Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01 Ran by user.dummy (administrator) on WRO1-LDL-P04943 (04-12-2018 09:12:28) Running from C:\Projects\Downloads Loaded Profiles: user.dummy & reccc_albd & Administrator & DefaultAppPool (Available Profiles: user.dummy & reccc_albd & Administrator & DefaultAppPool) Platform: Windows 10 Pro Version 1703 15063.1446 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Carbon Black, Inc.) C:\Program Files (x86)\Bit9\Parity Agent\Parity.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (KVASER AB, Mölndal, SWEDEN) C:\Program Files\Kvaser\Drivers\32\KvEnumSrv.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (IBM Corporation) C:\Windows\SysWOW64\cccredmgr.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (IBM Corporation) C:\Program Files\IBM\RationalSDLC\ClearCase\bin\lockmgr.exe () C:\Program Files (x86)\PatchManagerPlus_Agent\bin\dcagentservice.exe (Flexera Software LLC) C:\Program Files (x86)\ManageSoft\Launcher\mgsdl.exe (Flexera Software LLC) C:\Program Files (x86)\ManageSoft\Launcher\ndserv.exe (Flexera Software LLC) C:\Program Files (x86)\ManageSoft\Schedule Agent\ndinit.exe (Flexera Software LLC) C:\Program Files (x86)\ManageSoft\Security Agent\mgssecsvc.exe (National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe () C:\Program Files (x86)\Synergy\synergyd.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corporation) C:\Windows\System32\vmms.exe (National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe (National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe (Flexera Software LLC) C:\Program Files (x86)\ManageSoft\Schedule Agent\ndtask.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe (IBM Corporation) C:\Program Files\IBM\RationalSDLC\ClearCase\bin\albd_server.exe (Microsoft Corporation) C:\Windows\System32\vmcompute.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (hxxp://tortoisesvn.net) C:\Program Files\TortoiseSVN\bin\TSVNCache.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.1000_x64__kzf8qxf38zg5c\SkypeHost.exe (Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (Slack Technologies) C:\Users\user.dummy\AppData\Local\slack\app-3.3.3\slack.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Microsoft Corporation) C:\Config.Msi\102c8ccc.rbf (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Flexera Software LLC) C:\Program Files (x86)\ManageSoft\Schedule Agent\ndtask.exe (Slack Technologies) C:\Users\user.dummy\AppData\Local\slack\app-3.3.3\slack.exe (Slack Technologies) C:\Users\user.dummy\AppData\Local\slack\app-3.3.3\slack.exe (Slack Technologies) C:\Users\user.dummy\AppData\Local\slack\app-3.3.3\slack.exe (Slack Technologies) C:\Users\user.dummy\AppData\Local\slack\app-3.3.3\slack.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (hxxps://tortoisegit.org/) C:\Program Files\TortoiseGit\bin\TGitCache.exe (Don HO don.h@free.fr) C:\Program Files\Notepad++\notepad++.exe (The Git Development Community) C:\Program Files\Git\git-bash.exe (Andy Koppe / Thomas Wolff) C:\Program Files\Git\usr\bin\mintty.exe () C:\Program Files\Git\usr\bin\bash.exe () C:\Program Files\Git\usr\bin\bash.exe (The Git Development Community) C:\Program Files\Git\mingw64\bin\git.exe (The Git Development Community) C:\Program Files\Git\mingw64\libexec\git-core\git.exe () C:\Program Files\Git\usr\bin\sh.exe () C:\Program Files\Git\usr\bin\sh.exe () C:\Program Files\KDiff3\kdiff3.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.12493.0_x64__8wekyb3d8bbwe\Calculator.exe () C:\Program Files (x86)\GNU\GnuPG\bin\dbus-daemon.exe () C:\Program Files (x86)\GNU\GnuPG\bin\kleopatra.exe (g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe (g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\scdaemon.exe (Rational Software Corporation) C:\Program Files\IBM\RationalSDLC\ClearCase\bin\clearexplorer.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (IBM Corporation) C:\Program Files\IBM\RationalSDLC\ClearCase\bin\view_server.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\EXCEL.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\EXCEL.EXE (Microsoft Corporation) C:\Program Files\Microsoft Office\Office16\WINWORD.EXE (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Qualcomm Technologies Inc.) C:\Program Files (x86)\Qualcomm\QPST\bin\QPSTConfig.exe (Qualcomm Technologies Inc.) C:\Program Files (x86)\Qualcomm\QPST\bin\QPSTServer.exe (Simon Tatham) C:\Users\user.dummy\Desktop\Workspace\Gemalto Legacy\putty_adb.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Microsoft Corporation) C:\Windows\System32\mspaint.exe (Microsoft Corporation) C:\Windows\System32\mspaint.exe (Carbon Black, Inc.) C:\Program Files (x86)\Bit9\Parity Agent\Notifier.exe (Alexander Roshal) C:\Program Files (x86)\WinRAR\WinRAR.exe () C:\Program Files\YAT\YAT.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files (x86)\PatchManagerPlus_Agent\bin\dcondemand.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\SymCorpUI.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\SmcGui.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\SavUI.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation) HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [773760 2016-10-20] (Alps Electric Co., Ltd.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8861944 2016-07-29] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1427704 2016-07-29] (Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.) HKLM-x32\...\Run: [SchedulingAgent_nDG] => C:\Program Files (x86)\ManageSoft\Schedule Agent\ndschedag.exe [1536456 2012-12-14] (Flexera Software LLC) HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [1226240 2018-01-19] (Cisco Systems, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation) HKLM-x32\...\Run: [CCDoctor] => C:\Program Files\IBM\RationalSDLC/ClearCase/bin/ccdoctor.exe [192512 2011-11-12] (Rational Software Corporation) HKLM Group Policy restriction on software: c:\windows\infpub.dat <==== ATTENTION HKLM Group Policy restriction on software: C:\Windows\cscc.dat <==== ATTENTION Winlogon\Notify\ccnotify: C:\Windows\system32\ccnotify.dll (IBM Corporation) HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1233298724-2998406191-1411161284-776364\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-09-10] (Piriform Ltd) HKU\S-1-5-21-1233298724-2998406191-1411161284-776364\...\Run: [com.squirrel.slack.slack] => C:\Users\user.dummy\AppData\Local\slack\Update.exe [1584656 2018-10-03] () HKU\S-1-5-21-1233298724-2998406191-1411161284-776364\...\Run: [Skype for Desktop] => C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe [49805160 2018-11-09] (Skype Technologies S.A.) HKU\S-1-5-21-97419570-1974764811-3115373845-500\...\Policies\system: [EnableFirstLogonAnimation] 0 HKU\S-1-5-21-97419570-1974764811-3115373845-500\...\Policies\system: [DisableTaskMgr] 1 Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk [2017-11-30] ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan) Startup: C:\Users\user.dummy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.bat [2018-02-13] () GroupPolicy: Restriction ? <==== ATTENTION FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 07 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512 2013-05-11] (National Instruments Corporation) Winsock: Catalog5-x64 07 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560 2013-05-11] (National Instruments Corporation) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 10.0.1.206 10.0.1.215 10.0.1.216 Tcpip\..\Interfaces\{1cddbce1-c5cd-4a10-8161-3cdccee9162e}: [DhcpNameServer] 10.0.1.206 10.0.1.215 10.0.1.216 Tcpip\..\Interfaces\{20b2b0cf-8187-4a29-be9d-7691aaf60b10}: [DhcpNameServer] 8.8.8.8 Tcpip\..\Interfaces\{c869387f-7cc4-442e-aec5-00fdeca6eae9}: [DhcpNameServer] 10.0.1.206 10.0.1.215 10.0.1.216 Internet Explorer: ================== BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-11-23] (Oracle Corporation) BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-20] (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-11-23] (Oracle Corporation) BHO-x32: Inventory Manager Web Application Tracker -> {30A22EC9-42D0-4D46-A2F7-7516419F943D} -> C:\Program Files (x86)\ManageSoft\Usage Agent\mgsiebho.dll [2012-12-14] () BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll [2018-10-22] (Oracle Corporation) BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2018-07-22] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-22] (Oracle Corporation) Handler: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation) Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation) Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\Office16\MSOSB.DLL [2018-02-14] (Microsoft Corporation) Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2018-04-10] (Microsoft Corporation) FireFox: ======== FF HKLM-x32\...\Firefox\Extensions: [mgsusageagent@managesoft.com] - C:\Program Files (x86)\ManageSoft\Usage Agent\mgsusageagent FF Extension: (ManageSoft Usage Agent Web Tracker) - C:\Program Files (x86)\ManageSoft\Usage Agent\mgsusageagent [2017-11-03] [Legacy] [not signed] FF Plugin: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-11-23] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-11-23] (Oracle Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-22] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.191.2 -> C:\Program Files (x86)\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-22] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-17] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1233298724-2998406191-1411161284-776364: @zoom.us/ZoomVideoPlugin -> C:\Users\user.dummy\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2018-02-07] (Zoom Video Communications, Inc.) FF Plugin HKU\S-1-5-21-1233298724-2998406191-1411161284-776364: SkypeForBusinessPlugin-15.8 -> C:\Users\user.dummy\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi.dll [2015-06-15] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1233298724-2998406191-1411161284-776364: SkypeForBusinessPlugin-16.2 -> C:\Users\user.dummy\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.282\npGatewayNpapi.dll [2018-10-19] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1233298724-2998406191-1411161284-776364: SkypeForBusinessPlugin64-15.8 -> C:\Users\user.dummy\AppData\Local\Microsoft\SkypeForBusinessPlugin\15.8.20020.400\npGatewayNpapi-x64.dll [2015-06-15] (Microsoft Corporation) FF Plugin HKU\S-1-5-21-1233298724-2998406191-1411161284-776364: SkypeForBusinessPlugin64-16.2 -> C:\Users\user.dummy\AppData\Local\Microsoft\SkypeForBusinessPlugin\16.2.0.282\npGatewayNpapi-x64.dll [2018-10-19] (Microsoft Corporation) Chrome: ======= CHR Profile: C:\Users\user.dummy\AppData\Local\Google\Chrome\User Data\Default [2018-12-04] CHR Extension: (Slides) - C:\Users\user.dummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-02] CHR Extension: (Docs) - C:\Users\user.dummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-02] CHR Extension: (Google Drive) - C:\Users\user.dummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-02] CHR Extension: (YouTube) - C:\Users\user.dummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-02] CHR Extension: (uBlock Origin) - C:\Users\user.dummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-09-26] CHR Extension: (Sheets) - C:\Users\user.dummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-02] CHR Extension: (Google Docs Offline) - C:\Users\user.dummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-27] CHR Extension: (Chrome Web Store Payments) - C:\Users\user.dummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-06] CHR Extension: (Gmail) - C:\Users\user.dummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-02] CHR Extension: (Chrome Media Router) - C:\Users\user.dummy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-11-06] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Albd; C:\Program Files\IBM\RationalSDLC\ClearCase\bin\albd_server.exe [226304 2011-11-29] (IBM Corporation) [File not signed] R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [104744 2016-10-20] (Alps Electric Co., Ltd.) R2 cccredmgr; C:\Windows\SysWOW64\cccredmgr.exe [28672 2011-11-30] (IBM Corporation) [File not signed] R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2017-07-06] () [File not signed] S3 hns; C:\Windows\System32\HostNetSvc.dll [602624 2018-04-25] (Microsoft Corporation) R2 ibtsiva; C:\Windows\system32\ibtsiva.exe [542392 2017-10-18] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373760 2016-10-25] (Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21304 2017-09-28] (Microsoft Corporation) R2 KvEnumSrv; C:\Program Files\Kvaser\Drivers\32\kvenumsrv.exe [186728 2017-09-13] (KVASER AB, Mölndal, SWEDEN) R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2010-10-27] (National Instruments, Inc.) R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [53544 2013-06-12] (National Instruments Corporation) R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [63792 2013-06-12] (National Instruments Corporation) R2 LockMgr; C:\Program Files\IBM\RationalSDLC\ClearCase\bin\lockmgr.exe [37888 2011-10-19] (IBM Corporation) [File not signed] S2 MailService; C:\Program Files\IBM\RationalSDLC\ClearQuest\mailservice.exe [81408 2011-10-27] (IBM Corporation) [File not signed] R2 ManageEngine Patch Manager Plus - Agent; C:\Program Files (x86)\PatchManagerPlus_Agent\bin\dcagentservice.exe [843848 2018-04-07] () R2 mgsdl; C:\Program Files (x86)\ManageSoft\Launcher\mgsdl.exe [1447880 2012-12-14] (Flexera Software LLC) R2 mgssecsvc; C:\Program Files (x86)\ManageSoft\Security Agent\mgssecsvc.exe [1095624 2012-12-14] (Flexera Software LLC) R2 ndGlobalLauncher; C:\Program Files (x86)\ManageSoft\Launcher\ndserv.exe [2899912 2012-12-14] (Flexera Software LLC) R2 ndinit; C:\Program Files (x86)\ManageSoft\Schedule Agent\ndinit.exe [725960 2012-12-14] (Flexera Software LLC) R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [57696 2013-06-08] (National Instruments Corporation) S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [81248 2013-06-08] (National Instruments Corporation) R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [380720 2013-06-12] (National Instruments Corporation) R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [260976 2013-05-11] (National Instruments Corporation) R2 NiSvcLoc; C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [90440 2013-06-07] (National Instruments Corporation) R2 NISystemWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [57680 2013-06-08] (National Instruments Corporation) R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation) S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [518264 2017-10-27] (NVIDIA Corporation) R2 O2FLASH; C:\Windows\System32\drivers\o2flash.exe [65536 2014-08-20] (BayHubTech/O2Micro International) R2 Parity; C:\Program Files (x86)\Bit9\Parity Agent\Parity.exe [6168400 2018-04-23] (Carbon Black, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [318712 2016-07-29] (Realtek Semiconductor) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2018-06-08] (Microsoft Corporation) R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin\ccSvcHst.exe [157976 2017-10-31] (Symantec Corporation) S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Bin64\snac64.exe [378088 2017-10-31] (Symantec Corporation) R2 Synergy; C:\Program Files (x86)\Synergy\synergyd.exe [250536 2017-03-03] () R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH) R3 vmcompute; C:\Windows\system32\vmcompute.exe [2232320 2018-06-08] (Microsoft Corporation) R2 vmms; C:\Windows\system32\vmms.exe [14415360 2018-10-30] (Microsoft Corporation) S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [145512 2018-01-23] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342240 2018-06-08] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102792 2018-06-08] (Microsoft Corporation) R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 aplxusbser2; C:\Windows\system32\DRIVERS\aplxusbser2.sys [258464 2018-09-13] (Gemalto M2M GmbH) S3 aplxusbwwan2; C:\Windows\System32\drivers\aplxusbwwan2.sys [547744 2018-09-13] (Gemalto M2M GmbH) S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [124160 2016-07-01] (ASIX Electronics Corp.) R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\BASHDefs\20181126.001\BHDrvx64.sys [1925104 2018-11-06] (Symantec Corporation) R1 ccSettings_{1275C540-B92D-406A-B595-68C2B266A9A8}; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\ccSetx64.sys [174328 2017-10-31] (Symantec Corporation) S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [59904 2015-01-26] (www.winchiphead.com) S3 CH341_A64; C:\Windows\System32\Drivers\CH341W64.SYS [31232 2009-06-11] (www.winchiphead.com) R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.) S3 DFU; C:\Windows\system32\drivers\MassDfu64.sys [15360 2014-10-31] (Philips PTCL) S3 DKE100; C:\Windows\System32\drivers\DKE100.sys [111104 2015-01-13] (ASIX Electronics Corp.) R3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [41824 2014-08-20] (Intel Corporation) R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [35136 2014-08-20] (Intel Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [515776 2018-10-31] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153280 2018-11-07] (Symantec Corporation) R3 esif_lf; C:\Windows\System32\drivers\esif_lf.sys [192624 2014-08-20] (Intel Corporation) R3 FTDIBUS; C:\Windows\system32\drivers\ftdibus.sys [129456 2017-08-24] (Future Technology Devices International Ltd.) R3 FTSER2K; C:\Windows\system32\drivers\ftser2k.sys [89800 2017-08-24] (Future Technology Devices International Ltd.) R3 hvsocketcontrol; C:\Windows\system32\drivers\hvsocketcontrol.sys [22016 2018-04-25] (Microsoft Corporation) S0 hwapix64; C:\Windows\System32\drivers\hwapix64.sys [17240 2018-07-04] (Hatteland Display AS) R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [132104 2017-10-18] (Intel Corporation) R3 IntcAzAudAddService; C:\Windows\system32\drivers\RTDVHD64.sys [2686200 2016-07-29] (Realtek Semiconductor Corp.) R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [88256 2015-06-09] (Intel Corporation) S3 jlink; C:\Windows\System32\drivers\jlinkx64.sys [45200 2017-01-31] (SEGGER Microcontroller GmbH & Co. KG) S3 kcane; C:\Windows\system32\DRIVERS\kcane.sys [109904 2017-09-15] (KVASER AB, Mölndal, SWEDEN) R3 kcanv; C:\Windows\system32\DRIVERS\kcanv.sys [89936 2017-09-15] (KVASER AB, Mölndal, SWEDEN) R3 kvnetenum; C:\Windows\system32\DRIVERS\kvnetenum.sys [57680 2017-09-15] (KVASER AB, Mölndal, SWEDEN) R2 kvsoftsync; C:\Windows\system32\Drivers\kvsoftsync.sys [31056 2017-09-15] (KVASER AB, Mölndal, SWEDEN) S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [52832 2018-02-19] (hxxp://libusb-win32.sourceforge.net) S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [23552 2018-04-25] (Microsoft Corporation) R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [125952 2014-08-20] (Intel Corporation) R2 Mvfs; C:\Windows\System32\DRIVERS\mvfs60x64.sys [705016 2016-05-13] (IBM Corporation) R2 MVFS Storage Filter; C:\Windows\System32\DRIVERS\mvfsMini60x64.sys [22520 2016-05-13] (IBM Corporation) R1 NDSPCIIO64; C:\Windows\System32\Drivers\NDSPCIIO64.sys [20544 2008-04-11] (Licensed for NEC-DS, Ltd.) R3 Netwtw04; C:\Windows\System32\drivers\Netwtw04.sys [7626488 2017-03-09] (Intel Corporation) R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvdm.inf_amd64_c73643c8a6190037\nvlddmkm.sys [17143384 2018-05-07] (NVIDIA Corporation) S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-10-27] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50808 2017-10-27] (NVIDIA Corporation) R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [57976 2017-10-27] (NVIDIA Corporation) R3 O2FJ2RDR; C:\Windows\System32\drivers\O2FJ2w7x64.sys [210592 2014-08-20] (BayHubTech/O2Micro ) R0 ParityDriver; C:\Windows\System32\DRIVERS\Parity.sys [1923688 2018-04-25] (Carbon Black, Inc.) S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [25088 2018-04-25] (Microsoft Corporation) R0 pcifilter; C:\Windows\System32\drivers\pciflt.sys [12120 2015-01-13] () S3 pcip; C:\Windows\System32\drivers\pcip.sys [47616 2018-04-25] (Microsoft Corporation) R3 pemicrowindrvr; C:\Windows\system32\drivers\pemicrowindrvr.sys [275920 2016-11-07] (Jungo Connectivity) S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [51712 2018-04-25] (Microsoft Corporation) S3 qcusbser; C:\Windows\system32\DRIVERS\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated) S3 ramparser; C:\Windows\System32\drivers\ramparser.sys [31232 2018-04-25] (Microsoft Corporation) S3 rtux64w10; C:\Windows\System32\drivers\rtux64w10.sys [420824 2017-11-07] (Realtek Corporation ) S3 SDFRd; C:\Windows\System32\drivers\SDFRd.sys [31128 2017-03-18] () R1 se64a; C:\Windows\System32\Drivers\se64a.sys [14032 2007-05-03] (EnTech Taiwan) R1 SRTSP; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\SRTSP64.SYS [801920 2017-10-31] (Symantec Corporation) R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\SRTSPX64.SYS [49280 2017-10-31] (Symantec Corporation) R3 ST_Accel; C:\Windows\System32\drivers\ST_Accel.sys [75952 2014-08-20] (STMicroelectronics) R0 SymEFASI; C:\Windows\System32\drivers\symefasi\0603000.00F\symefasi.sys [1717912 2017-10-31] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\SymELAM.sys [24192 2017-10-31] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [102608 2017-10-31] (Symantec Corporation) R1 SymIRON; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\Ironx64.SYS [308896 2017-10-31] (Symantec Corporation) R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0E00096F\00C8.105\x64\SYMNETS.SYS [567448 2017-10-31] (Symantec Corporation) R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [104448 2018-04-25] (Microsoft Corporation) S3 TELEDYNE_LECROY_USB; C:\Windows\system32\drivers\TLUsb64.sys [20736 2018-01-31] (CATC) R3 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [203328 2018-02-26] (Oracle Corporation) R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [213632 2018-02-26] (Oracle Corporation) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [146624 2018-02-26] (Oracle Corporation) R1 VfpExt; C:\Windows\System32\drivers\vfpext.sys [1136640 2018-04-25] (Microsoft Corporation) S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [31232 2018-04-25] (Microsoft Corporation) R3 vmsmp; C:\Windows\System32\drivers\vmswitch.sys [1652736 2018-08-30] (Microsoft Corporation) S3 vpnva; C:\Windows\System32\drivers\vpnva64-6.sys [74120 2018-01-19] (Cisco Systems, Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation) S3 HRMACPI; SYSTEM32\DRIVERS\HRMACPI.SYS [X] S3 NAVENG; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\SDSDefs\20180627.021\ENG64.SYS [X] S3 NAVEX15; \??\C:\ProgramData\Symantec\Symantec Endpoint Protection\14.0.2415.0200.105\Data\Definitions\SDSDefs\20180627.021\EX64.SYS [X] S3 SOFTHIDUSBK; SYSTEM32\DRIVERS\SOFTHIDUSBK.SYS [X] S3 SOFTUSBK; SYSTEM32\DRIVERS\SOFTUSBK.SYS [X] S3 SOFTUSBTESTHUB; SYSTEM32\DRIVERS\SOFTUSBTESTHUB.SYS [X] S3 SOFTWADP; SYSTEM32\DRIVERS\SOFTWADP.SYS [X] S3 WSOFTUSBK; SYSTEM32\DRIVERS\WSOFTUSBK.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-12-04 09:06 - 2018-12-04 09:12 - 000000000 ____D C:\FRST 2018-11-27 14:37 - 2018-11-28 12:28 - 000000000 ____D C:\Users\user.dummy\Desktop\BOBCAT_100_158 2018-11-23 12:49 - 2018-11-23 12:49 - 000000022 _____ C:\Windows\S.dirmngr 2018-11-23 12:16 - 2018-11-23 12:35 - 000000000 ____D C:\Users\user.dummy\Desktop\Apollo Factory 2018-11-23 09:23 - 2018-11-23 09:23 - 000110968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2018-11-22 10:41 - 2018-11-16 22:35 - 000834960 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2018-11-22 10:41 - 2018-11-16 22:35 - 000179600 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2018-11-21 16:39 - 2018-10-30 05:53 - 000377336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\coml2.dll 2018-11-21 16:38 - 2018-10-30 05:57 - 000787608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2018-11-21 16:38 - 2018-10-30 05:54 - 000279032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll 2018-11-21 16:38 - 2018-10-30 05:49 - 000583568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll 2018-11-21 16:38 - 2018-10-30 05:37 - 002949632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys 2018-11-21 16:38 - 2018-10-30 05:33 - 000083968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fidocredprov.dll 2018-11-21 16:38 - 2018-10-30 05:32 - 000284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll 2018-11-21 16:38 - 2018-10-30 05:31 - 000242176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll 2018-11-21 16:38 - 2018-10-30 05:30 - 000139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll 2018-11-21 16:38 - 2018-10-30 05:29 - 000932352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe 2018-11-21 16:38 - 2018-10-30 05:29 - 000050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll 2018-11-21 16:38 - 2018-10-30 05:24 - 000157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll 2018-11-21 16:38 - 2018-10-30 05:24 - 000089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll 2018-11-21 16:38 - 2018-10-30 05:23 - 000026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msisip.dll 2018-11-21 16:38 - 2018-03-02 07:49 - 000016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dispex.dll 2018-11-21 16:38 - 2018-03-02 07:48 - 000021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll 2018-11-21 16:37 - 2018-10-30 06:09 - 000367608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll 2018-11-21 16:37 - 2018-10-30 05:58 - 002260680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll 2018-11-21 16:37 - 2018-10-30 05:58 - 001839960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2018-11-21 16:37 - 2018-10-30 05:56 - 000128512 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll 2018-11-21 16:37 - 2018-10-30 05:54 - 002476608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2018-11-21 16:37 - 2018-10-30 05:54 - 001518696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2018-11-21 16:37 - 2018-10-30 05:54 - 000750600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe 2018-11-21 16:37 - 2018-10-30 05:54 - 000129280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2018-11-21 16:37 - 2018-10-30 05:53 - 000386048 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll 2018-11-21 16:37 - 2018-10-30 05:53 - 000354472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll 2018-11-21 16:37 - 2018-10-30 05:53 - 000115000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinelsa.dll 2018-11-21 16:37 - 2018-10-30 05:52 - 002327312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll 2018-11-21 16:37 - 2018-10-30 05:52 - 001179144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll 2018-11-21 16:37 - 2018-10-30 05:52 - 001077608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll 2018-11-21 16:37 - 2018-10-30 05:52 - 000049760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msasn1.dll 2018-11-21 16:37 - 2018-10-30 05:51 - 000988576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2018-11-21 16:37 - 2018-10-30 05:51 - 000774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll 2018-11-21 16:37 - 2018-10-30 05:51 - 000169472 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll 2018-11-21 16:37 - 2018-10-30 05:36 - 002199552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll 2018-11-21 16:37 - 2018-10-30 05:34 - 000046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe 2018-11-21 16:37 - 2018-10-30 05:32 - 000164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2018-11-21 16:37 - 2018-10-30 05:31 - 000645632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll 2018-11-21 16:37 - 2018-10-30 05:31 - 000308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll 2018-11-21 16:37 - 2018-10-30 05:31 - 000286720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2018-11-21 16:37 - 2018-10-30 05:31 - 000202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll 2018-11-21 16:37 - 2018-10-30 05:30 - 000636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll 2018-11-21 16:37 - 2018-10-30 05:30 - 000506880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2018-11-21 16:37 - 2018-10-30 05:29 - 001233408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll 2018-11-21 16:37 - 2018-10-30 05:22 - 000584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll 2018-11-21 16:37 - 2018-03-02 07:46 - 000146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2018-11-21 16:37 - 2018-03-02 07:46 - 000143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2018-11-21 16:37 - 2018-03-02 07:46 - 000122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2018-11-21 16:37 - 2018-03-02 07:45 - 000206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll 2018-11-21 16:36 - 2018-10-30 05:51 - 020377648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2018-11-21 16:36 - 2018-10-30 05:51 - 006770480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-11-21 16:36 - 2018-10-30 05:51 - 000205312 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe 2018-11-21 16:36 - 2018-10-30 05:50 - 000364032 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe 2018-11-21 16:36 - 2018-10-30 05:49 - 002598400 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll 2018-11-21 16:36 - 2018-10-30 05:48 - 003377664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll 2018-11-21 16:36 - 2018-10-30 05:48 - 000932864 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe 2018-11-21 16:36 - 2018-10-30 05:38 - 013849600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll 2018-11-21 16:36 - 2018-10-30 05:32 - 002672640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll 2018-11-21 16:36 - 2018-10-30 05:30 - 001248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll 2018-11-21 16:36 - 2018-10-30 05:30 - 000312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe 2018-11-21 16:36 - 2018-10-30 05:29 - 001286144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll 2018-11-21 16:36 - 2018-10-30 05:28 - 005226496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2018-11-21 16:36 - 2018-10-30 05:28 - 002132992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll 2018-11-21 16:36 - 2018-10-30 05:28 - 000797696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe 2018-11-21 16:36 - 2018-10-30 05:27 - 004558848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll 2018-11-21 16:36 - 2018-10-30 05:27 - 003669504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll 2018-11-21 16:36 - 2018-10-30 05:27 - 001019904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll 2018-11-21 16:36 - 2018-10-30 05:26 - 002355200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll 2018-11-21 16:36 - 2018-10-30 05:26 - 001627648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2018-11-21 16:36 - 2018-10-30 05:25 - 000892928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe 2018-11-21 16:36 - 2018-10-30 05:25 - 000232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll 2018-11-21 16:36 - 2018-10-30 05:23 - 000877056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe 2018-11-21 16:36 - 2018-10-30 05:23 - 000853504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe 2018-11-21 16:36 - 2018-10-16 10:18 - 001859584 _____ C:\Windows\SysWOW64\Windows.Mirage.dll 2018-11-21 16:31 - 2018-10-30 06:44 - 000820024 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe 2018-11-21 16:31 - 2018-10-30 06:40 - 002672648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2018-11-21 16:31 - 2018-10-30 05:58 - 000099840 _____ (Microsoft Corporation) C:\Windows\system32\utcutil.dll 2018-11-21 16:31 - 2018-10-30 05:47 - 002516992 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2018-11-21 16:31 - 2018-10-30 05:45 - 000985600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2018-11-21 16:26 - 2018-10-30 06:47 - 001194688 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2018-11-21 16:26 - 2018-10-30 06:47 - 000367096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msrpc.sys 2018-11-21 16:26 - 2018-10-30 06:42 - 000094728 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll 2018-11-21 16:25 - 2018-10-30 12:32 - 000634368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll 2018-11-21 16:25 - 2018-10-30 12:30 - 000891904 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe 2018-11-21 16:25 - 2018-10-30 06:50 - 002399344 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2018-11-21 16:25 - 2018-10-30 06:47 - 001239560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2018-11-21 16:25 - 2018-10-30 05:53 - 013429248 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2018-11-21 16:25 - 2018-10-30 05:47 - 001886720 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2018-11-21 16:25 - 2018-10-30 05:32 - 012264448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2018-11-21 16:25 - 2018-10-25 08:38 - 002447360 _____ C:\Windows\system32\Windows.Mirage.dll 2018-11-21 16:22 - 2018-10-30 05:51 - 000692736 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2018-11-21 16:21 - 2018-10-30 12:45 - 000124416 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_AnalogShell.dll 2018-11-21 16:21 - 2018-10-30 06:44 - 000453128 _____ (Microsoft Corporation) C:\Windows\system32\coml2.dll 2018-11-21 16:21 - 2018-10-30 05:52 - 000275968 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2018-11-21 16:21 - 2018-10-30 05:30 - 000553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2018-11-21 16:20 - 2018-10-30 12:31 - 000529920 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_HoloLens_Environment.dll 2018-11-21 16:20 - 2018-10-30 06:53 - 001066240 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2018-11-21 16:20 - 2018-10-30 06:52 - 000901504 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2018-11-21 16:20 - 2018-10-30 06:50 - 001397608 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2018-11-21 16:20 - 2018-10-30 06:50 - 001188648 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2018-11-21 16:20 - 2018-10-30 06:44 - 002972656 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2018-11-21 16:20 - 2018-10-30 06:44 - 001760680 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2018-11-21 16:20 - 2018-10-30 05:54 - 000457728 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll 2018-11-21 16:20 - 2018-10-30 05:51 - 000582144 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2018-11-21 16:20 - 2018-10-30 05:33 - 000330240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll 2018-11-21 16:19 - 2018-10-30 06:50 - 008321528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2018-11-21 16:19 - 2018-10-30 06:49 - 001930728 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2018-11-21 16:19 - 2018-10-30 06:48 - 002970528 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll 2018-11-21 16:19 - 2018-10-30 06:42 - 001326584 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2018-11-21 16:19 - 2018-10-30 06:15 - 023689728 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll 2018-11-21 16:19 - 2018-10-30 05:58 - 001618888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2018-11-21 16:19 - 2018-10-30 05:58 - 001150680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2018-11-21 16:19 - 2018-10-30 05:54 - 023702016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2018-11-21 16:19 - 2018-10-30 05:50 - 008162816 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll 2018-11-21 16:19 - 2018-10-30 05:49 - 005892608 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2018-11-21 16:19 - 2018-10-30 05:48 - 004718592 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2018-11-21 16:19 - 2018-10-30 05:48 - 004398080 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll 2018-11-21 16:19 - 2018-10-30 05:47 - 005557760 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll 2018-11-21 16:19 - 2018-10-30 05:38 - 020526080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll 2018-11-21 16:19 - 2018-10-30 05:38 - 019356672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2018-11-21 16:19 - 2018-10-30 05:29 - 006256640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll 2018-11-21 16:19 - 2018-10-30 05:28 - 003653120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2018-11-21 16:17 - 2018-10-30 06:47 - 000171000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2018-11-21 16:17 - 2018-10-30 06:43 - 000128520 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll 2018-11-21 16:17 - 2018-03-02 14:53 - 000029184 _____ (Microsoft Corporation) C:\Windows\system32\dispex.dll 2018-11-21 16:16 - 2018-10-30 06:52 - 002868744 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe 2018-11-21 16:16 - 2018-10-30 06:49 - 001003720 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2018-11-21 16:16 - 2018-10-30 06:44 - 000350728 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll 2018-11-21 16:16 - 2018-10-30 06:42 - 021358976 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2018-11-21 16:16 - 2018-10-30 05:58 - 000305152 _____ (Microsoft Corporation) C:\Windows\system32\vmsynth3dvideo.dll 2018-11-21 16:16 - 2018-10-30 05:54 - 000354816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.BioFeedback.dll 2018-11-21 16:16 - 2018-10-30 05:54 - 000064512 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2018-11-21 16:16 - 2018-10-30 05:52 - 000056832 _____ (Microsoft Corporation) C:\Windows\system32\cldapi.dll 2018-11-21 16:16 - 2018-10-30 05:47 - 001293312 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll 2018-11-21 16:16 - 2018-10-30 05:43 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\msisip.dll 2018-11-21 16:16 - 2018-10-30 05:42 - 000045568 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2018-11-21 16:16 - 2018-10-30 05:42 - 000029696 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2018-11-21 16:16 - 2018-10-30 05:42 - 000012800 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2018-11-21 16:16 - 2018-03-02 14:53 - 000024064 _____ (Microsoft Corporation) C:\Windows\system32\wshcon.dll 2018-11-21 16:15 - 2018-10-30 12:35 - 000329728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Feedback.Analog.dll 2018-11-21 16:15 - 2018-10-30 12:34 - 000137728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Analog.dll 2018-11-21 16:15 - 2018-10-30 06:53 - 000070152 _____ (Microsoft Corporation) C:\Windows\system32\win32appinventorycsp.dll 2018-11-21 16:15 - 2018-10-30 06:52 - 000035336 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe 2018-11-21 16:15 - 2018-10-30 06:47 - 000923488 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll 2018-11-21 16:15 - 2018-10-30 06:46 - 000528376 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2018-11-21 16:15 - 2018-10-30 05:55 - 000113152 _____ (Microsoft Corporation) C:\Windows\system32\wuuhosdeployment.dll 2018-11-21 16:15 - 2018-10-30 05:54 - 000150016 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll 2018-11-21 16:15 - 2018-10-30 05:53 - 000527872 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll 2018-11-21 16:15 - 2018-10-30 05:51 - 001580544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll 2018-11-21 16:15 - 2018-10-30 05:46 - 000325632 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll 2018-11-21 16:14 - 2018-10-30 12:37 - 000017806 ____R C:\Windows\system32\CaptureToast.hcp 2018-11-21 16:14 - 2018-10-30 12:36 - 000125015 ____R C:\Windows\system32\CaptureCountdown.hcp 2018-11-21 16:14 - 2018-10-30 12:36 - 000119017 ____R C:\Windows\system32\CaptureBrackets.hcp 2018-11-21 16:14 - 2018-10-30 12:35 - 000242688 _____ (Microsoft Corporation) C:\Windows\system32\HoloSHExtensions.dll 2018-11-21 16:14 - 2018-10-30 12:32 - 000960000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MixedRealityCapture.dll 2018-11-21 16:14 - 2018-10-30 06:54 - 001610784 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2018-11-21 16:14 - 2018-10-30 06:54 - 000144904 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2018-11-21 16:14 - 2018-10-30 06:53 - 000792568 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2018-11-21 16:14 - 2018-10-30 06:53 - 000452104 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2018-11-21 16:14 - 2018-10-30 06:53 - 000309752 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2018-11-21 16:14 - 2018-10-30 06:52 - 001199608 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe 2018-11-21 16:14 - 2018-10-30 06:52 - 001039368 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe 2018-11-21 16:14 - 2018-10-30 06:52 - 000823816 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe 2018-11-21 16:14 - 2018-10-30 06:52 - 000612360 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2018-11-21 16:14 - 2018-10-30 06:52 - 000480760 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll 2018-11-21 16:14 - 2018-10-30 06:52 - 000445960 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2018-11-21 16:14 - 2018-10-30 06:52 - 000077320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hvservice.sys 2018-11-21 16:14 - 2018-10-30 06:51 - 000966968 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi 2018-11-21 16:14 - 2018-10-30 06:51 - 000689464 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2018-11-21 16:14 - 2018-10-30 06:46 - 001018872 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi 2018-11-21 16:14 - 2018-10-30 06:45 - 002429240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2018-11-21 16:14 - 2018-10-30 06:45 - 000741888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll 2018-11-21 16:14 - 2018-10-30 06:45 - 000712736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys 2018-11-21 16:14 - 2018-10-30 06:44 - 000410120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys 2018-11-21 16:14 - 2018-10-30 06:44 - 000149784 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2018-11-21 16:14 - 2018-10-30 06:43 - 003108504 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll 2018-11-21 16:14 - 2018-10-30 06:43 - 001337752 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll 2018-11-21 16:14 - 2018-10-30 06:43 - 001282632 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll 2018-11-21 16:14 - 2018-10-30 06:43 - 001280520 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll 2018-11-21 16:14 - 2018-10-30 06:43 - 000872368 _____ (Microsoft Corporation) C:\Windows\system32\ClipSVC.dll 2018-11-21 16:14 - 2018-10-30 06:43 - 000643608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2018-11-21 16:14 - 2018-10-30 06:41 - 001619920 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll 2018-11-21 16:14 - 2018-10-30 05:59 - 003665408 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys 2018-11-21 16:14 - 2018-10-30 05:58 - 000345088 _____ (Microsoft Corporation) C:\Windows\system32\vmicvdev.dll 2018-11-21 16:14 - 2018-10-30 05:57 - 002199552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll 2018-11-21 16:14 - 2018-10-30 05:54 - 001878016 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll 2018-11-21 16:14 - 2018-10-30 05:54 - 000191488 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2018-11-21 16:14 - 2018-10-30 05:52 - 000245760 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll 2018-11-21 16:14 - 2018-10-30 05:51 - 001260544 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe 2018-11-21 16:14 - 2018-10-30 05:51 - 001086464 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll 2018-11-21 16:14 - 2018-10-30 05:51 - 000874496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll 2018-11-21 16:14 - 2018-10-30 05:50 - 000925696 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll 2018-11-21 16:14 - 2018-10-30 05:49 - 001803264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2018-11-21 16:14 - 2018-10-30 05:48 - 001460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2018-11-21 16:14 - 2018-10-30 05:47 - 002449408 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2018-11-21 16:14 - 2018-10-30 05:46 - 002757120 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll 2018-11-21 16:14 - 2018-10-30 05:45 - 000971264 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe 2018-11-21 16:14 - 2018-03-02 14:50 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2018-11-21 16:14 - 2018-03-02 14:50 - 000164352 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2018-11-21 16:14 - 2018-03-02 14:49 - 000140800 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2018-11-21 16:14 - 2018-03-02 14:48 - 000222208 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll 2018-11-21 16:13 - 2018-10-30 12:39 - 020416000 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll 2018-11-21 16:13 - 2018-10-30 12:36 - 017049088 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll 2018-11-21 16:13 - 2018-10-30 12:33 - 001161216 ____R (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.Capture.UX.dll 2018-11-21 16:13 - 2018-10-30 12:33 - 000947712 _____ (Microsoft Corporation) C:\Windows\system32\HoloSI.PCShell.dll 2018-11-21 16:13 - 2018-10-30 12:33 - 000528896 ____R (Microsoft Corporation) C:\Windows\system32\MixedRealityCapture.Pipeline.dll 2018-11-21 16:13 - 2018-10-30 06:52 - 002009360 _____ (Microsoft Corporation) C:\Windows\system32\vmwp.exe 2018-11-21 16:13 - 2018-10-30 06:42 - 007909832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll 2018-11-21 16:13 - 2018-10-30 06:04 - 014415360 _____ (Microsoft Corporation) C:\Windows\system32\vmms.exe 2018-11-21 16:13 - 2018-10-30 05:58 - 017373184 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll 2018-11-21 16:13 - 2018-10-30 05:50 - 004208640 _____ (Microsoft Corporation) C:\Windows\system32\StartTileData.dll 2018-11-21 16:13 - 2018-10-30 05:48 - 002625024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll 2018-11-21 14:41 - 2018-11-02 19:00 - 069774238 ____R C:\Users\user.dummy\Desktop\alas66a-w_r00.870_a01.000.00_bobcat_100_150.usf 2018-11-21 14:07 - 2018-11-21 13:30 - 071214750 _____ C:\Users\user.dummy\Desktop\bobcat.usf 2018-11-21 14:05 - 2018-11-16 12:36 - 003223552 ____R (Gemalto M2M GmbH) C:\Users\user.dummy\Desktop\gwinswup.exe 2018-11-21 14:02 - 2018-11-10 01:54 - 072400284 ____R (Gemalto M2M GmbH) C:\Users\user.dummy\Desktop\gwinswup_alas66a-w_r00.880_a01.000.00_bobcat_100_152.exe 2018-11-21 10:58 - 2018-11-21 10:58 - 000004201 _____ C:\Users\user.dummy\Desktop\New Text Document.txt 2018-11-21 10:51 - 2018-11-21 10:51 - 000002830 _____ C:\Users\user.dummy\Desktop\user.dummy.asc 2018-11-20 06:32 - 2018-11-20 06:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Suite Sync 2018-11-19 15:53 - 2018-11-19 15:53 - 000002651 _____ C:\Users\user.dummy\Desktop\pub.txt 2018-11-19 15:49 - 2018-11-19 15:54 - 000000000 ____D C:\Users\user.dummy\AppData\Local\Thunderbird 2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\user.dummy\AppData\Roaming\Thunderbird 2018-11-19 15:49 - 2018-11-19 15:49 - 000000000 ____D C:\Users\user.dummy\AppData\Roaming\Mozilla 2018-11-19 15:48 - 2018-11-19 15:48 - 000001286 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk 2018-11-19 15:48 - 2018-11-19 15:48 - 000001274 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk 2018-11-19 15:48 - 2018-11-19 15:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2018-11-19 15:48 - 2018-11-19 15:48 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-11-19 14:52 - 2018-11-19 15:29 - 000003681 _____ C:\Users\user.dummy\New Text Document.txt 2018-11-19 14:50 - 2018-11-19 14:50 - 000000000 _____ C:\Users\user.dummy\Desktop\zp2.asc 2018-11-19 14:47 - 2018-11-19 14:47 - 000000000 ____D C:\Users\user.dummy\AppData\Roaming\.kde 2018-11-19 14:47 - 2018-11-19 14:47 - 000000000 ____D C:\Users\user.dummy\AppData\Local\GNU 2018-11-19 14:46 - 2018-11-19 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win 2018-11-19 14:46 - 2018-11-19 14:46 - 000000000 ____D C:\ProgramData\GNU 2018-11-19 14:46 - 2018-11-19 14:46 - 000000000 ____D C:\Program Files (x86)\GNU 2018-11-15 09:43 - 2016-02-15 04:22 - 000377879 ____R C:\Users\user.dummy\Desktop\80_NV600_71_QMI_SLIM_1_0_FOR_MPSS_AT_1_0__QMI_SENSOR_LOCATION_INTERFACE_MANAGER_SVC_SPEC.pdf 2018-11-14 09:37 - 2018-11-14 09:37 - 000000000 ____D C:\Program Files\LAPS 2018-11-14 09:22 - 2018-12-04 08:20 - 000000000 ____D C:\Users\user.dummy\AppData\Roaming\gnupg 2018-11-14 09:22 - 2018-11-19 11:21 - 000000000 ____D C:\Users\user.dummy\AppData\Roaming\kleopatra 2018-11-14 09:17 - 2018-11-19 14:43 - 000000000 ____D C:\Program Files (x86)\Gpg4win 2018-11-14 08:58 - 2018-11-15 13:41 - 000000000 ____D C:\Users\user.dummy\..pgp 2018-11-14 08:58 - 2018-11-14 08:58 - 000002822 _____ C:\Users\user.dummy\Desktop\ziemowitpodwysockisecret.asc 2018-11-13 15:43 - 2018-11-27 13:58 - 000000000 ____D C:\Users\user.dummy\AppData\Local\QPST 2018-11-13 15:42 - 2018-11-13 15:42 - 000000000 ____D C:\ProgramData\Qualcomm 2018-11-13 15:42 - 2018-11-13 15:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QPST 2018-11-13 15:42 - 2018-11-13 15:42 - 000000000 ____D C:\Program Files (x86)\Qualcomm 2018-11-13 15:41 - 2018-09-07 10:24 - 038902933 ____R C:\Users\user.dummy\Desktop\qpst.win.2.7_installer_00480.14.zip 2018-11-12 17:32 - 2018-09-05 00:09 - 001471288 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll 2018-11-06 11:10 - 2018-11-06 11:11 - 000000000 ____D C:\Program Files (x86)\Synergy 2018-11-06 11:10 - 2018-11-06 11:10 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synergy.lnk 2018-11-05 14:58 - 2018-11-05 14:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2018-11-05 14:58 - 2018-11-05 14:58 - 000000000 ____D C:\Program Files\7-Zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-12-04 09:09 - 2017-11-02 12:41 - 000000608 _____ C:\Windows\system32\config\netlogon.ftl 2018-12-04 08:52 - 2017-07-05 19:09 - 000000000 ____D C:\Windows\system32\SleepStudy 2018-12-03 12:25 - 2017-10-31 18:54 - 000000000 ____D C:\ProgramData\NVIDIA 2018-12-02 00:33 - 2017-11-02 12:43 - 000000000 ____D C:\Users\user.dummy 2018-12-02 00:33 - 2017-03-18 22:03 - 000000000 ___HD C:\Program Files\WindowsApps 2018-12-02 00:33 - 2017-03-18 22:03 - 000000000 ____D C:\Windows\AppReadiness 2018-12-02 00:30 - 2018-10-29 13:37 - 000000000 ____D C:\mvfslogs 2018-11-29 15:19 - 2017-07-05 12:16 - 002957598 _____ C:\Windows\system32\PerfStringBackup.INI 2018-11-28 12:51 - 2018-02-08 10:58 - 000000600 _____ C:\Users\user.dummy\AppData\Local\PUTTY.RND 2018-11-27 16:32 - 2017-11-14 11:49 - 000000000 ____D C:\Users\user.dummy\AppData\Local\CrashDumps 2018-11-27 16:10 - 2017-03-18 21:51 - 000000000 ____D C:\Windows\CbsTemp 2018-11-27 09:35 - 2017-11-02 12:43 - 000000000 ____D C:\Users\user.dummy\AppData\Local\Packages 2018-11-26 16:25 - 2017-03-18 22:03 - 000000167 _____ C:\Windows\win.ini 2018-11-26 09:45 - 2017-03-18 22:03 - 000000000 ____D C:\Windows\rescache 2018-11-23 12:57 - 2017-11-02 13:48 - 000000000 ___DX C:\Users\user.dummy\Documents\Outlook Files 2018-11-23 12:55 - 2017-10-31 11:05 - 000000000 ____D C:\Windows\System32\Tasks\Symantec Endpoint Protection 2018-11-23 12:54 - 2018-01-15 14:06 - 000000000 ____D C:\Users\user.dummy\AppData\Local\Eclipse 2018-11-23 12:54 - 2018-01-15 14:00 - 000000000 ____D C:\Users\user.dummy\.p2 2018-11-23 12:53 - 2018-01-29 10:37 - 000000000 ____D C:\Users\user.dummy\AppData\Local\TortoiseGit 2018-11-23 12:52 - 2018-01-30 09:48 - 000000000 ____D C:\Users\user.dummy\AppData\Roaming\Slack 2018-11-23 12:51 - 2018-07-03 09:29 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2018-11-23 12:51 - 2018-07-03 09:29 - 000000000 __SHD C:\Users\user.dummy\IntelGraphicsProfiles 2018-11-23 12:51 - 2017-12-12 15:54 - 000000000 ____D C:\Users\user.dummy\AppData\Local\TSVNCache 2018-11-23 12:49 - 2018-05-09 08:11 - 000000000 ____D C:\Program Files (x86)\TeamViewer 2018-11-23 12:49 - 2017-07-05 19:09 - 000424208 _____ C:\Windows\system32\FNTCACHE.DAT 2018-11-23 12:49 - 2017-07-05 19:09 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-11-23 12:47 - 2017-03-18 12:40 - 001835008 _____ C:\Windows\system32\config\BBI 2018-11-23 11:29 - 2018-01-08 13:16 - 000002255 _____ C:\Users\user.dummy\.kdiff3rc 2018-11-23 09:23 - 2018-04-18 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit 2018-11-23 09:23 - 2018-01-15 13:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2018-11-23 09:22 - 2018-04-25 10:56 - 000000000 ____D C:\Program Files\Java 2018-11-22 12:23 - 2017-11-02 12:42 - 000046941 __RSH C:\ProgramData\ntuser.pol 2018-11-22 10:53 - 2017-07-05 12:23 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-11-22 10:41 - 2017-03-18 12:40 - 000032768 _____ C:\Windows\system32\config\ELAM 2018-11-22 10:35 - 2017-03-19 03:36 - 000000000 ____D C:\Windows\HoloShell 2018-11-22 10:35 - 2017-03-18 22:03 - 000000000 ___SD C:\Windows\SysWOW64\F12 2018-11-22 10:35 - 2017-03-18 22:03 - 000000000 ___SD C:\Windows\system32\F12 2018-11-22 10:35 - 2017-03-18 22:03 - 000000000 ____D C:\Windows\ShellExperiences 2018-11-22 10:35 - 2017-03-18 22:01 - 000000000 ____D C:\Windows\INF 2018-11-21 17:12 - 2017-07-05 12:41 - 137810048 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2018-11-20 01:30 - 2017-10-31 11:01 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2018-11-20 01:30 - 2017-10-31 11:01 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2018-11-14 09:41 - 2018-07-23 08:05 - 000001387 _____ C:\Users\Public\Desktop\Skype.lnk 2018-11-14 09:41 - 2018-07-23 08:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2018-11-14 09:29 - 2018-01-08 09:17 - 000000000 ___DX C:\Users\user.dummy\Documents\Source Insight 2018-11-13 10:11 - 2018-05-09 08:12 - 000000000 ____D C:\Users\user.dummy\AppData\Roaming\TeamViewer 2018-11-08 13:58 - 2017-11-02 15:42 - 000000000 ____D C:\Users\user.dummy\AppData\Roaming\Skype 2018-11-08 13:02 - 2018-10-15 08:55 - 000000877 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++.lnk ==================== Files in the root of some directories ======= 2018-02-08 10:58 - 2018-11-28 12:51 - 000000600 _____ () C:\Users\user.dummy\AppData\Local\PUTTY.RND Some files in TEMP: ==================== 2018-09-10 14:42 - 2018-09-10 14:42 - 000018944 _____ () C:\Users\user.dummy\AppData\Local\Temp\hidapi-jni-325543384211229073213.dll 2018-09-10 14:42 - 2018-09-10 14:42 - 000021504 _____ () C:\Users\user.dummy\AppData\Local\Temp\hidapi-jni-643845854872475184278.dll 2018-07-18 12:12 - 2018-07-18 12:12 - 001906040 _____ (Oracle Corporation) C:\Users\user.dummy\AppData\Local\Temp\jre-8u181-windows-au.exe 2018-10-29 13:16 - 2018-10-29 13:16 - 000069632 _____ () C:\Users\user.dummy\AppData\Local\Temp\lib2354319552541487794.dll 2018-10-29 13:09 - 2018-10-29 13:09 - 000069632 ____N () C:\Users\user.dummy\AppData\Local\Temp\lib3866109568199256167.dll 2018-10-15 08:54 - 2018-10-15 08:54 - 004636416 _____ (Don HO don.h@free.fr) C:\Users\user.dummy\AppData\Local\Temp\npp.7.5.8.Installer.x64.exe 2018-07-23 08:02 - 2018-07-23 08:02 - 057812744 _____ (Skype Technologies S.A.) C:\Users\user.dummy\AppData\Local\Temp\SkypeSetup.exe 2018-10-29 13:09 - 2018-10-29 13:18 - 000000000 ____D () C:\Users\user.dummy\AppData\Local\Temp\Win32Helper.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-12-03 07:49 ==================== End of FRST.txt ============================