Security > Analysis and Malware Removal

WSHelper.exe System Error at Startup

(1/3) > >>

Ritzy:
Hi you wonderful people!
When restarting or booting my machine I am getting a series (possibly 8 or 9) of system error boxes unable to load various files. Eg. DAQExp.dll, CBSCreateVC.dll and CBSProducstinfo.dll
I have googled the issue and been made to believe it has something to do with Wondershare but am loath to attempt anything without proper knowledge.
I thank you in advance for your help, the requested copy/pasted log files follow:

 Result of Security Analysis by Rocket Grannie (x86) Updated: 16th February, 2018
Running from:C:\Users\usuario\Desktop (13:07:50 - 02/18/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Pro X64
UAC is Enabled
Internet Explorer 11
Default Browser: Google Chrome
***------------Antivirus - Antispyware - Firewall-----------***
Bitdefender Antivirus Free Edition (Disabled - up to Date)
Bitdefender Antivirus Free Edition (Disabled - up to Date)
Bitdefender Antivirus Free Edition (Disabled - up to Date)
Bitdefender Antivirus Free Edition (Disabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI (28.0.0.161)
Adobe Acrobat Reader DC (15.017.20053) ==> is out of Date
Google Chrome (63.0.3239.132) ==> is out of Date
Java (8.0.510) ==> is out of Date
Microsoft Silverlight (5.1.50907.0)
Mozilla Firefox (59.0)
Safari (5.34.57.2)

***----------------Analysis Complete-------------------------***

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17.02.2018
Ran by usuario (administrator) on NOX (18-02-2018 13:03:43)
Running from C:\Users\usuario\Desktop
Loaded Profiles: usuario (Available Profiles: usuario)
Platform: Windows 10 Pro Version 1709 16299.248 (X64) Language: Spanish (Spain, International Sort)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.228\WsAppService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Red Software) C:\Program Files\PDFescape Desktop\creator-ws.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(WhatsApp) C:\Users\usuario\AppData\Local\WhatsApp\app-0.2.8082\WhatsApp.exe
(Telegram Messenger LLP) C:\Users\usuario\AppData\Roaming\Telegram Desktop\Telegram.exe
(WhatsApp) C:\Users\usuario\AppData\Local\WhatsApp\app-0.2.8082\WhatsApp.exe
(WhatsApp) C:\Users\usuario\AppData\Local\WhatsApp\app-0.2.8082\WhatsApp.exe
(WhatsApp) C:\Users\usuario\AppData\Local\WhatsApp\app-0.2.8082\WhatsApp.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13636824 2013-07-26] (Realtek Semiconductor)
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-06-08] (Oracle Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKLM-x32\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\Run: [Speech Recognition] => C:\Windows\Speech\Common\sapisvr.exe [44032 2017-09-29] (Microsoft Corporation)
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\Run: [Youtube Live Commando] => C:\Users\usuario\AppData\Local\Apps\2.0\G33LNMK9.L8B\PMNR0RMM.5J3\yout..tion_166ca03d33c4af01_0001.0001_ae2b475e8752cf80\YoutubeLiveCommando.exe [369664 2015-06-30] (Commando)
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\Run: [Social Bookmark Commando] => C:\Users\usuario\AppData\Local\Apps\2.0\G33LNMK9.L8B\PMNR0RMM.5J3\soci..tion_0000000000000000_0001.0000_dab3f17f25388fc4\SocialBookmarkCommando.exe [95232 2015-08-18] ()
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27832264 2017-10-10] (Skype Technologies S.A.)
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\Run: [WSHelperSetup.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2137744 2016-10-08] (Wondershare)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-09-03]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-09-03]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-01-09]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-08-27]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 5.34.150.25 5.34.150.26
Tcpip\..\Interfaces\{57caeeb5-652d-4f67-9898-036beac90bcf}: [DhcpNameServer] 5.34.150.25 5.34.150.26

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
SearchScopes: HKU\S-1-5-21-4085802308-216855206-3018638629-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
SearchScopes: HKU\S-1-5-21-4085802308-216855206-3018638629-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE00
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-09-03] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-05] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-09-03] (LastPass)
BHO-x32: PDFescape Desktop Helper -> {9AF15867-1D90-423B-9853-E99761714165} -> C:\Program Files (x86)\PDFescape Desktop\creator-ie-helper.dll [2017-07-13] (Red Software)
BHO-x32: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-08-19] ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-05] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-09-03] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-09-03] (LastPass)
Toolbar: HKLM-x32 - PDFescape Desktop Toolbar - {A6D4ADF0-4C82-4712-B9B8-69EE9CF06462} - C:\Program Files (x86)\PDFescape Desktop\creator-ie-plugin.dll [2017-07-13] (Red Software)
Toolbar: HKLM-x32 - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2017-08-19] ()
DPF: HKLM-x32 {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} hxxps://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab

FireFox:
========
FF DefaultProfile: 9afby1zy.default
FF ProfilePath: C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9afby1zy.default [2018-02-18]
FF Session Restore: Mozilla\Firefox\Profiles\9afby1zy.default -> is enabled.
FF Extension: (Firebug) - C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9afby1zy.default\Extensions\firebug@software.joehewitt.com.xpi [2017-08-08] [Legacy]
FF Extension: (SaveFrom.net helper) - C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9afby1zy.default\Extensions\helper-sig@savefrom.net.xpi [2018-02-08]
FF Extension: (Pinterest Save Button) - C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9afby1zy.default\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2017-11-18]
FF Extension: (LastPass: Free Password Manager) - C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9afby1zy.default\Extensions\support@lastpass.com.xpi [2017-12-05]
FF Extension: (Evernote Web Clipper) - C:\Users\usuario\AppData\Roaming\Mozilla\Firefox\Profiles\9afby1zy.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2018-01-17]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2017-05-23] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_161.dll [2018-02-06] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-03] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_161.dll [2018-02-06] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-08-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-08-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-08-21] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2017-08-21] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-05] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-09-03] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @worldwinner.com/Launcher2,version=1.10.0.25 -> C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll [2011-03-17] (WorldWinner.com, Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin-x32: PDFescape Desktop -> C:\Program Files (x86)\PDFescape Desktop\np-previewer.dll [2017-07-13] (Red Software)
FF Plugin HKU\S-1-5-21-4085802308-216855206-3018638629-1001: @citrixonline.com/appdetectorplugin -> C:\Users\usuario\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-05-17] (Citrix Online)
FF Plugin HKU\S-1-5-21-4085802308-216855206-3018638629-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\usuario\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-08-24] (Zoom Video Communications, Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.google.es/"
CHR DefaultSearchKeyword: Default -> lp
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default [2018-02-18]
CHR Extension: (Slides) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Facebook Video Downloader - Save FB Video) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2018-02-07]
CHR Extension: (Docs) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Foxit PDF Creator) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cifnddnffldieaamihfkhkdgnbhfmaci [2017-10-13]
CHR Extension: (Google Search) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Facebook Pixel Helper) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdgfkebogiimcoedlicjlajpkdmockpc [2017-10-29]
CHR Extension: (Sheets) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Pinterest Save Button) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-02-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-02-18]
CHR Extension: (Loom - Video Recorder: Screen, Webcam and Mic) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\liecbddmkiiihnedobmlmillhodjkdmb [2018-02-18]
CHR Extension: (YouTube SEO Checklist) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\meajddjijmeaibppajnagjiloknomjjp [2016-02-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-28]
CHR Extension: (Gmail) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-14]
CHR Extension: (Chrome Media Router) - C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-01-12]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-05-23]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2017-05-23]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx

Opera:
=======
OPR StartupUrls: "hxxps://ifttt.com/","hxxps://www.youtube.com/","hxxps://delicious.com/","hxxps://www.diigo.com/","hxxps://www.tumblr.com/","hxxps://twitter.com/","hxxps://www.linkedin.com/","hxxps://wordpress.com/","hxxps://bitly.com/","hxxps://buffer.com/","hxxps://evernote.com/","hxxps://www.facebook.com/","hxxp://pocket.com/","hxxps://app.net/","hxxps://accounts.google.com/ServiceLogin?service=blogger&hl=en&passive=1209600&continue=hxxps://www.blogger.com/home","hxxp://hotmail.com/"
OPR Session Restore: -> is enabled.
OPR Extension: (LastPass) - C:\Users\usuario\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2016-05-06]
StartMenuInternet: (HKLM) Opera - C:\Program Files\Opera x64\Opera.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-08-30] (BlueStack Systems, Inc.)
R2 FoxitPhantomService; C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1658944 2017-08-25] (Foxit Software Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-11] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-11] (NVIDIA Corporation)
S3 PDFescape Desktop; C:\Program Files\PDFescape Desktop\ws.exe [2343728 2017-07-13] (Red Software)
R2 PDFescape Desktop Creator; C:\Program Files\PDFescape Desktop\creator-ws.exe [757552 2017-07-13] (Red Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [614664 2016-09-08] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4329952 2018-01-28] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-19] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-19] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.228\WsAppService.exe [493280 2017-07-28] (Wondershare)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
S3 WsDrvInst; "C:\Program Files (x86)\Wondershare\MobileTrans\DriverInstall.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-06-21] (Bluestack System Inc. )
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253856 2017-09-19] (Malwarebytes)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S1 MpKsl7eee1451; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{963FA705-8901-4055-8145-A95A1E148F1D}\MpKsl7eee1451.sys [58120 2018-02-18] () [File not signed]
R1 MpKsl9fdce2fc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{963FA705-8901-4055-8145-A95A1E148F1D}\MpKsl9fdce2fc.sys [58120 2018-02-18] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50808 2017-10-11] (NVIDIA Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-19] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-19] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-19] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-18 13:03 - 2018-02-18 13:04 - 000028945 _____ C:\Users\usuario\Desktop\FRST.txt
2018-02-18 13:03 - 2018-02-18 13:03 - 000000000 ____D C:\FRST
2018-02-18 13:02 - 2018-02-18 13:02 - 000899584 _____ C:\Users\usuario\Desktop\RGSA.exe
2018-02-18 11:18 - 2018-02-18 11:18 - 002403840 _____ (Farbar) C:\Users\usuario\Desktop\FRST64.exe
2018-02-18 10:48 - 2018-02-18 10:48 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-14 12:58 - 2018-02-10 07:23 - 001577880 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-02-14 12:58 - 2018-02-10 07:16 - 008603032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-02-14 12:58 - 2018-02-10 07:16 - 002406456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-02-14 12:58 - 2018-02-10 07:14 - 004504464 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-02-14 12:58 - 2018-02-10 07:09 - 003904296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-02-14 12:58 - 2018-02-10 07:08 - 021351624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-02-14 12:58 - 2018-02-10 07:08 - 007675784 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-02-14 12:58 - 2018-02-10 07:04 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-02-14 12:58 - 2018-02-10 07:03 - 001619808 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-02-14 12:58 - 2018-02-10 06:17 - 002255112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-02-14 12:58 - 2018-02-10 06:09 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-02-14 12:58 - 2018-02-10 06:07 - 025253376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-02-14 12:58 - 2018-02-10 06:06 - 006481640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-02-14 12:58 - 2018-02-10 06:04 - 001491352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-02-14 12:58 - 2018-02-10 05:50 - 003665408 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-02-14 12:58 - 2018-02-10 05:47 - 017160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-02-14 12:58 - 2018-02-10 05:47 - 013704192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-02-14 12:58 - 2018-02-10 05:45 - 007545344 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-02-14 12:58 - 2018-02-10 05:43 - 018923008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-02-14 12:58 - 2018-02-10 05:43 - 008020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-02-14 12:58 - 2018-02-10 05:43 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-02-14 12:58 - 2018-02-10 05:42 - 023671808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-02-14 12:58 - 2018-02-10 05:41 - 019352576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-02-14 12:58 - 2018-02-10 05:40 - 012831744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-02-14 12:58 - 2018-02-10 05:40 - 008110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-02-14 12:58 - 2018-02-10 05:40 - 004113408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-02-14 12:58 - 2018-02-10 05:40 - 003405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-02-14 12:58 - 2018-02-10 05:39 - 011925504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-02-14 12:58 - 2018-02-10 05:39 - 004748288 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-02-14 12:58 - 2018-02-10 05:39 - 002741248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-02-14 12:58 - 2018-02-10 05:38 - 006567936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-02-14 12:58 - 2018-02-10 05:38 - 003169280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-02-14 12:58 - 2018-02-10 05:36 - 006031360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-02-14 12:58 - 2018-02-09 04:35 - 004959688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2018-02-14 12:57 - 2018-02-10 07:24 - 000270744 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-02-14 12:57 - 2018-02-10 07:23 - 000758168 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-02-14 12:57 - 2018-02-10 07:23 - 000613272 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-02-14 12:57 - 2018-02-10 07:23 - 000138136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-02-14 12:57 - 2018-02-10 07:22 - 002003352 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-02-14 12:57 - 2018-02-10 07:22 - 000662936 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-02-14 12:57 - 2018-02-10 07:22 - 000460696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-02-14 12:57 - 2018-02-10 07:22 - 000387480 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-02-14 12:57 - 2018-02-10 07:22 - 000272800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-02-14 12:57 - 2018-02-10 07:22 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-02-14 12:57 - 2018-02-10 07:22 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-02-14 12:57 - 2018-02-10 07:21 - 001092016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-02-14 12:57 - 2018-02-10 07:21 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-02-14 12:57 - 2018-02-10 07:21 - 000279456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-02-14 12:57 - 2018-02-10 07:20 - 001206680 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-02-14 12:57 - 2018-02-10 07:20 - 001055640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-02-14 12:57 - 2018-02-10 07:20 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-02-14 12:57 - 2018-02-10 07:20 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-02-14 12:57 - 2018-02-10 07:20 - 000077208 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-02-14 12:57 - 2018-02-10 07:19 - 001133888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-02-14 12:57 - 2018-02-10 07:18 - 001193192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-02-14 12:57 - 2018-02-10 07:18 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-02-14 12:57 - 2018-02-10 07:18 - 000098272 _____ (Microsoft Corporation) C:\WINDOWS\system32\FsIso.exe
2018-02-14 12:57 - 2018-02-10 07:18 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-02-14 12:57 - 2018-02-10 07:17 - 001209240 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-02-14 12:57 - 2018-02-10 07:16 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-02-14 12:57 - 2018-02-10 07:15 - 002514944 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-02-14 12:57 - 2018-02-10 07:15 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-02-14 12:57 - 2018-02-10 07:15 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-02-14 12:57 - 2018-02-10 07:15 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-02-14 12:57 - 2018-02-10 07:14 - 002395032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-02-14 12:57 - 2018-02-10 07:14 - 001002592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-02-14 12:57 - 2018-02-10 07:13 - 001416392 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-02-14 12:57 - 2018-02-10 07:13 - 000535960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-02-14 12:57 - 2018-02-10 07:13 - 000408984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-02-14 12:57 - 2018-02-10 07:13 - 000373656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-02-14 12:57 - 2018-02-10 07:12 - 004537040 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2018-02-14 12:57 - 2018-02-10 07:12 - 001313016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-02-14 12:57 - 2018-02-10 07:12 - 001277848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-02-14 12:57 - 2018-02-10 07:12 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-02-14 12:57 - 2018-02-10 07:11 - 001029528 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-02-14 12:57 - 2018-02-10 07:11 - 000711432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-02-14 12:57 - 2018-02-10 07:11 - 000677784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-02-14 12:57 - 2018-02-10 07:11 - 000494496 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-02-14 12:57 - 2018-02-10 07:10 - 002447768 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-02-14 12:57 - 2018-02-10 07:10 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-02-14 12:57 - 2018-02-10 07:10 - 000614160 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-02-14 12:57 - 2018-02-10 07:10 - 000246168 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-02-14 12:57 - 2018-02-10 07:10 - 000154520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-02-14 12:57 - 2018-02-10 07:09 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-02-14 12:57 - 2018-02-10 07:09 - 000525208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-02-14 12:57 - 2018-02-10 07:09 - 000491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-02-14 12:57 - 2018-02-10 07:09 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-02-14 12:57 - 2018-02-10 07:08 - 003010248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-02-14 12:57 - 2018-02-10 07:08 - 002574232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-02-14 12:57 - 2018-02-10 07:08 - 000687552 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-02-14 12:57 - 2018-02-10 07:08 - 000398824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-02-14 12:57 - 2018-02-10 07:08 - 000096200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2018-02-14 12:57 - 2018-02-10 07:08 - 000048112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-02-14 12:57 - 2018-02-10 07:07 - 004506576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-02-14 12:57 - 2018-02-10 07:07 - 002710728 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-02-14 12:57 - 2018-02-10 07:07 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-02-14 12:57 - 2018-02-10 07:07 - 000436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 004486904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 000824896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 000819096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-02-14 12:57 - 2018-02-10 07:06 - 000727448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-02-14 12:57 - 2018-02-10 07:06 - 000594048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 000519144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-02-14 12:57 - 2018-02-10 07:06 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-02-14 12:57 - 2018-02-10 07:06 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-02-14 12:57 - 2018-02-10 07:06 - 000356952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 000189336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 000100248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-02-14 12:57 - 2018-02-10 07:06 - 000087384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-02-14 12:57 - 2018-02-10 07:05 - 000688064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-02-14 12:57 - 2018-02-10 07:05 - 000413888 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-02-14 12:57 - 2018-02-10 07:05 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-02-14 12:57 - 2018-02-10 07:05 - 000070856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 006791984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 001778584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 001628056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 001430760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-02-14 12:57 - 2018-02-10 07:04 - 001426672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 001254144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 001170008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 000614296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-02-14 12:57 - 2018-02-10 07:04 - 000603920 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-02-14 12:57 - 2018-02-10 07:04 - 000374032 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-02-14 12:57 - 2018-02-10 07:04 - 000339872 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 000212880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-02-14 12:57 - 2018-02-10 07:04 - 000093592 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-02-14 12:57 - 2018-02-10 07:03 - 000849304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-02-14 12:57 - 2018-02-10 07:03 - 000722616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-02-14 12:57 - 2018-02-10 07:03 - 000706600 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-02-14 12:57 - 2018-02-10 07:03 - 000404888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-02-14 12:57 - 2018-02-10 07:03 - 000098712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 002773400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-02-14 12:57 - 2018-02-10 07:02 - 002220952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 001420696 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 001103768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-02-14 12:57 - 2018-02-10 07:02 - 000831384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000813976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000744856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000670104 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000645528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000628632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000617304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000495000 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000397720 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-02-14 12:57 - 2018-02-10 07:02 - 000231320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVShNotify.exe
2018-02-14 12:57 - 2018-02-10 07:02 - 000040352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClientPS.dll
2018-02-14 12:57 - 2018-02-10 06:22 - 001930224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-02-14 12:57 - 2018-02-10 06:21 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-02-14 12:57 - 2018-02-10 06:18 - 001384288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-02-14 12:57 - 2018-02-10 06:18 - 000022424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2018-02-14 12:57 - 2018-02-10 06:17 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-02-14 12:57 - 2018-02-10 06:17 - 000542856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-02-14 12:57 - 2018-02-10 06:17 - 000211864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-02-14 12:57 - 2018-02-10 06:15 - 001145624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-02-14 12:57 - 2018-02-10 06:12 - 004382032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2018-02-14 12:57 - 2018-02-10 06:11 - 001250528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2018-02-14 12:57 - 2018-02-10 06:10 - 000422592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-02-14 12:57 - 2018-02-10 06:09 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-02-14 12:57 - 2018-02-10 06:09 - 002338776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-02-14 12:57 - 2018-02-10 06:09 - 001123456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-02-14 12:57 - 2018-02-10 06:09 - 000559976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-02-14 12:57 - 2018-02-10 06:09 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2018-02-14 12:57 - 2018-02-10 06:08 - 003980720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-02-14 12:57 - 2018-02-10 06:08 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-02-14 12:57 - 2018-02-10 06:08 - 000592792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000527864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StateRepository.Core.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000123808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000089504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000083216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbrand.dll
2018-02-14 12:57 - 2018-02-10 06:07 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-02-14 12:57 - 2018-02-10 06:06 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-02-14 12:57 - 2018-02-10 06:06 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-02-14 12:57 - 2018-02-10 06:06 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 001149272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000718232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000654456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000551672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000193248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000079256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceReactivation.dll
2018-02-14 12:57 - 2018-02-10 06:05 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudNotifications.exe
2018-02-14 12:57 - 2018-02-10 06:05 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-02-14 12:57 - 2018-02-10 06:04 - 000027032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVClientPS.dll
2018-02-14 12:57 - 2018-02-10 06:03 - 000505160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp_win.dll
2018-02-14 12:57 - 2018-02-10 05:50 - 001313792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-02-14 12:57 - 2018-02-10 05:50 - 001294848 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-02-14 12:57 - 2018-02-10 05:50 - 000849920 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-02-14 12:57 - 2018-02-10 05:50 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-02-14 12:57 - 2018-02-10 05:49 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-02-14 12:57 - 2018-02-10 05:49 - 000848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-02-14 12:57 - 2018-02-10 05:49 - 000536576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-02-14 12:57 - 2018-02-10 05:49 - 000385536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-02-14 12:57 - 2018-02-10 05:49 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-02-14 12:57 - 2018-02-10 05:49 - 000326656 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-02-14 12:57 - 2018-02-10 05:49 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-02-14 12:57 - 2018-02-10 05:49 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-02-14 12:57 - 2018-02-10 05:49 - 000107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-02-14 12:57 - 2018-02-10 05:48 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-02-14 12:57 - 2018-02-10 05:48 - 000033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-02-14 12:57 - 2018-02-10 05:48 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-02-14 12:57 - 2018-02-10 05:47 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-02-14 12:57 - 2018-02-10 05:47 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-02-14 12:57 - 2018-02-10 05:47 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-02-14 12:57 - 2018-02-10 05:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-02-14 12:57 - 2018-02-10 05:46 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2018-02-14 12:57 - 2018-02-10 05:46 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-02-14 12:57 - 2018-02-10 05:46 - 000004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2018-02-14 12:57 - 2018-02-10 05:45 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-02-14 12:57 - 2018-02-10 05:45 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EnterpriseAppMgmtClient.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2018-02-14 12:57 - 2018-02-10 05:44 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-02-14 12:57 - 2018-02-10 05:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 003756032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000570368 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000394752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-02-14 12:57 - 2018-02-10 05:43 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000311808 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsku.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppManagementConfiguration.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll
2018-02-14 12:57 - 2018-02

Corrine:
Hi, Ritzy.

Unfortunately, the logs for Windows 10 are very long and exceed the character limit for the forum software.  As a result, the log was cut off.  Please open FRST on your desktop and locate the line below in FRST.txt.  Copy/paste the remainder of the log and paste it in your next reply.

2018-02-14 12:57 - 2018-02-10 05:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll

The Addition.txt log is also needed.  Please open that log and post it as well.

Thank you.

Ritzy:
Thanks Corrine, the following is copy/pasted from the line below that stated


2018-02-14 12:57 - 2018-02-10 05:43 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2018-02-14 12:57 - 2018-02-10 05:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCShellCommonProxyStub.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 001425408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 001216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 001113600 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2018-02-14 12:57 - 2018-02-10 05:42 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-02-14 12:57 - 2018-02-10 05:42 - 000975872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2018-02-14 12:57 - 2018-02-10 05:42 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000634880 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-02-14 12:57 - 2018-02-10 05:42 - 000225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-02-14 12:57 - 2018-02-10 05:42 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authz.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContent.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-02-14 12:57 - 2018-02-10 05:42 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
2018-02-14 12:57 - 2018-02-10 05:41 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-02-14 12:57 - 2018-02-10 05:41 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-02-14 12:57 - 2018-02-10 05:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000133120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppManagementConfiguration.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 004498432 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-02-14 12:57 - 2018-02-10 05:40 - 003367936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 002873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 001234432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvc.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000930816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2018-02-14 12:57 - 2018-02-10 05:40 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000756736 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2018-02-14 12:57 - 2018-02-10 05:40 - 000499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\timedate.cpl
2018-02-14 12:57 - 2018-02-10 05:40 - 000421376 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneCoreCommonProxyStub.dll
2018-02-14 12:57 - 2018-02-10 05:40 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 005500928 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 004592640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 002976256 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 002677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 002490880 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 001669120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 000680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 000648704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 000621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysdm.cpl
2018-02-14 12:57 - 2018-02-10 05:39 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twext.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2018-02-14 12:57 - 2018-02-10 05:39 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regsvr32.exe
2018-02-14 12:57 - 2018-02-10 05:38 - 006722560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2018-02-14 12:57 - 2018-02-10 05:38 - 005833216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 004815360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 002184192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-02-14 12:57 - 2018-02-10 05:38 - 002082304 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-02-14 12:57 - 2018-02-10 05:38 - 001968640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 001547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 001353728 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 001228800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 001167360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 001166336 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-02-14 12:57 - 2018-02-10 05:38 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000885248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2018-02-14 12:57 - 2018-02-10 05:38 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000556544 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-02-14 12:57 - 2018-02-10 05:38 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-02-14 12:57 - 2018-02-10 05:38 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeHelper.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 004772352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 003678720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 003578368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 003419136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-02-14 12:57 - 2018-02-10 05:37 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncCenter.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 002784256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 002523648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 001822208 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 001488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 000965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\srchadmin.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 000308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2018-02-14 12:57 - 2018-02-10 05:37 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2018-02-14 12:57 - 2018-02-10 05:37 - 000198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 002462208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 002035712 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 001759744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 001739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 000915968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 000685056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 000666624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcomapi.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 000141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 005388800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 002814976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-02-14 12:57 - 2018-02-10 05:35 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000943104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-02-14 12:57 - 2018-02-10 05:35 - 000796160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000667136 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000402944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srchadmin.dll
2018-02-14 12:57 - 2018-02-10 05:35 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2018-02-14 12:57 - 2018-02-10 05:34 - 006532096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2018-02-14 12:57 - 2018-02-10 05:34 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-02-14 12:57 - 2018-02-10 05:34 - 002983936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-02-14 12:57 - 2018-02-10 05:34 - 000624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2018-02-14 12:57 - 2018-02-10 05:34 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-02-14 12:57 - 2018-02-10 05:34 - 000433152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2018-02-14 12:57 - 2018-02-10 05:34 - 000111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-02-14 12:57 - 2018-02-10 05:33 - 001936384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-02-14 12:57 - 2018-02-10 05:33 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2018-02-14 12:57 - 2018-02-10 05:33 - 001570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-02-14 12:57 - 2018-02-10 05:33 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-02-14 12:57 - 2018-02-10 05:33 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2018-02-14 12:57 - 2018-02-10 05:33 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-02-14 12:57 - 2018-02-10 05:33 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-02-14 12:57 - 2018-02-10 05:33 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-02-14 12:57 - 2018-02-10 05:33 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-02-14 12:57 - 2018-02-10 05:33 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2018-02-14 12:57 - 2018-02-10 05:33 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-02-14 12:57 - 2018-02-10 05:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-02-14 12:57 - 2018-02-10 05:33 - 000125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-02-14 12:57 - 2018-02-10 05:33 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-02-14 12:57 - 2018-02-10 05:32 - 002427904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2018-02-14 12:57 - 2018-02-10 05:32 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2018-02-14 12:57 - 2018-02-10 05:32 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2018-02-14 12:57 - 2018-02-10 05:32 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-02-14 12:57 - 2018-02-10 05:32 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.ProxyStub.dll
2018-02-14 12:57 - 2018-02-10 05:32 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-02-14 12:57 - 2018-02-10 05:31 - 001488896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2018-02-14 12:57 - 2018-02-10 05:31 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2018-02-14 12:57 - 2018-02-10 05:31 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcbase.dll
2018-02-14 12:57 - 2018-02-10 05:31 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-02-14 12:57 - 2018-02-10 05:31 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-02-14 12:57 - 2018-02-10 03:59 - 000804240 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-02-14 12:57 - 2018-02-10 03:59 - 000804240 _____ C:\WINDOWS\system32\locale.nls
2018-02-14 12:57 - 2018-02-09 04:35 - 001234888 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2018-02-14 12:57 - 2018-02-09 04:35 - 001002952 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2018-02-14 12:57 - 2018-02-09 04:35 - 000892872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2018-02-14 12:57 - 2018-02-09 04:35 - 000065992 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2018-02-14 12:57 - 2018-02-02 04:36 - 003903944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpltfm.dll
2018-02-14 12:57 - 2018-02-02 04:36 - 000921032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmpal.dll
2018-02-14 12:57 - 2018-02-02 04:36 - 000854976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmcodecs.dll
2018-02-14 12:57 - 2018-02-02 04:36 - 000649672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ortcengine.dll
2018-02-14 12:57 - 2018-02-02 04:36 - 000054720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rtmmvrortc.dll
2018-02-07 10:05 - 2018-02-07 10:05 - 000002245 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-07 10:05 - 2018-02-07 10:05 - 000000000 ____D C:\Program Files\Google
2018-02-06 21:36 - 1998-06-17 18:08 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Mfc42loc.dll
2018-02-06 21:35 - 2018-02-06 21:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project Manager
2018-02-06 21:35 - 2018-02-06 21:35 - 000000000 ____D C:\Program Files (x86)\Project Manager
2018-02-06 21:35 - 2000-05-22 00:00 - 000203976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RICHTX32.OCX
2018-02-06 21:35 - 2000-05-22 00:00 - 000140488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2018-02-03 12:47 - 2018-02-06 03:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-03 12:47 - 2018-02-06 03:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-01 11:33 - 2018-02-01 11:33 - 000000000 ____D C:\ProgramData\ProductFeatures
2018-02-01 11:29 - 2015-02-27 10:35 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2018-02-01 11:28 - 2018-02-01 11:33 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-01-29 19:37 - 2018-01-01 18:15 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-29 19:37 - 2018-01-01 13:52 - 000066712 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-29 19:37 - 2018-01-01 13:51 - 000191816 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-29 19:37 - 2018-01-01 13:51 - 000059800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-29 19:37 - 2018-01-01 13:50 - 005905752 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-29 19:37 - 2018-01-01 13:50 - 000780464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-29 19:37 - 2018-01-01 13:49 - 000292376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-29 19:37 - 2018-01-01 13:48 - 007831760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-29 19:37 - 2018-01-01 13:48 - 000382360 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-29 19:37 - 2018-01-01 13:47 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-29 19:37 - 2018-01-01 13:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-29 19:37 - 2018-01-01 13:46 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-29 19:37 - 2018-01-01 13:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-29 19:37 - 2018-01-01 13:45 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-29 19:37 - 2018-01-01 13:43 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-29 19:37 - 2018-01-01 13:43 - 000367336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-29 19:37 - 2018-01-01 13:43 - 000062872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-29 19:37 - 2018-01-01 13:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-29 19:37 - 2018-01-01 13:42 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-29 19:37 - 2018-01-01 13:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-29 19:37 - 2018-01-01 13:41 - 000559512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-29 19:37 - 2018-01-01 13:41 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-29 19:37 - 2018-01-01 13:39 - 000902416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-29 19:37 - 2018-01-01 13:39 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-29 19:37 - 2018-01-01 13:39 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-29 19:37 - 2018-01-01 13:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-29 19:37 - 2018-01-01 13:38 - 000038808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-29 19:37 - 2018-01-01 13:37 - 000461720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-29 19:37 - 2018-01-01 13:36 - 000166296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-29 19:37 - 2018-01-01 13:36 - 000113560 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-29 19:37 - 2018-01-01 13:36 - 000057752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-29 19:37 - 2018-01-01 13:34 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-29 19:37 - 2018-01-01 13:27 - 000163736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-29 19:37 - 2018-01-01 13:26 - 000428952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-29 19:37 - 2018-01-01 13:26 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-29 19:37 - 2018-01-01 13:25 - 000615768 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-29 19:37 - 2018-01-01 13:25 - 000147864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-29 19:37 - 2018-01-01 13:06 - 000311192 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-29 19:37 - 2018-01-01 13:03 - 000777904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-29 19:37 - 2018-01-01 13:03 - 000650328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-29 19:37 - 2018-01-01 13:03 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-29 19:37 - 2018-01-01 13:03 - 000123512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-29 19:37 - 2018-01-01 12:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-29 19:37 - 2018-01-01 12:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-29 19:37 - 2018-01-01 12:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-29 19:37 - 2018-01-01 12:45 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-29 19:37 - 2018-01-01 12:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-29 19:37 - 2018-01-01 12:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-29 19:37 - 2018-01-01 12:34 - 000703568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-29 19:37 - 2018-01-01 12:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-29 19:37 - 2018-01-01 12:25 - 000097792 _____ C:\WINDOWS\system32\runexehelper.exe
2018-01-29 19:37 - 2018-01-01 12:24 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-29 19:37 - 2018-01-01 12:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-29 19:37 - 2018-01-01 12:24 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-29 19:37 - 2018-01-01 12:23 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-29 19:37 - 2018-01-01 12:23 - 000250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-29 19:37 - 2018-01-01 12:23 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-29 19:37 - 2018-01-01 12:23 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-29 19:37 - 2018-01-01 12:22 - 000032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rfxvmt.dll
2018-01-29 19:37 - 2018-01-01 12:22 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-29 19:37 - 2018-01-01 12:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-29 19:37 - 2018-01-01 12:21 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-29 19:37 - 2018-01-01 12:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-29 19:37 - 2018-01-01 12:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-29 19:37 - 2018-01-01 12:21 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-29 19:37 - 2018-01-01 12:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-29 19:37 - 2018-01-01 12:20 - 000524288 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-29 19:37 - 2018-01-01 12:20 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-29 19:37 - 2018-01-01 12:20 - 000204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-29 19:37 - 2018-01-01 12:20 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-29 19:37 - 2018-01-01 12:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-29 19:37 - 2018-01-01 12:20 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-29 19:37 - 2018-01-01 12:20 - 000104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-29 19:37 - 2018-01-01 12:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-29 19:37 - 2018-01-01 12:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-29 19:37 - 2018-01-01 12:19 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-29 19:37 - 2018-01-01 12:19 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-29 19:37 - 2018-01-01 12:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-29 19:37 - 2018-01-01 12:19 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-29 19:37 - 2018-01-01 12:19 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-29 19:37 - 2018-01-01 12:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-29 19:37 - 2018-01-01 12:19 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-29 19:37 - 2018-01-01 12:19 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-29 19:37 - 2018-01-01 12:19 - 000188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-29 19:37 - 2018-01-01 12:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-29 19:37 - 2018-01-01 12:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-29 19:37 - 2018-01-01 12:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-29 19:37 - 2018-01-01 12:19 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-29 19:37 - 2018-01-01 12:18 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-29 19:37 - 2018-01-01 12:18 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-29 19:37 - 2018-01-01 12:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-29 19:37 - 2018-01-01 12:17 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-29 19:37 - 2018-01-01 12:17 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-29 19:37 - 2018-01-01 12:17 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-29 19:37 - 2018-01-01 12:17 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-29 19:37 - 2018-01-01 12:17 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-29 19:37 - 2018-01-01 12:17 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-29 19:37 - 2018-01-01 12:17 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-29 19:37 - 2018-01-01 12:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-29 19:37 - 2018-01-01 12:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-29 19:37 - 2018-01-01 12:16 - 000664576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-29 19:37 - 2018-01-01 12:16 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-29 19:37 - 2018-01-01 12:16 - 000594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-29 19:37 - 2018-01-01 12:16 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-29 19:37 - 2018-01-01 12:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-29 19:37 - 2018-01-01 12:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-29 19:37 - 2018-01-01 12:15 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-29 19:37 - 2018-01-01 12:15 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-29 19:37 - 2018-01-01 12:15 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-29 19:37 - 2018-01-01 12:15 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-29 19:37 - 2018-01-01 12:15 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-29 19:37 - 2018-01-01 12:15 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-29 19:37 - 2018-01-01 12:15 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-29 19:37 - 2018-01-01 12:14 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-29 19:37 - 2018-01-01 12:14 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-29 19:37 - 2018-01-01 12:14 - 000870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-29 19:37 - 2018-01-01 12:13 - 013657600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-29 19:37 - 2018-01-01 12:13 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-29 19:37 - 2018-01-01 12:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-29 19:37 - 2018-01-01 12:12 - 002633216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-29 19:37 - 2018-01-01 12:12 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-29 19:37 - 2018-01-01 12:12 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-29 19:37 - 2018-01-01 12:12 - 000760320 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-29 19:37 - 2018-01-01 12:11 - 001955328 _____ (Microsoft Corporation) C:\WINDOWS\system32\PeerDistSvc.dll
2018-01-29 19:37 - 2018-01-01 12:11 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-29 19:37 - 2018-01-01 12:11 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-29 19:37 - 2018-01-01 12:11 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-29 19:37 - 2018-01-01 12:11 - 000812032 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-29 19:37 - 2018-01-01 12:11 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-29 19:37 - 2018-01-01 12:10 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-29 19:37 - 2018-01-01 12:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-29 19:37 - 2018-01-01 12:09 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-29 19:37 - 2018-01-01 12:08 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-29 19:37 - 2018-01-01 12:08 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-29 19:37 - 2018-01-01 12:06 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-29 19:37 - 2018-01-01 12:05 - 002510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-29 19:37 - 2018-01-01 12:05 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-29 19:36 - 2018-01-01 12:24 - 000038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-29 19:36 - 2018-01-01 12:23 - 000047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-29 19:36 - 2018-01-01 12:22 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-29 19:36 - 2018-01-01 12:22 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-29 19:36 - 2018-01-01 12:21 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2018-01-29 19:36 - 2018-01-01 12:20 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-29 19:36 - 2018-01-01 12:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-29 19:36 - 2018-01-01 12:19 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-29 19:36 - 2018-01-01 12:18 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-28 17:33 - 2018-01-28 17:33 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-01-28 17:31 - 2018-01-28 17:31 - 000000000 ___HD C:\Users\usuario\MicrosoftEdgeBackups
2018-01-28 17:30 - 2018-02-18 08:47 - 000000000 ___RD C:\Users\usuario\3D Objects
2018-01-28 17:30 - 2018-01-28 17:30 - 000000020 ___SH C:\Users\usuario\ntuser.ini
2018-01-28 17:28 - 2018-02-18 10:48 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-28 17:28 - 2018-02-15 14:47 - 000003356 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4085802308-216855206-3018638629-1001
2018-01-28 17:28 - 2018-02-06 22:21 - 000004532 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-01-28 17:28 - 2018-02-06 22:21 - 000004386 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-01-28 17:28 - 2018-01-28 17:29 - 000003546 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-01-28 17:28 - 2018-01-28 17:29 - 000003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-28 17:28 - 2018-01-28 17:29 - 000002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-28 17:28 - 2018-01-28 17:29 - 000002876 _____ C:\WINDOWS\System32\Tasks\CalendarPlus
2018-01-28 17:28 - 2018-01-28 17:29 - 000002810 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4085802308-216855206-3018638629-1001
2018-01-28 17:28 - 2018-01-28 17:28 - 000003482 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-01-28 17:28 - 2018-01-28 17:28 - 000003322 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-01-28 17:28 - 2018-01-28 17:28 - 000003244 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-4085802308-216855206-3018638629-1001
2018-01-28 17:28 - 2018-01-28 17:28 - 000003148 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-4085802308-216855206-3018638629-1001
2018-01-28 17:28 - 2018-01-28 17:28 - 000003086 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2018-01-28 17:28 - 2018-01-28 17:28 - 000003066 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CA232DDB-DCC4-4EDF-817E-7E74DC4AC645}
2018-01-28 17:28 - 2018-01-28 17:28 - 000002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-28 17:28 - 2018-01-28 17:28 - 000002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-28 17:28 - 2018-01-28 17:28 - 000002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-28 17:28 - 2018-01-28 17:28 - 000002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-01-28 17:28 - 2018-01-28 17:28 - 000002708 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2018-01-28 17:28 - 2018-01-28 17:28 - 000002382 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2018-01-28 17:28 - 2018-01-28 17:28 - 000002098 _____ C:\WINDOWS\System32\Tasks\{8BB25BC9-4AD0-4AE0-B37C-1CE8A5BD3437}
2018-01-28 17:28 - 2018-01-28 17:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\WPD
2018-01-28 17:28 - 2018-01-28 17:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2018-01-28 17:28 - 2018-01-28 17:28 - 000000000 ____D C:\WINDOWS\System32\Tasks\NCH Software
2018-01-28 17:26 - 2018-01-28 17:28 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-01-28 17:26 - 2018-01-28 17:28 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-01-28 17:22 - 2018-02-18 10:53 - 002040116 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-28 17:13 - 2018-01-28 17:13 - 000000000 ____D C:\ProgramData\USOShared
2018-01-28 17:11 - 2018-01-28 17:11 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-01-28 17:07 - 2018-01-28 17:47 - 000000000 ____D C:\Users\usuario\AppData\Local\Packages
2018-01-28 17:06 - 2018-02-18 10:21 - 000000000 ____D C:\Users\usuario
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\Reciente
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\Plantillas
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\Mis documentos
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\Menú Inicio
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\Impresoras
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\Entorno de red
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\Documents\Mis vídeos
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\Documents\Mis imágenes
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\Documents\Mi música
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\Datos de programa
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\Configuración local
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\AppData\Local\Historial
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\AppData\Local\Datos de programa
2018-01-28 17:06 - 2018-01-28 17:06 - 000000000 _SHDL C:\Users\usuario\AppData\Local\Archivos temporales de Internet
2018-01-28 17:05 - 2017-09-29 14:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-01-28 17:02 - 2018-02-18 10:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-28 17:02 - 2018-02-18 08:46 - 005099200 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-28 16:59 - 2018-02-09 22:50 - 000000000 ____D C:\Windows.old
2018-01-28 16:54 - 2018-01-28 16:59 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-01-28 16:52 - 2018-01-28 16:54 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-01-28 16:52 - 2018-01-28 16:52 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-01-28 16:51 - 2018-01-28 16:51 - 000000000 ____D C:\WINDOWS\containers
2018-01-28 16:50 - 2018-01-28 16:50 - 021754368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 017084416 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 003478016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 003331520 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 003186688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 002717392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 002666496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 002596352 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 002491112 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 002412168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 002269080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 002117632 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001970520 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001925296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001806336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001776272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001694224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001670656 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001666048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001642520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001636376 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001634288 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001554216 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001528904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001507736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001488792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001463856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001432816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000975872 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000899584 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000891800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 000887296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000840440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000768512 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000703536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000630752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-01-28 16:50 - 2018-01-28 16:50 - 000534528 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000516096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000496640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000487424 _____ (Microsoft Corporat

Ritzy:
I notice it did it again so I have continued with the remainder of the file below, followed by Addition.txt


2018-01-28 16:50 - 2018-01-28 16:50 - 000487424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000479912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000478208 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000474112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000464408 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000442880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-01-28 16:50 - 2018-01-28 16:50 - 000432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000418712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000401304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000362176 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000354304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000269696 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 000264040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000230296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000168448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 000137544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2018-01-28 16:50 - 2018-01-28 16:50 - 000097144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000060824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000047000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KeyboardFilterShim.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2018-01-28 16:50 - 2018-01-28 16:50 - 000041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-01-28 16:50 - 2018-01-28 16:50 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2018-01-28 16:50 - 2018-01-28 16:50 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2018-01-28 16:37 - 2018-01-28 16:37 - 006347776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2018-01-28 16:37 - 2018-01-28 16:37 - 005739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2018-01-28 16:37 - 2018-01-28 16:37 - 005484032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2018-01-28 16:37 - 2018-01-28 16:37 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2018-01-28 16:37 - 2018-01-28 16:37 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2018-01-28 16:36 - 2018-01-28 16:59 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-01-28 16:36 - 2018-01-28 16:36 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-01-28 16:36 - 2018-01-28 16:36 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-01-28 16:36 - 2018-01-28 16:36 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-01-28 16:36 - 2018-01-28 16:36 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-01-28 16:36 - 2018-01-28 16:36 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-01-28 16:36 - 2018-01-28 16:36 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-01-28 16:36 - 2018-01-28 16:36 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2018-01-28 16:36 - 2018-01-28 16:36 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-01-28 16:36 - 2018-01-28 16:36 - 000000000 ____D C:\Program Files\MSBuild
2018-01-28 16:36 - 2018-01-28 16:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-01-25 11:59 - 2018-01-28 16:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasySketchPro3
2018-01-25 11:58 - 2018-01-25 11:59 - 000000000 ____D C:\Program Files (x86)\EasySketchPro3
2018-01-23 14:07 - 2018-01-28 17:30 - 000000000 ___DC C:\WINDOWS\Panther
2018-01-19 21:25 - 2018-01-19 21:25 - 000000000 ____D C:\Users\usuario\Documents\Zoom

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-18 13:02 - 2015-05-14 23:35 - 000000000 ____D C:\Users\usuario\Desktop\To Watch
2018-02-18 13:01 - 2017-09-29 14:44 - 000000000 ____D C:\WINDOWS\INF
2018-02-18 12:53 - 2015-05-13 23:41 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Skype
2018-02-18 12:25 - 2016-11-08 08:34 - 000000000 ____D C:\ProgramData\NVIDIA
2018-02-18 11:14 - 2016-09-26 18:50 - 000000000 ____D C:\Users\usuario\AppData\LocalLow\Mozilla
2018-02-18 11:14 - 2016-09-23 06:31 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-02-18 11:14 - 2015-05-14 23:41 - 000001171 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-02-18 11:14 - 2015-05-14 23:41 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-02-18 11:00 - 2016-11-11 10:40 - 000000000 ____D C:\Users\usuario\AppData\Roaming\WhatsApp
2018-02-18 11:00 - 2015-05-14 23:09 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Telegram Desktop
2018-02-18 10:53 - 2017-09-30 15:40 - 000920608 _____ C:\WINDOWS\system32\perfh00A.dat
2018-02-18 10:53 - 2017-09-30 15:40 - 000191026 _____ C:\WINDOWS\system32\perfc00A.dat
2018-02-18 10:49 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-18 09:08 - 2017-09-29 14:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-18 08:55 - 2015-11-30 06:52 - 000000000 ____D C:\Users\usuario\Desktop\tempfiles
2018-02-18 08:54 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-18 08:47 - 2015-11-05 21:52 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-18 08:45 - 2017-09-29 09:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-02-18 08:43 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\TextInput
2018-02-18 08:43 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-18 08:43 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-18 08:43 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-02-18 08:43 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-02-18 08:43 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-02-18 08:13 - 2017-09-29 14:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-17 23:26 - 2017-07-09 08:54 - 000000000 ____D C:\Users\usuario\AppData\Local\GoToMeeting
2018-02-15 14:47 - 2016-01-17 15:06 - 000002402 _____ C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-15 14:47 - 2016-01-17 15:06 - 000000000 ___RD C:\Users\usuario\OneDrive
2018-02-14 13:13 - 2015-05-13 23:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-02-14 13:08 - 2017-10-11 01:26 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-02-14 13:08 - 2015-05-13 23:58 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-02-07 19:10 - 2015-06-03 19:33 - 000000000 ____D C:\Users\usuario\Documents\Outlook Files
2018-02-07 10:05 - 2015-05-13 23:20 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-06 22:21 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-02-06 22:21 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-02-06 21:36 - 2015-05-13 22:01 - 000000000 ____D C:\Users\usuario\AppData\Local\VirtualStore
2018-02-06 21:35 - 2015-05-13 22:21 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-02-04 18:43 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\rescache
2018-02-03 12:43 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-02-03 12:43 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-02-03 12:43 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-02-03 12:43 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-02-03 12:43 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Provisioning
2018-02-03 12:43 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-02-01 17:20 - 2015-07-10 17:57 - 000000000 ____D C:\Users\usuario\Downloads\Telegram Desktop
2018-02-01 11:33 - 2017-10-08 16:54 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Wondershare
2018-02-01 11:30 - 2016-11-18 09:35 - 000000000 ____D C:\ProgramData\Wondershare
2018-01-29 03:45 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\appcompat
2018-01-28 17:32 - 2016-11-08 09:03 - 000000000 ____D C:\Users\usuario\AppData\Local\ConnectedDevicesPlatform
2018-01-28 17:30 - 2016-01-17 15:01 - 000000000 ____D C:\Users\usuario\AppData\Local\TileDataLayer
2018-01-28 17:29 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\windows nt
2018-01-28 17:28 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Registration
2018-01-28 17:28 - 2017-09-29 09:45 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-28 17:26 - 2016-01-17 14:56 - 000023172 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-01-28 17:25 - 2015-05-13 22:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-01-28 17:22 - 2015-05-14 15:48 - 000002270 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-01-28 17:22 - 2015-05-13 22:22 - 001893106 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2018-01-28 17:17 - 2017-08-24 15:22 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2018-01-28 17:17 - 2016-06-10 08:37 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Facebook
2018-01-28 17:17 - 2016-02-26 09:47 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Window Registry Repair
2018-01-28 17:17 - 2016-02-25 09:11 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OptimizationAlpha
2018-01-28 17:17 - 2016-01-14 20:04 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-01-28 17:17 - 2015-09-03 05:26 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2018-01-28 17:17 - 2015-08-18 19:18 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SocialBookmarkCommando
2018-01-28 17:17 - 2015-06-18 22:16 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SearchAndClickTool
2018-01-28 17:17 - 2015-06-17 07:48 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HangoutPublishingCommando
2018-01-28 17:17 - 2015-06-03 06:31 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YoutubeLiveCommando
2018-01-28 17:17 - 2015-05-14 23:09 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Telegram Desktop
2018-01-28 17:17 - 2015-05-13 23:20 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-01-28 17:13 - 2017-09-29 14:46 - 000000000 ____D C:\ProgramData\USOPrivate
2018-01-28 17:11 - 2017-09-29 14:46 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-01-28 17:09 - 2016-11-11 10:40 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2018-01-28 17:09 - 2016-02-29 08:07 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tony Hayes
2018-01-28 17:09 - 2016-02-22 08:31 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KISS IM Limited
2018-01-28 17:09 - 2015-06-29 08:08 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Commando SEO Ltd
2018-01-28 17:09 - 2015-06-01 13:12 - 000000000 ____D C:\Users\usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kiss Internet Marketing
2018-01-28 17:05 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-01-28 17:05 - 2017-05-22 19:51 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-01-28 17:05 - 2017-05-22 19:51 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-01-28 17:05 - 2017-05-22 19:51 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-01-28 17:03 - 2017-05-22 19:50 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-01-28 17:01 - 2017-09-29 14:46 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-01-28 16:59 - 2018-01-16 18:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightworks
2018-01-28 16:59 - 2017-10-08 19:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2018-01-28 16:59 - 2017-09-29 14:49 - 000000000 ____D C:\WINDOWS\Setup
2018-01-28 16:59 - 2017-09-29 14:46 - 000000000 __RHD C:\Users\Public\Libraries
2018-01-28 16:59 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-01-28 16:59 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-01-28 16:59 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\spool
2018-01-28 16:59 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-28 16:59 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-01-28 16:59 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-28 16:59 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\InputMethod
2018-01-28 16:59 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\Help
2018-01-28 16:59 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-01-28 16:59 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-01-28 16:59 - 2017-09-15 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFescape Desktop
2018-01-28 16:59 - 2017-09-12 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker
2018-01-28 16:59 - 2017-08-25 07:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitFilm Express 2017
2018-01-28 16:59 - 2017-07-25 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2018-01-28 16:59 - 2017-07-09 20:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoRotator
2018-01-28 16:59 - 2017-07-09 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoMedia
2018-01-28 16:59 - 2017-05-12 06:37 - 000000000 ____D C:\Program Files\UNP
2018-01-28 16:59 - 2017-03-18 22:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-01-28 16:59 - 2017-03-18 13:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2018-01-28 16:59 - 2016-08-11 21:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasySketchPro
2018-01-28 16:59 - 2016-03-10 15:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipGrab
2018-01-28 16:59 - 2016-01-13 10:15 - 000000000 ____D C:\ProgramData\regid.1995-08.com.techsmith
2018-01-28 16:59 - 2016-01-13 10:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2018-01-28 16:59 - 2016-01-09 22:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2018-01-28 16:59 - 2015-12-20 16:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EasyTask
2018-01-28 16:59 - 2015-10-30 20:02 - 000000000 ____D C:\WINDOWS\ShellNew
2018-01-28 16:59 - 2015-10-22 06:53 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2018-01-28 16:59 - 2015-09-03 05:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2018-01-28 16:59 - 2015-07-31 11:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Peggle
2018-01-28 16:59 - 2015-07-28 12:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2018-01-28 16:59 - 2015-06-25 06:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-01-28 16:59 - 2015-06-18 10:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2018-01-28 16:59 - 2015-06-05 17:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download
2018-01-28 16:59 - 2015-05-30 19:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WorldWinner Games
2018-01-28 16:59 - 2015-05-18 18:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2018-01-28 16:59 - 2015-05-14 16:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-01-28 16:59 - 2015-05-14 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2018-01-28 16:59 - 2015-05-14 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2018-01-28 16:59 - 2015-05-13 23:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2018-01-28 16:59 - 2015-05-13 23:25 - 000000000 ____D C:\WINDOWS\SysWOW64\vbox
2018-01-28 16:59 - 2015-05-13 23:25 - 000000000 ____D C:\WINDOWS\system32\vbox
2018-01-28 16:59 - 2015-05-13 23:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eMule
2018-01-28 16:59 - 2015-05-13 23:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2018-01-28 16:59 - 2015-05-13 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-01-28 16:59 - 2015-05-13 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
2018-01-28 16:59 - 2015-05-13 22:22 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2018-01-28 16:59 - 2015-05-13 22:22 - 000000000 ____D C:\Program Files\Intel
2018-01-28 16:59 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2018-01-28 16:59 - 2013-08-22 16:36 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2018-01-28 16:56 - 2017-09-30 15:40 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-01-28 16:55 - 2017-09-30 15:40 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-01-28 16:55 - 2017-05-22 19:50 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-01-28 16:54 - 2017-09-12 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2018-01-28 16:54 - 2017-07-09 21:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThunderSoft
2018-01-28 16:54 - 2017-05-22 19:50 - 000000000 ____D C:\Program Files\Realtek
2018-01-28 16:54 - 2015-05-13 22:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
2018-01-28 16:51 - 2017-09-30 15:42 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-01-28 16:51 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-01-28 16:51 - 2017-09-29 14:46 - 000000000 ___RD C:\Program Files\Windows Defender
2018-01-28 16:51 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-01-28 16:51 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-01-28 16:51 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-01-28 16:51 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-01-28 16:51 - 2017-09-29 14:46 - 000000000 ____D C:\PerfLogs
2018-01-28 16:44 - 2017-09-30 15:40 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-01-28 16:44 - 2017-09-30 15:40 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-01-28 16:44 - 2017-09-30 15:40 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-01-28 16:44 - 2017-09-30 15:40 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-01-28 16:44 - 2017-09-30 15:40 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-01-28 16:44 - 2017-09-30 15:40 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-01-28 16:44 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-01-28 16:44 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-01-28 16:44 - 2017-09-29 14:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-01-28 16:44 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-01-28 16:44 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-01-28 16:44 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-01-28 16:44 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\IME
2018-01-28 16:44 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-01-28 16:44 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-01-28 16:44 - 2017-09-29 14:46 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-01-28 16:44 - 2017-09-29 09:45 - 000000000 ____D C:\WINDOWS\servicing
2018-01-28 16:37 - 2017-09-30 15:41 - 000000000 ____D C:\WINDOWS\OCR
2018-01-28 16:36 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-01-28 16:36 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-01-28 12:55 - 2015-05-18 12:53 - 000000000 ____D C:\Users\usuario\AppData\Roaming\FileZilla
2018-01-27 13:20 - 2015-05-31 16:08 - 000000650 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4085802308-216855206-3018638629-1001.job
2018-01-27 13:20 - 2015-05-17 21:46 - 000000554 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4085802308-216855206-3018638629-1001.job
2018-01-27 13:07 - 2015-06-04 16:39 - 000000000 ____D C:\Users\usuario\AppData\Local\CrashDumps
2018-01-26 13:25 - 2018-01-12 07:49 - 000000000 ____D C:\Program Files\rempl
2018-01-25 16:37 - 2017-06-01 16:42 - 000000000 ____D C:\Users\usuario\AppData\Roaming\vlc
2018-01-24 12:57 - 2017-07-30 09:23 - 000548000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-20 00:45 - 2016-11-11 10:40 - 000000000 ____D C:\Users\usuario\AppData\Local\WhatsApp
2018-01-20 00:43 - 2016-11-11 10:40 - 000000000 ____D C:\Users\usuario\AppData\Local\SquirrelTemp

==================== Files in the root of some directories =======

2015-09-03 05:26 - 2015-09-03 05:31 - 016790552 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-10-09 06:58 - 2017-12-01 21:37 - 000000132 _____ () C:\Users\usuario\AppData\Roaming\Adobe GIF Format CS6 Prefs
2016-01-30 17:53 - 2017-10-02 10:37 - 000000132 _____ () C:\Users\usuario\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-08-31 16:49 - 2016-08-31 16:49 - 000000132 _____ () C:\Users\usuario\AppData\Roaming\Adobe Targa Format CS6 Prefs
2016-03-02 07:57 - 2016-03-02 07:57 - 018918794 _____ () C:\Users\usuario\AppData\Roaming\GoogleLogin.zip
2016-06-28 08:38 - 2016-06-28 08:39 - 002253527 _____ () C:\Users\usuario\AppData\Roaming\GoogleLogin3.zip
2017-07-09 20:55 - 2017-06-22 11:07 - 000000701 _____ () C:\Users\usuario\AppData\Roaming\vsound.dll
2016-03-02 07:57 - 2016-03-02 07:58 - 035734349 _____ () C:\Users\usuario\AppData\Roaming\xulrunner.zip
2015-06-06 16:35 - 2015-06-06 16:35 - 000007605 _____ () C:\Users\usuario\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-15 09:34

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17.02.2018
Ran by usuario (18-02-2018 13:05:31)
Running from C:\Users\usuario\Desktop
Windows 10 Pro Version 1709 16299.248 (X64) (2018-01-28 16:30:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrador (S-1-5-21-4085802308-216855206-3018638629-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4085802308-216855206-3018638629-503 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4085802308-216855206-3018638629-1003 - Limited - Enabled)
Invitado (S-1-5-21-4085802308-216855206-3018638629-501 - Limited - Disabled)
usuario (S-1-5-21-4085802308-216855206-3018638629-1001 - Administrator - Enabled) => C:\Users\usuario
WDAGUtilityAccount (S-1-5-21-4085802308-216855206-3018638629-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 3.5 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.5.0.1601 - Open Media LLC)
Adobe Acrobat Reader DC - Español (HKLM-x32\...\{AC76BA86-7AD7-1034-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Flash Player 28 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 28.0.0.161 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\Adobe Photoshop CS6) (Version: 13.0.0.0 - © The Computer Guy Tony)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ares 2.3.0 (HKLM-x32\...\Ares) (Version: 2.3.0-Build#3054 - Seekar Ltd)
ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.)
BlueStacks 3 (HKLM-x32\...\BlueStacks) (Version: 3.7.41.1619 - BlueStack Systems, Inc.)
Bookmark Alpha (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\387b354e327e9316) (Version: 1.0.0.1 - Kiss Internet Marketing)
Camtasia Studio 8 (HKLM-x32\...\{A2A41B60-D51F-4C04-BC94-B4C94F7B6DC0}) (Version: 8.6.0.2054 - TechSmith Corporation)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
ClipGrab 3.5.6 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version:  - Philipp Schmieder Medien)
Compresor WinRAR (HKLM-x32\...\WinRAR archiver) (Version:  - )
CyberLink PowerDirector 15 (HKLM-x32\...\{FA285575-B543-4E6E-A573-A4F534AC9965}) (Version: 15.0.2820.0 - CyberLink Corp.)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
EasySketchPro version 1.1.0 (HKLM-x32\...\{90BB7D95-EBCA-4276-B15E-156F85E8B1DA}_is1) (Version: 1.1.0 - Inner Cirle Riches)
EasySketchPro3 version 3.0.6 (HKLM-x32\...\{2C96454E-7152-449D-8FE9-4A32D2171165}_is1) (Version: 3.0.6 - My Dot Com Business)
EasyTask (HKLM-x32\...\EasyTask) (Version:  - )
eMule (HKLM-x32\...\eMule) (Version:  - )
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
Facebook Games Arcade 0.6.0.1 (HKLM-x32\...\{F31484D6-A5E7-401E-B571-8B035E27AB56}) (Version: 0.6.0.1 - Facebook)
FileZilla Client 3.30.0 (HKLM-x32\...\FileZilla Client) (Version: 3.30.0 - Tim Kosse)
Foxit PhantomPDF (HKLM-x32\...\{ED1E71CA-8974-11E7-8692-000C29C1951D}) (Version: 8.3.2.25013 - Foxit Software Inc.)
Free Video Cutter Joiner 10.4 (HKLM-x32\...\{8C5A4758-C782-4200-B337-DB3466D33ADD}}_is1) (Version: 10.4 - DVDVideoMedia, Inc.)
Free Video Editor 7.3.0 (HKLM-x32\...\{c23a3d87-c9c5-49cd-9632-42d7491c17a2}_is1) (Version: 7.3.0 - ThunderSoft International LLC.)
Free Window Registry Repair (HKLM-x32\...\Free Window Registry Repair) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 63.0.3239.132 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.15 - Google Inc.) Hidden
GoToMeeting 8.20.0.8199 (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\GoToMeeting) (Version: 8.20.0.8199 - LogMeIn, Inc.)
HangoutPublishingCommando (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\30a6235d04acd2ff) (Version: 1.1.0.12 - HangoutPublishingCommando)
HitFilm Express 2017 (HKLM\...\{01DF9929-F932-49CB-BDFE-6FC20F724056}) (Version: 5.0.6718.07202 - FXHOME)
IFTTT Backlink Commando (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\a3133e9c8c528059) (Version: 1.5.0.0 - Commando SEO Ltd.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{0EC7F9CC-4741-45AE-9F55-6E9343F726F5}) (Version: 1.1.0.36960 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jing (HKLM-x32\...\{8C784F8B-89D0-4A59-A000-7EEF129E1574}) (Version: 2.9.15255.1 - TechSmith Corporation)
K-Lite Codec Pack 7.2.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 7.2.0 - )
KMSpico v9.3.3 (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: 9.3.2 - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 14.0.0.0 - EditShare)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 59.0 (x64 en-US) (HKLM\...\Mozilla Firefox 59.0 (x64 en-US)) (Version: 59.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 59.0.0.6613 - Mozilla)
Namecheap Accounts Creator (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\d395f5353c1de7c5) (Version: 1.0.0.7 - Commando SEO Ltd.)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
NVIDIA Controlador de la controladora 3D Vision 349.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 349.95 - NVIDIA Corporation)
NVIDIA Software del sistema PhysX 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
NVIDIA Update 29.1.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 29.1.0.0 - NVIDIA Corporation)
OptimizationAlpha (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\23c65d9c6afe300a) (Version: 1.0.0.65 - OptimizationAlpha)
Panel de control de NVIDIA 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel) (Version: 388.13 - NVIDIA Corporation) Hidden
Paquete de idioma de Microsoft Visual Studio 2010 Tools para Office Runtime (x64) - ESN (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - ESN) (Version: 10.0.50903 - Microsoft Corporation)
PDFescape Desktop (HKLM-x32\...\PDFescape Desktop) (Version: 2.0.35.34126 - RedSoftware)
PDFescape Desktop Asian Fonts Pack (HKLM\...\{ED6ED3F9-31AC-4360-9F30-7909FC5B66CF}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Convert Module (HKLM\...\{88332A12-914F-43C2-A1F2-F5E225642EBD}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Create Module (HKLM\...\{1494D0BD-6284-43C2-87A1-5B2F7A5CA5C1}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Edit Module (HKLM\...\{37E3FFCA-6A24-4762-826F-4F43F0A97C2E}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Forms Module (HKLM\...\{6F3B51B6-B27B-4D14-96C5-4B1C1D1149B7}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Insert Module (HKLM\...\{2F895ED2-6998-4C39-8668-7117804D127A}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Review Module (HKLM\...\{9BC922F2-4D2F-4FD6-B7C8-9E1C63B3ED39}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop Secure Module (HKLM\...\{D20659F5-61A5-4385-A267-77CF442C1CB0}) (Version: 2.0.36.34130 - Red Software) Hidden
PDFescape Desktop View Module (HKLM\...\{EC492F74-CD9C-419A-8FFA-C49319F59955}) (Version: 2.0.36.34130 - Red Software) Hidden
Project Manager (HKLM-x32\...\{D3A311C8-B8A2-4678-9207-1D3C7E5D641A}) (Version: 1.00.0001 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7004 - Realtek Semiconductor Corp.)
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SearchAndClickTool (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\387355c0b6a8ee91) (Version: 1.0.2.520 - SearchAndClickTool)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.104 - Skype Technologies S.A.)
Social Account Creator (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\6db3d02492f0fb90) (Version: 1.0.6.76 - Commando SEO Ltd.)
SocialBookmarkCommando (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\b764d50436931b56) (Version: 1.0.8.54 - SocialBookmarkCommando)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 5.25 - NCH Software)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
Telegram Desktop version 1.2.6 (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 1.2.6 - Telegram Messenger LLP)
Tube Playlist Commando Advanced (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\aef23f987a93ab4b) (Version: 1.0.0.8 - Tony Hayes)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
VC_CRT_x64 (HKLM\...\{54F2237F-018C-483B-8884-9FC0D88840C3}) (Version: 1.02.0000 - Intel Corporation) Hidden
Vid Attack Alpha (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\9ddf3b4981ddcf8c) (Version: 3.0.0.6 - KISS IM Limited)
Video Rotator V4 (HKLM-x32\...\Video Rotator_is1) (Version:  - VideoRotator.com)
Video Synd Alpha - 1  (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\648c9f5a98de52db) (Version: 1.21.0.2 - Kiss Internet Marketing)
Video Synd Alpha (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\7dbae254c8c8c216) (Version: 1.8.0.0 - Kiss Internet Marketing)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
WhatsApp (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\WhatsApp) (Version: 0.2.8082 - WhatsApp)
Windows Movie Maker 2016 (HKLM-x32\...\{3CC29C1A-B5FE-457B-8F22-32A2videowin}}_is1) (Version:  - videowinsoft.com)
WorldWinner Games (HKLM-x32\...\{2A82EBFC-89AB-41EA-80E8-A07C73C752A0}) (Version: 1.10.0.25 - WorldWinner.com, Inc.)
XAMPP (HKLM-x32\...\xampp) (Version: 7.0.21-0 - Bitnami)
YoutubeLiveCommando (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\c926c8877468b571) (Version: 1.1.0.85 - YoutubeLiveCommando)
Zoom (HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4085802308-216855206-3018638629-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\usuario\AppData\Local\Citrix\GoToMeeting\4911\G2MOutlookAddin64.dll => No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {D3C28D54-72B8-4B8D-B204-157EFA9BF3E7} => C:\Program Files\PDFescape Desktop\context-menu.dll [2017-07-13] (Red Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\Winrar\rarext64.dll [2010-03-15] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\Winrar\rarext.dll [2010-03-15] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41

Ritzy:
and I continue here with the remainder of Addition.txt

ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
ContextMenuHandlers1: [PDFescapeDesktop_ManagerExt] -> {D3C28D54-72B8-4B8D-B204-157EFA9BF3E7} => C:\Program Files\PDFescape Desktop\context-menu.dll [2017-07-13] (Red Software)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\Winrar\rarext64.dll [2010-03-15] ()
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\Winrar\rarext.dll [2010-03-15] ()
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-03-18] (Microsoft Corporation)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\Winrar\rarext64.dll [2010-03-15] ()
ContextMenuHandlers4-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\Winrar\rarext.dll [2010-03-15] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x64.dll [2017-08-19] (Foxit Software Inc.)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\Winrar\rarext64.dll [2010-03-15] ()
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\Winrar\rarext.dll [2010-03-15] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {084CDF6E-AE87-4A2D-BF9A-D8FB38D8EF26} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1335A120-D69D-4EF6-8B78-48B6950A50C6} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {150FB535-633A-4D7F-AFEB-3D0E2FE1F4AB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2018-02-14] (Microsoft Corporation)
Task: {1645741A-DF5D-4D96-A8EA-F56E0E0424EA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {19C61457-1C92-4E52-BD0B-E32B122468F0} - System32\Tasks\{8BB25BC9-4AD0-4AE0-B37C-1CE8A5BD3437} => C:\Windows\system32\pcalua.exe -a "C:\Users\usuario\AppData\Roaming\Store\WindApp\WindApp Uninstall.exe" -c /cpanel=1
Task: {1D810993-BA4D-4209-9C14-584999503198} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe
Task: {251CE985-5B07-4F69-9B50-137F993FBBE5} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3067798A-D45C-4D10-B2A7-216524A4F9A5} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {37CABFC9-14DB-40F9-9C74-32DF6169EC81} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {3B2B4810-92BD-4190-AB60-BE7E49130D64} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-10-11] (NVIDIA Corporation)
Task: {4E16B245-06A7-4BD9-A84E-B44185A2E90A} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {55971C88-CB33-419F-95F2-CC452F07912C} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {5BC9E000-D959-4146-B245-4C9203D364F1} - System32\Tasks\G2MUploadTask-S-1-5-21-4085802308-216855206-3018638629-1001 => C:\Users\usuario\AppData\Local\GoToMeeting\8199\g2mupload.exe [2018-01-19] (LogMeIn, Inc.)
Task: {5F04C716-8AD3-4B70-88A5-25B08217B405} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {6AEADBEC-EB15-49AA-A479-543316A15165} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6AFAA41E-E984-40D1-91FF-F63B37856E81} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_28_0_0_161_pepper.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {726019EF-9649-48BC-8BC6-DADA691B61C8} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {737FF131-D67B-4CF2-A8F3-B37D75D6C93F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {746731D1-45BF-4480-8686-0762DDA7274C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {7ABBB36F-1F23-4722-8F9B-CF07711B5338} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {7B9649E8-1F73-4077-9BEB-4AFED6126855} - \WPD\SqmUpload_S-1-5-21-4085802308-216855206-3018638629-1001 -> No File <==== ATTENTION
Task: {7E236778-2D95-44FD-A309-085D81137DE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {8597AC4A-3CF1-4ED6-8E58-2D3D1995F7E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {862021CB-3A37-4076-BE2A-DD971F1AA6B8} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-10-11] (NVIDIA Corporation)
Task: {8AE123FC-A891-45A8-9BE7-13462B9D2174} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8AFFFD78-6FD8-47A1-94C8-A94D96520CB1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {93C5F905-D3A8-42C3-84CD-B69C755714CE} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {9414E745-F776-4158-9A49-470DB1A2614A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9ABAD6BC-2504-4880-BB4D-7E2C4F9B6904} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {AC22194E-5173-4628-AA87-8A5DB609EAC6} - System32\Tasks\G2MUpdateTask-S-1-5-21-4085802308-216855206-3018638629-1001 => C:\Users\usuario\AppData\Local\GoToMeeting\8199\g2mupdate.exe [2018-01-19] (LogMeIn, Inc.)
Task: {B5E5939F-3B1D-411C-8145-DEC192BEC6DB} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-02-06] (Adobe Systems Incorporated)
Task: {CD37325D-859B-4987-911A-6C2788A6B809} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {D37BB48D-7503-4FEE-88AB-A4A909CE7932} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
Task: {E5C82DE4-3CCB-4410-BF4C-09E19810A1CC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {E686433C-75D2-4EAE-87BE-B67A5EC1D802} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-10-11] (NVIDIA Corporation)
Task: {E7C72860-7644-479C-851B-C644B5E5EE0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-05-14] (Google Inc.)
Task: {EB196156-4E5D-42B2-A377-8715989F3A19} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-19] (Microsoft Corporation)
Task: {EDEA6D44-D2EA-4CF9-868C-90F1F088AA5E} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-10-11] (NVIDIA Corporation)
Task: {FECC2819-F994-4013-8B38-4097861A3CD7} - System32\Tasks\CalendarPlus => c:\programdata\{3aaf9e65-de2d-47ef-3aaf-f9e65de27997}\tube linkwheel commando (lite)-_ed-.rar.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CalendarPlus.job => c:\programdata\{3aaf9e65-de2d-47ef-3aaf-f9e65de27997}\tube linkwheel commando (lite)-_ed-.rar.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-4085802308-216855206-3018638629-1001.job => C:\Users\usuario\AppData\Local\GoToMeeting\8199\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-4085802308-216855206-3018638629-1001.job => C:\Users\usuario\AppData\Local\GoToMeeting\8199\g2mupload.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\usuario\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.htm

==================== Loaded Modules (Whitelisted) ==============

2017-09-29 14:41 - 2017-09-29 14:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2013-09-04 23:17 - 2013-09-04 23:17 - 004300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 008801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-13 23:20 - 2010-03-15 10:28 - 000052224 _____ () C:\Program Files (x86)\Winrar\rarext64.dll
2018-01-08 14:00 - 2018-01-08 14:00 - 000076456 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2018-02-14 12:58 - 2018-02-10 05:39 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-02-14 12:57 - 2018-02-10 05:36 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-29 19:48 - 2018-01-29 19:48 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-01-29 19:48 - 2018-01-29 19:48 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-01-29 19:48 - 2018-01-29 19:49 - 025135104 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-01-29 19:48 - 2018-01-29 19:49 - 002542592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1803.279.0_x64__kzf8qxf38zg5c\skypert.dll
2018-01-06 05:04 - 2018-01-03 10:20 - 004063064 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libglesv2.dll
2018-01-06 05:04 - 2018-01-03 10:20 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\63.0.3239.132\libegl.dll
2018-01-20 00:45 - 2018-01-20 00:45 - 002144528 _____ () C:\Users\usuario\AppData\Local\WhatsApp\app-0.2.8082\ffmpeg.dll
2018-02-18 11:00 - 2018-02-18 11:00 - 000492032 _____ () \\?\C:\Users\usuario\AppData\Local\Temp\9BEC.tmp.node
2018-01-20 00:45 - 2018-01-20 00:45 - 002555152 _____ () C:\Users\usuario\AppData\Local\WhatsApp\app-0.2.8082\libglesv2.dll
2018-01-20 00:45 - 2018-01-20 00:45 - 000096528 _____ () C:\Users\usuario\AppData\Local\WhatsApp\app-0.2.8082\libegl.dll
2018-02-18 11:00 - 2018-02-18 11:00 - 000492032 _____ () \\?\C:\Users\usuario\AppData\Local\Temp\A727.tmp.node
2018-02-06 22:21 - 2018-02-06 22:21 - 031237632 _____ () C:\WINDOWS\system32\Macromed\Flash\pepflashplayer64_28_0_0_161.dll
2017-09-29 14:41 - 2017-09-29 14:41 - 000047616 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-02-14 12:57 - 2018-02-10 05:41 - 004173824 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2018-02-14 12:58 - 2018-02-10 05:41 - 003662336 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2017-09-26 21:22 - 2017-09-26 21:22 - 001984000 ____R () C:\Program Files (x86)\Skype\Phone\skypert.dll
2015-12-01 15:37 - 2015-12-01 15:37 - 000439504 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2015-12-01 15:37 - 2015-12-01 15:37 - 000321232 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2015-05-13 22:24 - 2013-09-03 15:52 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:30FF836C [127]
AlternateDataStreams: C:\ProgramData\TEMP:36E20A37 [105]
AlternateDataStreams: C:\ProgramData\TEMP:5886DCB8 [106]
AlternateDataStreams: C:\Users\usuario\Downloads\bricksofegypt_at.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\buildalot2_at.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\camtasia.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\EasyTask.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\en_peggle_inst.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\HMA-Pro-VPN-2.8.19.0-install.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\HMA-Pro-VPN-2.8.24.0-installer.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\kodi-15.2-Isengard.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\lastpass_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\Opera_1217_en_Setup_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\Opera_NI_stable.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\SafariSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\setup.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\Silverlight_x64.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\SkypeSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\TubeSeoCommando.VideoLinkwheelCommando.dll:BDU [0]
AlternateDataStreams: C:\Users\usuario\Downloads\vlc-2.1.5-win32.exe:BDU [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2016-06-12 11:26 - 000000889 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1   activate.adobe.com
127.0.0.1   practivate.adobe.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4085802308-216855206-3018638629-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img2.jpg
DNS Servers: 5.34.150.25 - 5.34.150.26
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\StartupApproved\Run: => "Speech Recognition"
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\StartupApproved\Run: => "application"
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\StartupApproved\Run: => "Youtube Live Commando"
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\StartupApproved\Run: => "Social Bookmark Commando"
HKU\S-1-5-21-4085802308-216855206-3018638629-1001\...\StartupApproved\Run: => "Jing"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B1E5F5DB-0130-4350-B598-58CA663E94E9}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{2E018467-9BDB-4C23-9EE2-28735E5BC32E}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{99FB429D-88DF-44A3-8252-F9F6D9DEAC1F}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{EE9B1E75-C227-4141-A28D-0C559D04BA7C}] => (Allow) C:\Program Files\Lightworks\lightworks.exe
FirewallRules: [{EAAF9892-DA14-401D-8DBC-085DD899C257}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{564A8CCA-9054-42E7-B7F9-DA7A21039DCE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{756496BC-C97E-4BE0-A23B-F0192A8F15A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{25D0BADF-DEAB-4CD4-8404-63EE05D7A941}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{B428467D-DA2C-413D-81D1-C54C9A1070A9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{43BF4E78-AF50-4B67-9CEC-D10ABD0F7043}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{FB3B18EC-DEE8-48FD-8526-AF80F66BA40B}] => (Allow) C:\Program Files\CyberLink\PowerDirector15\PDR10.EXE
FirewallRules: [{0D95972D-19E9-4373-96DD-0C8DD7BA31F9}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
FirewallRules: [UDP Query User{20F28742-6DFE-41D2-9A7C-79464274E1C4}C:\users\usuario\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\usuario\appdata\roaming\telegram desktop\telegram.exe
FirewallRules: [TCP Query User{16917DC5-ABFA-4AA5-B171-D68CCB3AD107}C:\users\usuario\appdata\roaming\telegram desktop\telegram.exe] => (Allow) C:\users\usuario\appdata\roaming\telegram desktop\telegram.exe
FirewallRules: [UDP Query User{5C99B7A9-F247-4D30-84B0-6ED781924638}C:\program files (x86)\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\java.exe
FirewallRules: [TCP Query User{D1D6909A-F634-4DEA-8068-F1BB6F771F0B}C:\program files (x86)\java\jre1.8.0_51\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_51\bin\java.exe
FirewallRules: [UDP Query User{462CEBB2-E79E-4245-B9EA-6AC69111ADCB}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
FirewallRules: [TCP Query User{DC192822-1C48-4FC8-B15E-5C6373708B95}C:\xampp\mercurymail\mercury.exe] => (Allow) C:\xampp\mercurymail\mercury.exe
FirewallRules: [UDP Query User{B8BCD6EF-C325-4995-B146-C57147CBCA20}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{A64D42CF-B625-48A5-B453-A925C91747DF}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{EFAFC12B-4098-4394-B112-F5BCE4438A90}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{1B40C51B-8C84-41E4-9121-2A5C60A6FB4F}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{0ACF9A35-830A-4B9B-A04A-4E3217A06B7C}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{7EA0AE7A-6C35-4288-A150-8F67BA3352AF}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
FirewallRules: [{BE062077-BDBD-482D-BA79-AB7A257F48A4}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [{E9583327-8545-4530-8D32-C475ED5DDB86}] => (Allow) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
FirewallRules: [TCP Query User{0A741990-20C5-48B7-B848-6E06037FE993}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{9057E82A-7234-4F09-BB91-A8D8235D9302}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [{9A318E7F-5AAA-4942-BE4F-FFF8A9A74DED}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{54968441-448B-41E6-8276-4941EA0C74A4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{98EF6BD4-14A8-44BD-AB11-5D1373F273F5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{1DF1FFE5-EE64-4D71-BA37-AF12F7365293}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{34FC3D8D-7613-492F-A857-39601CB8F041}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{68A82340-B8B4-4BDD-9E9D-D70107D248F9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0C06E096-C27F-49B2-A848-7C455DAB3429}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D4077097-9672-4FC0-B07F-C6FBD1EE1042}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{CE5D011F-1A81-44FB-8023-C05137977FA5}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper.exe
FirewallRules: [{5DE3CE7B-47AC-4B3C-A94F-EB27C0B08480}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{24306AA2-5172-4CFB-8FBD-279FC29CAD87}] => (Allow) C:\Program Files\Opera x64\pluginwrapper\opera_plugin_wrapper_32.exe
FirewallRules: [{C0EE5AE9-6B7A-495A-8310-7F665B149EE5}] => (Allow) C:\Program Files\Opera x64\opera.exe
FirewallRules: [{B18D7B20-F2BA-4186-B6A3-28E8B4707EDF}] => (Allow) C:\Program Files\Opera x64\opera.exe
FirewallRules: [TCP Query User{7AE8FDFC-984C-4085-8018-9277C0E6BCD6}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{E7ECDECA-A867-4704-A672-3D4D929CD634}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{F07D8938-47CC-4D59-BD17-9AA309ACF9D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FC1196AA-04B3-4AD3-B398-8E970526B3BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{D5CDA169-45E5-4CBD-862A-FEA2B6B057DC}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{22F3FD01-8719-46AB-87F7-A32472215964}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{F70981A3-F8ED-4302-939F-E17C81EA62DE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{C6163E9D-EEB8-4A6E-8C30-86CD8340EB71}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{96A014AC-C800-4A35-9A73-579B411194D7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{68EDC731-6553-43CC-9DF9-EC0F3A620CBA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{BF2E1450-94BC-463E-86F3-18EEAB28DAF2}] => (Allow) LPort=8317
FirewallRules: [TCP Query User{2F1D6FE9-2068-4EAF-B0D6-F8093E3179FC}C:\program files (x86)\prompt downloader\promptdownloader.exe] => (Block) C:\program files (x86)\prompt downloader\promptdownloader.exe
FirewallRules: [UDP Query User{0952DD75-A607-41CE-A7B1-5B1B15DBB124}C:\program files (x86)\prompt downloader\promptdownloader.exe] => (Block) C:\program files (x86)\prompt downloader\promptdownloader.exe
FirewallRules: [{68CFE1AE-7E78-4B6C-B1F4-01A9DFED1142}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{38BDA59C-D568-4C7E-A0DC-611BC6A10E5B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4E0E33EB-A31F-403B-A26F-8DFA526B485E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{AB629B9C-E3DC-42D8-8A15-9F26795C7085}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{79F05E41-07AB-40CE-B6F8-88833F6D0D59}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [{68D86789-4EBE-4CFF-99B5-C0C632E0D620}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal\hl2.exe
FirewallRules: [TCP Query User{0FB29D30-9FA0-4892-BECA-6C5696BFE0D2}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{0FABD133-B7C3-4496-9720-2B46A8D0C563}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

==================== Restore Points =========================

29-01-2018 19:36:08 Windows Update
07-02-2018 15:47:24 Windows Update
12-02-2018 17:51:57 Instalador de Módulos de Windows

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/18/2018 09:16:39 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/06/2018 09:36:15 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, Controlador no válido.
.


Operación:
   Ejecutando operación asincrónica

Contexto:
   Estado actual: DoSnapshotSet

Error: (02/01/2018 11:28:37 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown

Error: (01/28/2018 05:26:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Error: (01/28/2018 05:26:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupDepartureEvent" whose target class "WSP_ReplicationGroupDepartureEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Error: (01/28/2018 05:26:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider wsp_sr attempted to register query "select * from WSP_ReplicationGroupArrivalEvent" whose target class "WSP_ReplicationGroupArrivalEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Error: (01/28/2018 05:26:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from WSP_ReplicationGroupModificationEvent" whose target class "WSP_ReplicationGroupModificationEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.

Error: (01/28/2018 05:26:19 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Event provider  attempted to register query "select * from WSP_ReplicationGroupDepartureEvent" whose target class "WSP_ReplicationGroupDepartureEvent" in //./root/Microsoft/Windows/Storage/Providers_v2 namespace does not exist. The query will be ignored.


System errors:
=============
Error: (02/18/2018 10:53:13 AM) (Source: DCOM) (EventID: 10016) (User: nox)
Description: The específico de la aplicación permission settings do not grant Local Activación permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user nox\usuario SID (S-1-5-21-4085802308-216855206-3018638629-1001) from address LocalHost (con LRPC) running in the application container No disponible SID (No disponible). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2018 10:48:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The específico de la aplicación permission settings do not grant Local Activación permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\SERVICIO LOCAL SID (S-1-5-19) from address LocalHost (con LRPC) running in the application container No disponible SID (No disponible). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2018 10:48:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The específico de la aplicación permission settings do not grant Local Activación permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\SERVICIO LOCAL SID (S-1-5-19) from address LocalHost (con LRPC) running in the application container No disponible SID (No disponible). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2018 10:48:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The específico de la aplicación permission settings do not grant Local Activación permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\SERVICIO LOCAL SID (S-1-5-19) from address LocalHost (con LRPC) running in the application container No disponible SID (No disponible). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2018 10:48:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The específico de la aplicación permission settings do not grant Local Activación permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\SERVICIO LOCAL SID (S-1-5-19) from address LocalHost (con LRPC) running in the application container No disponible SID (No disponible). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2018 10:48:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The específico de la aplicación permission settings do not grant Local Activación permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\SERVICIO LOCAL SID (S-1-5-19) from address LocalHost (con LRPC) running in the application container No disponible SID (No disponible). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2018 10:48:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The específico de la aplicación permission settings do not grant Local Activación permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\SERVICIO LOCAL SID (S-1-5-19) from address LocalHost (con LRPC) running in the application container No disponible SID (No disponible). This security permission can be modified using the Component Services administrative tool.

Error: (02/18/2018 10:48:18 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:20:53 on ‎18/‎02/‎2018 was unexpected.


Windows Defender:
===================================
Date: 2018-02-18 13:01:31.657
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.B!cl&threatid=2147723653&enterprise=0
Name: Trojan:Win32/Fuerboos.B!cl
ID: 2147723653
Severity: Grave
Category: Caballo de Troya
Path: file:_C:\Users\usuario\Desktop\Unconfirmed 255253.crdownload
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Signature Version: AV: 1.261.1320.0, AS: 1.261.1320.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-18 11:19:26.948
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.B!cl&threatid=2147723653&enterprise=0
Name: Trojan:Win32/Fuerboos.B!cl
ID: 2147723653
Severity: Grave
Category: Caballo de Troya
Path: file:_C:\Users\usuario\Desktop\RGSA.exe;webfile:_C:\Users\usuario\Desktop\RGSA.exe|http://rocketgrannie.spywareinfoforum.org/RGSA.exe|chrome.exe
Detection Origin: Internet
Detection Type: FastPath
Detection Source: Downloads and attachments
Process Name: Unknown
Signature Version: AV: 1.261.1320.0, AS: 1.261.1320.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-18 11:19:21.135
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Fuerboos.B!cl&threatid=2147723653&enterprise=0
Name: Trojan:Win32/Fuerboos.B!cl
ID: 2147723653
Severity: Grave
Category: Caballo de Troya
Path: file:_C:\Users\usuario\Desktop\RGSA.exe
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\System32\SearchProtocolHost.exe
Signature Version: AV: 1.261.1320.0, AS: 1.261.1320.0, NIS: 118.2.0.0
Engine Version: AM: 1.1.14500.5, NIS: 2.1.14202.0

Date: 2018-02-18 09:31:47.059
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {C087DA75-AA06-4F26-BA2F-BD9E10623B1A}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-18 09:27:12.012
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {748BB60A-394D-4DA6-84AB-FB7255ACE450}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-01-31 17:39:50.568
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.566.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x800704e8
Error description: El sistema remoto no está disponible. Para obtener más información sobre cómo solucionar problemas en la red, vea la Ayuda de Windows.

Date: 2018-01-31 17:39:50.568
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x800704e8
Error description: El sistema remoto no está disponible. Para obtener más información sobre cómo solucionar problemas en la red, vea la Ayuda de Windows.

Date: 2018-01-31 17:39:49.648
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.566.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: Se superó el tiempo de espera para la operación

Date: 2018-01-31 17:39:49.647
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.566.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: Se superó el tiempo de espera para la operación

Date: 2018-01-31 17:39:49.647
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.566.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee2
Error description: Se superó el tiempo de espera para la operación

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Percentage of memory in use: 58%
Total physical RAM: 8111.07 MB
Available physical RAM: 3400.76 MB
Total Virtual: 12207.07 MB
Available Virtual: 6113.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.73 GB) (Free:472.47 GB) NTFS

\\?\Volume{1e9160f0-f9b2-11e4-8250-806e6f6e6963}\ (Reservado para el sistema) (Fixed) (Total:0.34 GB) (Free:0.06 GB) NTFS
\\?\Volume{5bd83916-0000-0000-0000-a0c4e8000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 5BD83916)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Navigation

[0] Message Index

[#] Next page

Go to full version