Jump to content

MalwareBytes Detects Safe File All the Time.. What to do?


koolx

Recommended Posts

Hello koolx and welcome to Malwarebytes,

Can you post the log from Malwarebytes that shows Firefox entries you mention...

Next,

Run the following:

Download Farbar Recovery Scan Tool and save it to your desktop.

Alternative download option: http://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...

Be aware FRST must be run from an account with Administrator status...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
    user posted image
     
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply.


Thank you,

Kevin
Link to post
Share on other sites

8 hours ago, kevinf80 said:
Hello koolx and welcome to Malwarebytes,
 

 

  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach that log to your reply

 

Hey Kevin,

 

Appreciate the followup. Here is what you asked for. The following is pasted info from malwarebytes log and Farbar FIRST log. I attached the Additions log as you requested also. Thanks.

 

Malwarebytes log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/6/18
Scan Time: 1:37 PM
Log File: f4cdd454-f985-11e8-a923-4ccc6a2aceb1.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.482
Update Package Version: 1.0.8199
License: Trial

-System Information-
OS: Windows 10 (Build 17763.134)
CPU: x64
File System: NTFS
User: DESKTOP-M579393\david

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 271963
Threats Detected: 1
Threats Quarantined: 0
Time Elapsed: 0 min, 31 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 1
PUP.Optional.Conduit, C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O182YAT8.NEW\PREFS.JS, No Action By User, [215], [301520],1.0.8199

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

 

-----------------------------------------------------------------------------------------------------------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by david (administrator) on DESKTOP-M579393 (06-12-2018 13:35:34)
Running from C:\Users\david\Desktop
Loaded Profiles: david (Available Profiles: david)
Platform: Windows 10 Home Version 1809 17763.134 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(ICEpower) C:\Windows\System32\ICEsoundService64.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(MSI) C:\Program Files (x86)\MSI\MSI OC Kit\Driver_Service\MSI_Driver_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\SecurityHealthSystray.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectUI.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(f.lux Software LLC) C:\Users\david\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\Ditto\Ditto.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\ReflectMonitor.exe
(Micro-Star INT'L CO., LTD.) C:\MSI\MSI USB Speed Up\USB_Speed_Up.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\Live Update.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\CompPkgSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Windows\system32\SecurityHealthSystray.exe [83968 2018-09-15] (Microsoft Corporation)
HKLM\...\Run: [Reflect UI] => C:\Program Files\Macrium\Common\ReflectUI.exe [5614320 2018-11-29] (Paramount Software UK Ltd)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1570512 2017-12-23] (Highresolution Enterprises)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9279520 2018-11-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB_Speed_Up] => C:\MSI\MSI USB Speed Up\USB_Speed_Up.exe [2394040 2017-02-17] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [126712 2018-11-15] (Intel)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26252472 2018-12-04] (Micro-Star INT'L CO., LTD.)
HKU\S-1-5-21-2261263017-709210955-1287429634-1001\...\Run: [f.lux] => C:\Users\david\AppData\Local\FluxSoftware\Flux\flux.exe [1820168 2018-10-24] (f.lux Software LLC)
HKU\S-1-5-21-2261263017-709210955-1287429634-1001\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE [297024 2015-01-18] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2261263017-709210955-1287429634-1001\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [4793856 2018-09-04] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{8df4cf00-5de4-4b76-9a09-646ad8dd8d2e}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2018-12-02] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2018-12-02] (Microsoft Corporation)

Edge:
======
Edge Extension: (BookReader) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets [2018-09-15]
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2018-12-05]
Edge Extension: (PinJSAPI) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [2018-09-15]

FireFox:
========
FF DefaultProfile: o182yat8.New
FF ProfilePath: C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New [2018-12-06]
FF Homepage: Mozilla\Firefox\Profiles\o182yat8.New -> about:blank
FF NewTab: Mozilla\Firefox\Profiles\o182yat8.New -> hxxp://www.bing.com/?pc=COSP&ptag=D112718-N0600A9FCDBB39EF&form=CONMHP&conlogo=CT3335799
FF NetworkProxy: Mozilla\Firefox\Profiles\o182yat8.New -> type", 0
FF Session Restore: Mozilla\Firefox\Profiles\o182yat8.New -> is enabled.
FF NewTabOverride: Mozilla\Firefox\Profiles\o182yat8.New -> Enabled: pavel.sherbakov@gmail.com
FF NewTabOverride: Mozilla\Firefox\Profiles\o182yat8.New -> Enabled: CookieAutoDelete@kennydo.com
FF NewTabOverride: Mozilla\Firefox\Profiles\o182yat8.New -> Enabled: uBlock0@raymondhill.net
FF Extension: (Hoxx VPN Proxy) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New\Extensions\@hoxx-vpn.xpi [2018-10-11]
FF Extension: (Dark Reader) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New\Extensions\addon@darkreader.org.xpi [2018-11-01]
FF Extension: (Cookie AutoDelete) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New\Extensions\CookieAutoDelete@kennydo.com.xpi [2018-06-16]
FF Extension: (Copy Plain Text WE) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New\Extensions\CopyPlainTextWE@yuki.xpi [2018-11-09]
FF Extension: (Download Notifications) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New\Extensions\gnome-download-notify@ion201.xpi [2018-10-14]
FF Extension: (AutoFill Forms) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New\Extensions\jid1-jJjr0f2lg5yYtf2dD@jetpack.xpi [2018-07-09]
FF Extension: (Linkificator) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New\Extensions\linkificator@markapola.xpi [2018-09-07]
FF Extension: (New Tab Page) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New\Extensions\pavel.sherbakov@gmail.com.xpi [2018-10-17]
FF Extension: (Simple Form Fill) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New\Extensions\simpleformfill@sblask.xpi [2018-06-20]
FF Extension: (uBlock Origin) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New\Extensions\uBlock0@raymondhill.net.xpi [2018-12-01]
FF Extension: (Distill Web Monitor) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New\Extensions\{7a73dc4b-1b38-40e7-ac56-7d356dd4af34}.xpi [2018-10-24]
FF Extension: (Stylus) - C:\Users\david\AppData\Roaming\Mozilla\Firefox\Profiles\o182yat8.New\Extensions\{7a7a4a92-a2a0-41d1-9fd7-1e92480d612d}.xpi [2018-11-30]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_32_0_0_101.dll [2018-12-05] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-12-02] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_32_0_0_101.dll [2018-12-05] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2018-12-02] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-11-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-11-16] (NVIDIA Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BrokerInfrastructure; C:\Windows\System32\psmsrv.dll [241664 2018-11-27] (Microsoft Corporation)
S3 cbdhsvc; C:\Windows\System32\cbdhsvc.dll [961024 2018-09-15] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9662624 2018-11-01] (Microsoft Corporation)
S3 ConsentUxUserSvc; C:\Windows\System32\ConsentUxClient.dll [157696 2018-09-15] (Microsoft Corporation)
S3 DisplayEnhancementService; C:\Windows\system32\Microsoft.Graphics.Display.DisplayEnhancementService.dll [914944 2018-09-15] (Microsoft Corporation)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [23800 2018-11-15] (Intel)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937192 2018-11-07] ()
R2 ICEsoundService; C:\Windows\system32\ICEsoundService64.exe [807808 2018-11-28] (ICEpower)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Corporation)
S3 Intel(R) SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel Corporation)
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [5452688 2018-11-29] (Paramount Software UK Ltd)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\MSI_ActiveX_Service.exe [58296 2017-02-17] (Micro-Star INT'L CO., LTD.)
R2 MSI_Driver_Service; C:\Program Files (x86)\MSI\MSI OC Kit\Driver_Service\MSI_Driver_Service.exe [54880 2016-10-12] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2191032 2018-11-28] (Micro-Star INT'L CO., LTD.)
S3 perceptionsimulation; C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe [78848 2018-09-15] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe [192232 2018-11-07] ()
S3 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe [937192 2018-11-07] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-11-27] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-11-27] (Microsoft Corporation)
S3 WManSvc; C:\Windows\system32\Windows.Management.Service.dll [370176 2018-09-15] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BasicDisplay; C:\Windows\System32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys [68096 2018-09-15] (Microsoft Corporation)
R1 BasicRender; C:\Windows\System32\DriverStore\FileRepository\basicrender.inf_amd64_0b8d03c3bc0e7fd9\BasicRender.sys [37376 2018-09-15] (Microsoft Corporation)
S3 BthMini; C:\Windows\System32\drivers\BTHMINI.sys [34816 2018-09-15] (Microsoft Corporation)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
S3 hidspi; C:\Windows\System32\drivers\hidspi.sys [60928 2018-09-15] (Microsoft Corporation)
S3 iaLPSS2i_GPIO2_CNL; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_CNL.sys [112128 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_GPIO2_GLK; C:\Windows\System32\drivers\iaLPSS2i_GPIO2_GLK.sys [96256 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_CNL; C:\Windows\System32\drivers\iaLPSS2i_I2C_CNL.sys [180736 2018-09-15] (Intel Corporation)
S3 iaLPSS2i_I2C_GLK; C:\Windows\System32\drivers\iaLPSS2i_I2C_GLK.sys [177664 2018-09-15] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [198000 2018-11-27] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [119136 2018-12-05] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\DRIVERS\mbam.sys [63768 2018-12-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [260480 2018-12-05] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\DRIVERS\mwac.sys [111152 2018-12-06] (Malwarebytes)
S3 MbbCx; C:\Windows\System32\drivers\MbbCx.sys [290816 2018-09-15] (Microsoft Corporation)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\Windows\System32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys [53760 2018-09-15] (Microsoft Corporation)
R3 NTIOLib_ACTIVE_X; C:\Program Files (x86)\MSI\MSI OC Kit\ActiveX_Service\NTIOLib_X64.sys [13776 2016-04-12] (MSI)
U4 NTIOLib_OCKit_MB; C:\Program Files (x86)\MSI\MSI OC Kit\Driver_Service\NTIOLib_X64.sys [13776 2016-09-08] (MSI)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_536b4334eea64117\nvlddmkm.sys [20395632 2018-11-16] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [70024 2018-10-01] (NVIDIA Corporation)
S3 PktMon; C:\Windows\System32\drivers\PktMon.sys [85504 2018-09-15] (Microsoft Corporation)
R3 PSMounterEx; C:\Windows\system32\drivers\psmounterex.sys [189152 2017-08-08] (Windows (R) Win 7 DDK provider)
R3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [31856 2017-03-23] (Windows (R) Win 7 DDK provider)
S0 SmartSAMD; C:\Windows\System32\drivers\SmartSAMD.sys [219960 2018-09-15] (Microsemi Corportation)
S3 UcmUcsiAcpiClient; C:\Windows\System32\drivers\UcmUcsiAcpiClient.sys [31232 2018-09-15] (Microsoft Corporation)
S3 UcmUcsiCx0101; C:\Windows\System32\Drivers\UcmUcsiCx.sys [99840 2018-09-15] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46184 2018-11-27] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [328696 2018-11-27] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60408 2018-11-27] (Microsoft Corporation)
S3 WIMMount; C:\program files\macrium\reflect\wimmount.sys [36664 2018-09-15] (Microsoft Corporation)
R3 WinQuic; C:\Windows\System32\drivers\winquic.sys [156984 2018-09-15] (Microsoft Corporation)
S4 nvvhci; \SystemRoot\System32\drivers\nvvhci.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: WManSvc -> C:\Windows\system32\Windows.Management.Service.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-06 13:35 - 2018-12-06 13:35 - 000020082 _____ C:\Users\david\Desktop\FRST.txt
2018-12-06 13:34 - 2018-12-06 13:35 - 000000000 ____D C:\FRST
2018-12-06 13:32 - 2018-12-06 13:32 - 002417152 _____ (Farbar) C:\Users\david\Desktop\FRST64.exe
2018-12-06 12:42 - 2018-12-06 12:42 - 000000000 ___HD C:\OneDriveTemp
2018-12-06 00:20 - 2018-12-06 00:21 - 000000000 ____D C:\Users\david\Documents\BKUP CPY SAVES
2018-12-06 00:19 - 2018-12-06 00:19 - 000001789 _____ C:\Users\david\Desktop\mgsvtpp.exe - Shortcut.lnk
2018-12-06 00:18 - 2018-12-06 00:21 - 000000000 ____D C:\Users\david\Documents\CPY_SAVES
2018-12-06 00:18 - 2007-04-04 17:54 - 000107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2018-12-05 21:47 - 2018-12-05 21:54 - 000000000 ____D C:\Program Files (x86)\Metal Gear Solid V The Phantom Pain
2018-12-05 20:33 - 2018-12-06 12:43 - 000111152 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2018-12-05 20:33 - 2018-12-05 20:33 - 000119136 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2018-12-05 20:33 - 2018-12-05 20:33 - 000063768 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2018-12-05 00:18 - 2018-12-05 20:32 - 000000000 ____D C:\Users\david\Desktop\Malwarebytes Premium 3.6.1.2711 MultilingualDC
2018-12-04 23:47 - 2018-12-06 00:11 - 000000000 ____D C:\Windows\SysWOW64\directx
2018-12-04 23:47 - 2018-12-04 23:49 - 000000000 ___HD C:\Windows\msdownld.tmp
2018-12-04 00:35 - 2018-12-05 20:33 - 000260480 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2018-12-04 00:24 - 2018-12-04 00:34 - 000000000 ____D C:\AdwCleaner
2018-12-03 16:49 - 2018-12-03 16:49 - 000000000 ____D C:\Program Files (x86)\ASM104xUSB3
2018-12-03 16:08 - 2018-12-03 16:08 - 002128405 _____ C:\Users\david\Documents\Toaster_1.HEIC
2018-12-03 16:07 - 2018-12-03 16:07 - 002167007 _____ C:\Users\david\Documents\Toaster 2.HEIC
2018-12-03 16:01 - 2018-12-03 16:02 - 000000000 ____D C:\Windows\files
2018-12-03 00:02 - 2018-12-03 00:02 - 000002363 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recents.lnk
2018-12-03 00:02 - 2018-12-03 00:02 - 000000895 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Turn Off Xbox Controller.lnk
2018-12-03 00:01 - 2018-12-03 00:02 - 000002291 _____ C:\Users\david\Documents\Recents.lnk
2018-12-02 22:45 - 2018-10-29 14:13 - 000009056 _____ C:\Users\david\Desktop\TV.xlsx
2018-12-02 22:41 - 2018-12-02 22:44 - 000000000 ____D C:\Users\david\Desktop\Trouble Companies
2018-12-02 22:39 - 2017-03-14 02:10 - 000399344 _____ C:\Users\david\Desktop\David-Deangelo-Advanced-Dating-Techniques.pdf
2018-12-02 22:38 - 2018-12-02 22:38 - 000000000 ____D C:\Users\david\Desktop\Test pic
2018-12-02 22:06 - 2018-12-02 22:06 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-12-02 22:06 - 2018-12-02 22:06 - 000002450 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-12-02 22:06 - 2018-12-02 22:06 - 000002413 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-12-02 22:06 - 2018-12-02 22:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-12-02 22:06 - 2018-12-02 22:06 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2018-12-02 22:02 - 2018-12-02 22:02 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-12-02 21:53 - 2018-12-02 21:51 - 009021784 _____ C:\Windows\OInstall.exe
2018-12-01 20:47 - 2018-12-02 22:28 - 000000000 ____D C:\Users\david\Desktop\MS Office 2019 Pro Plus Retail x86 x64  MULTi-22 OCT 2018 {Gen2}
2018-12-01 20:19 - 2018-12-01 20:19 - 000000000 ____D C:\Users\david\AppData\Roaming\Skype
2018-12-01 18:37 - 2018-12-01 18:37 - 000000080 ___SH C:\bootTel.dat
2018-12-01 17:42 - 2018-12-02 22:06 - 000000000 ____D C:\Program Files\Microsoft Office
2018-12-01 16:06 - 2018-12-01 16:06 - 000000000 ____D C:\Users\david\Documents\Reflect
2018-12-01 14:45 - 2018-12-01 14:45 - 000000000 ____D C:\Intel
2018-12-01 14:43 - 2018-12-01 14:43 - 000000000 ____D C:\Users\david\Intel
2018-11-30 19:15 - 2018-11-30 19:16 - 000011742 _____ C:\Windows\Macrium Reflect Patch Log.txt
2018-11-30 15:11 - 2018-11-30 13:48 - 000001278 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2018-11-30 15:11 - 2018-11-26 23:07 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-11-30 15:10 - 2018-11-26 21:22 - 000002030 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium.lnk
2018-11-29 10:36 - 2018-11-22 08:12 - 000078504 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\MRCBT.sys
2018-11-29 10:36 - 2018-11-22 08:12 - 000063024 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\mrigflt.sys
2018-11-29 10:36 - 2018-09-18 05:39 - 000064856 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\MRVDP.sys
2018-11-28 23:36 - 2018-11-28 23:36 - 000001052 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
2018-11-28 23:17 - 2018-12-05 20:32 - 000000000 ____D C:\Users\david\AppData\Roaming\uTorrent
2018-11-28 22:48 - 2018-11-28 22:48 - 000000000 ____D C:\Users\Public\Foxit Software
2018-11-28 22:47 - 2018-11-28 22:48 - 000000000 ____D C:\Users\david\AppData\Roaming\Foxit Software
2018-11-28 22:47 - 2018-11-28 22:47 - 000000000 ____D C:\Users\david\AppData\Roaming\Foxit AgentInformation
2018-11-28 22:47 - 2018-11-28 22:47 - 000000000 ____D C:\ProgramData\Foxit ContentPlatform
2018-11-28 22:47 - 2018-11-28 22:47 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2018-11-28 22:29 - 2018-11-28 22:29 - 000000000 ____D C:\Program Files\7-Zip
2018-11-28 21:54 - 2018-12-06 13:33 - 000000000 ____D C:\Users\david\AppData\Roaming\Ditto
2018-11-28 21:54 - 2018-11-30 15:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ditto
2018-11-28 21:54 - 2018-11-28 21:54 - 000000000 ____D C:\Program Files\Ditto
2018-11-28 19:39 - 2018-12-05 20:36 - 000004588 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-11-28 19:39 - 2018-12-05 20:36 - 000004422 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2018-11-28 19:39 - 2018-11-28 19:39 - 000000000 ____D C:\Users\david\AppData\Roaming\Macromedia
2018-11-28 19:38 - 2018-11-28 19:39 - 000000000 ____D C:\Users\david\AppData\Local\Adobe
2018-11-28 19:23 - 2018-11-28 19:23 - 000000000 ____D C:\Users\david\AppData\Roaming\EPSON
2018-11-28 19:21 - 2018-11-28 23:17 - 000000951 _____ C:\Windows\Tasks\EPSON XP-610 Series Update {3DCFE336-D5D3-4191-8301-C22C38E3ECB1}.job
2018-11-28 19:21 - 2018-11-28 23:17 - 000000765 _____ C:\Windows\Tasks\EPSON XP-610 Series Invitation {3DCFE336-D5D3-4191-8301-C22C38E3ECB1}.job
2018-11-28 19:21 - 2018-11-28 19:21 - 000004148 _____ C:\Windows\System32\Tasks\EPSON XP-610 Series Update {3DCFE336-D5D3-4191-8301-C22C38E3ECB1}
2018-11-28 19:21 - 2018-11-28 19:21 - 000003970 _____ C:\Windows\System32\Tasks\EPSON XP-610 Series Invitation {3DCFE336-D5D3-4191-8301-C22C38E3ECB1}
2018-11-28 19:21 - 2018-11-28 19:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2018-11-28 19:21 - 2018-11-28 19:21 - 000000000 ____D C:\ProgramData\EPSON
2018-11-28 19:21 - 2018-11-28 19:21 - 000000000 ____D C:\Program Files\Common Files\EPSON
2018-11-28 19:21 - 2015-01-18 23:43 - 000179712 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMBLQE.DLL
2018-11-28 19:21 - 2015-01-18 23:43 - 000083968 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ID4BLQE.DLL
2018-11-28 19:21 - 2015-01-18 23:43 - 000010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
2018-11-28 19:21 - 2012-07-24 00:00 - 000466432 _____ (Seiko Epson Corporation) C:\Windows\system32\esxw2ud.dll
2018-11-28 19:21 - 2012-05-17 00:00 - 000144560 _____ (Seiko Epson Corporation) C:\Windows\system32\escsvc64.exe
2018-11-28 19:20 - 2018-11-28 19:20 - 000000000 ____D C:\Program Files (x86)\epson
2018-11-28 17:13 - 2018-11-28 17:13 - 000000000 ____D C:\Users\david\ansel
2018-11-28 17:13 - 2018-11-16 06:43 - 000142216 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2018-11-28 17:12 - 2018-11-15 18:24 - 005338424 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-11-28 17:12 - 2018-11-15 18:24 - 002620272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-11-28 17:12 - 2018-11-15 18:24 - 001767736 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-11-28 17:12 - 2018-11-15 18:24 - 000651064 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-11-28 17:12 - 2018-11-15 18:24 - 000450416 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-11-28 17:12 - 2018-11-15 18:24 - 000124784 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-11-28 17:12 - 2018-11-15 18:24 - 000082984 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-11-28 17:12 - 2018-11-14 01:49 - 008416032 _____ C:\Windows\system32\nvcoproc.bin
2018-11-28 17:11 - 2018-11-16 13:43 - 000047384 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhdap64.dll
2018-11-28 17:11 - 2018-11-16 13:40 - 015909736 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-11-28 17:11 - 2018-11-16 13:40 - 013203608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-11-28 17:11 - 2018-11-16 13:40 - 001471632 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFThevc.dll
2018-11-28 17:11 - 2018-11-16 13:40 - 001462424 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2018-11-28 17:11 - 2018-11-16 13:40 - 001167792 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-11-28 17:11 - 2018-11-16 13:40 - 001152032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFThevc.dll
2018-11-28 17:11 - 2018-11-16 13:40 - 001145720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-11-28 17:11 - 2018-11-16 13:40 - 000914608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-11-28 17:11 - 2018-11-16 13:40 - 000822624 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2018-11-28 17:11 - 2018-11-16 13:40 - 000794840 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-11-28 17:11 - 2018-11-16 13:40 - 000637688 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-11-28 17:11 - 2018-11-16 13:39 - 019712528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-11-28 17:11 - 2018-11-16 13:39 - 016989000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-11-28 17:11 - 2018-11-16 13:39 - 004257360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-11-28 17:11 - 2018-11-16 09:44 - 000978128 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll
2018-11-28 17:11 - 2018-11-16 09:44 - 000978128 _____ C:\Windows\system32\vulkan-1.dll
2018-11-28 17:11 - 2018-11-16 09:44 - 000845008 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2018-11-28 17:11 - 2018-11-16 09:44 - 000845008 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-11-28 17:11 - 2018-11-16 09:44 - 000552144 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-11-28 17:11 - 2018-11-16 09:44 - 000456904 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-11-28 17:11 - 2018-11-16 09:44 - 000267984 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe
2018-11-28 17:11 - 2018-11-16 09:44 - 000267984 _____ C:\Windows\system32\vulkaninfo.exe
2018-11-28 17:11 - 2018-11-16 09:44 - 000243408 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2018-11-28 17:11 - 2018-11-16 09:44 - 000243408 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-11-28 17:11 - 2018-11-16 09:42 - 000967608 _____ (NVIDIA Corporation) C:\Windows\system32\nvml.dll
2018-11-28 17:11 - 2018-11-16 09:41 - 004945480 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-11-28 17:11 - 2018-11-16 09:41 - 004316232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-11-28 17:11 - 2018-11-16 09:41 - 002003424 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-11-28 17:11 - 2018-11-16 09:41 - 001510856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-11-28 17:11 - 2018-11-16 09:41 - 001460112 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-11-28 17:11 - 2018-11-16 09:41 - 001126288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-11-28 17:11 - 2018-11-16 09:41 - 000750664 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2018-11-28 17:11 - 2018-11-16 09:41 - 000631592 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-11-28 17:11 - 2018-11-16 09:41 - 000609248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2018-11-28 17:11 - 2018-11-16 09:41 - 000539016 _____ (NVIDIA Corporation) C:\Windows\system32\nvidia-smi.exe
2018-11-28 17:11 - 2018-11-16 09:41 - 000521672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-11-28 17:11 - 2018-11-16 09:41 - 000448912 _____ (NVIDIA Corporation) C:\Windows\system32\nvdebugdump.exe
2018-11-28 17:11 - 2018-11-16 09:40 - 040256984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-11-28 17:11 - 2018-11-16 09:40 - 035154208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-11-28 17:11 - 2018-11-16 09:40 - 000858280 _____ (NVIDIA Corporation) C:\Windows\system32\MCU.exe
2018-11-28 17:11 - 2018-11-15 20:29 - 000104218 _____ C:\Windows\system32\nvidia-smi.1.pdf
2018-11-28 17:11 - 2018-11-15 20:29 - 000045532 _____ C:\Windows\system32\nvinfo.pb
2018-11-28 17:00 - 2018-11-28 18:33 - 000000000 ____D C:\Users\david\AppData\Local\NVIDIA Corporation
2018-11-28 17:00 - 2018-11-28 17:15 - 000000000 ____D C:\Users\david\AppData\Local\NVIDIA
2018-11-28 17:00 - 2018-11-28 17:00 - 000000000 ____D C:\Users\david\AppData\Local\CEF
2018-11-28 16:46 - 2018-12-06 02:46 - 000000000 ____D C:\ProgramData\NVIDIA
2018-11-28 16:46 - 2018-11-28 17:15 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-11-28 16:46 - 2018-11-28 17:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-11-28 16:46 - 2018-11-28 16:46 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-28 16:46 - 2018-11-28 16:46 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-28 16:46 - 2018-11-28 16:46 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-28 16:46 - 2018-11-28 16:46 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-28 16:46 - 2018-11-28 16:46 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-28 16:46 - 2018-11-28 16:46 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-28 16:46 - 2018-11-28 16:46 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-11-28 16:46 - 2018-11-15 14:28 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-11-28 16:46 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2018-11-28 16:46 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2018-11-28 16:46 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2018-11-28 16:46 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2018-11-28 16:46 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2018-11-28 16:46 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2018-11-28 16:45 - 2018-11-28 17:15 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-11-28 16:45 - 2018-10-01 13:47 - 000070024 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-11-28 16:43 - 2018-11-28 17:15 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-11-28 16:02 - 2018-11-28 16:02 - 000005377 _____ C:\Windows\SysWOW64\Upgrade_Saved_Config.txt
2018-11-28 16:02 - 2018-11-28 16:02 - 000000326 _____ C:\Windows\SysWOW64\Saved_StaticIP.txt
2018-11-28 14:58 - 2018-11-28 14:58 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-11-28 14:58 - 2018-11-28 14:58 - 000000000 ____D C:\Program Files\Realtek
2018-11-28 14:58 - 2018-11-28 14:53 - 072520776 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2018-11-28 14:58 - 2018-11-28 14:53 - 023073815 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2018-11-28 14:58 - 2018-11-28 14:53 - 006400040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2018-11-28 14:58 - 2018-11-28 14:53 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2018-11-28 14:58 - 2018-11-28 14:53 - 003761640 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 003677224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2018-11-28 14:58 - 2018-11-28 14:53 - 003418072 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 003319480 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 003306896 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 003281232 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 003159472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 003128888 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 002198048 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 001435216 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 001396232 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 001382312 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 001353384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 001337720 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 001318912 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 001282616 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 001180584 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 001073736 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 001027888 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000994744 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000965088 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000873544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000852208 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000692224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000604872 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000541192 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000467232 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000447256 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000392936 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000381488 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000343768 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000341224 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000341224 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000327336 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000327328 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000266616 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000231976 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000230784 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000220448 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000218352 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000193040 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000175016 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000158776 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000116600 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000093968 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000090976 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000088384 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000083688 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000075616 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2018-11-28 14:58 - 2018-11-28 14:53 - 000023752 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2018-11-28 14:57 - 2018-11-28 14:57 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-11-28 14:57 - 2018-11-28 14:53 - 007178544 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 007101824 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 006270264 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 005347072 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 002930216 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 002444760 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 001971448 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 001965232 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 001788032 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 001598472 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 001544328 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 001516368 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 001448856 _____ (Dolby Laboratories) C:\Windows\system32\DolbyAPOv251gm.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 001372472 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 001259808 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 001164696 _____ (Dolby Laboratories) C:\Windows\system32\DolbyAPOvlldpgm.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 001159264 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000888616 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000807808 _____ (ICEpower) C:\Windows\system32\ICEsoundService64.exe
2018-11-28 14:57 - 2018-11-28 14:53 - 000751376 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000734848 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000715720 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000511720 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000453352 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000452816 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000448680 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000416584 _____ (Harman) C:\Windows\system32\HMUI.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000406528 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000378456 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000367688 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000366200 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000360424 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000333088 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000316080 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000278352 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000261312 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000261280 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000260288 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000203912 _____ (Harman) C:\Windows\system32\HMHVS.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000195763 _____ C:\Windows\system32\ICEsoundService.bin
2018-11-28 14:57 - 2018-11-28 14:53 - 000191008 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000191008 _____ (Harman) C:\Windows\system32\HMEQ.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000179672 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000175824 _____ (ASUSTeK COMPUTER INC.) C:\Windows\system32\ATKWMI.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000157408 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000154440 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000139832 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000122424 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000118664 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000105384 _____ C:\Windows\system32\audioLibVc.dll
2018-11-28 14:57 - 2018-11-28 14:53 - 000090232 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2018-11-27 14:59 - 2018-11-27 14:59 - 000003834 _____ C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2018-11-27 14:54 - 2018-12-05 00:21 - 000000000 ____D C:\Users\david\AppData\LocalLow\uTorrent
2018-11-27 13:53 - 2018-11-27 13:53 - 000003865 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth.lnk
2018-11-27 13:18 - 2018-11-27 13:18 - 000198000 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys
2018-11-27 13:18 - 2018-11-27 13:18 - 000000000 ____D C:\Users\david\AppData\Local\mbamtray
2018-11-27 13:18 - 2018-11-27 13:18 - 000000000 ____D C:\Users\david\AppData\Local\mbam
2018-11-27 13:18 - 2018-11-27 13:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-11-27 13:18 - 2018-11-27 13:18 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-11-27 13:18 - 2018-11-27 13:18 - 000000000 ____D C:\Program Files\Malwarebytes
2018-11-27 13:18 - 2018-10-18 09:44 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2018-11-27 12:46 - 2018-12-05 20:33 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-11-27 12:46 - 2018-11-27 12:46 - 000003762 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-11-27 12:46 - 2018-11-27 12:46 - 000003528 _____ C:\Windows\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-11-27 12:46 - 2018-11-27 12:46 - 000002678 _____ C:\Windows\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2018-11-27 12:46 - 2018-11-27 12:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-11-27 12:46 - 2018-11-07 21:24 - 000043008 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2018-11-27 00:41 - 2018-11-27 00:41 - 026804736 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 024616960 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 023440384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 020808704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 019284480 _____ (Microsoft Corporation) C:\Windows\system32\HologramWorld.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 019024384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 007857152 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 006543224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 006059008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 005440016 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 004886016 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 003951192 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 003744256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 003550592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 002985328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 002702536 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 002689024 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 002469440 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 002429752 _____ (Microsoft Corporation) C:\Windows\system32\WMVCORE.DLL
2018-11-27 00:41 - 2018-11-27 00:41 - 002323696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 002278240 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 002160160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVCORE.DLL
2018-11-27 00:41 - 2018-11-27 00:41 - 002086400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsservices.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 002072384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001899160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001749504 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001456720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3D12.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001388032 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvruserservice.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001309696 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001289400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001254912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001221528 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2018-11-27 00:41 - 2018-11-27 00:41 - 001200920 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001181824 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001110528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001097312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001026992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 001024920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000949760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000912384 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000883200 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000833536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000829440 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000787456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000783696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000703488 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000654848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000577024 _____ (Microsoft Corporation) C:\Windows\system32\HolographicExtensions.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000398848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000383288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys
2018-11-27 00:41 - 2018-11-27 00:41 - 000373768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\coml2.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000359424 _____ (Microsoft Corporation) C:\Windows\system32\dusmsvc.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000109568 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000075776 _____ (Microsoft Corporation) C:\Windows\system32\SMSRouter.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll
2018-11-27 00:41 - 2018-11-27 00:41 - 000024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 009696264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-11-27 00:40 - 2018-11-27 00:40 - 007645392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 004588752 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2018-11-27 00:40 - 2018-11-27 00:40 - 003981312 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 003662336 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-11-27 00:40 - 2018-11-27 00:40 - 003381248 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 003379216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-11-27 00:40 - 2018-11-27 00:40 - 003337800 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 002879488 _____ (Microsoft Corporation) C:\Windows\system32\xpsservices.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 002721792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-11-27 00:40 - 2018-11-27 00:40 - 002617856 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 002594872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 002488320 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-11-27 00:40 - 2018-11-27 00:40 - 002465792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 002186752 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 002185728 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 002085168 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001975296 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001903616 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001843432 _____ (Microsoft Corporation) C:\Windows\system32\D3D12.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001715200 _____ (Microsoft Corporation) C:\Windows\system32\ISM.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001671680 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001641608 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001602560 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001462272 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001395248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001387496 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001331264 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001255736 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-11-27 00:40 - 2018-11-27 00:40 - 001212416 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 001064248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ClipSp.sys
2018-11-27 00:40 - 2018-11-27 00:40 - 001053352 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-11-27 00:40 - 2018-11-27 00:40 - 001050936 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-11-27 00:40 - 2018-11-27 00:40 - 001032704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000918304 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000901632 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000889344 _____ (Microsoft Corporation) C:\Windows\system32\PhoneService.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000744960 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000658432 _____ (Microsoft Corporation) C:\Windows\system32\computecore.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000604336 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2018-11-27 00:40 - 2018-11-27 00:40 - 000593920 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000582248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000578560 _____ (Microsoft Corporation) C:\Windows\system32\SppExtComObj.Exe
2018-11-27 00:40 - 2018-11-27 00:40 - 000578048 _____ (Microsoft Corporation) C:\Windows\system32\netprofmsvc.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000531976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000515584 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000506392 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000468992 _____ (Microsoft Corporation) C:\Windows\system32\coml2.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000402568 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000398400 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000275768 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000275456 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000273408 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000256512 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000246784 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000195072 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000173568 _____ (Microsoft Corporation) C:\Windows\system32\WPTaskScheduler.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000090624 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000075264 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2018-11-27 00:40 - 2018-11-27 00:40 - 000033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2018-11-27 00:40 - 2018-11-27 00:40 - 000032768 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2018-11-27 00:39 - 2018-11-27 00:40 - 000000000 ____D C:\Windows\system32\MRT
2018-11-27 00:39 - 2018-11-27 00:39 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-11-27 00:06 - 2018-11-27 16:27 - 000431312 _____ C:\Users\david\Documents\x's XMBC Profile 10-5-2018.xmbcp
2018-11-27 00:06 - 2018-10-05 19:10 - 000381564 _____ C:\Users\david\Documents\xmouse 10-5-2018.xmbcs
2018-11-27 00:06 - 2018-04-12 16:48 - 001659390 _____ C:\Users\david\Documents\2017 David Form 1040  Individual Tax Return.tax2017
2018-11-27 00:06 - 2018-04-12 16:47 - 001653438 _____ C:\Users\david\Documents\~2017 David Form 1040  Individual Tax Return.tax2017
2018-11-27 00:06 - 2017-03-02 17:13 - 000000991 _____ C:\Users\david\Documents\ScreenOff 2.exe - Shortcut.lnk
2018-11-27 00:06 - 2016-08-17 03:27 - 000001240 _____ C:\Users\david\Documents\Status Bar Code - Updated - 8-16-2016.txt
2018-11-27 00:06 - 2015-11-27 00:55 - 000065024 _____ (The Windows Club) C:\Users\david\Documents\ScreenOff 2.exe
2018-11-27 00:06 - 2015-03-12 13:40 - 000090032 _____ (GigaSOFT Group) C:\Users\david\Documents\Turn Off Xbox Controller.exe
2018-11-27 00:05 - 2018-12-04 21:09 - 000013298 _____ C:\Users\david\Documents\Forums.xlsx
2018-11-27 00:05 - 2018-09-25 11:35 - 000000010 _____ C:\Users\david\Documents\Marriage record.txt
2018-11-27 00:05 - 2018-04-12 16:48 - 000757895 _____ C:\Users\david\Documents\2017 David Form 1040  Individual Tax Return_Records.pdf
2018-11-27 00:05 - 2017-05-29 16:49 - 000042497 _____ C:\Users\david\Documents\DD3.jpeg
2018-11-27 00:05 - 2016-12-19 05:34 - 000096000 _____ C:\Users\david\Documents\gomplayer_20161219.reg
2018-11-27 00:05 - 2016-10-13 15:02 - 000506166 _____ C:\Users\david\Documents\Remote Control Guide.pdf
2018-11-27 00:05 - 2016-08-29 16:06 - 2254215367 ____R C:\Users\david\Documents\Scarface.1983.1080p.Bluray.x264.anoXmous.mp4
2018-11-27 00:05 - 2016-04-19 09:57 - 000887934 _____ C:\Users\david\Documents\Medical Reference Letter.pdf
2018-11-27 00:03 - 2018-11-27 00:03 - 000000000 ____D C:\Users\david\Documents\VLOOKUP
2018-11-27 00:03 - 2018-11-27 00:03 - 000000000 ____D C:\Users\david\Documents\Themes
2018-11-27 00:03 - 2018-11-27 00:03 - 000000000 ____D C:\Users\david\Documents\Signatures
2018-11-27 00:03 - 2018-11-27 00:03 - 000000000 ____D C:\Users\david\Documents\Room Pics
2018-11-27 00:03 - 2018-04-07 16:16 - 000000000 ____D C:\Users\david\Documents\TurboTax
2018-11-27 00:02 - 2018-12-02 23:42 - 000000000 ___RD C:\Users\david\Documents\Health
2018-11-27 00:02 - 2018-11-27 00:03 - 000000000 ____D C:\Users\david\Documents\Resume
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ___RD C:\Users\david\Documents\PARDON
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\Res & Covs
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\PUA
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\pics
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\OldNewExplorer
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\Office_C2R_Color_Changer_v1.5
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\My Games
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\MrExcel HTML Maker 20170807
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\Lease & Docs
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\INTW
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\HTML for TB
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\Font Size for Win 10
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\FF CSS
2018-11-27 00:02 - 2018-11-27 00:02 - 000000000 ____D C:\Users\david\Documents\FF Backup Items
2018-11-27 00:00 - 2018-12-05 20:46 - 000000000 ____D C:\Users\david\Documents\Clean PC
2018-11-27 00:00 - 2018-11-27 00:01 - 000000000 ____D C:\Users\david\Documents\FF & TB
2018-11-27 00:00 - 2018-11-27 00:00 - 000000000 ____D C:\Users\david\Documents\X-Mouse Custom Settings
2018-11-27 00:00 - 2018-11-27 00:00 - 000000000 ____D C:\Users\david\Documents\Xmouse Bkups
2018-11-27 00:00 - 2018-11-27 00:00 - 000000000 ____D C:\Users\david\Documents\Work
2018-11-27 00:00 - 2018-11-27 00:00 - 000000000 ____D C:\Users\david\Documents\Wiki
2018-11-27 00:00 - 2018-11-27 00:00 - 000000000 ____D C:\Users\david\Documents\WB Games
2018-11-27 00:00 - 2018-11-27 00:00 - 000000000 ____D C:\Users\david\Documents\Excel Worksheets
2018-11-27 00:00 - 2018-11-27 00:00 - 000000000 ____D C:\Users\david\Documents\Excel
2018-11-27 00:00 - 2018-11-27 00:00 - 000000000 ____D C:\Users\david\Documents\Diep
2018-11-27 00:00 - 2018-11-27 00:00 - 000000000 ____D C:\Users\david\Documents\David Pics
2018-11-27 00:00 - 2018-11-27 00:00 - 000000000 ____D C:\Users\david\Documents\Cool Culture
2018-11-27 00:00 - 2018-11-27 00:00 - 000000000 ____D C:\Users\david\Documents\Chew Chew Med Records
2018-11-26 23:38 - 2018-11-26 23:38 - 000000000 ____D C:\Users\david\AppData\Roaming\Highresolution Enterprises
2018-11-26 23:38 - 2018-11-26 23:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Highresolution Enterprises
2018-11-26 23:38 - 2018-11-26 23:38 - 000000000 ____D C:\Program Files\Highresolution Enterprises
2018-11-26 23:27 - 2018-12-05 20:31 - 000000000 ____D C:\Users\david\AppData\Roaming\Thunderbird
2018-11-26 23:27 - 2018-11-27 00:49 - 000000000 ____D C:\Users\david\AppData\Local\Thunderbird
2018-11-26 23:21 - 2018-11-27 10:02 - 000592416 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-11-26 23:18 - 2018-11-26 23:18 - 000000000 ____D C:\Users\david\AppData\Roaming\Mobon
2018-11-26 23:18 - 2018-11-26 23:18 - 000000000 ____D C:\ProgramData\GRETECH
2018-11-26 23:17 - 2018-11-26 23:17 - 000002144 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\GOM Player.lnk
2018-11-26 23:17 - 2018-11-26 23:17 - 000000000 ____D C:\Users\david\AppData\Roaming\GRETECH
2018-11-26 23:17 - 2018-11-26 23:17 - 000000000 ____D C:\Program Files (x86)\GRETECH
2018-11-26 23:07 - 2018-12-06 12:42 - 000000000 ____D C:\Users\david\AppData\LocalLow\Mozilla
2018-11-26 23:07 - 2018-11-26 23:08 - 000000000 ____D C:\Users\david\AppData\Local\Mozilla
2018-11-26 23:07 - 2018-11-26 23:07 - 000000000 ____D C:\Users\david\AppData\Roaming\Mozilla
2018-11-26 23:06 - 2018-11-26 23:07 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-11-26 23:05 - 2018-11-30 15:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2018-11-26 23:05 - 2018-11-30 15:45 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-11-26 23:01 - 2018-11-26 23:01 - 000000000 _SHDL C:\Documents and Settings
2018-11-26 22:58 - 2018-12-05 20:33 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-11-26 22:58 - 2018-12-05 14:19 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-11-26 22:58 - 2018-12-01 20:33 - 000439016 _____ C:\Windows\system32\FNTCACHE.DAT
2018-11-26 22:58 - 2018-11-27 00:38 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-11-26 22:58 - 2018-11-26 22:58 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-11-26 22:58 - 2018-11-26 22:58 - 000000000 ____D C:\Windows\ServiceProfiles
2018-11-26 22:57 - 2018-11-26 22:59 - 000000000 ____D C:\Windows\Panther
2018-11-26 21:22 - 2018-11-26 21:22 - 000000000 ____D C:\Program Files\Macrium
2018-11-26 21:20 - 2018-11-29 12:24 - 000000000 ____D C:\ProgramData\Macrium
2018-11-26 21:14 - 2018-10-25 19:28 - 000447032 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2018-11-26 21:14 - 2018-10-25 19:28 - 000002291 ____N C:\Windows\system32\SetupBD.din
2018-11-26 21:13 - 2018-10-24 07:53 - 000568768 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d65x64.sys
2018-11-26 21:13 - 2018-01-31 02:46 - 000134416 _____ (Intel Corporation) C:\Windows\system32\NicCo4.dll
2018-11-26 21:13 - 2018-01-31 02:46 - 000003130 _____ C:\Windows\system32\e1d65x64.din
2018-11-26 21:11 - 2018-11-26 21:11 - 000003794 _____ C:\Windows\System32\Tasks\Intel PTT EK Recertification
2018-11-26 21:09 - 2018-12-05 22:45 - 000000000 ____D C:\ProgramData\Package Cache
2018-11-26 21:09 - 2018-12-01 18:43 - 000000000 ____D C:\Program Files\Intel
2018-11-26 21:09 - 2018-11-27 12:50 - 000000000 ____D C:\ProgramData\Intel
2018-11-26 21:09 - 2018-11-26 21:09 - 000000000 ____D C:\Program Files (x86)\Intel
2018-11-26 20:45 - 2018-11-28 14:58 - 000000000 ____D C:\Windows\system32\RTCOM
2018-11-26 20:45 - 2018-11-28 14:58 - 000000000 ____D C:\Windows\system32\DAX3
2018-11-26 20:45 - 2018-11-28 14:58 - 000000000 ____D C:\Windows\system32\DAX2
2018-11-26 20:45 - 2018-11-26 20:45 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2018-11-26 20:44 - 2018-11-28 14:59 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-11-26 20:44 - 2018-11-26 20:44 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-11-26 20:44 - 2018-01-15 17:40 - 002856800 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2018-11-26 20:38 - 2018-12-05 20:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI
2018-11-26 20:38 - 2018-12-05 20:45 - 000000000 ____D C:\Program Files (x86)\MSI
2018-11-26 20:38 - 2018-11-27 12:07 - 000000000 ____D C:\MSI
2018-11-26 20:38 - 2014-04-30 19:23 - 000011248 _____ (Windows (R) Win 7 DDK provider) C:\Windows\acpimof.dll
2018-11-26 20:34 - 2018-11-26 20:34 - 000002156 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2018-11-26 20:34 - 2018-11-26 20:34 - 000000000 ____D C:\Users\david\AppData\Local\FluxSoftware
2018-11-26 20:27 - 2018-11-28 17:12 - 000000000 ____D C:\ProgramData\Packages
2018-11-26 20:23 - 2018-12-05 16:38 - 000000000 ____D C:\Users\david\AppData\Local\D3DSCache
2018-11-26 20:15 - 2018-12-01 22:48 - 000000000 ____D C:\Users\david\AppData\Local\Comms
2018-11-26 20:13 - 2018-12-06 12:42 - 000000000 ___RD C:\Users\david\OneDrive
2018-11-26 20:13 - 2018-11-30 20:46 - 000000000 ____D C:\Users\david\AppData\Local\PlaceholderTileLogoFolder
2018-11-26 20:13 - 2018-11-30 13:34 - 000003376 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2261263017-709210955-1287429634-1001
2018-11-26 20:12 - 2018-12-01 18:44 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-11-26 20:11 - 2018-12-05 14:30 - 000000000 ____D C:\Users\david\AppData\Local\Packages
2018-11-26 20:11 - 2018-11-28 17:13 - 000000000 ____D C:\Users\david\AppData\Local\VirtualStore
2018-11-26 20:11 - 2018-11-26 20:48 - 000000000 ____D C:\Users\david\AppData\Local\ConnectedDevicesPlatform
2018-11-26 20:11 - 2018-11-26 20:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-26 20:11 - 2018-11-26 20:11 - 000000000 ___RD C:\Users\david\3D Objects
2018-11-26 20:11 - 2018-11-26 20:11 - 000000000 ___HD C:\Users\david\MicrosoftEdgeBackups
2018-11-26 20:11 - 2018-11-26 20:11 - 000000000 ____D C:\Users\david\AppData\Roaming\Adobe
2018-11-26 20:11 - 2018-11-26 20:11 - 000000000 ____D C:\Users\david\AppData\Local\Publishers
2018-11-26 20:11 - 2018-11-26 20:11 - 000000000 ____D C:\Users\david\AppData\Local\MicrosoftEdge
2018-11-26 20:06 - 2018-12-05 20:38 - 000796052 _____ C:\Windows\system32\PerfStringBackup.INI
2018-11-26 20:05 - 2018-12-05 20:33 - 000000000 ____D C:\Users\david
2018-11-26 20:05 - 2018-11-30 13:34 - 000002363 _____ C:\Users\david\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-26 20:05 - 2018-11-26 20:05 - 000000020 ___SH C:\Users\david\ntuser.ini
2018-11-26 20:04 - 2018-11-28 17:12 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-11-26 20:03 - 2018-11-26 20:03 - 000000000 ____D C:\ProgramData\USOShared
2018-11-26 20:02 - 2018-09-15 02:28 - 002864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-11-15 19:45 - 2018-10-24 07:53 - 000108344 _____ (Intel Corporation) C:\Windows\system32\NicInstD.dll
2018-11-15 19:45 - 2018-10-24 07:53 - 000089024 _____ (Intel Corporation) C:\Windows\system32\e1dmsg.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-06 13:21 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-12-05 22:38 - 2018-09-15 02:23 - 000000000 ____D C:\Windows\CbsTemp
2018-12-05 20:43 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-12-05 20:38 - 2018-09-15 02:31 - 000000000 ____D C:\Windows\INF
2018-12-05 20:36 - 2018-09-15 02:33 - 000000000 ___HD C:\Program Files\WindowsApps
2018-12-05 20:36 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-12-05 20:36 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\system32\Macromed
2018-12-05 20:36 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\AppReadiness
2018-12-05 20:31 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\registration
2018-12-04 00:34 - 2018-09-15 01:09 - 000262144 _____ C:\Windows\system32\config\BBI
2018-12-02 22:06 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-12-01 18:44 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\system32\WinMetadata
2018-12-01 18:44 - 2018-09-15 01:09 - 000000000 ____D C:\Windows\system32\Sysprep
2018-12-01 18:43 - 2018-09-15 02:33 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-12-01 18:43 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\SystemResources
2018-11-30 22:53 - 2018-09-15 02:36 - 000835688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-11-30 22:53 - 2018-09-15 02:36 - 000179808 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-28 17:12 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\Help
2018-11-27 10:07 - 2018-09-15 01:09 - 000000000 ____D C:\Windows\servicing
2018-11-27 09:55 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\appcompat
2018-11-27 01:10 - 2018-09-15 04:11 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-11-27 01:10 - 2018-09-15 04:11 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-11-27 01:10 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\bcastdvr
2018-11-27 00:38 - 2018-09-15 02:33 - 000000000 ____D C:\Program Files\Windows Defender
2018-11-26 22:58 - 2018-09-15 02:33 - 000000000 ___RD C:\Windows\PrintDialog
2018-11-26 22:58 - 2018-09-15 01:09 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-11-26 22:57 - 2018-09-15 02:31 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-11-26 20:27 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\ServiceState
2018-11-26 20:05 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-11-26 20:03 - 2018-09-15 02:33 - 000000000 ____D C:\ProgramData\USOPrivate
2018-11-26 20:02 - 2018-09-15 02:33 - 000000000 ____D C:\Windows\system32\spool
2018-11-16 13:43 - 2018-07-26 08:51 - 000227896 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2018-11-16 13:39 - 2018-07-26 08:50 - 004999040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll

Some files in TEMP:
====================
2018-11-30 19:15 - 2018-11-30 19:15 - 018991320 _____ () C:\Users\david\AppData\Local\Temp\reflectPatch.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

 

 

Addition.txt

Link to post
Share on other sites

The malwarebytes log is not showing a false positive, it shows a hijacker. Make fresh install of Firefox, when that completes run Malwarebytes again and post fresh log

Make a "Clean" install Firefox:

Use the following link for instructions how to back up your bookmarks, same link can be used to import saved Bookmarks:

https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer

Next,

Remove all synced data from Firefox to stop possible re-infection or exploitation.

https://support.mozilla.org/en-US/questions/1037353

Next,

Go here: http://www.mozilla.org/en-US/ download save the latest version of Firefox.. We will install this later...

Next,

Lets totally remove Firefox and start over.

Go here: https://support.mozilla.org/en-US/kb/uninstall-firefox-from-your-computer and follow those instructions...

Ensure when the uninstall completes to navigate to and delete the firefox installation folder (if present):

(32-bit Windows) C:\Program Files\Mozilla Firefox
(64-bit Windows) C:\Program Files (x86)\Mozilla Firefox

It is essential the installation folder is removed. Re-boot your system when that is completed....

Next,

To remove all remaining data and profile information...

Press "Windows key + R" to open the Run box
In the Run box, type in or copy and paste %APPDATA%
Click OK. A Windows Explorer window will appear.
In this window, choose/open in succession Mozilla > Firefox > Profiles.
Select Delete on each entry in reverse, eg Profiles > Delete. Firefox > Delete. Mozilla > Delete.

Re-boot your system when complete!

Next,

Use the Mozilla Firefox installer to reinstall your Browser....

When Firefox is installed and open select these keys together :- Ctrl - Shift - A that will access Addons manger, this gives access to find addons/extensions, use, start, stop or disable those features etc....

uBlock-Origin can be installed from here: https://addons.mozilla.org/en-GB/firefox/addon/ublock-origin/ <<--- Recommended.
 
Thanks,
Kevin
Link to post
Share on other sites

On 12/6/2018 at 3:02 PM, kevinf80 said:

The malwarebytes log is not showing a false positive, it shows a hijacker. Make fresh install of Firefox, when that completes run Malwarebytes again and post fresh log

 
 
Thanks,
Kevin

Hi Kevin,

 

I reinstalled FF and everything looks good.

One last favor to ask.. In addition to Malwarebytes, what antivirus tools would you recommend to perform a system wide scan of my PC?

 

.

Link to post
Share on other sites

Hello koolx,

The information you seek is included in my close out advice.... Continue:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we may have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Run Windows Disk Clean Up Utility - https://neosmart.net/wiki/disk-cleanup/

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.