see if you can see what kicks in and starts consuming CPU. It could be an idle task doing what it's supposed to do.

https://docs.microsoft.com/en-us/sysinternals/downloads/process-explorer

 

Share this post


Link to post
Share on other sites
5 minutes ago, AdvancedSetup said:

This one should work.

tasklist /svc |find "svchost.exe"

It says "parameter format not correct" I even tried to write by hand but it won't get the command.

I have process explorer open now. Of course the GPU stop working as usual. I already tried to keep it open for several time but no process will kick in if it's opened. 

BTW the hardware been used at max power is the GPU not the CPU. 

I really dont know how to find the process that is utilizing it. Is there anyway to get a log of the process in the background without having task manager or process explorer opened?

Thx again

Share this post


Link to post
Share on other sites

There are other monitoring tools but they're not very user friendly. Let's get a look at your scheduled tasks again.

Copy/paste this into an elevated admin command prompt.

Schtasks /query /v >"%USERPROFILE%\desktop\my_scheduled_tasks.txt"

Then attach that log file on your next reply please.

 

Share this post


Link to post
Share on other sites

Should I do anything else? Just a curiosity, I previously did the full rootkit scan with Malwarebytes 3.4.5 premium but it didnt find anything. Shouldn't it have found something?

Share this post


Link to post
Share on other sites

This is a special build designed to bypass some infections that block or hide from the main program.

Let me have you run the following again just to make sure.

 

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes 3 then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes 3 installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • Once the scan is completed click on the Export Summary button and save the file as a Text file to your desktop or other location you can find, and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know on your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan.
  • When finished, please click Clean.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Ron

 

Share this post


Link to post
Share on other sites

Are you running these on purpose?

S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970752 2018-03-10] ()


I'll write you another script repair. There is still a little left over.

 

 

Share this post


Link to post
Share on other sites


Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

Thanks again

Ron

 

Share this post


Link to post
Share on other sites
6 minutes ago, AdvancedSetup said:

Are you running these on purpose?

S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970752 2018-03-10] ()


 

 

Actually I have no clue what they are!??

I run the fix, here it.

Thank you,

Andrea

Fixlog.txt

Share this post


Link to post
Share on other sites

It's designed to do remote control of the system. You have TeamViewer installed and it too is a remote control application. If you've installed it and use it then nothing wrong, but if not and you're not familiar with it I'd recommend uninstalling it and removing the sshd

 

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.