Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
18.cprmatix.com
Message
<blockquote data-quote="Stephen Butler" data-source="post: 765807" data-attributes="member: 75137"><p>Hello:</p><p>I am struggling with this piece of malware. I have followed the instructions on this site, found <strong>HERE:</strong></p><p></p><p></p><p>However, it has not worked and the malware is still present within the Goggle Preferences File. I have performed the FRST.txt and Addition.txt checks, but cannot find the Upload a File button on this page. I am therefore posting below.</p><p></p><p><strong>FRST.txt:</strong></p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018</p><p>Ran by StephenDJButler (administrator) on STEPHENBUTLER (21-09-2018 16:40:13)</p><p>Running from D:\Downloads</p><p>Loaded Profiles: StephenDJButler (Available Profiles: StephenDJButler & Gaming & Recording & Guest & Classic .NET AppPool & DefaultAppPool)</p><p>Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)</p><p>Internet Explorer Version 11 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe</p><p>(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe</p><p>(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe</p><p>(Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe</p><p>(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe</p><p>(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe</p><p>(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Microsoft Corporation) C:\Windows\System32\CISVC.EXE</p><p>(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe</p><p>(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE</p><p>(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe</p><p>(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe</p><p>(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe</p><p>() C:\Program Files\Cyberlink\Shared files\RichVideo64.exe</p><p>(Samsung Electronics Co.,Ltd) D:\Program Files\Samsung Link\Samsung Link.exe</p><p>(Samsung Electronics Co.,Ltd) D:\Program Files\Samsung Link\Samsung Link.exe</p><p>(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe</p><p>(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe</p><p>(Microsoft Corporation) C:\Windows\System32\snmp.exe</p><p>(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe</p><p>(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe</p><p>(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe</p><p>(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe</p><p>(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe</p><p>(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe</p><p>(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe</p><p>(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe</p><p>(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe</p><p>(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe</p><p>(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe</p><p>(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE</p><p>(Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe</p><p>(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE</p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM-x32\...\Run: [] => [X]</p><p>HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144184 2016-12-13] (Check Point Software Technologies Ltd.)</p><p>Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]</p><p>HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION</p><p>HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\Run: [AdobeBridge] => [X]</p><p>HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\Run: [uTorrent] => C:\Users\StephenDJButler\AppData\Roaming\uTorrent\uTorrent.exe [1987512 2018-06-21] (BitTorrent Inc.)</p><p>HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"</p><p>HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202"</p><p>HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"</p><p>HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225"</p><p>HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64"</p><p>HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1"</p><p>HKU\S-1-5-21-410353808-276946841-1970485010-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)</p><p>HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay</p><p>GroupPolicy: Restriction ? <==== ATTENTION</p><p>GroupPolicyScripts: Restriction <==== ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>ProxyServer: [S-1-5-21-410353808-276946841-1970485010-1001] => localhost:8080</p><p>Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.1</p><p>Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4</p><p>Tcpip\..\Interfaces\{ABCF391B-B915-442A-AA97-85DE20F3DA50}: [NameServer] 208.67.222.222,208.67.220.220</p><p>Tcpip\..\Interfaces\{ABCF391B-B915-442A-AA97-85DE20F3DA50}: [DhcpNameServer] 35.197.209.21 1.1.1.1</p><p>Tcpip\..\Interfaces\{E2C53DA9-6A8D-480F-B3FF-3445BEA24857}: [NameServer] 8.8.8.8,8.8.4.4</p><p>Tcpip\..\Interfaces\{E2C53DA9-6A8D-480F-B3FF-3445BEA24857}: [DhcpNameServer] 192.168.1.1</p><p></p><p>Internet Explorer:</p><p>==================</p><p>BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File</p><p>BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-16] (Microsoft Corporation)</p><p>BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-05-20] (Oracle Corporation)</p><p>BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)</p><p>BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-09-16] (Microsoft Corporation)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-20] (Oracle Corporation)</p><p>BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)</p><p>BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)</p><p>BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)</p><p>BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)</p><p>BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-09-16] (Microsoft Corporation)</p><p>BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)</p><p>Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)</p><p>Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated)</p><p>Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)</p><p>Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-11] (Microsoft Corporation)</p><p>Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-11] (Microsoft Corporation)</p><p>Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-11] (Microsoft Corporation)</p><p>Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-11] (Microsoft Corporation)</p><p></p><p>FireFox:</p><p>========</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:web2pdfextension@web2pdf.adobedotcom">web2pdfextension@web2pdf.adobedotcom</a>] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn</p><p>FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-03-24] [Legacy] [not signed]</p><p>FF HKLM-x32\...\Firefox\Extensions: [<a href="mailto:e-webprint@epson.com">e-webprint@epson.com</a>] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on</p><p>FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-02-06] [Legacy] [not signed]</p><p>FF Plugin: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-20] (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-20] (Oracle Corporation)</p><p>FF Plugin: @microsoft.com/GENUINE -> disabled [No File]</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)</p><p>FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.)</p><p>FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation)</p><p>FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG)</p><p>FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-08-21] (NVIDIA Corporation)</p><p>FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-08-21] (NVIDIA Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> D:\Program Files\VLC\npvlc.dll [2017-05-24] (VideoLAN)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files\VLC\npvlc.dll [2017-05-24] (VideoLAN)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\Program Files\VLC\npvlc.dll [2017-05-24] (VideoLAN)</p><p>FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)</p><p>FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)</p><p></p><p>Chrome:</p><p>=======</p><p>CHR HomePage: Default -> hxxps://<a href="http://www.google.co.uk/" target="_blank">www.google.co.uk/</a></p><p>CHR StartupUrls: Default -> "hxxp://<a href="http://www.google.co.uk/" target="_blank">www.google.co.uk/</a>"</p><p>CHR NewTab: Default -> Not-active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"</p><p>CHR DefaultSearchKeyword: Default -> drive</p><p>CHR Profile: C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default [2018-09-21]</p><p>CHR Extension: (Slides) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]</p><p>CHR Extension: (Floorplanner) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2017-01-28]</p><p>CHR Extension: (AccuRadio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnjfaipcnkkaepmlkobfohnlmdpfflm [2017-01-28]</p><p>CHR Extension: (Retrovision Classic Movies) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicmlhggpfoibmneibkkpicohhccepeb [2017-01-28]</p><p>CHR Extension: (Docs) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]</p><p>CHR Extension: (Google Drive) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-28]</p><p>CHR Extension: (TV) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-01-28]</p><p>CHR Extension: (Google Docs Quick Create) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldgenmjegcnjebiongilahhcjldgmlm [2017-05-26]</p><p>CHR Extension: (YouTube) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-28]</p><p>CHR Extension: (Radio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmbklidifcgaleiiamhcfiaflkaajgni [2018-01-07]</p><p>CHR Extension: (Set Character Encoding) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpojelgakakmcfmjfilgdlmhefphglae [2017-10-28]</p><p>CHR Extension: (Advanced Font Settings) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2017-01-28]</p><p>CHR Extension: (OnWebRadio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfoadkpfdbkifpnbjfcccbncbmjajnfh [2017-01-28]</p><p>CHR Extension: (Google Tips) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2017-01-28]</p><p>CHR Extension: (MakeGIF Video Capture) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhdjbfjheoohmhpakglckehdcgfffbl [2017-06-09]</p><p>CHR Extension: (Quick Search for Google Drive™) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddebdlfmldojeofgkeocjdkloocegmae [2017-01-28]</p><p>CHR Extension: (FLV Player) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogabmliblgpadclikpkjfnnipeebjm [2017-12-06]</p><p>CHR Extension: (Letterboxd Movie Assistant) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlicmihnogpoemhcegbnhbmncbkoidjo [2017-09-16]</p><p>CHR Extension: (Gmail Offline) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2017-01-28]</p><p>CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2017-01-28]</p><p>CHR Extension: (Sheets) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]</p><p>CHR Extension: (Podbay) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgclhigcifiacijciojhdhhkpfoihbmd [2017-01-28]</p><p>CHR Extension: (Word Online) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2017-01-28]</p><p>CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-06-14]</p><p>CHR Extension: (World tv) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdejljjjgegbbgoopclmcaabkjlbcmdm [2017-12-26]</p><p>CHR Extension: (Google Docs Offline) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18]</p><p>CHR Extension: (TweetDeck by Twitter) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-01-28]</p><p>CHR Extension: (TuneIn Radio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhkolpgedpldcfmkgbdokgiljfbblpfj [2017-01-28]</p><p>CHR Extension: (Amazon Storywriter) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmcnhpcghhifadgblhkonelnmbenkeep [2018-04-14]</p><p>CHR Extension: (Comedy Radio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpmejdihoeonnkamggabbkibfgfdecj [2017-01-28]</p><p>CHR Extension: (Excel Online) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2017-01-28]</p><p>CHR Extension: (The West) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkgeioneoemibpddeiamfgiofnpjifm [2017-01-28]</p><p>CHR Extension: (Dropbox) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2018-03-22]</p><p>CHR Extension: (SoundCloud) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2017-01-28]</p><p>CHR Extension: (Font Changer with Google Web Fonts™) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjhhoglgjdklldfgoffdiaceffijeke [2017-11-27]</p><p>CHR Extension: (Grammarly for Chrome) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-09-11]</p><p>CHR Extension: (Adblock Plus Pro) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdjhcbppaonjcpcemdbhiainiljlpepo [2017-01-29]</p><p>CHR Extension: (WordPress.com) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2017-01-28]</p><p>CHR Extension: (Hootsuite) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2017-01-28]</p><p>CHR Extension: (Momentum) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2018-09-20]</p><p>CHR Extension: (Google Maps) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-01-28]</p><p>CHR Extension: (Old Time Radio Player) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\mobkgbcjlihocgpnkcdplmnhalhknlnh [2017-01-28]</p><p>CHR Extension: (OneDrive) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2017-01-28]</p><p>CHR Extension: (Chrome Web Store Payments) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]</p><p>CHR Extension: (Retrovision Old Time Radio - Retrovision.tv) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\obeghhdggacmnaoghpjaibgdpfjcoege [2017-01-28]</p><p>CHR Extension: (Send from Gmail (by Google)) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2017-01-28]</p><p>CHR Extension: (Gmail) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-28]</p><p>CHR Extension: (Chrome Media Router) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-13]</p><p>CHR Extension: (MyMusicCloud) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaelelbkmommhmjlepigoiepmdaihbk [2017-01-28]</p><p>CHR Profile: C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-05]</p><p>CHR HKLM-x32\...\Chrome\Extension: [flljooaijgdgaaogmfhakpojmddcjjmj] - hxxps://clients2.google.com/service/update2/crx</p><p></p><p>==================== Services (Whitelisted) ====================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.)</p><p>R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed]</p><p>R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.)</p><p>R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9658664 2018-09-08] (Microsoft Corporation)</p><p>S3 CWUpdaterDaemon; C:\Program Files (x86)\CheckPoint\Parental Controls\bin\cwupdater.exe [9729368 2015-08-13] (ContentWatch, Inc.)</p><p>R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-09-21] (SurfRight B.V.)</p><p>S3 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1157752 2016-03-25] (Check Point Software Technologies LTD)</p><p>R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)</p><p>S3 mi-raysat_3dsmax2016_64; D:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed]</p><p>R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]</p><p>R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)</p><p>S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation)</p><p>R2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [386344 2010-08-19] ()</p><p>R2 Samsung Link Service; D:\Program Files\Samsung Link\Samsung Link.exe [623848 2016-03-09] (Samsung Electronics Co.,Ltd)</p><p>R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)</p><p>R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed]</p><p>R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed]</p><p>R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation)</p><p>R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation)</p><p>S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]</p><p>S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2015-11-19] (Microsoft Corporation) [File not signed]</p><p>R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4087568 2016-12-13] (Check Point Software Technologies Ltd.)</p><p>S3 VSStandardCollectorService140; D:\Program Files\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation)</p><p>R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)</p><p>R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)</p><p>R2 ZoneAlarm AntiTheft; C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [3008824 2016-12-13] (Check Point Software Technologies Ltd.)</p><p>R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1040184 2016-12-13] (Check Point Software Technologies Ltd.)</p><p>R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000</p><p>R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r</p><p></p><p>===================== Drivers (Whitelisted) ======================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)</p><p>R3 echo1394; C:\Windows\System32\DRIVERS\echo1394.sys [91944 2013-01-24] (Echo Digital Audio Corporation)</p><p>R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-07-12] (Malwarebytes)</p><p>S3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-07-17] (Check Point Software Technologies LTD)</p><p>R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2016-03-25] (Check Point Software Technologies LTD)</p><p>R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-08-02] (AO Kaspersky Lab)</p><p>R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [180560 2016-08-02] (AO Kaspersky Lab)</p><p>R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [292176 2016-08-02] (AO Kaspersky Lab)</p><p>R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1015120 2016-08-02] (AO Kaspersky Lab)</p><p>R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126808 2016-08-02] (AO Kaspersky Lab)</p><p>R3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [34184 2016-12-14] (KORG INC.)</p><p>R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193256 2018-09-21] (Malwarebytes)</p><p>R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [117472 2018-09-21] (Malwarebytes)</p><p>R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [52328 2018-09-21] (Malwarebytes)</p><p>R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [259360 2018-09-21] (Malwarebytes)</p><p>R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [98616 2018-09-21] (Malwarebytes)</p><p>S3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [55856 2014-08-30] (MusicLab, Inc.)</p><p>S3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2506384 2015-08-12] (MediaTek Inc.)</p><p>S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)</p><p>S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation)</p><p>R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation)</p><p>R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [65792 2018-08-21] (NVIDIA Corporation)</p><p>S3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [33672 2015-09-02] (Adoriasoft LLC)</p><p>S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.)</p><p>R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2016-07-24] (Rsupport Corporation)</p><p>R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-18] (Check Point Software Technologies Ltd.)</p><p>S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)</p><p>S1 aeicrvpl; \??\C:\Windows\system32\drivers\aeicrvpl.sys [X]</p><p>S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X]</p><p>S1 cubvdwlj; \??\C:\Windows\system32\drivers\cubvdwlj.sys [X]</p><p>S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X]</p><p>S1 jjpwxgnf; \??\C:\Windows\system32\drivers\jjpwxgnf.sys [X]</p><p>S1 malwgnfd; \??\C:\Windows\system32\drivers\malwgnfd.sys [X]</p><p>S3 mdf16; \??\D:\Program Files (x86)\mdf16.sys [X]</p><p>S3 mvd23; \??\D:\Program Files (x86)\mvd23.sys [X]</p><p>S1 nahbaxkg; \??\C:\Windows\system32\drivers\nahbaxkg.sys [X]</p><p>S1 pzhubuzu; \??\C:\Windows\system32\drivers\pzhubuzu.sys [X]</p><p>S1 rlijrmgr; \??\C:\Windows\system32\drivers\rlijrmgr.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2018-09-21 16:35 - 2018-09-21 16:40 - 000000000 ___DC C:\FRST</p><p>2018-09-21 16:19 - 2018-09-21 16:25 - 000000000 ____D C:\Users\StephenDJButler\AppData\LocalLow\uTorrent</p><p>2018-09-21 16:14 - 2018-09-21 16:16 - 000000000 ___DC C:\AdwCleaner</p><p>2018-09-21 16:02 - 2018-09-21 16:02 - 000002314 _____ C:\Windows\system32\.crusader</p><p>2018-09-21 15:52 - 2018-09-21 15:52 - 000001900 _____ C:\Users\Public\Desktop\HitmanPro.lnk</p><p>2018-09-21 15:52 - 2018-09-21 15:52 - 000000000 ___DC C:\Program Files\HitmanPro</p><p>2018-09-21 15:52 - 2018-09-21 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro</p><p>2018-09-21 15:50 - 2018-09-21 16:02 - 000000000 ____D C:\ProgramData\HitmanPro</p><p>2018-09-21 05:51 - 2018-09-21 16:20 - 000052328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys</p><p>2018-09-21 05:50 - 2018-09-21 16:20 - 000117472 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys</p><p>2018-09-21 05:50 - 2018-09-21 16:19 - 000259360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys</p><p>2018-09-21 05:50 - 2018-09-21 16:19 - 000098616 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys</p><p>2018-09-21 05:50 - 2018-09-21 05:50 - 000193256 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys</p><p>2018-09-16 17:11 - 2018-09-16 17:11 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk</p><p>2018-09-16 17:11 - 2018-09-16 17:11 - 000002386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk</p><p>2018-09-16 17:11 - 2018-09-16 17:11 - 000002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk</p><p>2018-09-16 17:11 - 2018-09-16 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools</p><p>2018-09-16 09:02 - 2018-09-16 15:23 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\MusicBee</p><p>2018-09-16 09:01 - 2018-09-16 09:01 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee</p><p>2018-09-16 09:01 - 2018-09-16 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee</p><p>2018-09-15 17:17 - 2018-09-15 17:17 - 000000000 ___HD C:\ProgramData\CanonIJFAX</p><p>2018-09-15 17:17 - 2018-09-15 17:17 - 000000000 ___HD C:\ProgramData\CanonBJ</p><p>2018-09-15 17:17 - 2017-04-03 06:00 - 000254464 _____ (CANON INC.) C:\Windows\system32\CNCALDL.DLL</p><p>2018-09-15 17:16 - 2017-03-30 05:00 - 001302016 _____ (CANON INC.) C:\Windows\system32\CNMLMDL.DLL</p><p>2018-09-15 17:15 - 2017-02-27 09:14 - 000379392 _____ (CANON INC.) C:\Windows\system32\CNC_DLL.dll</p><p>2018-09-15 17:15 - 2017-02-07 16:57 - 000098560 _____ C:\Windows\system32\CNC1823D.TBL</p><p>2018-09-15 17:15 - 2016-10-26 11:31 - 000559616 _____ (CANON INC.) C:\Windows\system32\CNC_DLC.dll</p><p>2018-09-15 17:15 - 2016-10-26 11:31 - 000273408 _____ (CANON INC.) C:\Windows\system32\CNC_DLI.dll</p><p>2018-09-15 15:06 - 2018-09-15 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes</p><p>2018-09-15 15:06 - 2018-09-15 15:06 - 000000000 ___DC C:\Program Files\Malwarebytes</p><p>2018-09-15 15:06 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys</p><p>2018-09-13 20:42 - 2018-09-13 20:42 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\4kdownload.com</p><p>2018-09-12 05:31 - 2018-08-31 16:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll</p><p>2018-09-12 05:31 - 2018-08-31 16:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll</p><p>2018-09-12 05:31 - 2018-08-30 02:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll</p><p>2018-09-12 05:31 - 2018-08-30 02:10 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll</p><p>2018-09-12 05:31 - 2018-08-28 06:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys</p><p>2018-09-12 05:31 - 2018-08-24 20:47 - 000398424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll</p><p>2018-09-12 05:31 - 2018-08-24 19:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll</p><p>2018-09-12 05:31 - 2018-08-24 00:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:45 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:43 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec</p><p>2018-09-12 05:31 - 2018-08-23 23:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:34 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:33 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:33 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe</p><p>2018-09-12 05:31 - 2018-08-23 23:27 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe</p><p>2018-09-12 05:31 - 2018-08-23 23:24 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:15 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:15 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:13 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:12 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:03 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll</p><p>2018-09-12 05:31 - 2018-08-23 23:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll</p><p>2018-09-12 05:31 - 2018-08-23 22:59 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl</p><p>2018-09-12 05:31 - 2018-08-23 22:59 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll</p><p>2018-09-12 05:31 - 2018-08-23 22:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll</p><p>2018-09-12 05:31 - 2018-08-23 22:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll</p><p>2018-09-12 05:31 - 2018-08-23 22:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll</p><p>2018-09-12 05:31 - 2018-08-23 22:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2018-09-12 05:31 - 2018-08-23 22:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2018-09-12 05:31 - 2018-08-23 22:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec</p><p>2018-09-12 05:31 - 2018-08-23 22:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2018-09-12 05:31 - 2018-08-23 22:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2018-09-12 05:31 - 2018-08-23 22:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2018-09-12 05:31 - 2018-08-23 22:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll</p><p>2018-09-12 05:31 - 2018-08-23 21:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2018-09-12 05:31 - 2018-08-23 21:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll</p><p>2018-09-12 05:31 - 2018-08-23 21:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2018-09-12 05:31 - 2018-08-23 21:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2018-09-12 05:31 - 2018-08-23 21:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll</p><p>2018-09-12 05:31 - 2018-08-23 21:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2018-09-12 05:31 - 2018-08-23 21:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll</p><p>2018-09-12 05:31 - 2018-08-23 21:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2018-09-12 05:31 - 2018-08-23 21:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2018-09-12 05:31 - 2018-08-23 21:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2018-09-12 05:31 - 2018-08-23 21:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll</p><p>2018-09-12 05:31 - 2018-08-13 16:54 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll</p><p>2018-09-12 05:31 - 2018-08-13 16:54 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll</p><p>2018-09-12 05:31 - 2018-08-13 16:54 - 001888768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll</p><p>2018-09-12 05:31 - 2018-08-13 16:54 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll</p><p>2018-09-12 05:31 - 2018-08-13 16:53 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll</p><p>2018-09-12 05:31 - 2018-08-13 16:53 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll</p><p>2018-09-12 05:31 - 2018-08-13 16:41 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll</p><p>2018-09-12 05:31 - 2018-08-13 16:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll</p><p>2018-09-12 05:31 - 2018-08-13 16:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll</p><p>2018-09-12 05:31 - 2018-08-13 16:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll</p><p>2018-09-12 05:31 - 2018-08-13 16:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll</p><p>2018-09-12 05:31 - 2018-08-12 21:32 - 000378464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys</p><p>2018-09-12 05:31 - 2018-08-12 21:31 - 001894496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys</p><p>2018-09-12 05:31 - 2018-08-12 21:31 - 000289376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS</p><p>2018-09-12 05:31 - 2018-08-10 16:59 - 005552816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe</p><p>2018-09-12 05:31 - 2018-08-10 16:59 - 000154800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys</p><p>2018-09-12 05:31 - 2018-08-10 16:58 - 000385120 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:58 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:58 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys</p><p>2018-09-12 05:31 - 2018-08-10 16:57 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi</p><p>2018-09-12 05:31 - 2018-08-10 16:57 - 000631624 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi</p><p>2018-09-12 05:31 - 2018-08-10 16:56 - 001664296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:55 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:55 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:55 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:55 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:55 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:55 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:55 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:55 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:55 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:55 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:54 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:53 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:53 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:53 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:53 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:53 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:53 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:53 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:53 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:53 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</p><p>2018-09-12 05:31 - 2018-08-10 16:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</p><p>2018-09-12 05:31 - 2018-08-10 16:42 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:27 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys</p><p>2018-09-12 05:31 - 2018-08-10 16:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe</p><p>2018-09-12 05:31 - 2018-08-10 16:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys</p><p>2018-09-12 05:31 - 2018-08-10 16:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe</p><p>2018-09-12 05:31 - 2018-08-10 16:21 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe</p><p>2018-09-12 05:31 - 2018-08-10 16:17 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe</p><p>2018-09-12 05:31 - 2018-08-10 16:17 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe</p><p>2018-09-12 05:31 - 2018-08-10 16:17 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys</p><p>2018-09-12 05:31 - 2018-08-10 16:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe</p><p>2018-09-12 05:31 - 2018-08-10 16:13 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys</p><p>2018-09-12 05:31 - 2018-08-10 16:13 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys</p><p>2018-09-12 05:31 - 2018-08-10 16:13 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys</p><p>2018-09-12 05:31 - 2018-08-10 16:12 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe</p><p>2018-09-12 05:31 - 2018-08-10 16:12 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys</p><p>2018-09-12 05:31 - 2018-08-10 16:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys</p><p>2018-09-12 05:31 - 2018-08-10 16:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys</p><p>2018-09-12 05:31 - 2018-08-10 16:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys</p><p>2018-09-12 05:31 - 2018-08-10 16:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe</p><p>2018-09-12 05:31 - 2018-08-10 16:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</p><p>2018-09-12 05:31 - 2018-08-10 16:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</p><p>2018-09-12 05:31 - 2018-08-10 16:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll</p><p>2018-09-12 05:31 - 2018-07-29 16:55 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll</p><p>2018-09-12 05:31 - 2018-07-18 16:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys</p><p>2018-09-12 05:30 - 2018-08-23 23:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb</p><p>2018-09-12 05:30 - 2018-08-23 23:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll</p><p>2018-09-12 05:30 - 2018-08-23 23:44 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll</p><p>2018-09-12 05:30 - 2018-08-23 23:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll</p><p>2018-09-12 05:30 - 2018-08-23 23:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll</p><p>2018-09-12 05:30 - 2018-08-23 23:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll</p><p>2018-09-12 05:30 - 2018-08-23 23:33 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe</p><p>2018-09-12 05:30 - 2018-08-23 23:19 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll</p><p>2018-09-12 05:30 - 2018-08-23 23:18 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx</p><p>2018-09-12 05:30 - 2018-08-23 23:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll</p><p>2018-09-12 05:30 - 2018-08-23 23:01 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe</p><p>2018-09-12 05:30 - 2018-08-23 22:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2018-09-12 05:30 - 2018-08-23 22:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2018-09-12 05:30 - 2018-08-23 22:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll</p><p>2018-09-12 05:30 - 2018-08-23 22:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll</p><p>2018-09-12 05:30 - 2018-08-23 22:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2018-09-12 05:30 - 2018-08-23 22:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2018-09-12 05:30 - 2018-08-23 22:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2018-09-12 05:30 - 2018-08-23 22:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll</p><p>2018-09-12 05:30 - 2018-08-23 21:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx</p><p>2018-09-12 05:30 - 2018-08-23 21:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll</p><p>2018-09-12 05:30 - 2018-08-23 21:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll</p><p>2018-09-12 05:30 - 2018-08-23 21:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll</p><p>2018-09-12 05:30 - 2018-08-23 21:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll</p><p>2018-09-12 05:30 - 2018-08-13 16:54 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll</p><p>2018-09-12 05:30 - 2018-08-13 16:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll</p><p>2018-09-12 05:30 - 2018-08-13 16:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll</p><p>2018-09-12 05:30 - 2018-08-13 16:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll</p><p>2018-09-12 05:30 - 2018-08-13 16:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll</p><p>2018-09-12 05:30 - 2018-08-13 16:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll</p><p>2018-09-12 05:30 - 2018-08-13 16:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll</p><p>2018-09-12 05:30 - 2018-08-12 21:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll</p><p>2018-09-12 05:30 - 2018-08-12 21:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:55 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:54 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:54 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:54 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:54 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:54 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:54 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</p><p>2018-09-12 05:30 - 2018-08-10 16:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</p><p>2018-09-12 05:30 - 2018-08-10 16:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-08-10 16:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll</p><p>2018-09-12 05:30 - 2018-06-27 14:20 - 000419648 _____ C:\Windows\SysWOW64\locale.nls</p><p>2018-09-12 05:30 - 2018-06-27 14:19 - 000419648 _____ C:\Windows\system32\locale.nls</p><p>2018-09-10 16:50 - 2018-09-10 16:50 - 013422621 _____ C:\Users\StephenDJButler\Documents\MediaMonkey Scan Log (10-09-2018).txt</p><p>2018-09-10 12:56 - 2018-09-21 14:23 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\MediaMonkey</p><p>2018-09-10 12:56 - 2018-09-10 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey</p><p>2018-09-10 12:56 - 2018-09-10 12:56 - 000000000 ____D C:\ProgramData\MediaMonkey</p><p>2018-09-09 14:54 - 2018-09-09 14:54 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\GitHubVisualStudio</p><p>2018-09-08 14:18 - 2018-09-08 14:18 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\NVIDIA</p><p>2018-09-08 14:00 - 2018-09-08 14:00 - 000000000 ____D C:\Program Files (x86)\VulkanRT</p><p>2018-09-08 14:00 - 2018-08-21 11:24 - 000132408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe</p><p>2018-09-08 13:58 - 2018-08-21 11:14 - 005947600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll</p><p>2018-09-08 13:58 - 2018-08-21 11:14 - 002612264 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll</p><p>2018-09-08 13:58 - 2018-08-21 11:14 - 001767632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll</p><p>2018-09-08 13:58 - 2018-08-21 11:14 - 000634352 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll</p><p>2018-09-08 13:58 - 2018-08-21 11:14 - 000450768 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll</p><p>2018-09-08 13:58 - 2018-08-21 11:14 - 000124216 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll</p><p>2018-09-08 13:58 - 2018-08-21 11:14 - 000083440 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll</p><p>2018-09-08 13:58 - 2018-08-02 23:32 - 008273432 _____ C:\Windows\system32\nvcoproc.bin</p><p>2018-09-08 13:57 - 2018-07-13 20:20 - 000001951 _____ C:\Windows\NvContainerRecovery.bat</p><p>2018-09-08 13:56 - 2018-08-22 17:12 - 000553200 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll</p><p>2018-09-08 13:56 - 2018-08-22 17:12 - 000458480 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll</p><p>2018-09-08 13:53 - 2018-09-08 13:56 - 000000000 ____D C:\Windows\system32\unknown</p><p>2018-09-08 13:53 - 2018-09-08 13:53 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation</p><p>2018-09-08 13:45 - 2018-08-22 17:12 - 040189616 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:12 - 032457736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:12 - 017014632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys</p><p>2018-09-08 13:45 - 2018-08-22 17:12 - 000628560 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:12 - 000519120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 040346976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 035250176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 031248576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 025964944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 023305232 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 020330616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 019088480 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 017755768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 015699512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 015169920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 013732120 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 011276424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 004616904 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 004085328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 003967304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 003504968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 002015184 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439907.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 001564136 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 001467728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439907.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 001420296 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 001217352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 001159096 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 001093456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 000906608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 000546880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 000505592 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 000464536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 000420032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 000182624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 000164792 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 000159736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll</p><p>2018-09-08 13:45 - 2018-08-22 17:11 - 000142656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll</p><p>2018-09-08 13:45 - 2018-08-21 13:08 - 001688848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll</p><p>2018-09-08 13:45 - 2018-08-21 13:08 - 000227928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys</p><p>2018-09-08 13:45 - 2018-08-21 13:08 - 000065792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys</p><p>2018-09-08 13:45 - 2018-08-21 13:08 - 000047648 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll</p><p>2018-09-08 13:45 - 2018-08-21 13:08 - 000041866 _____ C:\Windows\system32\nvinfo.pb</p><p>2018-09-08 13:45 - 2018-08-21 13:08 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json</p><p>2018-09-08 13:45 - 2018-08-21 13:08 - 000000669 _____ C:\Windows\system32\nv-vk64.json</p><p>2018-09-08 13:35 - 2018-06-08 02:59 - 000069544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys</p><p>2018-09-07 12:19 - 2018-09-07 12:19 - 000000000 ____D C:\Users\StephenDJButler\Documents\MEGA</p><p>2018-09-07 12:16 - 2018-09-07 12:32 - 000000000 ____D C:\Windows\System32\Tasks\MEGA</p><p>2018-09-03 13:01 - 2018-09-03 13:02 - 000077702 _____ C:\Windows\ntbtlog.txt</p><p>2018-09-03 12:38 - 2018-09-03 12:38 - 000456088 _____ C:\Windows\Minidump\090318-1539371-01.dmp</p><p>2018-08-30 16:13 - 2018-08-30 16:13 - 000427432 _____ C:\Windows\Minidump\083018-445226-01.dmp</p><p>2018-08-27 23:26 - 2018-08-27 23:26 - 000675984 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll</p><p>2018-08-27 23:26 - 2018-08-27 23:26 - 000457512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll</p><p>2018-08-27 23:26 - 2018-08-27 23:26 - 000386712 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll</p><p>2018-08-27 23:26 - 2018-08-27 23:26 - 000343192 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll</p><p>2018-08-27 23:26 - 2018-08-27 23:26 - 000274072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll</p><p>2018-08-27 23:26 - 2018-08-27 23:26 - 000248624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll</p><p>2018-08-27 23:26 - 2018-08-27 23:26 - 000089248 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll</p><p>2018-08-27 23:26 - 2018-08-27 23:26 - 000087352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll</p><p>2018-08-27 23:26 - 2018-08-27 23:26 - 000031896 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_1.dll</p><p>2018-08-27 23:26 - 2018-08-27 23:26 - 000028472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140_1.dll</p><p>2018-08-26 11:03 - 2018-08-26 11:03 - 000427424 _____ C:\Windows\Minidump\082618-52416-01.dmp</p><p>2018-08-25 10:36 - 2018-08-25 10:36 - 000427416 _____ C:\Windows\Minidump\082518-706840-01.dmp</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2018-09-21 16:27 - 2009-07-14 05:45 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2018-09-21 16:27 - 2009-07-14 05:45 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2018-09-21 16:26 - 2015-12-13 09:59 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\uTorrent</p><p>2018-09-21 16:25 - 2009-07-14 06:13 - 000893102 _____ C:\Windows\system32\PerfStringBackup.INI</p><p>2018-09-21 16:25 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf</p><p>2018-09-21 16:21 - 2015-12-15 11:04 - 000000000 ____D C:\ProgramData\NVIDIA</p><p>2018-09-21 16:19 - 2017-12-16 13:26 - 000000422 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job</p><p>2018-09-21 16:19 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT</p><p>2018-09-21 16:16 - 2016-04-25 12:42 - 000000000 ____D C:\Users\StephenDJButler\AppData\LocalLow\IObit</p><p>2018-09-20 19:36 - 2015-12-10 00:16 - 000000000 ____D C:\Program Files (x86)\Steam</p><p>2018-09-20 14:25 - 2018-04-06 12:17 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\Echo FireWire Console</p><p>2018-09-20 13:46 - 2015-12-10 00:08 - 000000000 ____D C:\ProgramData\NVIDIA Corporation</p><p>2018-09-20 13:45 - 2018-06-27 07:03 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2018-09-20 13:45 - 2018-06-27 07:03 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2018-09-20 13:44 - 2018-06-27 07:03 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2018-09-20 13:44 - 2018-06-27 07:03 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2018-09-20 13:44 - 2018-06-27 07:03 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2018-09-20 13:44 - 2018-04-12 16:04 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2018-09-20 13:44 - 2016-12-30 17:27 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2018-09-20 13:44 - 2016-10-25 12:46 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2018-09-20 13:44 - 2016-10-25 12:46 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2018-09-20 13:44 - 2016-10-25 12:46 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2018-09-20 13:44 - 2016-10-25 12:46 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}</p><p>2018-09-20 13:44 - 2015-12-10 00:08 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation</p><p>2018-09-20 13:44 - 2015-12-10 00:05 - 000000000 ____D C:\Program Files\NVIDIA Corporation</p><p>2018-09-20 11:21 - 2016-03-05 19:25 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\REAPER</p><p>2018-09-20 11:19 - 2016-03-06 12:01 - 000000000 ____D C:\Users\StephenDJButler\Documents\REAPER Media</p><p>2018-09-20 11:15 - 2017-07-18 09:47 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\audacity</p><p>2018-09-20 10:23 - 2018-08-08 11:07 - 000000000 ____D C:\Users\StephenDJButler\Desktop\Reg Keys, .Bat Files, etc</p><p>2018-09-18 08:03 - 2016-05-01 20:42 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\vlc</p><p>2018-09-18 05:04 - 2017-01-28 10:24 - 000002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</p><p>2018-09-16 18:24 - 2018-08-07 21:46 - 000000000 ___RD C:\Users\StephenDJButler\Desktop\Programs, etc</p><p>2018-09-16 17:16 - 2015-12-14 17:41 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft</p><p>2018-09-16 17:11 - 2016-04-07 15:55 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk</p><p>2018-09-16 17:11 - 2016-04-07 15:55 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk</p><p>2018-09-16 17:11 - 2016-04-07 15:55 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk</p><p>2018-09-16 17:11 - 2016-04-07 15:55 - 000002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk</p><p>2018-09-16 17:10 - 2016-04-07 15:49 - 000000000 ____D C:\Program Files (x86)\Microsoft Office</p><p>2018-09-16 09:02 - 2017-10-31 18:52 - 000000714 _____ C:\Users\Recording\Desktop\MusicBee.lnk</p><p>2018-09-16 09:02 - 2017-10-31 18:52 - 000000714 _____ C:\Users\Guest\Desktop\MusicBee.lnk</p><p>2018-09-16 09:02 - 2017-10-31 18:52 - 000000714 _____ C:\Users\Gaming\Desktop\MusicBee.lnk</p><p>2018-09-16 05:26 - 2018-03-04 09:07 - 000002199 _____ C:\Users\StephenDJButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk</p><p>2018-09-16 05:26 - 2017-07-28 06:48 - 000003202 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-410353808-276946841-1970485010-1001</p><p>2018-09-16 05:26 - 2017-07-07 14:52 - 000000000 ___RD C:\Users\StephenDJButler\OneDrive</p><p>2018-09-15 15:06 - 2015-12-21 11:41 - 000000000 ____D C:\ProgramData\Malwarebytes</p><p>2018-09-15 14:22 - 2016-04-25 12:42 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\IObit</p><p>2018-09-15 13:59 - 2016-04-25 12:43 - 000000000 ____D C:\ProgramData\ProductData</p><p>2018-09-13 15:33 - 2017-03-01 13:31 - 000000000 ____D C:\Windows\rescache</p><p>2018-09-13 04:56 - 2009-07-14 05:45 - 005235312 _____ C:\Windows\system32\FNTCACHE.DAT</p><p>2018-09-12 19:50 - 2015-12-11 09:44 - 000000000 ____D C:\Windows\system32\MRT</p><p>2018-09-12 19:42 - 2015-12-11 09:44 - 139184408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe</p><p>2018-09-12 19:33 - 2015-12-10 11:30 - 000876968 _____ C:\Windows\SysWOW64\PerfStringBackup.INI</p><p>2018-09-12 12:45 - 2018-06-27 07:03 - 002622160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll</p><p>2018-09-12 12:45 - 2018-06-27 07:03 - 002249424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll</p><p>2018-09-12 12:45 - 2018-06-27 07:03 - 001311952 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll</p><p>2018-09-12 11:23 - 2016-12-30 17:27 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat</p><p>2018-09-10 11:23 - 2015-12-24 14:20 - 000000000 ____D C:\Users\StephenDJButler\Documents\Visual Studio 2015</p><p>2018-09-09 16:03 - 2015-12-11 18:54 - 000000000 ____D C:\Users\StephenDJButler\Documents\Adobe</p><p>2018-09-08 13:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Help</p><p>2018-09-08 13:08 - 2016-04-25 12:42 - 000000000 ____D C:\ProgramData\IObit</p><p>2018-09-03 21:10 - 2017-07-13 10:59 - 000000000 ____D C:\Users\Recording</p><p>2018-09-03 21:10 - 2017-06-25 11:57 - 000000000 ____D C:\Users\Gaming</p><p>2018-09-03 21:10 - 2016-04-27 07:34 - 000000000 ____D C:\Users\Guest</p><p>2018-09-03 21:10 - 2016-02-10 17:22 - 000000000 ____D C:\Users\DefaultAppPool</p><p>2018-09-03 21:10 - 2016-02-06 11:11 - 000000000 ____D C:\Users\Classic .NET AppPool</p><p>2018-09-03 21:10 - 2015-12-09 23:57 - 000000000 ____D C:\Users\StephenDJButler</p><p>2018-09-03 21:09 - 2017-12-16 15:12 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\FreeFileViewer</p><p>2018-09-03 21:09 - 2016-07-24 16:59 - 000000000 ____D C:\ProgramData\RemotePC</p><p>2018-09-03 21:09 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration</p><p>2018-09-03 19:07 - 2016-04-09 15:00 - 000000000 ____D C:\ProgramData\Package Cache</p><p>2018-09-03 12:38 - 2015-12-12 16:14 - 000000000 ____D C:\Windows\Minidump</p><p>2018-09-03 12:25 - 2018-08-07 12:13 - 1388555772 ____N C:\Windows\MEMORY.DMP</p><p>2018-09-01 11:32 - 2016-03-31 16:04 - 000000000 ____D C:\Users\StephenDJButler\Documents\Addictive Drums 2 Logs</p><p>2018-08-25 19:59 - 2016-06-03 17:51 - 000000000 ___DC C:\Program Files\EaseUS</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2013-04-03 23:46 - 2013-04-03 23:46 - 000091648 _____ (<a href="http://winaero.com" target="_blank">Winaero - Free small and useful software for Windows</a>) C:\Program Files\DeskthemepackInstaller.exe</p><p>2009-06-19 08:03 - 2009-06-19 08:03 - 000049152 _____ (Microsoft Corporation) C:\Program Files\Microsoft.Deployment.Compression.Cab.dll</p><p>2009-06-19 08:02 - 2009-06-19 08:02 - 000036864 _____ (Microsoft Corporation) C:\Program Files\Microsoft.Deployment.Compression.dll</p><p>2015-12-12 14:06 - 2015-12-12 14:06 - 000000604 _____ () C:\Program Files (x86)\STLL Notifier</p><p>2016-12-20 16:15 - 2016-12-20 16:25 - 000000132 _____ () C:\Users\StephenDJButler\AppData\Roaming\Adobe PNG Format CS6 Prefs</p><p>2017-05-29 19:05 - 2017-08-07 19:25 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Roaming\avoriontestfile</p><p>2018-01-22 08:43 - 2018-01-22 08:43 - 000000008 ___SH () C:\Users\StephenDJButler\AppData\Roaming\date</p><p>2018-01-22 08:43 - 2018-01-22 08:43 - 000000002 ___SH () C:\Users\StephenDJButler\AppData\Roaming\evf103</p><p>2016-01-19 15:06 - 2016-11-26 19:49 - 000099384 _____ () C:\Users\StephenDJButler\AppData\Roaming\inst.exe</p><p>2016-01-19 15:06 - 2016-11-26 19:49 - 000007859 _____ () C:\Users\StephenDJButler\AppData\Roaming\pcouffin.cat</p><p>2016-01-19 15:06 - 2016-11-26 19:49 - 000001167 _____ () C:\Users\StephenDJButler\AppData\Roaming\pcouffin.inf</p><p>2016-01-19 15:07 - 2016-11-26 19:49 - 000000033 _____ () C:\Users\StephenDJButler\AppData\Roaming\pcouffin.log</p><p>2016-01-19 15:06 - 2016-11-26 19:49 - 000082816 _____ (VSO Software) C:\Users\StephenDJButler\AppData\Roaming\pcouffin.sys</p><p>2016-03-25 15:36 - 2016-03-25 15:36 - 000327680 _____ () C:\Users\StephenDJButler\AppData\Local\178502EF-0290-41CE-9FCE-C846E56E8B13.Diagnose.Admin.2.etl</p><p>2016-03-25 15:36 - 2016-03-25 15:36 - 000262144 _____ () C:\Users\StephenDJButler\AppData\Local\178502EF-0290-41CE-9FCE-C846E56E8B13.Repair.Admin.3.etl</p><p>2016-03-25 15:36 - 2016-03-25 15:36 - 000262144 _____ () C:\Users\StephenDJButler\AppData\Local\178502EF-0290-41CE-9FCE-C846E56E8B13.Verify.Admin.4.etl</p><p>2016-03-25 15:36 - 2016-03-25 15:36 - 000327680 _____ () C:\Users\StephenDJButler\AppData\Local\30EFF69C-FF70-4B74-8FEE-2AE573237775.Diagnose.0.etl</p><p>2016-03-25 15:36 - 2016-03-25 15:36 - 000196608 _____ () C:\Users\StephenDJButler\AppData\Local\30EFF69C-FF70-4B74-8FEE-2AE573237775.Repair.Admin.0.etl</p><p>2016-03-25 14:31 - 2016-03-25 14:31 - 000003584 _____ () C:\Users\StephenDJButler\AppData\Local\7CEB9B2A0E395BD64E74381485A106AF.dll</p><p>2016-03-25 14:31 - 2016-03-25 14:31 - 000003072 _____ () C:\Users\StephenDJButler\AppData\Local\A1D76FF97175BF79025AB7AA1DDF0A2A.dll</p><p>2016-03-25 12:48 - 2016-03-25 12:48 - 000049208 _____ () C:\Users\StephenDJButler\AppData\Local\Administrator.bmp</p><p>2016-03-25 12:48 - 2016-03-25 12:49 - 000031832 _____ () C:\Users\StephenDJButler\AppData\Local\Administrator2.bmp</p><p>2016-04-19 15:39 - 2018-09-13 13:19 - 000001456 _____ () C:\Users\StephenDJButler\AppData\Local\Adobe Save for Web 13.0 Prefs</p><p>2016-03-06 09:25 - 2016-03-31 08:11 - 000030526 _____ () C:\Users\StephenDJButler\AppData\Local\AdobeARM.log</p><p>2016-03-21 11:39 - 2016-03-21 18:29 - 000000783 _____ () C:\Users\StephenDJButler\AppData\Local\AdobeARM_NotLocked.log</p><p>2016-03-25 14:49 - 2016-03-25 15:41 - 000000968 _____ () C:\Users\StephenDJButler\AppData\Local\amt3.log</p><p>2016-03-28 11:58 - 2016-03-31 08:10 - 000228380 _____ () C:\Users\StephenDJButler\AppData\Local\ArmUI.ini</p><p>2016-03-25 13:35 - 2016-03-29 13:27 - 000001779 _____ () C:\Users\StephenDJButler\AppData\Local\chrome_installer.log</p><p>2016-05-19 13:35 - 2017-10-26 10:42 - 000018944 _____ () C:\Users\StephenDJButler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2016-03-25 14:31 - 2016-03-25 14:31 - 000090112 _____ () C:\Users\StephenDJButler\AppData\Local\dup2patcher.dll</p><p>2014-12-02 20:33 - 2014-12-02 20:33 - 000062988 _____ () C:\Users\StephenDJButler\AppData\Local\FLMobileAdd.bmp</p><p>2016-03-06 09:14 - 2016-03-06 09:14 - 000000000 ____N () C:\Users\StephenDJButler\AppData\Local\FXSAPIDebugLogFile.txt</p><p>2016-03-25 16:35 - 2016-03-25 16:35 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\FXSTIFFDebugLogFile.txt</p><p>2016-03-25 15:33 - 2014-05-13 01:36 - 525508520 ____N (Adobe Systems Incorporated) C:\Users\StephenDJButler\AppData\Local\gEzzEYDP.exe</p><p>2016-03-25 12:48 - 2016-03-25 12:48 - 000049208 _____ () C:\Users\StephenDJButler\AppData\Local\Guest.bmp</p><p>2016-03-25 12:48 - 2016-03-25 12:48 - 000049208 _____ () C:\Users\StephenDJButler\AppData\Local\HomeGroupUser$.bmp</p><p>2016-03-25 13:32 - 2016-03-25 13:32 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\isw_acc_80100000</p><p>2016-03-26 14:24 - 2016-02-11 19:38 - 001114112 _____ (Microsoft Corporation) C:\Users\StephenDJButler\AppData\Local\kernel32.dll</p><p>2016-03-22 18:53 - 2016-03-22 18:53 - 000098128 _____ () C:\Users\StephenDJButler\AppData\Local\MSIa286b.LOG</p><p>2016-03-25 08:12 - 2016-03-25 08:12 - 000000422 _____ () C:\Users\StephenDJButler\AppData\Local\NetFxUpdate_MagicISO_01D18665A2DA6CA4.log</p><p>2016-03-26 09:10 - 2016-03-30 18:54 - 001217182 _____ () C:\Users\StephenDJButler\AppData\Local\oobelib.log</p><p>2015-07-31 16:07 - 2015-07-31 16:07 - 000242864 ____R (Microsoft Corporation) C:\Users\StephenDJButler\AppData\Local\ose00000.exe</p><p>2016-03-25 10:39 - 2016-03-25 10:39 - 000000768 _____ () C:\Users\StephenDJButler\AppData\Local\PCW205.xml</p><p>2016-03-26 09:10 - 2016-03-30 18:54 - 000275632 _____ () C:\Users\StephenDJButler\AppData\Local\PDApp.log</p><p>2017-08-22 18:55 - 2017-08-22 18:55 - 000001309 _____ () C:\Users\StephenDJButler\AppData\Local\recently-used.xbel</p><p>2016-03-25 13:54 - 2016-03-25 13:54 - 000000018 _____ () C:\Users\StephenDJButler\AppData\Local\RemovalResult.txt</p><p>2016-08-02 11:39 - 2018-08-06 16:37 - 000007605 _____ () C:\Users\StephenDJButler\AppData\Local\Resmon.ResmonCfg</p><p>2016-03-25 12:12 - 2016-03-25 12:13 - 002564156 _____ () C:\Users\StephenDJButler\AppData\Local\SetupAdmin670.log</p><p>2016-03-24 19:47 - 2016-03-24 19:47 - 000015481 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603241847121168).log</p><p>2016-03-24 19:47 - 2016-03-24 19:47 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603241847191914).log</p><p>2016-03-24 19:47 - 2016-03-24 19:47 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603241847371354).log</p><p>2016-03-24 19:57 - 2016-03-24 19:57 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603241857251950).log</p><p>2016-03-25 08:48 - 2016-03-25 08:48 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603250748271D70).log</p><p>2016-03-25 08:48 - 2016-03-25 08:48 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603250748431678).log</p><p>2016-03-25 12:42 - 2016-03-25 12:42 - 000019370 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251141561778).log</p><p>2016-03-25 12:42 - 2016-03-25 12:42 - 000019370 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(20160325114244938).log</p><p>2016-03-25 12:46 - 2016-03-25 12:46 - 000019613 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251146451EF4).log</p><p>2016-03-25 13:15 - 2016-03-25 13:18 - 000067726 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(2016032512155022D0).log</p><p>2016-03-25 13:18 - 2016-03-25 13:18 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251218381CCC).log</p><p>2016-03-25 13:19 - 2016-03-25 13:24 - 000067733 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251219051FC0).log</p><p>2016-03-25 13:27 - 2016-03-25 13:27 - 000019613 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251227371894).log</p><p>2016-03-25 13:33 - 2016-03-25 13:33 - 000019362 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251233261884).log</p><p>2016-03-25 13:34 - 2016-03-25 13:34 - 000019366 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(20160325123423928).log</p><p>2016-03-25 13:34 - 2016-03-25 13:37 - 000066844 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251234491A60).log</p><p>2016-03-25 14:04 - 2016-03-25 14:31 - 000281676 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251304111778).log</p><p>2016-03-25 12:30 - 2016-03-25 12:33 - 042606592 _____ () C:\Users\StephenDJButler\AppData\Local\Skype.msi</p><p>2016-03-25 12:33 - 2016-03-25 12:34 - 005758976 _____ () C:\Users\StephenDJButler\AppData\Local\SkypeToolbars.msi</p><p>2016-03-25 09:23 - 2016-03-25 12:48 - 000031832 _____ () C:\Users\StephenDJButler\AppData\Local\StephenDJButler.bmp</p><p>2016-03-20 10:36 - 2016-03-20 10:36 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\TWAIN.LOG</p><p>2016-03-20 10:36 - 2016-03-20 10:36 - 000000002 _____ () C:\Users\StephenDJButler\AppData\Local\Twain001.Mtx</p><p>2016-03-25 12:01 - 2016-03-25 12:01 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{40A34BA2-F344-4932-9658-6E80A9B765CD} - OProcSessId.dat</p><p>2016-03-24 17:15 - 2016-03-24 17:15 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{4D121E73-1955-4016-9564-A480B490950F} - OProcSessId.dat</p><p>2016-03-25 12:01 - 2016-03-25 12:01 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{54CE436B-851B-4B03-815F-F18E639C8087} - OProcSessId.dat</p><p>2016-03-24 17:15 - 2016-03-24 17:15 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{7F166175-FAAB-4B96-8DE4-7D124F97F687} - OProcSessId.dat</p><p>2016-03-25 13:20 - 2016-03-25 13:20 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{B64E9B0B-E1A4-4FF3-A3B3-2B118FB2EF74} - OProcSessId.dat</p><p>2016-03-25 11:03 - 2016-03-25 11:03 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{C6DDC84D-5F70-4857-94D9-2F9CBE16B1EC} - OProcSessId.dat</p><p></p><p>==================== Bamital & volsnap ======================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\Windows\system32\winlogon.exe => File is digitally signed</p><p>C:\Windows\system32\wininit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\wininit.exe => File is digitally signed</p><p>C:\Windows\explorer.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\Windows\system32\svchost.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\Windows\system32\services.exe => File is digitally signed</p><p>C:\Windows\system32\User32.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\User32.dll => File is digitally signed</p><p>C:\Windows\system32\userinit.exe => File is digitally signed</p><p>C:\Windows\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\Windows\system32\rpcss.dll => File is digitally signed</p><p>C:\Windows\system32\dnsapi.dll => File is digitally signed</p><p>C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p>LastRegBack: 2018-09-15 16:30</p><p></p><p>==================== End of FRST.txt ============================</p><p></p><p>Because the character limit of these messages is 110000 characters, I'm going to have to post <em><strong>ADDITION.txt </strong></em>in a separate post. Stand by your beds.</p><p></p><p>Sorry if this is a bit awkward, I hope you can help.</p><p></p><p>Cheers,</p><p>Stephen Butler</p></blockquote><p></p>
[QUOTE="Stephen Butler, post: 765807, member: 75137"] Hello: I am struggling with this piece of malware. I have followed the instructions on this site, found [B]HERE:[/B] However, it has not worked and the malware is still present within the Goggle Preferences File. I have performed the FRST.txt and Addition.txt checks, but cannot find the Upload a File button on this page. I am therefore posting below. [B]FRST.txt:[/B] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018 Ran by StephenDJButler (administrator) on STEPHENBUTLER (21-09-2018 16:40:13) Running from D:\Downloads Loaded Profiles: StephenDJButler (Available Profiles: StephenDJButler & Gaming & Recording & Guest & Classic .NET AppPool & DefaultAppPool) Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL='http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/']FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Autodesk Inc.) C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\Windows\System32\CISVC.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe () C:\Program Files\Cyberlink\Shared files\RichVideo64.exe (Samsung Electronics Co.,Ltd) D:\Program Files\Samsung Link\Samsung Link.exe (Samsung Electronics Co.,Ltd) D:\Program Files\Samsung Link\Samsung Link.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Windows\System32\snmp.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144184 2016-12-13] (Check Point Software Technologies Ltd.) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\Run: [uTorrent] => C:\Users\StephenDJButler\AppData\Roaming\uTorrent\uTorrent.exe [1987512 2018-06-21] (BitTorrent Inc.) HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64" HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6281.1202" HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64" HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6302.0225" HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1\amd64" HKU\S-1-5-21-410353808-276946841-1970485010-1001\...\RunOnce: [Uninstall C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\StephenDJButler\AppData\Local\Microsoft\OneDrive\17.3.6386.0412_1" HKU\S-1-5-21-410353808-276946841-1970485010-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation) HKU\S-1-5-18\...\Run: [ZoneAlarm Windows 10 Upgrader] => "C:\ProgramData\CheckPoint\ZoneAlarm\Data\Updates\unpacked==win10=update_win10.zip\upgrade.exe" /delay GroupPolicy: Restriction ? <==== ATTENTION GroupPolicyScripts: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [S-1-5-21-410353808-276946841-1970485010-1001] => localhost:8080 Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4 Tcpip\..\Interfaces\{ABCF391B-B915-442A-AA97-85DE20F3DA50}: [NameServer] 208.67.222.222,208.67.220.220 Tcpip\..\Interfaces\{ABCF391B-B915-442A-AA97-85DE20F3DA50}: [DhcpNameServer] 35.197.209.21 1.1.1.1 Tcpip\..\Interfaces\{E2C53DA9-6A8D-480F-B3FF-3445BEA24857}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{E2C53DA9-6A8D-480F-B3FF-3445BEA24857}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll => No File BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-09-16] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-05-20] (Oracle Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2018-09-16] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-20] (Oracle Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated) BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated) BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2018-09-16] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2015-05-01] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-11] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-11] (Microsoft Corporation) Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-11] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-09-11] (Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [[EMAIL]web2pdfextension@web2pdf.adobedotcom[/EMAIL]] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-03-24] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [[EMAIL]e-webprint@epson.com[/EMAIL]] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-02-06] [Legacy] [not signed] FF Plugin: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-20] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-20] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2013-12-05] (Adobe Systems, Inc.) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-09-11] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-08-28] (Nero AG) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2018-08-21] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2018-08-21] (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> D:\Program Files\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> D:\Program Files\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\Program Files\VLC\npvlc.dll [2017-05-24] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems) Chrome: ======= CHR HomePage: Default -> hxxps://[URL='http://www.google.co.uk/']www.google.co.uk/[/URL] CHR StartupUrls: Default -> "hxxp://[URL='http://www.google.co.uk/']www.google.co.uk/[/URL]" CHR NewTab: Default -> Not-active:"chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html" CHR DefaultSearchKeyword: Default -> drive CHR Profile: C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default [2018-09-21] CHR Extension: (Slides) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13] CHR Extension: (Floorplanner) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\abopacaefhbognnmeigicfpgnmpideag [2017-01-28] CHR Extension: (AccuRadio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahnjfaipcnkkaepmlkobfohnlmdpfflm [2017-01-28] CHR Extension: (Retrovision Classic Movies) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aicmlhggpfoibmneibkkpicohhccepeb [2017-01-28] CHR Extension: (Docs) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13] CHR Extension: (Google Drive) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-01-28] CHR Extension: (TV) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-01-28] CHR Extension: (Google Docs Quick Create) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bldgenmjegcnjebiongilahhcjldgmlm [2017-05-26] CHR Extension: (YouTube) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-01-28] CHR Extension: (Radio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmbklidifcgaleiiamhcfiaflkaajgni [2018-01-07] CHR Extension: (Set Character Encoding) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpojelgakakmcfmjfilgdlmhefphglae [2017-10-28] CHR Extension: (Advanced Font Settings) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\caclkomlalccbpcdllchkeecicepbmbm [2017-01-28] CHR Extension: (OnWebRadio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfoadkpfdbkifpnbjfcccbncbmjajnfh [2017-01-28] CHR Extension: (Google Tips) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhacgcmhcgppboemgoobibkhlpglejb [2017-01-28] CHR Extension: (MakeGIF Video Capture) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnhdjbfjheoohmhpakglckehdcgfffbl [2017-06-09] CHR Extension: (Quick Search for Google Drive™) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddebdlfmldojeofgkeocjdkloocegmae [2017-01-28] CHR Extension: (FLV Player) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhogabmliblgpadclikpkjfnnipeebjm [2017-12-06] CHR Extension: (Letterboxd Movie Assistant) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlicmihnogpoemhcegbnhbmncbkoidjo [2017-09-16] CHR Extension: (Gmail Offline) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2017-01-28] CHR Extension: (Wikiwand: Wikipedia Modernized) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\emffkefkbkpkgpdeeooapgaicgmcbolj [2017-01-28] CHR Extension: (Sheets) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13] CHR Extension: (Podbay) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgclhigcifiacijciojhdhhkpfoihbmd [2017-01-28] CHR Extension: (Word Online) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2017-01-28] CHR Extension: (Office Editing for Docs, Sheets & Slides) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbkeegbaiigmenfmjfclcdgdpimamgkj [2018-06-14] CHR Extension: (World tv) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdejljjjgegbbgoopclmcaabkjlbcmdm [2017-12-26] CHR Extension: (Google Docs Offline) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-18] CHR Extension: (TweetDeck by Twitter) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2017-01-28] CHR Extension: (TuneIn Radio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhkolpgedpldcfmkgbdokgiljfbblpfj [2017-01-28] CHR Extension: (Amazon Storywriter) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmcnhpcghhifadgblhkonelnmbenkeep [2018-04-14] CHR Extension: (Comedy Radio) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpmejdihoeonnkamggabbkibfgfdecj [2017-01-28] CHR Extension: (Excel Online) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\iljnkagajgfdmfnnidjijobijlfjfgnb [2017-01-28] CHR Extension: (The West) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ilkgeioneoemibpddeiamfgiofnpjifm [2017-01-28] CHR Extension: (Dropbox) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2018-03-22] CHR Extension: (SoundCloud) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2017-01-28] CHR Extension: (Font Changer with Google Web Fonts™) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgjhhoglgjdklldfgoffdiaceffijeke [2017-11-27] CHR Extension: (Grammarly for Chrome) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-09-11] CHR Extension: (Adblock Plus Pro) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdjhcbppaonjcpcemdbhiainiljlpepo [2017-01-29] CHR Extension: (WordPress.com) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjnjifipfkgglficmipimgjpbmlbemd [2017-01-28] CHR Extension: (Hootsuite) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\kneloppijbcidgidihgdjnooihjcdbij [2017-01-28] CHR Extension: (Momentum) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2018-09-20] CHR Extension: (Google Maps) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-01-28] CHR Extension: (Old Time Radio Player) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\mobkgbcjlihocgpnkcdplmnhalhknlnh [2017-01-28] CHR Extension: (OneDrive) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2017-01-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03] CHR Extension: (Retrovision Old Time Radio - Retrovision.tv) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\obeghhdggacmnaoghpjaibgdpfjcoege [2017-01-28] CHR Extension: (Send from Gmail (by Google)) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2017-01-28] CHR Extension: (Gmail) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-01-28] CHR Extension: (Chrome Media Router) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-09-13] CHR Extension: (MyMusicCloud) - C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaelelbkmommhmjlepigoiepmdaihbk [2017-01-28] CHR Profile: C:\Users\StephenDJButler\AppData\Local\Google\Chrome\User Data\System Profile [2018-04-05] CHR HKLM-x32\...\Chrome\Extension: [flljooaijgdgaaogmfhakpojmddcjjmj] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1231376 2016-03-23] (Autodesk Inc.) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [404360 2013-12-21] (Samsung) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-04-03] (Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9658664 2018-09-08] (Microsoft Corporation) S3 CWUpdaterDaemon; C:\Program Files (x86)\CheckPoint\Parental Controls\bin\cwupdater.exe [9729368 2015-08-13] (ContentWatch, Inc.) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-09-21] (SurfRight B.V.) S3 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1157752 2016-03-25] (Check Point Software Technologies LTD) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) S3 mi-raysat_3dsmax2016_64; D:\Program Files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [86016 2011-09-15] () [File not signed] R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed] R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [773328 2018-09-12] (NVIDIA Corporation) R2 RichVideo64; C:\Program Files\Cyberlink\Shared files\RichVideo64.exe [386344 2010-08-19] () R2 Samsung Link Service; D:\Program Files\Samsung Link\Samsung Link.exe [623848 2016-03-09] (Samsung Electronics Co.,Ltd) R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [4088608 2016-09-21] (Safer-Networking Ltd.) [File not signed] R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [235984 2016-11-24] (Safer-Networking Ltd.) [File not signed] R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-21] (Microsoft Corporation) R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-21] (Microsoft Corporation) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2015-11-19] (Microsoft Corporation) [File not signed] R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4087568 2016-12-13] (Check Point Software Technologies Ltd.) S3 VSStandardCollectorService140; D:\Program Files\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56040 2015-11-19] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.) R2 ZoneAlarm AntiTheft; C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [3008824 2016-12-13] (Check Point Software Technologies Ltd.) R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1040184 2016-12-13] (Check Point Software Technologies Ltd.) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation) R3 echo1394; C:\Windows\System32\DRIVERS\echo1394.sys [91944 2013-01-24] (Echo Digital Audio Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [152688 2018-07-12] (Malwarebytes) S3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-07-17] (Check Point Software Technologies LTD) R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2016-03-25] (Check Point Software Technologies LTD) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [554416 2016-08-02] (AO Kaspersky Lab) R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [180560 2016-08-02] (AO Kaspersky Lab) R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [292176 2016-08-02] (AO Kaspersky Lab) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [1015120 2016-08-02] (AO Kaspersky Lab) R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [126808 2016-08-02] (AO Kaspersky Lab) R3 KORGUMDS; C:\Windows\System32\Drivers\KORGUM64.SYS [34184 2016-12-14] (KORG INC.) R2 MBAMChameleon; C:\Windows\System32\Drivers\MbamChameleon.sys [193256 2018-09-21] (Malwarebytes) R3 MBAMFarflt; C:\Windows\System32\DRIVERS\farflt.sys [117472 2018-09-21] (Malwarebytes) R3 MBAMProtection; C:\Windows\System32\DRIVERS\mbam.sys [52328 2018-09-21] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [259360 2018-09-21] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\System32\DRIVERS\mwac.sys [98616 2018-09-21] (Malwarebytes) S3 mlkumidi; C:\Windows\System32\drivers\mlkumidi.sys [55856 2014-08-30] (MusicLab, Inc.) S3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2506384 2015-08-12] (MediaTek Inc.) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30792 2018-08-21] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [69544 2018-06-08] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\DRIVERS\nvvhci.sys [65792 2018-08-21] (NVIDIA Corporation) S3 Phosgene; C:\Windows\System32\DRIVERS\Phosgene.sys [33672 2015-09-02] (Adoriasoft LLC) S3 rspLLL; C:\Windows\System32\DRIVERS\rspLLL64.sys [26368 2015-07-13] (Resplendence Software Projects Sp.) R3 vrvd5; C:\Windows\System32\DRIVERS\vrvd5.sys [13344 2016-07-24] (Rsupport Corporation) R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [461240 2017-03-18] (Check Point Software Technologies Ltd.) S3 wdm_usb; C:\Windows\System32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB) S1 aeicrvpl; \??\C:\Windows\system32\drivers\aeicrvpl.sys [X] S3 cpuz143; \??\C:\Windows\temp\cpuz143\cpuz143_x64.sys [X] S1 cubvdwlj; \??\C:\Windows\system32\drivers\cubvdwlj.sys [X] S0 hitmanpro37duringboot; system32\drivers\hitmanpro37.sys [X] S1 jjpwxgnf; \??\C:\Windows\system32\drivers\jjpwxgnf.sys [X] S1 malwgnfd; \??\C:\Windows\system32\drivers\malwgnfd.sys [X] S3 mdf16; \??\D:\Program Files (x86)\mdf16.sys [X] S3 mvd23; \??\D:\Program Files (x86)\mvd23.sys [X] S1 nahbaxkg; \??\C:\Windows\system32\drivers\nahbaxkg.sys [X] S1 pzhubuzu; \??\C:\Windows\system32\drivers\pzhubuzu.sys [X] S1 rlijrmgr; \??\C:\Windows\system32\drivers\rlijrmgr.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-21 16:35 - 2018-09-21 16:40 - 000000000 ___DC C:\FRST 2018-09-21 16:19 - 2018-09-21 16:25 - 000000000 ____D C:\Users\StephenDJButler\AppData\LocalLow\uTorrent 2018-09-21 16:14 - 2018-09-21 16:16 - 000000000 ___DC C:\AdwCleaner 2018-09-21 16:02 - 2018-09-21 16:02 - 000002314 _____ C:\Windows\system32\.crusader 2018-09-21 15:52 - 2018-09-21 15:52 - 000001900 _____ C:\Users\Public\Desktop\HitmanPro.lnk 2018-09-21 15:52 - 2018-09-21 15:52 - 000000000 ___DC C:\Program Files\HitmanPro 2018-09-21 15:52 - 2018-09-21 15:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro 2018-09-21 15:50 - 2018-09-21 16:02 - 000000000 ____D C:\ProgramData\HitmanPro 2018-09-21 05:51 - 2018-09-21 16:20 - 000052328 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2018-09-21 05:50 - 2018-09-21 16:20 - 000117472 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2018-09-21 05:50 - 2018-09-21 16:19 - 000259360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys 2018-09-21 05:50 - 2018-09-21 16:19 - 000098616 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2018-09-21 05:50 - 2018-09-21 05:50 - 000193256 _____ (Malwarebytes) C:\Windows\system32\Drivers\MbamChameleon.sys 2018-09-16 17:11 - 2018-09-16 17:11 - 000002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk 2018-09-16 17:11 - 2018-09-16 17:11 - 000002386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk 2018-09-16 17:11 - 2018-09-16 17:11 - 000002385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk 2018-09-16 17:11 - 2018-09-16 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2018-09-16 09:02 - 2018-09-16 15:23 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\MusicBee 2018-09-16 09:01 - 2018-09-16 09:01 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee 2018-09-16 09:01 - 2018-09-16 09:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee 2018-09-15 17:17 - 2018-09-15 17:17 - 000000000 ___HD C:\ProgramData\CanonIJFAX 2018-09-15 17:17 - 2018-09-15 17:17 - 000000000 ___HD C:\ProgramData\CanonBJ 2018-09-15 17:17 - 2017-04-03 06:00 - 000254464 _____ (CANON INC.) C:\Windows\system32\CNCALDL.DLL 2018-09-15 17:16 - 2017-03-30 05:00 - 001302016 _____ (CANON INC.) C:\Windows\system32\CNMLMDL.DLL 2018-09-15 17:15 - 2017-02-27 09:14 - 000379392 _____ (CANON INC.) C:\Windows\system32\CNC_DLL.dll 2018-09-15 17:15 - 2017-02-07 16:57 - 000098560 _____ C:\Windows\system32\CNC1823D.TBL 2018-09-15 17:15 - 2016-10-26 11:31 - 000559616 _____ (CANON INC.) C:\Windows\system32\CNC_DLC.dll 2018-09-15 17:15 - 2016-10-26 11:31 - 000273408 _____ (CANON INC.) C:\Windows\system32\CNC_DLI.dll 2018-09-15 15:06 - 2018-09-15 15:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-09-15 15:06 - 2018-09-15 15:06 - 000000000 ___DC C:\Program Files\Malwarebytes 2018-09-15 15:06 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys 2018-09-13 20:42 - 2018-09-13 20:42 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\4kdownload.com 2018-09-12 05:31 - 2018-08-31 16:08 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll 2018-09-12 05:31 - 2018-08-31 16:08 - 000340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll 2018-09-12 05:31 - 2018-08-30 02:47 - 001230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2018-09-12 05:31 - 2018-08-30 02:10 - 001424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2018-09-12 05:31 - 2018-08-28 06:50 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys 2018-09-12 05:31 - 2018-08-24 20:47 - 000398424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2018-09-12 05:31 - 2018-08-24 19:47 - 000350296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2018-09-12 05:31 - 2018-08-24 00:05 - 025736704 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-09-12 05:31 - 2018-08-23 23:45 - 002902016 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2018-09-12 05:31 - 2018-08-23 23:43 - 000576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-09-12 05:31 - 2018-08-23 23:43 - 000417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2018-09-12 05:31 - 2018-08-23 23:37 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2018-09-12 05:31 - 2018-08-23 23:34 - 005779456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-09-12 05:31 - 2018-08-23 23:34 - 000615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2018-09-12 05:31 - 2018-08-23 23:33 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2018-09-12 05:31 - 2018-08-23 23:33 - 000794624 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2018-09-12 05:31 - 2018-08-23 23:33 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2018-09-12 05:31 - 2018-08-23 23:27 - 000969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2018-09-12 05:31 - 2018-08-23 23:24 - 000489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2018-09-12 05:31 - 2018-08-23 23:15 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2018-09-12 05:31 - 2018-08-23 23:15 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2018-09-12 05:31 - 2018-08-23 23:13 - 000315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2018-09-12 05:31 - 2018-08-23 23:12 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2018-09-12 05:31 - 2018-08-23 23:03 - 000262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2018-09-12 05:31 - 2018-08-23 23:01 - 000809472 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2018-09-12 05:31 - 2018-08-23 23:00 - 015283712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2018-09-12 05:31 - 2018-08-23 22:59 - 002136064 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2018-09-12 05:31 - 2018-08-23 22:59 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2018-09-12 05:31 - 2018-08-23 22:52 - 004510720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2018-09-12 05:31 - 2018-08-23 22:40 - 001555456 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-09-12 05:31 - 2018-08-23 22:28 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2018-09-12 05:31 - 2018-08-23 22:27 - 020279296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2018-09-12 05:31 - 2018-08-23 22:15 - 000497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2018-09-12 05:31 - 2018-08-23 22:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2018-09-12 05:31 - 2018-08-23 22:12 - 002295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2018-09-12 05:31 - 2018-08-23 22:07 - 000476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2018-09-12 05:31 - 2018-08-23 22:06 - 000662016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2018-09-12 05:31 - 2018-08-23 22:06 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2018-09-12 05:31 - 2018-08-23 21:53 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2018-09-12 05:31 - 2018-08-23 21:52 - 000279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2018-09-12 05:31 - 2018-08-23 21:51 - 004494848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2018-09-12 05:31 - 2018-08-23 21:48 - 013679616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2018-09-12 05:31 - 2018-08-23 21:46 - 000230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2018-09-12 05:31 - 2018-08-23 21:44 - 002059776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2018-09-12 05:31 - 2018-08-23 21:44 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2018-09-12 05:31 - 2018-08-23 21:44 - 000696320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2018-09-12 05:31 - 2018-08-23 21:30 - 004037632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2018-09-12 05:31 - 2018-08-23 21:27 - 001329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2018-09-12 05:31 - 2018-08-23 21:24 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2018-09-12 05:31 - 2018-08-13 16:54 - 014183936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2018-09-12 05:31 - 2018-08-13 16:54 - 002004480 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2018-09-12 05:31 - 2018-08-13 16:54 - 001888768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2018-09-12 05:31 - 2018-08-13 16:54 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll 2018-09-12 05:31 - 2018-08-13 16:53 - 001867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll 2018-09-12 05:31 - 2018-08-13 16:53 - 000405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2018-09-12 05:31 - 2018-08-13 16:41 - 000313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2018-09-12 05:31 - 2018-08-13 16:40 - 012880896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2018-09-12 05:31 - 2018-08-13 16:40 - 001390080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2018-09-12 05:31 - 2018-08-13 16:40 - 001241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2018-09-12 05:31 - 2018-08-13 16:40 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf3216.dll 2018-09-12 05:31 - 2018-08-12 21:32 - 000378464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2018-09-12 05:31 - 2018-08-12 21:31 - 001894496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2018-09-12 05:31 - 2018-08-12 21:31 - 000289376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2018-09-12 05:31 - 2018-08-10 16:59 - 005552816 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-09-12 05:31 - 2018-08-10 16:59 - 000154800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2018-09-12 05:31 - 2018-08-10 16:58 - 000385120 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2018-09-12 05:31 - 2018-08-10 16:58 - 000263776 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll 2018-09-12 05:31 - 2018-08-10 16:58 - 000096864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2018-09-12 05:31 - 2018-08-10 16:57 - 000708272 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2018-09-12 05:31 - 2018-08-10 16:57 - 000631624 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2018-09-12 05:31 - 2018-08-10 16:56 - 001664296 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-09-12 05:31 - 2018-08-10 16:55 - 000503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2018-09-12 05:31 - 2018-08-10 16:55 - 000361984 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2018-09-12 05:31 - 2018-08-10 16:55 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2018-09-12 05:31 - 2018-08-10 16:55 - 000215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2018-09-12 05:31 - 2018-08-10 16:55 - 000210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2018-09-12 05:31 - 2018-08-10 16:55 - 000152064 _____ (Microsoft Corporation) C:\Windows\system32\t2embed.dll 2018-09-12 05:31 - 2018-08-10 16:55 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2018-09-12 05:31 - 2018-08-10 16:55 - 000094208 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2018-09-12 05:31 - 2018-08-10 16:55 - 000050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2018-09-12 05:31 - 2018-08-10 16:55 - 000028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2018-09-12 05:31 - 2018-08-10 16:55 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 001461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 001211904 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 001163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 000828928 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 000731648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 000419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 000345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 000312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 000190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 000063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 000028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2018-09-12 05:31 - 2018-08-10 16:54 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2018-09-12 05:31 - 2018-08-10 16:53 - 000880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2018-09-12 05:31 - 2018-08-10 16:53 - 000463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll 2018-09-12 05:31 - 2018-08-10 16:53 - 000123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2018-09-12 05:31 - 2018-08-10 16:53 - 000059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2018-09-12 05:31 - 2018-08-10 16:53 - 000044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2018-09-12 05:31 - 2018-08-10 16:53 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2018-09-12 05:31 - 2018-08-10 16:53 - 000034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2018-09-12 05:31 - 2018-08-10 16:53 - 000022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2018-09-12 05:31 - 2018-08-10 16:53 - 000006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2018-09-12 05:31 - 2018-08-10 16:45 - 004054192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2018-09-12 05:31 - 2018-08-10 16:45 - 000309424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2018-09-12 05:31 - 2018-08-10 16:44 - 003961440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2018-09-12 05:31 - 2018-08-10 16:42 - 001315512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2018-09-12 05:31 - 2018-08-10 16:41 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2018-09-12 05:31 - 2018-08-10 16:40 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2018-09-12 05:31 - 2018-08-10 16:40 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll 2018-09-12 05:31 - 2018-08-10 16:40 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2018-09-12 05:31 - 2018-08-10 16:40 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2018-09-12 05:31 - 2018-08-10 16:40 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2018-09-12 05:31 - 2018-08-10 16:40 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2018-09-12 05:31 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2018-09-12 05:31 - 2018-08-10 16:39 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2018-09-12 05:31 - 2018-08-10 16:27 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mpsdrv.sys 2018-09-12 05:31 - 2018-08-10 16:22 - 000148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2018-09-12 05:31 - 2018-08-10 16:22 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2018-09-12 05:31 - 2018-08-10 16:22 - 000017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2018-09-12 05:31 - 2018-08-10 16:21 - 000064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2018-09-12 05:31 - 2018-08-10 16:17 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2018-09-12 05:31 - 2018-08-10 16:17 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2018-09-12 05:31 - 2018-08-10 16:17 - 000129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\videoprt.sys 2018-09-12 05:31 - 2018-08-10 16:15 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2018-09-12 05:31 - 2018-08-10 16:13 - 000291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2018-09-12 05:31 - 2018-08-10 16:13 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2018-09-12 05:31 - 2018-08-10 16:13 - 000129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2018-09-12 05:31 - 2018-08-10 16:12 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2018-09-12 05:31 - 2018-08-10 16:12 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdk8.sys 2018-09-12 05:31 - 2018-08-10 16:12 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelppm.sys 2018-09-12 05:31 - 2018-08-10 16:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\processr.sys 2018-09-12 05:31 - 2018-08-10 16:12 - 000060928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\amdppm.sys 2018-09-12 05:31 - 2018-08-10 16:12 - 000030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2018-09-12 05:31 - 2018-08-10 16:10 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2018-09-12 05:31 - 2018-08-10 16:10 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2018-09-12 05:31 - 2018-08-10 16:09 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2018-09-12 05:31 - 2018-07-29 16:55 - 001110528 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll 2018-09-12 05:31 - 2018-07-18 16:18 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys 2018-09-12 05:30 - 2018-08-23 23:56 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2018-09-12 05:30 - 2018-08-23 23:56 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2018-09-12 05:30 - 2018-08-23 23:44 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2018-09-12 05:30 - 2018-08-23 23:43 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2018-09-12 05:30 - 2018-08-23 23:43 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2018-09-12 05:30 - 2018-08-23 23:36 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2018-09-12 05:30 - 2018-08-23 23:33 - 000116224 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2018-09-12 05:30 - 2018-08-23 23:19 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2018-09-12 05:30 - 2018-08-23 23:18 - 000087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2018-09-12 05:30 - 2018-08-23 23:17 - 000107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2018-09-12 05:30 - 2018-08-23 23:01 - 000728064 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2018-09-12 05:30 - 2018-08-23 22:25 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2018-09-12 05:30 - 2018-08-23 22:14 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2018-09-12 05:30 - 2018-08-23 22:14 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2018-09-12 05:30 - 2018-08-23 22:13 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2018-09-12 05:30 - 2018-08-23 22:09 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2018-09-12 05:30 - 2018-08-23 22:09 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2018-09-12 05:30 - 2018-08-23 22:06 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2018-09-12 05:30 - 2018-08-23 22:00 - 000416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2018-09-12 05:30 - 2018-08-23 21:56 - 000073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2018-09-12 05:30 - 2018-08-23 21:56 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2018-09-12 05:30 - 2018-08-23 21:55 - 000091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2018-09-12 05:30 - 2018-08-23 21:54 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2018-09-12 05:30 - 2018-08-23 21:51 - 000130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2018-09-12 05:30 - 2018-08-13 16:54 - 000008192 _____ (Microsoft Corporation) C:\Windows\system32\msimg32.dll 2018-09-12 05:30 - 2018-08-13 16:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2018-09-12 05:30 - 2018-08-13 16:54 - 000002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2018-09-12 05:30 - 2018-08-13 16:40 - 001499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll 2018-09-12 05:30 - 2018-08-13 16:40 - 000004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimg32.dll 2018-09-12 05:30 - 2018-08-13 16:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2018-09-12 05:30 - 2018-08-13 16:40 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2018-09-12 05:30 - 2018-08-12 21:28 - 000018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll 2018-09-12 05:30 - 2018-08-12 21:14 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll 2018-09-12 05:30 - 2018-08-10 16:55 - 000022528 _____ (Microsoft Corporation) C:\Windows\system32\wfapigp.dll 2018-09-12 05:30 - 2018-08-10 16:54 - 000749568 _____ (Microsoft Corporation) C:\Windows\system32\FirewallAPI.dll 2018-09-12 05:30 - 2018-08-10 16:54 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2018-09-12 05:30 - 2018-08-10 16:54 - 000108544 _____ (Microsoft Corporation) C:\Windows\system32\icfupgd.dll 2018-09-12 05:30 - 2018-08-10 16:54 - 000100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2018-09-12 05:30 - 2018-08-10 16:54 - 000060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2018-09-12 05:30 - 2018-08-10 16:54 - 000041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:53 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:41 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2018-09-12 05:30 - 2018-08-10 16:41 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2018-09-12 05:30 - 2018-08-10 16:41 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000463360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:40 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:39 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2018-09-12 05:30 - 2018-08-10 16:20 - 000018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll 2018-09-12 05:30 - 2018-08-10 16:13 - 000034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2018-09-12 05:30 - 2018-08-10 16:10 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2018-09-12 05:30 - 2018-08-10 16:10 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2018-09-12 05:30 - 2018-08-10 16:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2018-09-12 05:30 - 2018-08-10 16:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2018-09-12 05:30 - 2018-06-27 14:20 - 000419648 _____ C:\Windows\SysWOW64\locale.nls 2018-09-12 05:30 - 2018-06-27 14:19 - 000419648 _____ C:\Windows\system32\locale.nls 2018-09-10 16:50 - 2018-09-10 16:50 - 013422621 _____ C:\Users\StephenDJButler\Documents\MediaMonkey Scan Log (10-09-2018).txt 2018-09-10 12:56 - 2018-09-21 14:23 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\MediaMonkey 2018-09-10 12:56 - 2018-09-10 12:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey 2018-09-10 12:56 - 2018-09-10 12:56 - 000000000 ____D C:\ProgramData\MediaMonkey 2018-09-09 14:54 - 2018-09-09 14:54 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\GitHubVisualStudio 2018-09-08 14:18 - 2018-09-08 14:18 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\NVIDIA 2018-09-08 14:00 - 2018-09-08 14:00 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2018-09-08 14:00 - 2018-08-21 11:24 - 000132408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe 2018-09-08 13:58 - 2018-08-21 11:14 - 005947600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2018-09-08 13:58 - 2018-08-21 11:14 - 002612264 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2018-09-08 13:58 - 2018-08-21 11:14 - 001767632 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2018-09-08 13:58 - 2018-08-21 11:14 - 000634352 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll 2018-09-08 13:58 - 2018-08-21 11:14 - 000450768 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2018-09-08 13:58 - 2018-08-21 11:14 - 000124216 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2018-09-08 13:58 - 2018-08-21 11:14 - 000083440 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll 2018-09-08 13:58 - 2018-08-02 23:32 - 008273432 _____ C:\Windows\system32\nvcoproc.bin 2018-09-08 13:57 - 2018-07-13 20:20 - 000001951 _____ C:\Windows\NvContainerRecovery.bat 2018-09-08 13:56 - 2018-08-22 17:12 - 000553200 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll 2018-09-08 13:56 - 2018-08-22 17:12 - 000458480 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll 2018-09-08 13:53 - 2018-09-08 13:56 - 000000000 ____D C:\Windows\system32\unknown 2018-09-08 13:53 - 2018-09-08 13:53 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation 2018-09-08 13:45 - 2018-08-22 17:12 - 040189616 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2018-09-08 13:45 - 2018-08-22 17:12 - 032457736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2018-09-08 13:45 - 2018-08-22 17:12 - 017014632 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2018-09-08 13:45 - 2018-08-22 17:12 - 000628560 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll 2018-09-08 13:45 - 2018-08-22 17:12 - 000519120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 040346976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 035250176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 031248576 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 025964944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 023305232 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 020330616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 019088480 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 017755768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 015699512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 015169920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 013732120 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 011276424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 004616904 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 004085328 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 003967304 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 003504968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 002015184 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439907.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 001564136 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 001467728 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439907.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 001420296 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 001217352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 001159096 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 001093456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 000906608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 000546880 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 000505592 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 000464536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 000420032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 000182624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 000164792 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 000159736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2018-09-08 13:45 - 2018-08-22 17:11 - 000142656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2018-09-08 13:45 - 2018-08-21 13:08 - 001688848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2018-09-08 13:45 - 2018-08-21 13:08 - 000227928 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2018-09-08 13:45 - 2018-08-21 13:08 - 000065792 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys 2018-09-08 13:45 - 2018-08-21 13:08 - 000047648 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2018-09-08 13:45 - 2018-08-21 13:08 - 000041866 _____ C:\Windows\system32\nvinfo.pb 2018-09-08 13:45 - 2018-08-21 13:08 - 000000669 _____ C:\Windows\SysWOW64\nv-vk32.json 2018-09-08 13:45 - 2018-08-21 13:08 - 000000669 _____ C:\Windows\system32\nv-vk64.json 2018-09-08 13:35 - 2018-06-08 02:59 - 000069544 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2018-09-07 12:19 - 2018-09-07 12:19 - 000000000 ____D C:\Users\StephenDJButler\Documents\MEGA 2018-09-07 12:16 - 2018-09-07 12:32 - 000000000 ____D C:\Windows\System32\Tasks\MEGA 2018-09-03 13:01 - 2018-09-03 13:02 - 000077702 _____ C:\Windows\ntbtlog.txt 2018-09-03 12:38 - 2018-09-03 12:38 - 000456088 _____ C:\Windows\Minidump\090318-1539371-01.dmp 2018-08-30 16:13 - 2018-08-30 16:13 - 000427432 _____ C:\Windows\Minidump\083018-445226-01.dmp 2018-08-27 23:26 - 2018-08-27 23:26 - 000675984 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000457512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000386712 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000343192 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000274072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000248624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000089248 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000087352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000031896 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140_1.dll 2018-08-27 23:26 - 2018-08-27 23:26 - 000028472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140_1.dll 2018-08-26 11:03 - 2018-08-26 11:03 - 000427424 _____ C:\Windows\Minidump\082618-52416-01.dmp 2018-08-25 10:36 - 2018-08-25 10:36 - 000427416 _____ C:\Windows\Minidump\082518-706840-01.dmp ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-21 16:27 - 2009-07-14 05:45 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-09-21 16:27 - 2009-07-14 05:45 - 000021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-09-21 16:26 - 2015-12-13 09:59 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\uTorrent 2018-09-21 16:25 - 2009-07-14 06:13 - 000893102 _____ C:\Windows\system32\PerfStringBackup.INI 2018-09-21 16:25 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf 2018-09-21 16:21 - 2015-12-15 11:04 - 000000000 ____D C:\ProgramData\NVIDIA 2018-09-21 16:19 - 2017-12-16 13:26 - 000000422 _____ C:\Windows\Tasks\FreeFileViewerUpdateChecker.job 2018-09-21 16:19 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-09-21 16:16 - 2016-04-25 12:42 - 000000000 ____D C:\Users\StephenDJButler\AppData\LocalLow\IObit 2018-09-20 19:36 - 2015-12-10 00:16 - 000000000 ____D C:\Program Files (x86)\Steam 2018-09-20 14:25 - 2018-04-06 12:17 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\Echo FireWire Console 2018-09-20 13:46 - 2015-12-10 00:08 - 000000000 ____D C:\ProgramData\NVIDIA Corporation 2018-09-20 13:45 - 2018-06-27 07:03 - 000003798 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-09-20 13:45 - 2018-06-27 07:03 - 000003790 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-09-20 13:44 - 2018-06-27 07:03 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-09-20 13:44 - 2018-06-27 07:03 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-09-20 13:44 - 2018-06-27 07:03 - 000003792 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-09-20 13:44 - 2018-04-12 16:04 - 000003940 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-09-20 13:44 - 2016-12-30 17:27 - 000004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-09-20 13:44 - 2016-10-25 12:46 - 000003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-09-20 13:44 - 2016-10-25 12:46 - 000003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-09-20 13:44 - 2016-10-25 12:46 - 000003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-09-20 13:44 - 2016-10-25 12:46 - 000003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} 2018-09-20 13:44 - 2015-12-10 00:08 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2018-09-20 13:44 - 2015-12-10 00:05 - 000000000 ____D C:\Program Files\NVIDIA Corporation 2018-09-20 11:21 - 2016-03-05 19:25 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\REAPER 2018-09-20 11:19 - 2016-03-06 12:01 - 000000000 ____D C:\Users\StephenDJButler\Documents\REAPER Media 2018-09-20 11:15 - 2017-07-18 09:47 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\audacity 2018-09-20 10:23 - 2018-08-08 11:07 - 000000000 ____D C:\Users\StephenDJButler\Desktop\Reg Keys, .Bat Files, etc 2018-09-18 08:03 - 2016-05-01 20:42 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\vlc 2018-09-18 05:04 - 2017-01-28 10:24 - 000002231 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-09-16 18:24 - 2018-08-07 21:46 - 000000000 ___RD C:\Users\StephenDJButler\Desktop\Programs, etc 2018-09-16 17:16 - 2015-12-14 17:41 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-09-16 17:11 - 2016-04-07 15:55 - 000002422 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk 2018-09-16 17:11 - 2016-04-07 15:55 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk 2018-09-16 17:11 - 2016-04-07 15:55 - 000002373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk 2018-09-16 17:11 - 2016-04-07 15:55 - 000002365 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk 2018-09-16 17:10 - 2016-04-07 15:49 - 000000000 ____D C:\Program Files (x86)\Microsoft Office 2018-09-16 09:02 - 2017-10-31 18:52 - 000000714 _____ C:\Users\Recording\Desktop\MusicBee.lnk 2018-09-16 09:02 - 2017-10-31 18:52 - 000000714 _____ C:\Users\Guest\Desktop\MusicBee.lnk 2018-09-16 09:02 - 2017-10-31 18:52 - 000000714 _____ C:\Users\Gaming\Desktop\MusicBee.lnk 2018-09-16 05:26 - 2018-03-04 09:07 - 000002199 _____ C:\Users\StephenDJButler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk 2018-09-16 05:26 - 2017-07-28 06:48 - 000003202 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-410353808-276946841-1970485010-1001 2018-09-16 05:26 - 2017-07-07 14:52 - 000000000 ___RD C:\Users\StephenDJButler\OneDrive 2018-09-15 15:06 - 2015-12-21 11:41 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-09-15 14:22 - 2016-04-25 12:42 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\IObit 2018-09-15 13:59 - 2016-04-25 12:43 - 000000000 ____D C:\ProgramData\ProductData 2018-09-13 15:33 - 2017-03-01 13:31 - 000000000 ____D C:\Windows\rescache 2018-09-13 04:56 - 2009-07-14 05:45 - 005235312 _____ C:\Windows\system32\FNTCACHE.DAT 2018-09-12 19:50 - 2015-12-11 09:44 - 000000000 ____D C:\Windows\system32\MRT 2018-09-12 19:42 - 2015-12-11 09:44 - 139184408 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-09-12 19:33 - 2015-12-10 11:30 - 000876968 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2018-09-12 12:45 - 2018-06-27 07:03 - 002622160 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2018-09-12 12:45 - 2018-06-27 07:03 - 002249424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2018-09-12 12:45 - 2018-06-27 07:03 - 001311952 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll 2018-09-12 11:23 - 2016-12-30 17:27 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat 2018-09-10 11:23 - 2015-12-24 14:20 - 000000000 ____D C:\Users\StephenDJButler\Documents\Visual Studio 2015 2018-09-09 16:03 - 2015-12-11 18:54 - 000000000 ____D C:\Users\StephenDJButler\Documents\Adobe 2018-09-08 13:58 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Help 2018-09-08 13:08 - 2016-04-25 12:42 - 000000000 ____D C:\ProgramData\IObit 2018-09-03 21:10 - 2017-07-13 10:59 - 000000000 ____D C:\Users\Recording 2018-09-03 21:10 - 2017-06-25 11:57 - 000000000 ____D C:\Users\Gaming 2018-09-03 21:10 - 2016-04-27 07:34 - 000000000 ____D C:\Users\Guest 2018-09-03 21:10 - 2016-02-10 17:22 - 000000000 ____D C:\Users\DefaultAppPool 2018-09-03 21:10 - 2016-02-06 11:11 - 000000000 ____D C:\Users\Classic .NET AppPool 2018-09-03 21:10 - 2015-12-09 23:57 - 000000000 ____D C:\Users\StephenDJButler 2018-09-03 21:09 - 2017-12-16 15:12 - 000000000 ____D C:\Users\StephenDJButler\AppData\Roaming\FreeFileViewer 2018-09-03 21:09 - 2016-07-24 16:59 - 000000000 ____D C:\ProgramData\RemotePC 2018-09-03 21:09 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\registration 2018-09-03 19:07 - 2016-04-09 15:00 - 000000000 ____D C:\ProgramData\Package Cache 2018-09-03 12:38 - 2015-12-12 16:14 - 000000000 ____D C:\Windows\Minidump 2018-09-03 12:25 - 2018-08-07 12:13 - 1388555772 ____N C:\Windows\MEMORY.DMP 2018-09-01 11:32 - 2016-03-31 16:04 - 000000000 ____D C:\Users\StephenDJButler\Documents\Addictive Drums 2 Logs 2018-08-25 19:59 - 2016-06-03 17:51 - 000000000 ___DC C:\Program Files\EaseUS ==================== Files in the root of some directories ======= 2013-04-03 23:46 - 2013-04-03 23:46 - 000091648 _____ ([URL='http://winaero.com']Winaero - Free small and useful software for Windows[/URL]) C:\Program Files\DeskthemepackInstaller.exe 2009-06-19 08:03 - 2009-06-19 08:03 - 000049152 _____ (Microsoft Corporation) C:\Program Files\Microsoft.Deployment.Compression.Cab.dll 2009-06-19 08:02 - 2009-06-19 08:02 - 000036864 _____ (Microsoft Corporation) C:\Program Files\Microsoft.Deployment.Compression.dll 2015-12-12 14:06 - 2015-12-12 14:06 - 000000604 _____ () C:\Program Files (x86)\STLL Notifier 2016-12-20 16:15 - 2016-12-20 16:25 - 000000132 _____ () C:\Users\StephenDJButler\AppData\Roaming\Adobe PNG Format CS6 Prefs 2017-05-29 19:05 - 2017-08-07 19:25 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Roaming\avoriontestfile 2018-01-22 08:43 - 2018-01-22 08:43 - 000000008 ___SH () C:\Users\StephenDJButler\AppData\Roaming\date 2018-01-22 08:43 - 2018-01-22 08:43 - 000000002 ___SH () C:\Users\StephenDJButler\AppData\Roaming\evf103 2016-01-19 15:06 - 2016-11-26 19:49 - 000099384 _____ () C:\Users\StephenDJButler\AppData\Roaming\inst.exe 2016-01-19 15:06 - 2016-11-26 19:49 - 000007859 _____ () C:\Users\StephenDJButler\AppData\Roaming\pcouffin.cat 2016-01-19 15:06 - 2016-11-26 19:49 - 000001167 _____ () C:\Users\StephenDJButler\AppData\Roaming\pcouffin.inf 2016-01-19 15:07 - 2016-11-26 19:49 - 000000033 _____ () C:\Users\StephenDJButler\AppData\Roaming\pcouffin.log 2016-01-19 15:06 - 2016-11-26 19:49 - 000082816 _____ (VSO Software) C:\Users\StephenDJButler\AppData\Roaming\pcouffin.sys 2016-03-25 15:36 - 2016-03-25 15:36 - 000327680 _____ () C:\Users\StephenDJButler\AppData\Local\178502EF-0290-41CE-9FCE-C846E56E8B13.Diagnose.Admin.2.etl 2016-03-25 15:36 - 2016-03-25 15:36 - 000262144 _____ () C:\Users\StephenDJButler\AppData\Local\178502EF-0290-41CE-9FCE-C846E56E8B13.Repair.Admin.3.etl 2016-03-25 15:36 - 2016-03-25 15:36 - 000262144 _____ () C:\Users\StephenDJButler\AppData\Local\178502EF-0290-41CE-9FCE-C846E56E8B13.Verify.Admin.4.etl 2016-03-25 15:36 - 2016-03-25 15:36 - 000327680 _____ () C:\Users\StephenDJButler\AppData\Local\30EFF69C-FF70-4B74-8FEE-2AE573237775.Diagnose.0.etl 2016-03-25 15:36 - 2016-03-25 15:36 - 000196608 _____ () C:\Users\StephenDJButler\AppData\Local\30EFF69C-FF70-4B74-8FEE-2AE573237775.Repair.Admin.0.etl 2016-03-25 14:31 - 2016-03-25 14:31 - 000003584 _____ () C:\Users\StephenDJButler\AppData\Local\7CEB9B2A0E395BD64E74381485A106AF.dll 2016-03-25 14:31 - 2016-03-25 14:31 - 000003072 _____ () C:\Users\StephenDJButler\AppData\Local\A1D76FF97175BF79025AB7AA1DDF0A2A.dll 2016-03-25 12:48 - 2016-03-25 12:48 - 000049208 _____ () C:\Users\StephenDJButler\AppData\Local\Administrator.bmp 2016-03-25 12:48 - 2016-03-25 12:49 - 000031832 _____ () C:\Users\StephenDJButler\AppData\Local\Administrator2.bmp 2016-04-19 15:39 - 2018-09-13 13:19 - 000001456 _____ () C:\Users\StephenDJButler\AppData\Local\Adobe Save for Web 13.0 Prefs 2016-03-06 09:25 - 2016-03-31 08:11 - 000030526 _____ () C:\Users\StephenDJButler\AppData\Local\AdobeARM.log 2016-03-21 11:39 - 2016-03-21 18:29 - 000000783 _____ () C:\Users\StephenDJButler\AppData\Local\AdobeARM_NotLocked.log 2016-03-25 14:49 - 2016-03-25 15:41 - 000000968 _____ () C:\Users\StephenDJButler\AppData\Local\amt3.log 2016-03-28 11:58 - 2016-03-31 08:10 - 000228380 _____ () C:\Users\StephenDJButler\AppData\Local\ArmUI.ini 2016-03-25 13:35 - 2016-03-29 13:27 - 000001779 _____ () C:\Users\StephenDJButler\AppData\Local\chrome_installer.log 2016-05-19 13:35 - 2017-10-26 10:42 - 000018944 _____ () C:\Users\StephenDJButler\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-03-25 14:31 - 2016-03-25 14:31 - 000090112 _____ () C:\Users\StephenDJButler\AppData\Local\dup2patcher.dll 2014-12-02 20:33 - 2014-12-02 20:33 - 000062988 _____ () C:\Users\StephenDJButler\AppData\Local\FLMobileAdd.bmp 2016-03-06 09:14 - 2016-03-06 09:14 - 000000000 ____N () C:\Users\StephenDJButler\AppData\Local\FXSAPIDebugLogFile.txt 2016-03-25 16:35 - 2016-03-25 16:35 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\FXSTIFFDebugLogFile.txt 2016-03-25 15:33 - 2014-05-13 01:36 - 525508520 ____N (Adobe Systems Incorporated) C:\Users\StephenDJButler\AppData\Local\gEzzEYDP.exe 2016-03-25 12:48 - 2016-03-25 12:48 - 000049208 _____ () C:\Users\StephenDJButler\AppData\Local\Guest.bmp 2016-03-25 12:48 - 2016-03-25 12:48 - 000049208 _____ () C:\Users\StephenDJButler\AppData\Local\HomeGroupUser$.bmp 2016-03-25 13:32 - 2016-03-25 13:32 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\isw_acc_80100000 2016-03-26 14:24 - 2016-02-11 19:38 - 001114112 _____ (Microsoft Corporation) C:\Users\StephenDJButler\AppData\Local\kernel32.dll 2016-03-22 18:53 - 2016-03-22 18:53 - 000098128 _____ () C:\Users\StephenDJButler\AppData\Local\MSIa286b.LOG 2016-03-25 08:12 - 2016-03-25 08:12 - 000000422 _____ () C:\Users\StephenDJButler\AppData\Local\NetFxUpdate_MagicISO_01D18665A2DA6CA4.log 2016-03-26 09:10 - 2016-03-30 18:54 - 001217182 _____ () C:\Users\StephenDJButler\AppData\Local\oobelib.log 2015-07-31 16:07 - 2015-07-31 16:07 - 000242864 ____R (Microsoft Corporation) C:\Users\StephenDJButler\AppData\Local\ose00000.exe 2016-03-25 10:39 - 2016-03-25 10:39 - 000000768 _____ () C:\Users\StephenDJButler\AppData\Local\PCW205.xml 2016-03-26 09:10 - 2016-03-30 18:54 - 000275632 _____ () C:\Users\StephenDJButler\AppData\Local\PDApp.log 2017-08-22 18:55 - 2017-08-22 18:55 - 000001309 _____ () C:\Users\StephenDJButler\AppData\Local\recently-used.xbel 2016-03-25 13:54 - 2016-03-25 13:54 - 000000018 _____ () C:\Users\StephenDJButler\AppData\Local\RemovalResult.txt 2016-08-02 11:39 - 2018-08-06 16:37 - 000007605 _____ () C:\Users\StephenDJButler\AppData\Local\Resmon.ResmonCfg 2016-03-25 12:12 - 2016-03-25 12:13 - 002564156 _____ () C:\Users\StephenDJButler\AppData\Local\SetupAdmin670.log 2016-03-24 19:47 - 2016-03-24 19:47 - 000015481 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603241847121168).log 2016-03-24 19:47 - 2016-03-24 19:47 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603241847191914).log 2016-03-24 19:47 - 2016-03-24 19:47 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603241847371354).log 2016-03-24 19:57 - 2016-03-24 19:57 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603241857251950).log 2016-03-25 08:48 - 2016-03-25 08:48 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603250748271D70).log 2016-03-25 08:48 - 2016-03-25 08:48 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603250748431678).log 2016-03-25 12:42 - 2016-03-25 12:42 - 000019370 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251141561778).log 2016-03-25 12:42 - 2016-03-25 12:42 - 000019370 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(20160325114244938).log 2016-03-25 12:46 - 2016-03-25 12:46 - 000019613 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251146451EF4).log 2016-03-25 13:15 - 2016-03-25 13:18 - 000067726 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(2016032512155022D0).log 2016-03-25 13:18 - 2016-03-25 13:18 - 000036580 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251218381CCC).log 2016-03-25 13:19 - 2016-03-25 13:24 - 000067733 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251219051FC0).log 2016-03-25 13:27 - 2016-03-25 13:27 - 000019613 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251227371894).log 2016-03-25 13:33 - 2016-03-25 13:33 - 000019362 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251233261884).log 2016-03-25 13:34 - 2016-03-25 13:34 - 000019366 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(20160325123423928).log 2016-03-25 13:34 - 2016-03-25 13:37 - 000066844 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251234491A60).log 2016-03-25 14:04 - 2016-03-25 14:31 - 000281676 _____ () C:\Users\StephenDJButler\AppData\Local\SetupExe(201603251304111778).log 2016-03-25 12:30 - 2016-03-25 12:33 - 042606592 _____ () C:\Users\StephenDJButler\AppData\Local\Skype.msi 2016-03-25 12:33 - 2016-03-25 12:34 - 005758976 _____ () C:\Users\StephenDJButler\AppData\Local\SkypeToolbars.msi 2016-03-25 09:23 - 2016-03-25 12:48 - 000031832 _____ () C:\Users\StephenDJButler\AppData\Local\StephenDJButler.bmp 2016-03-20 10:36 - 2016-03-20 10:36 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\TWAIN.LOG 2016-03-20 10:36 - 2016-03-20 10:36 - 000000002 _____ () C:\Users\StephenDJButler\AppData\Local\Twain001.Mtx 2016-03-25 12:01 - 2016-03-25 12:01 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{40A34BA2-F344-4932-9658-6E80A9B765CD} - OProcSessId.dat 2016-03-24 17:15 - 2016-03-24 17:15 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{4D121E73-1955-4016-9564-A480B490950F} - OProcSessId.dat 2016-03-25 12:01 - 2016-03-25 12:01 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{54CE436B-851B-4B03-815F-F18E639C8087} - OProcSessId.dat 2016-03-24 17:15 - 2016-03-24 17:15 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{7F166175-FAAB-4B96-8DE4-7D124F97F687} - OProcSessId.dat 2016-03-25 13:20 - 2016-03-25 13:20 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{B64E9B0B-E1A4-4FF3-A3B3-2B118FB2EF74} - OProcSessId.dat 2016-03-25 11:03 - 2016-03-25 11:03 - 000000000 _____ () C:\Users\StephenDJButler\AppData\Local\{C6DDC84D-5F70-4857-94D9-2F9CBE16B1EC} - OProcSessId.dat ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-09-15 16:30 ==================== End of FRST.txt ============================ Because the character limit of these messages is 110000 characters, I'm going to have to post [I][B]ADDITION.txt [/B][/I]in a separate post. Stand by your beds. Sorry if this is a bit awkward, I hope you can help. Cheers, Stephen Butler [/QUOTE]
Insert quotes…
Verification
Post reply
Top