Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04.10.2018 Ran by chefcito (administrator) on CHEFCITO-PC (04-10-2018 22:34:30) Running from C:\Users\chefcito\Downloads Loaded Profiles: chefcito & anett (Available Profiles: chefcito & anett) Platform: Windows 10 Home Single Language Version 1803 17134.285 (X64) Language: Español (España, internacional) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (arvato digital services llc) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\MsMpEng.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHDCPSvc.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHeciSvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxEM.exe (CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1809.2-0\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\CastSrv.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.30.98.1000_x64__kzf8qxf38zg5c\SkypeApp.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Dell Inc.) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Microsoft Corporation) C:\Users\anett\AppData\Local\Microsoft\OneDrive\18.151.0729.0012\FileCoAuth.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.30.98.1000_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\LogonUI.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxEM.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Microsoft Corporation) C:\Windows\System32\CastSrv.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (Spotify Ltd) C:\Users\chefcito\AppData\Roaming\Spotify\Spotify.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Spotify Ltd) C:\Users\chefcito\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\chefcito\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) C:\Users\chefcito\AppData\Roaming\Spotify\Spotify.exe (Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleFirefoxHost.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9226752 2017-05-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-05-04] (Realtek Semiconductor) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation) HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [5786576 2015-06-24] (Dell Inc.) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1485312 2017-05-04] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [723928 2017-01-26] (Waves Audio Ltd.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.) HKLM-x32\...\Run: [5KPlayer.exe] => C:\Program Files (x86)\DearMob\5KPlayer\5KPlayer.exe [4188560 2017-01-03] () HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation) HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation) HKU\S-1-5-21-3116818766-2193367744-924395030-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2018-06-26] (Apple Inc.) HKU\S-1-5-21-3116818766-2193367744-924395030-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2018-06-26] (Apple Inc.) HKU\S-1-5-21-3116818766-2193367744-924395030-1001\...\Run: [uTorrent] => C:\Users\chefcito\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-07-13] (BitTorrent Inc.) HKU\S-1-5-21-3116818766-2193367744-924395030-1001\...\Run: [Spotify] => C:\Users\chefcito\AppData\Roaming\Spotify\Spotify.exe [24907496 2018-09-30] (Spotify Ltd) HKU\S-1-5-21-3116818766-2193367744-924395030-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18594760 2018-09-19] (Piriform Ltd) Startup: C:\Users\chefcito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-09-30] ShortcutTarget: MEGAsync.lnk -> C:\Users\chefcito\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.186.6.2 187.253.45.10 Tcpip\..\Interfaces\{0f279eee-915e-4bfe-bb54-895bdd9917cf}: [DhcpNameServer] 10.186.0.5 10.186.6.2 Tcpip\..\Interfaces\{c1af83ad-c0f2-4560-8e1b-ad900346523c}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{c1af83ad-c0f2-4560-8e1b-ad900346523c}: [DhcpNameServer] 10.186.6.2 187.253.45.10 Tcpip\..\Interfaces\{c7b9d4bf-0d03-4e88-97fd-a2405ea60ab4}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{cecddcb6-d0e0-495d-9cf7-70d1793de4c7}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{d61ad545-772b-4fab-b36b-fa0001782033}: [DhcpNameServer] 8.8.8.8 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-3116818766-2193367744-924395030-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE HKU\S-1-5-21-3116818766-2193367744-924395030-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=DCTE HKU\S-1-5-21-3116818766-2193367744-924395030-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE SearchScopes: HKU\S-1-5-21-3116818766-2193367744-924395030-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 SearchScopes: HKU\S-1-5-21-3116818766-2193367744-924395030-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 SearchScopes: HKU\S-1-5-21-3116818766-2193367744-924395030-1001 -> {F723B136-8FBD-415C-97FB-9BF90302C1BA} URL = BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO64.dll [2017-03-18] (iTools.hk) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation) BHO-x32: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation) BHO-x32: BHOImpl Class -> {E1499FE7-129D-4B6E-B681-DDF21E14172C} -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\iToolsBHO.dll [2017-03-18] (iTools.hk) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File Edge: ====== Edge Extension: (Office Online) -> 2016_MicrosoftOfficeOnline_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.OfficeOnline_1.5.8.0_neutral__8wekyb3d8bbwe [2018-04-30] FireFox: ======== FF ProfilePath: C:\Users\chefcito\AppData\Roaming\Mozilla\Firefox\Profiles\mi67a69t.default-1488060857017 [2018-10-04] FF Homepage: Mozilla\Firefox\Profiles\mi67a69t.default-1488060857017 -> about:home FF NewTab: Mozilla\Firefox\Profiles\mi67a69t.default-1488060857017 -> hxxps://mx.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180603__yaff FF Extension: (iCloud Bookmarks) - C:\Users\chefcito\AppData\Roaming\Mozilla\Firefox\Profiles\mi67a69t.default-1488060857017\Extensions\firefoxdav@icloud.com.xpi [2018-08-01] FF Extension: (Pinterest Save Button) - C:\Users\chefcito\AppData\Roaming\Mozilla\Firefox\Profiles\mi67a69t.default-1488060857017\Extensions\jid1-YcMV6ngYmQRA2w@jetpack.xpi [2018-09-25] FF Extension: (FindFlix: Netflix Secret Category Finder) - C:\Users\chefcito\AppData\Roaming\Mozilla\Firefox\Profiles\mi67a69t.default-1488060857017\Extensions\njgopmododdceghkcgbmgfffamnjbjno@chrome-store-foxified-unsigned.xpi [2018-01-14] FF Extension: (Strava, export gpx track) - C:\Users\chefcito\AppData\Roaming\Mozilla\Firefox\Profiles\mi67a69t.default-1488060857017\Extensions\strava-export-gpx@e-ivanov.ru.xpi [2018-01-13] FF Extension: (Netflix - Category Browser) - C:\Users\chefcito\AppData\Roaming\Mozilla\Firefox\Profiles\mi67a69t.default-1488060857017\Extensions\{7d44f55e-666a-4b80-ad12-146410f236b5}.xpi [2018-01-14] FF Extension: (Adblock Plus) - C:\Users\chefcito\AppData\Roaming\Mozilla\Firefox\Profiles\mi67a69t.default-1488060857017\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-08-31] FF Extension: (Firefox Monitor) - C:\Users\chefcito\AppData\Roaming\Mozilla\Firefox\Profiles\mi67a69t.default-1488060857017\features\{b6d5f76e-45a9-4c60-8801-6a9cdb8bd9d7}\fxmonitor@mozilla.org.xpi [2018-09-25] FF Extension: (Telemetry coverage) - C:\Users\chefcito\AppData\Roaming\Mozilla\Firefox\Profiles\mi67a69t.default-1488060857017\features\{b6d5f76e-45a9-4c60-8801-6a9cdb8bd9d7}\telemetry-coverage-bug1487578@mozilla.org.xpi [2018-09-25] [Legacy] FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-26] () FF Plugin: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-03-18] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\MICROS~2\Office14\NPAUTHZ.DLL [No File] FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-26] () FF Plugin-x32: @itools.hk/npiTools, version=1.0.0 -> C:\Program Files (x86)\ThinkSky\iTools 3\Extensions\npiTools.dll [2017-03-18] () FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-09-20] (Adobe Systems Inc.) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-08-23] (Apple Inc.) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-04] (Dropbox, Inc.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2017-09-19] (Dell Inc.) S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [40976 2017-09-18] (Dell Inc.) R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [124568 2018-04-20] (Dell Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.) S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd) S2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [53632 2018-09-05] (AnchorFree Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation) R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [742704 2017-10-11] (Intel(R) Corporation) R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed] S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\iCLS Client\TPMProvisioningService.exe [668472 2017-10-11] (Intel(R) Corporation) S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed] R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [213648 2017-11-09] (Intel Corporation) S3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2017-03-21] () R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell) R2 PSI_SVC_2_x64; c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [337776 2013-09-13] (arvato digital services llc) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] () R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [324608 2017-05-04] (Realtek Semiconductor) S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2018-03-01] (TeamViewer GmbH) R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [615384 2017-02-07] (Waves Audio Ltd.) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\NisSrv.exe [3847376 2018-09-25] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1809.2-0\MsMpEng.exe [114200 2018-09-25] (Microsoft Corporation) S2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3750304 2017-03-21] (Intel® Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AFTrafMgr1.4; C:\Program Files (x86)\Hotspot Shield\bin\TrafMgr_1_4_64.sys [56840 2018-08-24] (AnchorFree Inc.) R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink) R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.) R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-01-17] (Disc Soft Ltd) R3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-01-17] (Disc Soft Ltd) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation) S2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [0 2018-06-05] () <==== ATTENTION (zero byte File/Folder) S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [0 2018-06-05] () <==== ATTENTION (zero byte File/Folder) S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [0 2018-06-05] () <==== ATTENTION (zero byte File/Folder) R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [253664 2018-07-18] (Malwarebytes) S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [0 2018-06-05] () <==== ATTENTION (zero byte File/Folder) S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation) R1 MpKsl15f29412; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{045E37C2-237B-4EFC-A39D-0D43A2DD7113}\MpKsl15f29412.sys [58120 2018-10-04] (Microsoft Corporation) R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3517696 2017-04-13] (Intel Corporation) S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.) R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek ) R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation) S3 tap-tb-0901; C:\WINDOWS\System32\drivers\tap-tb-0901.sys [38656 2015-08-10] (The OpenVPN Project) R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-07-18] (Anchorfree Inc.) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-09-25] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [352424 2018-09-25] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60584 2018-09-25] (Microsoft Corporation) R2 Win10Pcap; C:\WINDOWS\SysWOW64\drivers\Win10Pcap64.sys [50304 2016-10-12] (Daiyuu Nobori, University of Tsukuba, Japan) R1 xlkfs; C:\WINDOWS\System32\DRIVERS\xlkfs.sys [44272 2016-05-26] (XOSLAB.COM) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2017-01-04] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2017-01-04] (Zemana Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) Error(1) reading file: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Herramientas de Microsoft Office " 2018-10-04 22:34 - 2018-10-04 22:37 - 000025940 _____ C:\Users\chefcito\Downloads\FRST.txt 2018-10-04 22:34 - 2018-10-04 22:34 - 000000000 ____D C:\FRST 2018-10-04 22:32 - 2018-10-04 22:32 - 002414080 _____ (Farbar) C:\Users\chefcito\Downloads\FRST64.exe 2018-10-04 21:47 - 2018-10-04 21:47 - 000000000 ___HD C:\OneDriveTemp 2018-10-04 14:47 - 2018-10-04 14:47 - 000001143 _____ C:\Users\Public\Desktop\Hotspot Shield.lnk 2018-10-04 14:47 - 2018-10-04 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hotspot Shield 2018-10-04 14:13 - 2018-10-04 14:13 - 000351386 _____ C:\Users\chefcito\Desktop\cc_20181004_141337.reg 2018-10-04 14:07 - 2018-10-04 14:07 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-10-04 14:07 - 2018-10-04 14:07 - 000002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2018-10-04 14:07 - 2018-10-04 14:07 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-10-04 14:07 - 2018-10-04 14:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner 2018-10-04 14:07 - 2018-10-04 14:07 - 000000000 ____D C:\Program Files\CCleaner 2018-10-04 14:06 - 2018-10-04 14:06 - 000001652 _____ C:\Users\chefcito\Desktop\resumen malwarebits.txt 2018-10-04 13:54 - 2018-10-04 13:54 - 000001388 _____ C:\Users\chefcito\Desktop\AdwCleaner[S00].txt 2018-10-04 13:45 - 2018-10-04 13:45 - 016796856 _____ (Piriform Ltd) C:\Users\chefcito\Downloads\ccsetup547.exe 2018-10-04 13:44 - 2018-10-04 13:44 - 080022264 _____ (Malwarebytes ) C:\Users\chefcito\Downloads\mb3-setup-35891.35891-3.6.1.2711-1.0.463-1.0.6913.exe 2018-10-04 13:44 - 2018-10-04 13:44 - 007592144 _____ (Malwarebytes) C:\Users\chefcito\Downloads\adwcleaner_7.2.4.0(2).exe 2018-10-03 21:10 - 2018-10-03 21:10 - 000891391 _____ C:\Users\anett\Desktop\Act2_4_2P_amam.ppt.pptx 2018-10-03 21:01 - 2018-10-03 21:01 - 000000761 _____ C:\Users\anett\Desktop\Imágenes - Acceso directo.lnk 2018-10-03 20:56 - 2018-10-03 20:56 - 000736836 _____ C:\Users\anett\Downloads\Anette Michelle alvarez Macedo.pptx 2018-09-30 16:01 - 2018-09-30 17:03 - 000000000 ____D C:\Users\chefcito\Documents\MEGAsync Downloads 2018-09-30 15:51 - 2018-09-30 15:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\MEGA 2018-09-30 15:50 - 2018-09-30 15:50 - 000001136 _____ C:\Users\chefcito\Desktop\MEGAsync.lnk 2018-09-30 15:50 - 2018-09-30 15:50 - 000000000 ____D C:\Users\chefcito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync 2018-09-30 15:50 - 2018-09-30 15:50 - 000000000 ____D C:\Users\chefcito\AppData\Local\MEGAsync 2018-09-30 15:50 - 2018-09-30 15:50 - 000000000 ____D C:\Users\chefcito\AppData\Local\Mega Limited 2018-09-30 15:49 - 2018-09-30 15:49 - 029094392 _____ (MEGA Limited) C:\Users\chefcito\Downloads\MEGAsyncSetup.exe 2018-09-26 12:18 - 2018-09-26 12:18 - 000333755 _____ C:\Users\chefcito\Downloads\maxmemi.exe 2018-09-26 08:27 - 2018-09-26 08:29 - 000000000 ____D C:\AdwCleaner 2018-09-26 08:26 - 2018-09-26 08:26 - 007592144 _____ (Malwarebytes) C:\Users\chefcito\Downloads\adwcleaner_7.2.4.0.exe 2018-09-26 08:07 - 2018-09-26 08:07 - 000004606 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier 2018-09-26 08:07 - 2018-09-26 08:07 - 000004420 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2018-09-25 22:10 - 2018-09-25 22:17 - 000000000 ____D C:\Users\chefcito\Downloads\PopcornTime 2018-09-24 14:05 - 2018-09-24 14:16 - 000000000 ____D C:\Users\chefcito\Desktop\air bnb 2018-09-23 09:11 - 2018-09-23 09:11 - 000403259 _____ C:\Users\chefcito\Downloads\IMG_7152(1).jpeg 2018-09-23 09:09 - 2018-09-23 09:09 - 003037379 _____ C:\Users\chefcito\Downloads\1700BF4C-04EA-4CD7-9324-61DF012EF9C3.jpeg 2018-09-23 09:07 - 2018-09-23 09:07 - 000403259 _____ C:\Users\chefcito\Downloads\IMG_7152.jpeg 2018-09-19 20:58 - 2018-09-19 20:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2018-09-19 20:56 - 2018-09-19 20:58 - 000000000 ____D C:\Program Files\iTunes 2018-09-19 20:56 - 2018-09-19 20:56 - 000000000 ____D C:\Program Files\iPod 2018-09-18 11:12 - 2018-09-18 11:12 - 000022563 _____ C:\Users\chefcito\Desktop\xoxo 19 sept.pdf 2018-09-18 08:46 - 2018-09-18 08:46 - 000023989 _____ C:\Users\chefcito\Desktop\xoxo 12 septiembre 2018-Model(1).pdf 2018-09-18 08:27 - 2018-09-18 08:27 - 000000155 _____ C:\Users\chefcito\Documents\matanaomi.bat 2018-09-17 21:06 - 2018-09-18 00:28 - 000000000 ____D C:\Users\chefcito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WebSite Blocker 2018-09-17 21:06 - 2018-09-17 21:07 - 000000000 ____D C:\Program Files (x86)\WebSite Blocker 2018-09-17 21:06 - 2018-09-17 21:06 - 001415890 _____ C:\Users\chefcito\Downloads\wsblocker10.exe 2018-09-17 20:55 - 2018-09-17 20:55 - 000045554 _____ C:\Users\chefcito\Downloads\Bloquea Facebook v.1.2.rar 2018-09-17 13:56 - 2018-09-17 13:56 - 000023989 _____ C:\Users\chefcito\Downloads\xoxo 12 septiembre 2018-Model.pdf 2018-09-16 14:02 - 2018-08-31 02:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2018-09-16 14:02 - 2018-08-31 02:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2018-09-16 14:02 - 2018-08-31 02:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2018-09-16 14:02 - 2018-08-31 02:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2018-09-16 14:02 - 2018-08-31 02:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2018-09-16 14:02 - 2018-08-31 01:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll 2018-09-16 14:02 - 2018-08-31 01:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2018-09-16 14:02 - 2018-08-31 01:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2018-09-16 14:02 - 2018-08-31 01:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2018-09-16 14:02 - 2018-08-31 01:37 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2018-09-16 14:02 - 2018-08-30 22:44 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-09-16 14:02 - 2018-08-30 22:44 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-09-16 14:02 - 2018-08-30 22:44 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2018-09-16 14:02 - 2018-08-30 22:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2018-09-16 14:02 - 2018-08-30 22:42 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-09-16 14:02 - 2018-08-30 22:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-09-16 14:02 - 2018-08-30 22:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-09-16 14:02 - 2018-08-30 22:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2018-09-16 14:02 - 2018-08-30 22:42 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-09-16 14:02 - 2018-08-30 22:42 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2018-09-16 14:02 - 2018-08-30 22:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2018-09-16 14:02 - 2018-08-30 22:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-09-16 14:02 - 2018-08-30 22:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2018-09-16 14:02 - 2018-08-30 22:28 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-09-16 14:02 - 2018-08-30 22:28 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2018-09-16 14:02 - 2018-08-30 22:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-09-16 14:02 - 2018-08-30 22:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-09-16 14:02 - 2018-08-30 22:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-09-16 14:02 - 2018-08-30 22:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-09-16 14:02 - 2018-08-30 22:16 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2018-09-16 14:02 - 2018-08-30 22:15 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-09-16 14:02 - 2018-08-30 22:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-09-16 14:02 - 2018-08-30 22:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2018-09-16 14:02 - 2018-08-30 22:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-09-16 14:02 - 2018-08-30 22:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2018-09-16 14:02 - 2018-08-30 22:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys 2018-09-16 14:02 - 2018-08-30 22:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2018-09-16 14:02 - 2018-08-30 22:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-09-16 14:02 - 2018-08-30 22:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-09-16 14:02 - 2018-08-30 22:14 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-09-16 14:02 - 2018-08-30 22:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2018-09-16 14:02 - 2018-08-30 22:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2018-09-16 14:02 - 2018-08-30 22:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-09-16 14:02 - 2018-08-30 22:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-09-16 14:02 - 2018-08-30 22:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2018-09-16 14:02 - 2018-08-30 22:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2018-09-16 14:02 - 2018-08-30 22:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2018-09-16 14:02 - 2018-08-30 22:10 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-09-16 14:02 - 2018-08-30 22:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-09-16 14:02 - 2018-08-30 22:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-09-16 14:02 - 2018-08-30 22:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2018-09-16 14:02 - 2018-08-30 22:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2018-09-16 14:02 - 2018-08-30 22:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2018-09-16 14:02 - 2018-08-30 22:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-09-16 14:02 - 2018-08-30 22:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2018-09-16 14:02 - 2018-08-30 22:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2018-09-16 14:02 - 2018-08-30 22:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe 2018-09-16 14:02 - 2018-08-09 04:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2018-09-16 14:02 - 2018-08-09 04:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-09-16 14:02 - 2018-08-09 04:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2018-09-16 14:02 - 2018-08-09 04:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2018-09-16 14:02 - 2018-08-09 04:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2018-09-16 14:02 - 2018-08-09 04:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-09-16 14:02 - 2018-08-09 04:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2018-09-16 14:02 - 2018-08-09 03:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-09-16 14:02 - 2018-08-09 03:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2018-09-16 14:02 - 2018-08-09 03:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-09-16 14:02 - 2018-08-09 03:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2018-09-16 14:02 - 2018-08-09 03:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2018-09-16 14:02 - 2018-08-09 00:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2018-09-16 14:02 - 2018-08-08 23:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2018-09-16 14:02 - 2018-08-08 23:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-09-16 14:02 - 2018-08-08 23:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-09-16 14:02 - 2018-08-08 23:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-09-16 14:02 - 2018-08-08 23:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2018-09-16 14:02 - 2018-08-08 23:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2018-09-16 14:02 - 2018-08-08 23:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2018-09-16 14:02 - 2018-08-08 23:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-09-16 14:02 - 2018-08-08 23:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2018-09-16 14:02 - 2018-08-08 23:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2018-09-16 14:02 - 2018-08-08 23:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2018-09-16 14:02 - 2018-08-08 23:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2018-09-16 14:02 - 2018-08-08 23:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-09-16 14:02 - 2018-08-08 23:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2018-09-16 14:02 - 2018-08-08 23:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2018-09-16 14:02 - 2018-08-08 23:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2018-09-16 14:02 - 2018-08-08 23:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-09-16 14:02 - 2018-08-08 23:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-09-16 14:02 - 2018-08-08 23:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2018-09-16 14:02 - 2018-08-08 23:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-09-16 14:02 - 2018-08-08 23:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2018-09-16 14:02 - 2018-08-08 23:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2018-09-16 14:02 - 2018-08-08 23:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-09-16 14:02 - 2018-08-08 23:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-09-16 14:02 - 2018-06-08 13:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2018-09-16 14:01 - 2018-08-31 02:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll 2018-09-16 14:01 - 2018-08-31 02:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2018-09-16 14:01 - 2018-08-31 02:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2018-09-16 14:01 - 2018-08-31 02:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2018-09-16 14:01 - 2018-08-31 01:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2018-09-16 14:01 - 2018-08-30 22:50 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll 2018-09-16 14:01 - 2018-08-30 22:50 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll 2018-09-16 14:01 - 2018-08-30 22:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2018-09-16 14:01 - 2018-08-30 22:44 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2018-09-16 14:01 - 2018-08-30 22:44 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-09-16 14:01 - 2018-08-30 22:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll 2018-09-16 14:01 - 2018-08-30 22:42 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-09-16 14:01 - 2018-08-30 22:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-09-16 14:01 - 2018-08-30 22:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-09-16 14:01 - 2018-08-30 22:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-09-16 14:01 - 2018-08-30 22:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-09-16 14:01 - 2018-08-30 22:28 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-09-16 14:01 - 2018-08-30 22:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-09-16 14:01 - 2018-08-30 22:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2018-09-16 14:01 - 2018-08-30 22:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-09-16 14:01 - 2018-08-30 22:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2018-09-16 14:01 - 2018-08-30 22:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2018-09-16 14:01 - 2018-08-30 22:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2018-09-16 14:01 - 2018-08-30 22:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-09-16 14:01 - 2018-08-30 22:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-09-16 14:01 - 2018-08-30 22:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2018-09-16 14:01 - 2018-08-30 22:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-09-16 14:01 - 2018-08-30 22:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-09-16 14:01 - 2018-08-30 22:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2018-09-16 14:01 - 2018-08-28 02:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll 2018-09-16 14:01 - 2018-08-28 01:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2018-09-16 14:01 - 2018-08-28 01:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll 2018-09-16 14:01 - 2018-08-28 01:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll 2018-09-16 14:01 - 2018-08-28 00:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2018-09-16 14:01 - 2018-08-09 04:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2018-09-16 14:01 - 2018-08-09 04:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2018-09-16 14:01 - 2018-08-09 04:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2018-09-16 14:01 - 2018-08-09 04:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2018-09-16 14:01 - 2018-08-09 04:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2018-09-16 14:01 - 2018-08-09 04:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2018-09-16 14:01 - 2018-08-09 03:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2018-09-16 14:01 - 2018-08-09 03:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2018-09-16 14:01 - 2018-08-09 03:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2018-09-16 14:01 - 2018-08-09 03:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2018-09-16 14:01 - 2018-08-09 03:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2018-09-16 14:01 - 2018-08-08 23:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-09-16 14:01 - 2018-08-08 23:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2018-09-16 14:01 - 2018-08-08 23:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2018-09-16 14:01 - 2018-08-08 23:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll 2018-09-16 14:01 - 2018-08-08 23:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2018-09-16 14:01 - 2018-08-08 23:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2018-09-16 14:01 - 2018-08-08 23:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-09-16 14:01 - 2018-08-08 23:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2018-09-16 14:01 - 2018-08-08 23:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2018-09-16 14:01 - 2018-08-08 23:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2018-09-16 14:01 - 2018-08-08 23:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-09-16 14:01 - 2018-08-08 23:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-09-16 14:00 - 2018-08-31 02:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe 2018-09-16 14:00 - 2018-08-31 02:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll 2018-09-16 14:00 - 2018-08-31 02:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys 2018-09-16 14:00 - 2018-08-31 02:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll 2018-09-16 14:00 - 2018-08-31 02:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe 2018-09-16 14:00 - 2018-08-31 02:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll 2018-09-16 14:00 - 2018-08-31 02:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2018-09-16 14:00 - 2018-08-31 01:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll 2018-09-16 14:00 - 2018-08-31 01:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll 2018-09-16 14:00 - 2018-08-31 01:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2018-09-16 14:00 - 2018-08-30 22:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2018-09-16 14:00 - 2018-08-30 22:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll 2018-09-16 14:00 - 2018-08-30 22:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll 2018-09-16 14:00 - 2018-08-30 22:42 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2018-09-16 14:00 - 2018-08-30 22:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2018-09-16 14:00 - 2018-08-30 22:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2018-09-16 14:00 - 2018-08-30 22:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll 2018-09-16 14:00 - 2018-08-30 22:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2018-09-16 14:00 - 2018-08-30 22:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll 2018-09-16 14:00 - 2018-08-30 22:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2018-09-16 14:00 - 2018-08-30 22:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll 2018-09-16 14:00 - 2018-08-30 22:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2018-09-16 14:00 - 2018-08-30 20:57 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim 2018-09-16 14:00 - 2018-08-28 01:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll 2018-09-16 14:00 - 2018-08-13 21:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll 2018-09-16 14:00 - 2018-08-13 21:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll 2018-09-16 14:00 - 2018-08-09 04:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2018-09-16 14:00 - 2018-08-09 04:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2018-09-16 14:00 - 2018-08-09 04:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2018-09-16 14:00 - 2018-08-09 04:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe 2018-09-16 14:00 - 2018-08-09 04:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2018-09-16 14:00 - 2018-08-09 04:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll 2018-09-16 14:00 - 2018-08-09 04:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll 2018-09-16 14:00 - 2018-08-09 04:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2018-09-16 14:00 - 2018-08-09 04:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe 2018-09-16 14:00 - 2018-08-09 04:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll 2018-09-16 14:00 - 2018-08-09 04:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2018-09-16 14:00 - 2018-08-09 04:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe 2018-09-16 14:00 - 2018-08-09 04:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2018-09-16 14:00 - 2018-08-09 04:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll 2018-09-16 14:00 - 2018-08-09 04:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll 2018-09-16 14:00 - 2018-08-09 04:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2018-09-16 14:00 - 2018-08-09 03:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2018-09-16 14:00 - 2018-08-09 03:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2018-09-16 14:00 - 2018-08-09 03:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll 2018-09-16 14:00 - 2018-08-09 03:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe 2018-09-16 14:00 - 2018-08-09 03:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll 2018-09-16 14:00 - 2018-08-09 03:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe 2018-09-16 14:00 - 2018-08-09 03:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe 2018-09-16 14:00 - 2018-08-09 03:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2018-09-16 14:00 - 2018-08-09 03:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll 2018-09-16 14:00 - 2018-08-09 03:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll 2018-09-16 14:00 - 2018-08-09 00:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2018-09-16 14:00 - 2018-08-08 23:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2018-09-16 14:00 - 2018-08-08 23:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2018-09-16 14:00 - 2018-08-08 23:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll 2018-09-16 14:00 - 2018-08-08 23:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll 2018-09-16 14:00 - 2018-08-08 23:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2018-09-16 14:00 - 2018-08-08 23:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2018-09-16 14:00 - 2018-08-08 23:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll 2018-09-16 14:00 - 2018-08-08 23:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2018-09-16 14:00 - 2018-08-08 23:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll 2018-09-16 14:00 - 2018-08-08 23:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe 2018-09-16 14:00 - 2018-08-08 23:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2018-09-16 14:00 - 2018-08-08 23:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2018-09-16 14:00 - 2018-08-08 23:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2018-09-16 14:00 - 2018-08-08 23:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll 2018-09-16 14:00 - 2018-08-08 23:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll 2018-09-16 14:00 - 2018-08-08 23:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll 2018-09-16 14:00 - 2018-08-08 23:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2018-09-16 14:00 - 2018-08-08 23:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2018-09-16 14:00 - 2018-08-08 23:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2018-09-16 14:00 - 2018-08-08 23:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2018-09-16 14:00 - 2018-08-08 23:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2018-09-16 14:00 - 2018-08-08 23:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2018-09-16 14:00 - 2018-08-08 23:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe 2018-09-16 14:00 - 2018-08-08 23:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll 2018-09-16 14:00 - 2018-08-08 23:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll 2018-09-16 14:00 - 2018-08-08 23:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2018-09-16 14:00 - 2018-08-08 23:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll 2018-09-16 14:00 - 2018-08-08 23:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll 2018-09-16 14:00 - 2018-08-08 23:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2018-09-16 14:00 - 2018-08-08 23:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2018-09-16 14:00 - 2018-08-08 23:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2018-09-16 14:00 - 2018-08-08 22:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls 2018-09-16 14:00 - 2018-08-08 22:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls 2018-09-15 18:32 - 2018-10-04 21:19 - 000000000 ____D C:\Users\chefcito\AppData\Local\Spotify 2018-09-15 18:31 - 2018-09-15 18:31 - 000001853 _____ C:\Users\chefcito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk 2018-09-15 18:29 - 2018-10-04 22:27 - 000000000 ____D C:\Users\chefcito\AppData\Roaming\Spotify 2018-09-15 18:29 - 2018-10-04 08:03 - 000003444 _____ C:\WINDOWS\System32\Tasks\iToolsDaemon 2018-09-15 18:29 - 2018-09-15 18:29 - 000736240 _____ (Spotify Ltd) C:\Users\chefcito\Downloads\SpotifySetup.exe 2018-09-15 18:14 - 2018-09-15 18:14 - 000000000 ____D C:\WINDOWS\Panther 2018-09-11 09:11 - 2018-09-11 09:11 - 000383037 _____ C:\Users\chefcito\Desktop\cena 2018.pdf 2018-09-08 10:32 - 2018-09-16 14:19 - 000000000 ____D C:\Users\chefcito\Documents\admon casa 2018-09-07 12:53 - 2018-09-07 12:53 - 403800064 ____N C:\Users\chefcito\Desktop\Grand Theft Auto - Vice City (USA) (v3.00).iso 2018-09-05 13:51 - 2018-09-05 13:51 - 014700194 _____ C:\Users\chefcito\Downloads\pcsx2-v1.5.0-dev-2149-g66a87ce4d-windows-x86.rar 2018-09-05 13:51 - 2017-07-31 20:19 - 000000000 ____D C:\Users\chefcito\Desktop\pcsx2-v1.5.0-dev-2149-g66a87ce4d-windows-x86 ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-10-04 22:37 - 2017-04-23 09:13 - 000120436 _____ C:\WINDOWS\ZAM.krnl.trace 2018-10-04 22:37 - 2017-04-23 09:13 - 000086619 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2018-10-04 22:35 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-10-04 22:31 - 2016-11-16 00:29 - 000000000 ____D C:\Users\chefcito\AppData\LocalLow\Mozilla 2018-10-04 22:24 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-10-04 22:23 - 2018-04-20 14:23 - 000000000 ___RD C:\Users\chefcito\iCloudDrive 2018-10-04 22:22 - 2016-07-07 08:24 - 000000000 __SHD C:\Users\chefcito\IntelGraphicsProfiles 2018-10-04 21:52 - 2018-06-20 21:49 - 000000000 ____D C:\ProgramData\Packages 2018-10-04 21:52 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps 2018-10-04 21:47 - 2018-07-29 12:42 - 000000000 ___RD C:\Users\anett\OneDrive 2018-10-04 21:44 - 2018-07-29 12:37 - 000000000 __SHD C:\Users\anett\IntelGraphicsProfiles 2018-10-04 21:43 - 2018-06-06 10:10 - 000515032 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-10-04 21:41 - 2018-06-06 10:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-10-04 21:40 - 2018-06-06 10:17 - 000000000 ____D C:\Users\chefcito 2018-10-04 21:40 - 2018-04-11 16:04 - 001048576 _____ C:\WINDOWS\system32\config\BBI 2018-10-04 21:19 - 2018-07-29 12:36 - 000000000 ____D C:\Users\anett 2018-10-04 21:19 - 2018-06-06 10:10 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-10-04 21:19 - 2017-02-25 12:51 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-10-04 14:47 - 2016-07-19 17:39 - 000000000 ____D C:\ProgramData\Hotspot Shield 2018-10-04 14:47 - 2016-07-19 17:39 - 000000000 ____D C:\Program Files (x86)\Hotspot Shield 2018-10-04 14:47 - 2015-12-28 10:50 - 000000000 ____D C:\ProgramData\Package Cache 2018-10-04 14:10 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-10-04 14:10 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF 2018-10-04 14:10 - 2017-07-21 10:43 - 000000000 ____D C:\Users\chefcito\AppData\Local\CrashDumps 2018-10-04 14:10 - 2017-01-17 14:53 - 000000000 ____D C:\Users\chefcito\AppData\Roaming\DAEMON Tools Lite 2018-10-04 14:10 - 2016-07-07 09:28 - 000000000 ____D C:\Users\chefcito\AppData\Roaming\uTorrent 2018-10-04 14:04 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-10-04 08:15 - 2018-06-24 22:05 - 000000000 ____D C:\Users\chefcito\AppData\Local\D3DSCache 2018-10-04 08:01 - 2016-07-07 08:28 - 000000000 ___RD C:\Users\chefcito\OneDrive 2018-10-04 07:57 - 2016-11-16 00:28 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox 2018-10-04 07:57 - 2016-07-07 09:24 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-10-04 07:51 - 2016-07-07 09:24 - 000001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-10-03 13:09 - 2017-03-21 13:20 - 000000000 ____D C:\iVMS-4200 2018-10-03 12:46 - 2016-07-16 12:16 - 000000000 ____D C:\Users\chefcito\AppData\LocalLow\Adobe 2018-10-01 20:21 - 2016-07-16 12:00 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2018-09-30 17:01 - 2017-05-10 16:44 - 000000000 ____D C:\Users\chefcito\AppData\Roaming\vlc 2018-09-30 08:43 - 2017-09-30 20:17 - 000000000 ____D C:\Users\chefcito\AppData\Roaming\WhatsApp 2018-09-26 08:13 - 2015-12-28 11:01 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2018-09-26 08:13 - 2015-12-28 11:01 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job 2018-09-26 08:08 - 2016-07-13 08:18 - 000000000 ____D C:\Users\chefcito\AppData\Local\Adobe 2018-09-26 08:07 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed 2018-09-26 08:07 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\Macromed 2018-09-25 13:41 - 2017-01-16 23:48 - 000000000 ____D C:\Users\chefcito\AppData\Roaming\Kodi 2018-09-25 13:24 - 2018-02-27 21:45 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-09-24 07:13 - 2018-06-06 10:44 - 000003374 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3116818766-2193367744-924395030-1001 2018-09-24 07:13 - 2018-06-06 10:17 - 000002406 _____ C:\Users\chefcito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-09-22 01:57 - 2018-06-06 10:44 - 000003994 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2018-09-22 01:57 - 2018-06-06 10:44 - 000003762 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore 2018-09-21 20:17 - 2018-07-29 12:43 - 000000000 ____D C:\Users\anett\AppData\Local\PlaceholderTileLogoFolder 2018-09-21 20:17 - 2018-07-29 12:37 - 000000000 ____D C:\Users\anett\AppData\Local\Packages 2018-09-21 14:14 - 2018-06-06 10:44 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2018-09-21 10:16 - 2018-07-29 12:46 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3116818766-2193367744-924395030-1003 2018-09-21 10:16 - 2018-07-29 12:36 - 000002397 _____ C:\Users\anett\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-09-19 20:18 - 2018-07-29 12:44 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-09-17 23:12 - 2018-07-29 12:37 - 000000000 ____D C:\Users\anett\AppData\Local\VirtualStore 2018-09-17 10:28 - 2018-01-04 20:53 - 000000000 ____D C:\Users\chefcito\AppData\Local\PlaceholderTileLogoFolder 2018-09-17 10:28 - 2017-12-30 22:11 - 000000000 ____D C:\Users\chefcito\AppData\Local\Packages 2018-09-16 23:13 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput 2018-09-16 23:13 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-09-16 23:13 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-09-16 23:13 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr 2018-09-16 23:13 - 2018-04-11 16:04 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-09-16 14:10 - 2018-04-11 18:34 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2018-09-16 14:08 - 2018-04-11 18:34 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2018-09-15 12:02 - 2017-06-05 12:03 - 000000000 ____D C:\Users\chefcito\AppData\Roaming\dvdcss 2018-09-11 21:31 - 2017-01-13 10:15 - 000000000 ___HD C:\Users\chefcito\Documents\RESTAURANTE 2018-09-11 21:27 - 2018-06-06 10:30 - 001772030 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-09-11 21:27 - 2018-04-12 11:18 - 000788720 _____ C:\WINDOWS\system32\perfh00A.dat 2018-09-11 21:27 - 2018-04-12 11:18 - 000155862 _____ C:\WINDOWS\system32\perfc00A.dat 2018-09-11 21:26 - 2018-04-12 14:17 - 000000441 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2018-09-11 19:24 - 2016-07-07 19:22 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-09-11 13:54 - 2016-07-07 19:22 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-09-11 09:08 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-09-09 11:45 - 2018-01-19 20:37 - 000000000 ____D C:\Users\chefcito\AppData\Roaming\CyberLink 2018-09-05 19:48 - 2017-09-30 20:16 - 000000000 ____D C:\Users\chefcito\AppData\Local\WhatsApp 2018-09-05 19:47 - 2017-09-30 20:17 - 000000000 ____D C:\Users\chefcito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp 2018-09-05 19:45 - 2017-09-30 20:16 - 000000000 ____D C:\Users\chefcito\AppData\Local\SquirrelTemp 2018-09-04 18:04 - 2018-07-18 17:39 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-09-04 18:04 - 2018-07-18 17:39 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2017-06-01 16:46 - 2017-06-01 16:46 - 000001456 _____ () C:\Users\chefcito\AppData\Local\Adobe Guardar para Web 11.0 Prefs 2017-07-20 18:40 - 2017-07-20 18:40 - 000000036 _____ () C:\Users\chefcito\AppData\Local\housecall.guid.cache 2018-04-29 22:10 - 2018-04-29 22:10 - 000007605 _____ () C:\Users\chefcito\AppData\Local\Resmon.ResmonCfg 2016-10-18 12:01 - 2016-10-18 12:01 - 000000000 _____ () C:\Users\chefcito\AppData\Local\{377ABFD0-7045-41B2-82C9-6D006705EBA6} Some zero byte size files/folders: ========================== C:\Windows\System32\Drivers\farflt.sys C:\Windows\System32\Drivers\mbam.sys C:\Windows\System32\Drivers\MbamChameleon.sys C:\Windows\System32\Drivers\mwac.sys ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-06-06 10:09 ==================== End of FRST.txt ============================