Solved Trojan Occamy

TSemp · May 21, 2019

Sorry, forgot to write it last night. Yes, Windows Defender still finds it there, same as before.

Broni · May 21, 2019

Give me fresh FRST log ran from USB drive. Same way as the last time.

TSemp · May 21, 2019

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05.2019
Ran by SYSTEM on MININT-P888RC6 (21-05-2019 18:54:59)
Running from G:\
Platform: Windows 10 Pro Version 1809 17763.503 (X64) Language: English (United States)
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9280848 2018-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942936 2018-11-02] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => "E:\iTunes\iTunesHelper.exe"
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-02-28] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [4992048 2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [OGMgmmouseRun] => "E:\Program Files (x86)\VENUS Gaming Mouse\ogmmon.exe" -runauto
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [636712 2018-11-30] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26183352 2018-08-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [598200 2018-06-05] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [ElectraV2Helper] => C:\Program Files (x86)\Razer\Razer_ElectraV2_Driver\Drivers\SysAudio\ElectraV2Helper.exe [1598920 2017-09-05] (Razer USA Ltd. -> Razer Inc)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\Bogdan Placintescu\...\Run: [Akamai NetSession Interface] => "C:\Users\Bogdan Placintescu\AppData\Local\Akamai\netsession_win.exe"
HKU\Bogdan Placintescu\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [6110768 2019-05-02] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-14] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-14] (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0284C292-4912-4429-8101-16F136AFE575} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {0749FAB6-4D8F-4F67-9D68-362E95032A8A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {0795D9DC-9174-4463-99DB-8F33355D75F2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {0CA9D8A3-F45A-4668-89F8-56AA69E97E4A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {117FDA22-E32C-49E6-80DE-85CF33023755} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {11D6B867-12FD-4901-B62D-DA99BE179FCC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {137C7004-DDBA-4866-A8C7-29D2ACA89E9E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [814872 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {1B2867BE-A1AE-47E1-80CF-AE0710C7DA42} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {1C0F7EBD-634C-4EFF-B133-829EA2ED3EE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1C50C723-B142-474A-BAF4-4192658E0EF2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1CDB4668-AFD2-4617-ADA9-E4B0A0C71A2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-24] (Google Inc -> Google Inc.)
Task: {23219ADF-2F5F-4205-A96C-D7E40BCBA44D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {2BF0A387-5DD9-45CD-AD9D-11A4779A81BC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204464 2019-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {2EE3249F-929E-4DFF-934C-BA6CD181B366} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {344DD59A-C6D1-4F8B-859D-E1E65A59621A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {37D143A1-2D8E-4C47-B853-78AC768D6990} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BF8EB1E-E448-4257-8CFD-D3540AB41E53} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe
Task: {4119A10B-A026-4B86-902C-3C91E3123BC5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {5024A0C1-4D2C-4872-84B9-86CA6C2D044C} - System32\Tasks\AdobeAAMUpdater-1.0-bogdanPC-Bogdan Placintescu => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {52227192-6BFA-4F16-969C-71E025C38BB3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {540D33E0-999D-45B7-B9CE-19A685E7AC0F} - System32\Tasks\{6C2DAB19-5AE6-4CF2-ACE0-D9ACD5B7025B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {56E7B2CB-4840-4B7E-A51A-FD5FFC79CA40} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe
Task: {58FBE838-DD1F-4945-A4A8-EAE0A5C82A51} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
Task: {5F560878-9FE7-4AF5-82D0-83021B3AE699} - System32\Tasks\AdobeGCInvoker-1.0-bogdanPC-Bogdan Placintescu => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {610CBD23-0965-4265-BFBF-3B0C68145A3E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {682081D8-468C-4ECB-81C4-9DFCCAFAA93C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {6B4CA342-1A05-4C92-8972-6F6CE7750032} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6C976C65-8DA2-4A59-9812-C6439A28E5FA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {6F93F102-4493-4137-AEB6-8B6E70B35543} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {7837183E-7A6B-4836-9C93-09BCFCD25C05} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {785A71E0-8465-4233-9550-9702335CC148} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {79DC6E9E-3670-404D-AD61-30C879584E32} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7B6B3B6A-E477-401A-B645-7497FD8C8D39} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {7D52F601-9495-4FAD-920F-FC2932BCE113} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {7F400141-E03A-4E7E-A982-D7125A7DEFF1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {80EEE903-282E-4A31-8BB0-7DEEE764B3D5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8254BBF5-32DE-4917-84B5-32802E903646} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {82C041E8-23B9-4C85-AECE-CFB4D2349241} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {85B1FD53-BD61-4742-B8B3-FFF44B1C3DB7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {87FB8B61-BF99-4D34-B0AF-19A4D0EFC6A0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {974BEB57-6A52-412B-85FA-645B04EB40F4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149016 2019-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FA8B9F6-1B53-4CDC-9BB0-02E0EA0EFBC3} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A7126541-41B8-4D26-9CA2-805B50027D62} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC3AF794-4019-4AED-B665-42AED5971667} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149016 2019-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4D01540-5D9A-4446-88E4-2E20BD53A078} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe
Task: {B6EB18B9-A3D3-489E-9D6D-186BA5835879} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B9B3CAB9-5824-42E7-988A-2005F2E5CDFE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {BB7BB22A-4C82-4702-B23F-8F03FBBF621C} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe
Task: {C5F735DC-6D83-4D58-AD98-BB53C5060305} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0774F15-C380-483C-9D0B-0E44AC0439F4} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-02-28] (Adobe Systems Incorporated -> Adobe Inc.)
Task: {D4B2C546-F65D-4CB8-A024-D692EBB64420} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {DAD33619-2A1D-40A2-BBAF-93BA9B44D816} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-24] (Google Inc -> Google Inc.)
Task: {DDE04B2C-4CCE-49F7-855D-E017E31FD553} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E39F8E32-F4B6-44B2-B8AF-D84A6CFEB7B8} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [438272 2018-09-14] ()
Task: {E5E4E6C3-3F12-438D-A71D-253A3530894C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {E767AFBE-E2EC-4B5D-AEA4-1F3A867C1A5E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E955FE48-C989-4340-BB03-0082F5A24AA4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-14] (Adobe Inc. -> Adobe)
Task: {EC96CD45-159B-41A3-9B1A-C7552CAD08F9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204464 2019-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE7BE730-A3B3-46D6-996C-B9B1F2D5AC2C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {EFBF5E6B-A844-493C-9E3C-E16CC1CC66AB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EFF6A01B-018D-468F-B604-1FD29F173A93} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F26BFF45-13BA-4796-A7A7-D8BC3CFD8B7E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F506FF40-FC82-4E4F-95A0-6F66B5A2F1AA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {FA625662-B852-4517-99CB-9B918776684C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Intel PTT EK Recertification.job => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1162616 2018-11-30] (Autodesk, Inc. -> Autodesk Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-02-28] (Adobe Systems Incorporated -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-31] (BattlEye Innovations e.K. -> )
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11146824 2019-05-08] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-03-31] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc -> Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2315960 2018-08-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189776 2018-03-14] (Razer USA Ltd. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SNMP; C:\Windows\System32\snmp.exe [53248 2018-12-30] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2252232 2018-09-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 hidkmdf; C:\Windows\System32\drivers\hidkmdf.sys [23784 2016-10-06] (Wacom Technology Corporation -> Windows (R) Win 7 DDK provider)
S3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-26] (Feature Integration Technology -> FINTEK Corp.)
S3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [145920 2018-09-14] (Microsoft Windows -> Qualcomm Atheros, Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
S3 LGJoyHidFilter; C:\Windows\system32\drivers\LGJoyHidFilter.sys [57368 2016-08-29] (Logitech Inc -> Logitech Inc.)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-08-29] (Logitech Inc -> Logitech Inc.)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bfe69934a6b764ef\nvlddmkm.sys [21672560 2019-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2016-11-30] (PAIPTAC Driver -> )
S2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44160 2018-03-14] (Razer USA Ltd. -> Razer, Inc.)
S2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [140040 2018-03-20] (Razer USA Ltd. -> Razer, Inc.)
S3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-18] (Bruce James -> Scarlet.Crush Productions)
S3 usbglcs1100302; C:\Windows\system32\drivers\usbglcs1100302.sys [25600 2014-06-11] (Windows (R) Win 7 DDK provider)
S3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [30336 2007-08-16] (Razer (Asia-Pacific) Pte Ltd)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Windows -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-20 20:50 - 2019-05-20 23:50 - 000000000 _____ C:\Recovery.txt
2019-05-20 12:51 - 2019-05-21 07:51 - 000015360 _____ () C:\Windows\System32\tlpless.dll
2019-05-20 09:08 - 2019-05-20 09:35 - 000000000 ____D C:\ESD
2019-05-20 09:06 - 2019-05-20 09:06 - 019229160 _____ (Microsoft Corporation) C:\Users\Bogdan Placintescu\Desktop\MediaCreationTool1809.exe
2019-05-20 09:06 - 2019-05-20 09:06 - 000000000 ___HD C:\$Windows.~WS
2019-05-20 09:06 - 2019-05-20 09:06 - 000000000 ____D C:\$WINDOWS.~BT
2019-05-18 12:58 - 2019-05-18 12:58 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\ESET
2019-05-18 12:57 - 2019-05-18 12:57 - 007657592 _____ (ESET spol. s r.o.) C:\Users\Bogdan Placintescu\Downloads\esetonlinescanner_enu.exe
2019-05-16 11:11 - 2019-05-19 03:47 - 002435072 _____ (Farbar) C:\Users\Bogdan Placintescu\Desktop\FRST64.exe
2019-05-16 07:17 - 2019-05-16 07:17 - 000003668 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2019-05-16 07:16 - 2019-05-16 07:17 - 000001281 _____ C:\DelFix.txt
2019-05-16 07:16 - 2019-05-16 07:16 - 000000000 ____D C:\Windows\ERUNT
2019-05-16 07:14 - 2019-05-16 07:14 - 026807808 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 023438848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 020814848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 019022336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 009682744 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 007883776 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 007879680 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 007687576 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 007645384 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 006542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 006440960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 006309040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 006072320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 005498880 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 005040640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 004883968 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 004660736 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 004588544 _____ (Microsoft Corporation) C:\Windows\System32\sppsvc.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 003905536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 003743744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 003637248 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 003602944 _____ (Microsoft Corporation) C:\Windows\System32\tellib.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 003557888 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 003384832 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 003363856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 002780000 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 002708480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 002422272 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 002278240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 002189312 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001860096 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001760768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001701888 _____ (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001699496 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2019-05-16 07:14 - 2019-05-16 07:14 - 001641616 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001605120 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.desktop.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001470016 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 001395264 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001387520 _____ (Microsoft Corporation) C:\Windows\System32\bcastdvruserservice.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001342608 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2019-05-16 07:14 - 2019-05-16 07:14 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001309696 _____ (Microsoft Corporation) C:\Windows\System32\webplatstorageserver.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001290752 _____ (Microsoft Corporation) C:\Windows\System32\werconcpl.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001253904 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 001225728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 001179680 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 001062400 _____ (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001054712 _____ (Microsoft Corporation) C:\Windows\System32\ApplyTrustOffline.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 001048376 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 001026792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000972288 _____ (Microsoft Corporation) C:\Windows\System32\StorSvc.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000912384 _____ (Microsoft Corporation) C:\Windows\System32\EdgeManager.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000895792 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000865280 _____ (Microsoft Corporation) C:\Windows\System32\netlogon.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000840192 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000807464 _____ (Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000758896 _____ (Microsoft Corporation) C:\Windows\System32\tcblaunch.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000703488 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000684032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000680184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000660992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000594944 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000586280 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000543744 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000525824 _____ (Microsoft Corporation) C:\Windows\System32\nltest.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000508432 _____ (Microsoft Corporation) C:\Windows\System32\WerFault.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000495104 _____ (Microsoft Corporation) C:\Windows\System32\werui.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000449376 _____ (Microsoft Corporation) C:\Windows\System32\Faultrep.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000444944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000387832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000317240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mssecflt.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000254952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelpep.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000223544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000217088 _____ (Microsoft Corporation) C:\Windows\System32\DWWIN.EXE
2019-05-16 07:14 - 2019-05-16 07:14 - 000216064 _____ (Microsoft Corporation) C:\Windows\System32\wersvc.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000212792 _____ (Microsoft Corporation) C:\Windows\System32\wermgr.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000203272 _____ (Microsoft Corporation) C:\Windows\System32\tcbloader.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000202768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000201016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000198456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000192824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000181248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-05-16 07:14 - 2019-05-16 07:14 - 000179728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000179200 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000177976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000163240 _____ (Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000155136 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000147736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000128000 _____ (Microsoft Corporation) C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000124928 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000122368 _____ (Microsoft Corporation) C:\Windows\System32\wercplsupport.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000121656 _____ (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000099192 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000092672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2019-05-16 07:14 - 2019-05-16 07:14 - 000090640 _____ (Microsoft Corporation) C:\Windows\System32\hvloader.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000080184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hvservice.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000066688 _____ (Microsoft Corporation) C:\Windows\System32\cryptdll.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000055792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth8.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth7.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth6.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth5.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth4.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth3.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth2.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth1.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000000 ____D C:\Program Files (x86)\Java
2019-05-16 07:13 - 2019-05-16 07:13 - 000110968 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2019-05-16 07:13 - 2019-05-16 07:13 - 000110968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2019-05-16 07:13 - 2019-05-16 07:13 - 000000000 ____D C:\Program Files\Java
2019-05-15 10:42 - 2019-05-15 11:02 - 000000000 ____D C:\ProgramData\RogueKiller
2019-05-15 10:42 - 2019-05-15 10:42 - 000000000 ____D C:\Program Files\RogueKiller
2019-05-11 10:36 - 2019-05-07 11:56 - 011051912 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 009486536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 001006800 _____ C:\Windows\System32\vulkan-1-999-0-0-0.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 001006800 _____ C:\Windows\System32\vulkan-1.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 000870096 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 000870096 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 000552328 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 000457096 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 000286416 _____ C:\Windows\System32\vulkaninfo-1-999-0-0-0.exe
2019-05-11 10:36 - 2019-05-07 11:56 - 000286416 _____ C:\Windows\System32\vulkaninfo.exe
2019-05-11 10:36 - 2019-05-07 11:56 - 000260304 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-05-11 10:36 - 2019-05-07 11:56 - 000260304 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-05-11 10:36 - 2019-05-07 11:55 - 002039688 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 001470856 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 001134016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 000821152 _____ (NVIDIA Corporation) C:\Windows\System32\nvmcumd.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 000675416 _____ C:\Windows\System32\nvofapi64.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 000631232 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 000541656 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 000521472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 040412760 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 035270232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 020187904 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 017465512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 005421960 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 004758728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 001721600 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6443064.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 001540488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 001467648 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6443064.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 001162448 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 000911616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 000808840 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 000654080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-05-08 07:37 - 2019-05-15 06:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-06 13:27 - 2019-05-07 11:23 - 000000000 ____D C:\Users\Bogdan Placintescu\Desktop\Crest

TSemp · May 21, 2019

2019-05-05 14:13 - 2019-05-20 23:49 - 000000000 ____D C:\FRST
2019-05-05 13:40 - 2019-05-05 13:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-05 13:40 - 2019-05-05 13:40 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-05 13:40 - 2019-02-01 01:20 - 000020936 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamElam.sys
2019-05-05 13:40 - 2019-01-08 05:32 - 000153328 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae64.sys
2019-05-05 07:35 - 2019-05-20 09:35 - 000000000 ____D C:\Windows\Panther
2019-05-05 05:00 - 2019-05-05 05:00 - 000000000 ____D C:\ProgramData\Sophos
2019-05-05 05:00 - 2019-05-05 05:00 - 000000000 ____D C:\Program Files (x86)\Sophos
2019-05-05 02:16 - 2019-05-05 02:16 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\mbamtray
2019-05-05 02:16 - 2019-05-05 02:16 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\mbam
2019-05-04 04:22 - 2019-05-04 04:22 - 012844032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 012140032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 005436904 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 005296640 _____ (Microsoft Corporation) C:\Windows\System32\cdp.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 005210904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 004997096 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepository.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 003982848 _____ (Microsoft Corporation) C:\Windows\System32\EdgeContent.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 003551112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 003426816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 003406848 _____ (Microsoft Corporation) C:\Windows\System32\MSVidCtl.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 002995712 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 002701512 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 002393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 002205184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 002073960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001994976 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001768960 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Input.Inking.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001674696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001671352 _____ (Microsoft Corporation) C:\Windows\System32\gdi32full.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001653760 _____ (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001467552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001315328 _____ (Microsoft Corporation) C:\Windows\System32\wpnapps.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001219640 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepositoryPS.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001001472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000999424 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000949248 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Management.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000815616 _____ (Microsoft Corporation) C:\Windows\System32\MdmDiagnostics.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000806600 _____ C:\Windows\SysWOW64\locale.nls
2019-05-04 04:22 - 2019-05-04 04:22 - 000806600 _____ C:\Windows\System32\locale.nls
2019-05-04 04:22 - 2019-05-04 04:22 - 000782848 _____ (Microsoft Corporation) C:\Windows\System32\ngcsvc.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000780632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000725696 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000695296 _____ (Microsoft Corporation) C:\Windows\System32\hhctrl.ocx
2019-05-04 04:22 - 2019-05-04 04:22 - 000679424 _____ (Microsoft Corporation) C:\Windows\System32\AppReadiness.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000676256 _____ (Microsoft Corporation) C:\Windows\System32\StateRepository.Core.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000673280 _____ (Microsoft Corporation) C:\Windows\System32\configmanager2.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000663552 _____ (Microsoft Corporation) C:\Windows\System32\PsmServiceExtHost.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000651576 _____ (Microsoft Corporation) C:\Windows\System32\securekernel.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000649064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000638376 _____ (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000610304 _____ (Microsoft Corporation) C:\Windows\System32\daxexec.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000577024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2019-05-04 04:22 - 2019-05-04 04:22 - 000553656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000553472 _____ (Microsoft Corporation) C:\Windows\System32\dmenrollengine.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000540720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StateRepository.Core.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000531968 _____ (Microsoft Corporation) C:\Windows\System32\sppcext.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000514632 _____ (Microsoft Corporation) C:\Windows\System32\policymanager.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000495616 _____ (Microsoft Corporation) C:\Windows\System32\DDDS.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000469504 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000454160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2019-05-04 04:22 - 2019-05-04 04:22 - 000451080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000424960 _____ (Microsoft Corporation) C:\Windows\System32\SDDS.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000421392 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2019-05-04 04:22 - 2019-05-04 04:22 - 000370176 _____ (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000366592 _____ (Microsoft Corporation) C:\Windows\System32\Wldap32.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000359936 _____ (Microsoft Corporation) C:\Windows\System32\DeviceEnroller.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000349696 _____ (Microsoft Corporation) C:\Windows\System32\AcGenral.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000326144 _____ (Microsoft Corporation) C:\Windows\System32\DiagnosticLogCSP.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000320512 _____ (Microsoft Corporation) C:\Windows\System32\omadmclient.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000302080 _____ (Microsoft Corporation) C:\Windows\System32\dmenterprisediagnostics.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000280592 _____ (Microsoft Corporation) C:\Windows\System32\browserbroker.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000263576 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\System32\notepad.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000246784 _____ (Microsoft Corporation) C:\Windows\System32\mdmregistration.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000244224 _____ (Microsoft Corporation) C:\Windows\System32\JpnServiceDS.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000240128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000201728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000197120 _____ (Microsoft Corporation) C:\Windows\System32\updatepolicy.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000157200 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepositoryClient.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000153088 _____ (Microsoft Corporation) C:\Windows\System32\fcon.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000146744 _____ (Microsoft Corporation) C:\Windows\System32\mqmigplugin.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000129848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqmigplugin.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000122680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000109568 _____ C:\Windows\System32\uwfcfgmgmt.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000101376 _____ (Microsoft Corporation) C:\Windows\System32\ActiveSyncCsp.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000086960 _____ (Microsoft Corporation) C:\Windows\System32\taskhostw.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000064000 _____ (Microsoft Corporation) C:\Windows\System32\EASPolicyManagerBrokerHost.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000051712 _____ (Microsoft Corporation) C:\Windows\System32\MdmDiagnosticsTool.exe
2019-04-24 10:45 - 2019-05-07 11:51 - 004340120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-04-24 10:45 - 2019-04-18 09:02 - 001722064 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6443039.dll
2019-04-24 10:45 - 2019-04-18 09:02 - 001467648 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6443039.dll
2019-04-24 10:45 - 2019-04-17 15:25 - 000046848 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2019-04-22 18:19 - 2019-04-10 06:52 - 001734288 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6442531.dll
2019-04-22 18:19 - 2019-04-10 06:52 - 001467864 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6442531.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-21 07:52 - 2018-12-30 13:39 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-21 07:52 - 2018-09-14 22:09 - 000524288 _____ C:\Windows\System32\config\BBI
2019-05-21 07:52 - 2017-08-05 23:51 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-21 07:52 - 2016-10-30 09:59 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\WTablet
2019-05-21 07:52 - 2016-09-22 10:24 - 000000000 ____D C:\ProgramData\Autodesk
2019-05-21 07:51 - 2019-04-01 13:09 - 000006144 _____ () C:\Windows\System32\libntsc1.dll
2019-05-21 07:51 - 2018-09-14 23:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-21 07:09 - 2018-12-30 13:43 - 000972156 _____ C:\Windows\System32\PerfStringBackup.INI
2019-05-21 07:09 - 2018-09-14 23:31 - 000000000 ____D C:\Windows\INF
2019-05-21 07:04 - 2016-11-18 12:48 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\LocalLow\Mozilla
2019-05-20 13:48 - 2018-12-30 13:25 - 000000000 ____D C:\Windows\System32\SleepStudy
2019-05-20 12:38 - 2016-09-22 10:51 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Battle.net
2019-05-19 12:34 - 2018-09-14 23:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-05-19 12:33 - 2016-09-30 05:12 - 000000000 ____D C:\Program Files\Microsoft Office
2019-05-19 08:31 - 2017-03-26 01:58 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\discord
2019-05-19 04:36 - 2018-01-26 05:10 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Personify
2019-05-18 14:49 - 2016-09-22 11:45 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\uTorrent
2019-05-18 08:48 - 2016-09-25 01:13 - 000000000 ____D C:\Program Files (x86)\Overwatch
2019-05-18 08:31 - 2018-09-14 22:09 - 000032768 _____ C:\Windows\System32\config\ELAM
2019-05-18 05:18 - 2018-12-30 13:39 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-05-16 07:19 - 2018-12-30 13:25 - 000495976 _____ C:\Windows\System32\FNTCACHE.DAT
2019-05-16 07:18 - 2018-09-14 23:33 - 000000000 ___SD C:\Windows\System32\DiagSvcs
2019-05-16 07:18 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\bcastdvr
2019-05-16 07:15 - 2018-09-14 23:23 - 000000000 ____D C:\Windows\CbsTemp
2019-05-16 07:10 - 2018-09-14 23:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-16 07:10 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\AppReadiness
2019-05-15 07:00 - 2018-12-30 13:39 - 000003628 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 07:00 - 2018-12-30 13:39 - 000003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-15 06:46 - 2016-09-22 08:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-14 12:32 - 2016-09-24 01:43 - 000000000 ____D C:\Windows\System32\MRT
2019-05-14 12:30 - 2016-09-24 01:43 - 132445408 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2019-05-14 12:25 - 2018-12-30 13:39 - 000004600 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-05-14 12:25 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-05-14 12:25 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\System32\Macromed
2019-05-13 13:23 - 2018-09-14 23:36 - 000835688 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-05-13 13:23 - 2018-09-14 23:36 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-11 10:38 - 2016-09-22 11:04 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\NVIDIA
2019-05-10 09:35 - 2018-05-13 10:36 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\D3DSCache
2019-05-07 11:51 - 2018-12-14 09:44 - 005085152 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2019-05-07 11:47 - 2016-09-22 10:51 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-05-06 11:16 - 2016-09-22 14:01 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\CrashDumps
2019-05-05 21:35 - 2018-12-14 09:44 - 000052319 _____ C:\Windows\System32\nvinfo.pb
2019-05-05 18:43 - 2017-08-05 23:51 - 005432176 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2019-05-05 18:43 - 2017-08-05 23:51 - 002637808 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2019-05-05 18:43 - 2017-08-05 23:51 - 001767736 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2019-05-05 18:43 - 2017-08-05 23:51 - 000651248 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2019-05-05 18:43 - 2017-08-05 23:51 - 000450416 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2019-05-05 18:43 - 2017-08-05 23:51 - 000125424 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2019-05-05 18:43 - 2017-08-05 23:51 - 000082984 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2019-05-05 13:40 - 2018-09-14 23:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-05-05 13:03 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\System32\NDF
2019-05-05 09:13 - 2016-09-22 12:41 - 000000000 ___RD C:\Users\Bogdan Placintescu\OneDrive
2019-05-05 09:12 - 2016-09-30 06:38 - 000000000 ____D C:\ProgramData\Apple
2019-05-05 09:12 - 2016-09-30 06:38 - 000000000 ____D C:\Program Files\Common Files\Apple
2019-05-05 04:25 - 2017-12-11 03:02 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Packages
2019-05-05 04:25 - 2016-12-25 02:50 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\Samsung
2019-05-05 04:25 - 2016-12-25 02:50 - 000000000 ____D C:\Program Files (x86)\Samsung
2019-05-05 04:25 - 2016-09-22 11:08 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-05-05 04:23 - 2017-10-19 05:36 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\Visual Studio Setup
2019-05-05 04:23 - 2017-10-19 05:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-05-05 04:22 - 2018-12-30 23:15 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-05-05 03:49 - 2016-09-22 06:34 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\ElevatedDiagnostics
2019-05-05 01:53 - 2017-08-05 23:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-05-04 12:01 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\TextInput
2019-05-04 12:01 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\ShellExperiences
2019-05-04 12:01 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-04-27 07:54 - 2019-03-31 10:44 - 000000000 ____D C:\Users\Bogdan Placintescu\Documents\Gaem 2.0
2019-04-27 07:54 - 2019-03-31 10:38 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Unity
2019-04-27 07:53 - 2019-03-31 10:38 - 000000000 ____D C:\ProgramData\Unity
2019-04-25 11:45 - 2017-08-05 23:51 - 008571382 _____ C:\Windows\System32\nvcoproc.bin
2019-04-25 11:03 - 2019-04-13 03:48 - 000000000 ____D C:\Users\Bogdan Placintescu\Documents\BotaniculaSaves
2019-04-24 13:11 - 2017-08-05 23:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-04-23 11:04 - 2018-02-24 17:33 - 000000000 ____D C:\Windows\System32\Drivers\wd
2019-04-23 10:28 - 2016-09-22 10:51 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Blizzard Entertainment
2019-04-22 18:15 - 2018-12-30 13:39 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2017-08-05 23:50 - 000000000 ____D C:\Program Files\NVIDIA Corporation

==================== KnownDLLs (Whitelisted) =========================

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\dllhost.exe => MD5 is legit
C:\Windows\SysWOW64\dllhost.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points =========================

Restore point date: 2019-05-20 09:12

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16343.69 MB
Available physical RAM: 15189.45 MB
Total Virtual: 16343.69 MB
Available Virtual: 15237.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.97 GB) (Free:19.41 GB) NTFS
Drive d: (docs) (Fixed) (Total:465.56 GB) (Free:87.66 GB) NTFS
Drive e: (External HDD) (Fixed) (Total:931.48 GB) (Free:370.17 GB) NTFS
Drive f: (ESD-USB) (Removable) (Total:14.44 GB) (Free:10.47 GB) FAT32
Drive g: (ESD-USB) (Removable) (Total:29.83 GB) (Free:29.22 GB) FAT32
Drive I: () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.49 GB) (Free:0.49 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{f64b6e0d-6061-4478-9504-b6e3c22eadef}\ () (Fixed) (Total:0.2 GB) (Free:0.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: B8F57F55)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)

========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 14.5 GB) (Disk ID: 5E42AD9F)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)

========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 29.9 GB) (Disk ID: 23C09768)
Partition 1: (Active) - (Size=29.9 GB) - (Type=0C)
==================== End of FRST.txt ============================

Broni · May 21, 2019

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8/10: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next, restart normally and see how it goes.

TSemp · May 21, 2019

Same problem, same file.

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by SYSTEM (21-05-2019 20:39:35) Run:4
Running from G:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
2019-05-20 12:51 - 2019-05-21 07:51 - 000015360 _____ () C:\Windows\System32\tlpless.dll

*****************

"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
C:\Windows\System32\tlpless.dll => moved successfully

==== End of Fixlog 20:39:35 ====

Broni · May 21, 2019

Let me consult my colleagues regarding this issue.
Hold on there.

Broni · May 21, 2019

Download Process Monitor: https://docs.microsoft.com/en-us/sysinternals/downloads/procmon
Unzip the file. There is no installation. Simply double click on Procmon.exe to run the program.
Click on Options and then checkmark "Enable Boot Logging".

For now leave the program alone and give me fresh FRST log. Same way as before.

TSemp · May 21, 2019

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05.2019
Ran by SYSTEM on MININT-2SGTKG5 (21-05-2019 23:05:48)
Running from G:\
Platform: Windows 10 Pro Version 1809 17763.503 (X64) Language: English (United States)
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc -> Logitech Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9280848 2018-06-20] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3942936 2018-11-02] (Logitech -> Logitech, Inc.)
HKLM\...\Run: [iTunesHelper] => "E:\iTunes\iTunesHelper.exe"
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-02-28] (Adobe Systems Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [4992048 2019-05-02] (Adobe Inc. -> Adobe Systems Inc.)
HKLM-x32\...\Run: [OGMgmmouseRun] => "E:\Program Files (x86)\VENUS Gaming Mouse\ogmmon.exe" -runauto
HKLM-x32\...\Run: [Autodesk Desktop App] => C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AutodeskDesktopApp.exe [636712 2018-11-30] (Autodesk, Inc. -> Autodesk, Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [26183352 2018-08-10] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [598200 2018-06-05] (Razer USA Ltd. -> Razer Inc.)
HKLM-x32\...\Run: [ElectraV2Helper] => C:\Program Files (x86)\Razer\Razer_ElectraV2_Driver\Drivers\SysAudio\ElectraV2Helper.exe [1598920 2017-09-05] (Razer USA Ltd. -> Razer Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [645456 2019-04-01] (Oracle America, Inc. -> Oracle Corporation)
HKU\Bogdan Placintescu\...\Run: [Akamai NetSession Interface] => "C:\Users\Bogdan Placintescu\AppData\Local\Akamai\netsession_win.exe"
HKU\Bogdan Placintescu\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [6110768 2019-05-02] (Adobe Inc. -> Adobe Systems Incorporated)
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-14] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-14] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518656 2018-09-14] (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0284C292-4912-4429-8101-16F136AFE575} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {0749FAB6-4D8F-4F67-9D68-362E95032A8A} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {0795D9DC-9174-4463-99DB-8F33355D75F2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2194552 2019-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {0CA9D8A3-F45A-4668-89F8-56AA69E97E4A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {117FDA22-E32C-49E6-80DE-85CF33023755} - System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {11D6B867-12FD-4901-B62D-DA99BE179FCC} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3728752 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {137C7004-DDBA-4866-A8C7-29D2ACA89E9E} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe [814872 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
Task: {1B2867BE-A1AE-47E1-80CF-AE0710C7DA42} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {1C0F7EBD-634C-4EFF-B133-829EA2ED3EE0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1C50C723-B142-474A-BAF4-4192658E0EF2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {1CDB4668-AFD2-4617-ADA9-E4B0A0C71A2D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-24] (Google Inc -> Google Inc.)
Task: {23219ADF-2F5F-4205-A96C-D7E40BCBA44D} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {2BF0A387-5DD9-45CD-AD9D-11A4779A81BC} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204464 2019-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {2EE3249F-929E-4DFF-934C-BA6CD181B366} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {344DD59A-C6D1-4F8B-859D-E1E65A59621A} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {37D143A1-2D8E-4C47-B853-78AC768D6990} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [648048 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {3BF8EB1E-E448-4257-8CFD-D3540AB41E53} - System32\Tasks\NahimicVRSvc32Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\NahimicVRSvc32.exe
Task: {4119A10B-A026-4B86-902C-3C91E3123BC5} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1195544 2018-12-16] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
Task: {5024A0C1-4D2C-4872-84B9-86CA6C2D044C} - System32\Tasks\AdobeAAMUpdater-1.0-bogdanPC-Bogdan Placintescu => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-10] (Adobe Systems Incorporated -> Adobe Systems Incorporated)
Task: {52227192-6BFA-4F16-969C-71E025C38BB3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {540D33E0-999D-45B7-B9CE-19A685E7AC0F} - System32\Tasks\{6C2DAB19-5AE6-4CF2-ACE0-D9ACD5B7025B} => "c:\program files (x86)\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.27.0.101/en/abandoninstall?source=lightinstaller&page=tsInstall
Task: {56E7B2CB-4840-4B7E-A51A-FD5FFC79CA40} - System32\Tasks\NahimicVRSvc64Run => C:\Program Files\Nahimic\Nahimic VR\Foundation\x64\NahimicVRSvc64.exe
Task: {58FBE838-DD1F-4945-A4A8-EAE0A5C82A51} - System32\Tasks\NahimicMSIUILauncherRun => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIUILauncher.exe
Task: {5F560878-9FE7-4AF5-82D0-83021B3AE699} - System32\Tasks\AdobeGCInvoker-1.0-bogdanPC-Bogdan Placintescu => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2849872 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {610CBD23-0965-4265-BFBF-3B0C68145A3E} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {682081D8-468C-4ECB-81C4-9DFCCAFAA93C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [616320 2018-01-08] (Apple Inc. -> Apple Inc.)
Task: {6B4CA342-1A05-4C92-8972-6F6CE7750032} - System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6C976C65-8DA2-4A59-9812-C6439A28E5FA} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {6F93F102-4493-4137-AEB6-8B6E70B35543} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-05-14] (Adobe Inc. -> Adobe)
Task: {7837183E-7A6B-4836-9C93-09BCFCD25C05} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {785A71E0-8465-4233-9550-9702335CC148} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {79DC6E9E-3670-404D-AD61-30C879584E32} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [849264 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {7B6B3B6A-E477-401A-B645-7497FD8C8D39} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {7D52F601-9495-4FAD-920F-FC2932BCE113} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {7F400141-E03A-4E7E-A982-D7125A7DEFF1} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {80EEE903-282E-4A31-8BB0-7DEEE764B3D5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8254BBF5-32DE-4917-84B5-32802E903646} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [26197064 2019-05-08] (Microsoft Corporation -> Microsoft Corporation)
Task: {82C041E8-23B9-4C85-AECE-CFB4D2349241} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {85B1FD53-BD61-4742-B8B3-FFF44B1C3DB7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {87FB8B61-BF99-4D34-B0AF-19A4D0EFC6A0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {974BEB57-6A52-412B-85FA-645B04EB40F4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149016 2019-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {9FA8B9F6-1B53-4CDC-9BB0-02E0EA0EFBC3} - System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {A7126541-41B8-4D26-9CA2-805B50027D62} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AC3AF794-4019-4AED-B665-42AED5971667} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\sdxhelper.exe [149016 2019-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {B4D01540-5D9A-4446-88E4-2E20BD53A078} - System32\Tasks\NahimicMSIsvc32Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\NahimicMSIsvc32.exe
Task: {B6EB18B9-A3D3-489E-9D6D-186BA5835879} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {B9B3CAB9-5824-42E7-988A-2005F2E5CDFE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {BB7BB22A-4C82-4702-B23F-8F03FBBF621C} - System32\Tasks\NahimicMSIsvc64Run => C:\Program Files\Nahimic\NahimicMSI\UserInterface\x64\NahimicMSIsvc64.exe
Task: {C5F735DC-6D83-4D58-AD98-BB53C5060305} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {D0774F15-C380-483C-9D0B-0E44AC0439F4} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-02-28] (Adobe Systems Incorporated -> Adobe Inc.)
Task: {D4B2C546-F65D-4CB8-A024-D692EBB64420} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MpCmdRun.exe [480352 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {DAD33619-2A1D-40A2-BBAF-93BA9B44D816} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2016-10-24] (Google Inc -> Google Inc.)
Task: {DDE04B2C-4CCE-49F7-855D-E017E31FD553} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [876912 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {E39F8E32-F4B6-44B2-B8AF-D84A6CFEB7B8} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [438272 2018-09-14] ()
Task: {E5E4E6C3-3F12-438D-A71D-253A3530894C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {E767AFBE-E2EC-4B5D-AEA4-1F3A867C1A5E} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E955FE48-C989-4340-BB03-0082F5A24AA4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_192_Plugin.exe [1457208 2019-05-14] (Adobe Inc. -> Adobe)
Task: {EC96CD45-159B-41A3-9B1A-C7552CAD08F9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [6204464 2019-05-19] (Microsoft Corporation -> Microsoft Corporation)
Task: {EE7BE730-A3B3-46D6-996C-B9B1F2D5AC2C} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {EFBF5E6B-A844-493C-9E3C-E16CC1CC66AB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {EFF6A01B-018D-468F-B604-1FD29F173A93} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F26BFF45-13BA-4796-A7A7-D8BC3CFD8B7E} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [590704 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F506FF40-FC82-4E4F-95A0-6F66B5A2F1AA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {FA625662-B852-4517-99CB-9B918776684C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Intel PTT EK Recertification.job => C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\IntelPTTEKRecertification.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdAppMgrSvc; C:\Program Files (x86)\Autodesk\Autodesk Desktop App\AdAppMgrSvc.exe [1162616 2018-11-30] (Autodesk, Inc. -> Autodesk Inc.)
S2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-02-28] (Adobe Systems Incorporated -> Adobe Inc.)
S2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3117648 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2888272 2019-05-04] (Adobe Inc. -> Adobe Systems, Incorporated)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [85304 2018-10-16] (Apple Inc. -> Apple Inc.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [5708808 2018-03-31] (BattlEye Innovations e.K. -> )
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [11146824 2019-05-08] (Microsoft Corporation -> Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [775296 2018-03-31] (EasyAntiCheat Oy -> EasyAntiCheat Ltd)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe [758552 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 Intel(R) TPM Provisioning Service; C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe [719640 2018-03-02] (Intel(R) Trust Services -> Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [205968 2017-12-03] (Intel(R) Embedded Subsystems and IP Blocks Group -> Intel Corporation)
S2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc -> Logitech Inc.)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6562472 2019-02-01] (Malwarebytes Corporation -> Malwarebytes)
S2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2315960 2018-08-09] (MICRO-STAR INTERNATIONAL CO., LTD. -> Micro-Star INT'L CO., LTD.)
S2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [781680 2019-04-02] (NVIDIA Corporation -> NVIDIA Corporation)
S2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189776 2018-03-14] (Razer USA Ltd. -> )
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5382448 2019-04-09] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 SNMP; C:\Windows\System32\snmp.exe [53248 2018-12-30] (Microsoft Corporation)
S4 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [384512 2018-09-15] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\NisSrv.exe [3851264 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
S2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1904.1-0\MsMpEng.exe [118144 2019-04-23] (Microsoft Corporation -> Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [2252232 2018-09-24] (Wacom Technology Corporation -> Wacom Technology, Corp.)
S2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
S2 NvTelemetryContainer; "C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 hidkmdf; C:\Windows\System32\drivers\hidkmdf.sys [23784 2016-10-06] (Wacom Technology Corporation -> Windows (R) Win 7 DDK provider)
S3 I2cHkBurn; C:\Windows\system32\drivers\I2cHkBurn.sys [41760 2015-07-26] (Feature Integration Technology -> FINTEK Corp.)
S3 KillerEth; C:\Windows\System32\drivers\e2xw10x64.sys [145920 2018-09-14] (Microsoft Windows -> Qualcomm Atheros, Inc.)
S2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech -> Logitech)
S3 LGJoyHidFilter; C:\Windows\system32\drivers\LGJoyHidFilter.sys [57368 2016-08-29] (Logitech Inc -> Logitech Inc.)
S3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-08-29] (Logitech Inc -> Logitech Inc.)
S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [20936 2019-02-01] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
S3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_bfe69934a6b764ef\nvlddmkm.sys [21672560 2019-05-07] (NVIDIA Corporation -> NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30336 2019-03-27] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [69840 2019-03-18] (NVIDIA Corporation -> NVIDIA Corporation)
S3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [66792 2018-10-03] (NVIDIA Corporation -> NVIDIA Corporation)
S3 pmxdrv; C:\WINDOWS\system32\drivers\pmxdrv.sys [31152 2016-11-30] (PAIPTAC Driver -> )
S0 PROCMON24; C:\Windows\System32\Drivers\PROCMON24.SYS [97176 2019-05-21] (Microsoft Windows Hardware Compatibility Publisher -> Sysinternals - www.sysinternals.com)
S2 rzpmgrk; C:\WINDOWS\system32\drivers\rzpmgrk.sys [44160 2018-03-14] (Razer USA Ltd. -> Razer, Inc.)
S2 rzpnk; C:\WINDOWS\system32\drivers\rzpnk.sys [140040 2018-03-20] (Razer USA Ltd. -> Razer, Inc.)
S3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2013-05-18] (Bruce James -> Scarlet.Crush Productions)
S3 usbglcs1100302; C:\Windows\system32\drivers\usbglcs1100302.sys [25600 2014-06-11] (Windows (R) Win 7 DDK provider)
S3 VaneFltr; C:\Windows\system32\drivers\Lachesis.sys [30336 2007-08-16] (Razer (Asia-Pacific) Pte Ltd)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46472 2019-04-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WDC_SAM; C:\Windows\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
S0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [344544 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [60896 2019-04-23] (Microsoft Windows -> Microsoft Corporation)
S1 ydsashiz; C:\WINDOWS\system32\drivers\ydsashiz.sys [72816 2019-05-21] (Microsoft Corporation -> Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-21 11:59 - 2019-05-21 11:59 - 000097176 ____H (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCMON24.SYS
2019-05-21 11:58 - 2019-03-24 04:05 - 002196016 ____N (Sysinternals - www.sysinternals.com) C:\Users\Bogdan Placintescu\Desktop\Procmon.exe
2019-05-21 11:58 - 2019-03-24 04:05 - 000063582 ____N C:\Users\Bogdan Placintescu\Desktop\procmon.chm
2019-05-21 11:58 - 2018-09-27 06:55 - 000007490 ____N C:\Users\Bogdan Placintescu\Desktop\Eula.txt
2019-05-21 09:42 - 2019-05-21 09:42 - 000072816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ydsashiz.sys
2019-05-21 09:41 - 2019-05-21 09:41 - 000015360 _____ () C:\Windows\System32\tlpless.dll
2019-05-20 20:50 - 2019-05-21 20:40 - 000000000 _____ C:\Recovery.txt
2019-05-20 09:08 - 2019-05-20 09:35 - 000000000 ____D C:\ESD
2019-05-20 09:06 - 2019-05-20 09:06 - 019229160 _____ (Microsoft Corporation) C:\Users\Bogdan Placintescu\Desktop\MediaCreationTool1809.exe
2019-05-20 09:06 - 2019-05-20 09:06 - 000000000 ___HD C:\$Windows.~WS
2019-05-20 09:06 - 2019-05-20 09:06 - 000000000 ____D C:\$WINDOWS.~BT
2019-05-18 12:58 - 2019-05-18 12:58 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\ESET
2019-05-18 12:57 - 2019-05-18 12:57 - 007657592 _____ (ESET spol. s r.o.) C:\Users\Bogdan Placintescu\Downloads\esetonlinescanner_enu.exe
2019-05-16 11:11 - 2019-05-19 03:47 - 002435072 _____ (Farbar) C:\Users\Bogdan Placintescu\Desktop\FRST64.exe
2019-05-16 07:17 - 2019-05-16 07:17 - 000003668 _____ C:\Windows\System32\Tasks\CreateExplorerShellUnelevatedTask
2019-05-16 07:16 - 2019-05-16 07:17 - 000001281 _____ C:\DelFix.txt
2019-05-16 07:16 - 2019-05-16 07:16 - 000000000 ____D C:\Windows\ERUNT
2019-05-16 07:14 - 2019-05-16 07:14 - 026807808 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 023438848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 020814848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 019022336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 009682744 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 007883776 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 007879680 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 007687576 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 007645384 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 006542464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 006440960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 006309040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 006072320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 005498880 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 005040640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 004883968 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 004660736 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 004588544 _____ (Microsoft Corporation) C:\Windows\System32\sppsvc.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 003905536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 003743744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 003637248 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 003602944 _____ (Microsoft Corporation) C:\Windows\System32\tellib.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 003557888 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 003384832 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 003363856 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 002780000 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 002708480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 002422272 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 002278240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 002189312 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001860096 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001760768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001701888 _____ (Microsoft Corporation) C:\Windows\System32\GdiPlus.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001699496 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2019-05-16 07:14 - 2019-05-16 07:14 - 001641616 _____ (Microsoft Corporation) C:\Windows\System32\sppobjs.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001605120 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.desktop.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001470016 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 001395264 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001387520 _____ (Microsoft Corporation) C:\Windows\System32\bcastdvruserservice.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001342608 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2019-05-16 07:14 - 2019-05-16 07:14 - 001311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msjet40.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001309696 _____ (Microsoft Corporation) C:\Windows\System32\webplatstorageserver.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001290752 _____ (Microsoft Corporation) C:\Windows\System32\werconcpl.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001253904 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 001225728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 001179680 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 001062400 _____ (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 001054712 _____ (Microsoft Corporation) C:\Windows\System32\ApplyTrustOffline.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 001048376 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 001026792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000972288 _____ (Microsoft Corporation) C:\Windows\System32\StorSvc.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000912384 _____ (Microsoft Corporation) C:\Windows\System32\EdgeManager.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000895792 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000865280 _____ (Microsoft Corporation) C:\Windows\System32\netlogon.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000840192 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000807464 _____ (Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000758896 _____ (Microsoft Corporation) C:\Windows\System32\tcblaunch.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000703488 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000684032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000680184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000663040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000660992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000594944 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000586280 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000543744 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000525824 _____ (Microsoft Corporation) C:\Windows\System32\nltest.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000508432 _____ (Microsoft Corporation) C:\Windows\System32\WerFault.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000495104 _____ (Microsoft Corporation) C:\Windows\System32\werui.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000449376 _____ (Microsoft Corporation) C:\Windows\System32\Faultrep.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000444944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000387832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspbde40.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrd3x40.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msexcl40.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000317240 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mssecflt.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000254952 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelpep.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000240640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msltus40.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000223544 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\intelppm.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000217088 _____ (Microsoft Corporation) C:\Windows\System32\DWWIN.EXE
2019-05-16 07:14 - 2019-05-16 07:14 - 000216064 _____ (Microsoft Corporation) C:\Windows\System32\wersvc.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000212792 _____ (Microsoft Corporation) C:\Windows\System32\wermgr.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000203272 _____ (Microsoft Corporation) C:\Windows\System32\tcbloader.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000202768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdk8.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000201016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\amdppm.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000198456 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\processr.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000192824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000181248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2019-05-16 07:14 - 2019-05-16 07:14 - 000179728 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\wfplwfs.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000179200 _____ (Microsoft Corporation) C:\Windows\System32\t2embed.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000177976 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000163240 _____ (Microsoft Corporation) C:\Windows\System32\WerFaultSecure.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000155136 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000147736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\t2embed.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000128000 _____ (Microsoft Corporation) C:\Windows\System32\microsoft-windows-kernel-processor-power-events.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000124928 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000122368 _____ (Microsoft Corporation) C:\Windows\System32\wercplsupport.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000121656 _____ (Microsoft Corporation) C:\Windows\System32\kdnet.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000099192 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000092672 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2019-05-16 07:14 - 2019-05-16 07:14 - 000090640 _____ (Microsoft Corporation) C:\Windows\System32\hvloader.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000080184 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hvservice.sys
2019-05-16 07:14 - 2019-05-16 07:14 - 000079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dtdump.exe
2019-05-16 07:14 - 2019-05-16 07:14 - 000066688 _____ (Microsoft Corporation) C:\Windows\System32\cryptdll.dll
2019-05-16 07:14 - 2019-05-16 07:14 - 000055792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdll.dll

TSemp · May 21, 2019

2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth8.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth7.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth6.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth5.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth4.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth3.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth2.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000315 _____ C:\Windows\System32\DrtmAuth1.bin
2019-05-16 07:14 - 2019-05-16 07:14 - 000000000 ____D C:\Program Files (x86)\Java
2019-05-16 07:13 - 2019-05-16 07:13 - 000110968 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-64.dll
2019-05-16 07:13 - 2019-05-16 07:13 - 000110968 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge-64.dll
2019-05-16 07:13 - 2019-05-16 07:13 - 000000000 ____D C:\Program Files\Java
2019-05-15 10:42 - 2019-05-15 11:02 - 000000000 ____D C:\ProgramData\RogueKiller
2019-05-15 10:42 - 2019-05-15 10:42 - 000000000 ____D C:\Program Files\RogueKiller
2019-05-11 10:36 - 2019-05-07 11:56 - 011051912 _____ (NVIDIA Corporation) C:\Windows\System32\nvptxJitCompiler.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 009486536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 001006800 _____ C:\Windows\System32\vulkan-1-999-0-0-0.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 001006800 _____ C:\Windows\System32\vulkan-1.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 000870096 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 000870096 _____ C:\Windows\SysWOW64\vulkan-1.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 000552328 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 000457096 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2019-05-11 10:36 - 2019-05-07 11:56 - 000286416 _____ C:\Windows\System32\vulkaninfo-1-999-0-0-0.exe
2019-05-11 10:36 - 2019-05-07 11:56 - 000286416 _____ C:\Windows\System32\vulkaninfo.exe
2019-05-11 10:36 - 2019-05-07 11:56 - 000260304 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe
2019-05-11 10:36 - 2019-05-07 11:56 - 000260304 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2019-05-11 10:36 - 2019-05-07 11:55 - 002039688 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 001470856 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 001134016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 000821152 _____ (NVIDIA Corporation) C:\Windows\System32\nvmcumd.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 000675416 _____ C:\Windows\System32\nvofapi64.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 000631232 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFROpenGL.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 000541656 _____ C:\Windows\SysWOW64\nvofapi.dll
2019-05-11 10:36 - 2019-05-07 11:55 - 000521472 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 040412760 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 035270232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 020187904 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 017465512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 005421960 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 004758728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 001721600 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6443064.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 001540488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 001467648 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6443064.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 001162448 _____ (NVIDIA Corporation) C:\Windows\System32\nvfatbinaryLoader.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 000911616 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 000808840 _____ (NVIDIA Corporation) C:\Windows\System32\nvEncodeAPI64.dll
2019-05-11 10:36 - 2019-05-07 11:54 - 000654080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2019-05-08 07:37 - 2019-05-15 06:46 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2019-05-06 13:27 - 2019-05-07 11:23 - 000000000 ____D C:\Users\Bogdan Placintescu\Desktop\Crest
2019-05-05 14:13 - 2019-05-21 20:39 - 000000000 ____D C:\FRST
2019-05-05 13:40 - 2019-05-05 13:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-05-05 13:40 - 2019-05-05 13:40 - 000000000 ____D C:\Program Files\Malwarebytes
2019-05-05 13:40 - 2019-02-01 01:20 - 000020936 _____ (Malwarebytes) C:\Windows\System32\Drivers\MbamElam.sys
2019-05-05 13:40 - 2019-01-08 05:32 - 000153328 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbae64.sys
2019-05-05 07:35 - 2019-05-20 09:35 - 000000000 ____D C:\Windows\Panther
2019-05-05 05:00 - 2019-05-05 05:00 - 000000000 ____D C:\ProgramData\Sophos
2019-05-05 05:00 - 2019-05-05 05:00 - 000000000 ____D C:\Program Files (x86)\Sophos
2019-05-05 02:16 - 2019-05-05 02:16 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\mbamtray
2019-05-05 02:16 - 2019-05-05 02:16 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\mbam
2019-05-04 04:22 - 2019-05-04 04:22 - 012844032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 012140032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 005436904 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 005296640 _____ (Microsoft Corporation) C:\Windows\System32\cdp.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 005210904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 004997096 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepository.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 003982848 _____ (Microsoft Corporation) C:\Windows\System32\EdgeContent.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 003551112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 003426816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 003406848 _____ (Microsoft Corporation) C:\Windows\System32\MSVidCtl.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 002995712 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 002701512 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 002393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 002205184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 002073960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001994976 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001768960 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Input.Inking.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001674696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001671352 _____ (Microsoft Corporation) C:\Windows\System32\gdi32full.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001653760 _____ (Microsoft Corporation) C:\Windows\System32\wpncore.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001467552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001315328 _____ (Microsoft Corporation) C:\Windows\System32\wpnapps.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001219640 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepositoryPS.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 001001472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000999424 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000949248 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Management.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000815616 _____ (Microsoft Corporation) C:\Windows\System32\MdmDiagnostics.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000806600 _____ C:\Windows\SysWOW64\locale.nls
2019-05-04 04:22 - 2019-05-04 04:22 - 000806600 _____ C:\Windows\System32\locale.nls
2019-05-04 04:22 - 2019-05-04 04:22 - 000782848 _____ (Microsoft Corporation) C:\Windows\System32\ngcsvc.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000780632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000725696 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000695296 _____ (Microsoft Corporation) C:\Windows\System32\hhctrl.ocx
2019-05-04 04:22 - 2019-05-04 04:22 - 000679424 _____ (Microsoft Corporation) C:\Windows\System32\AppReadiness.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000676256 _____ (Microsoft Corporation) C:\Windows\System32\StateRepository.Core.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000673280 _____ (Microsoft Corporation) C:\Windows\System32\configmanager2.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000663552 _____ (Microsoft Corporation) C:\Windows\System32\PsmServiceExtHost.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000651576 _____ (Microsoft Corporation) C:\Windows\System32\securekernel.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000649064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000638376 _____ (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000610304 _____ (Microsoft Corporation) C:\Windows\System32\daxexec.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000577024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2019-05-04 04:22 - 2019-05-04 04:22 - 000553656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryPS.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000553472 _____ (Microsoft Corporation) C:\Windows\System32\dmenrollengine.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000540720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StateRepository.Core.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000531968 _____ (Microsoft Corporation) C:\Windows\System32\sppcext.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000514632 _____ (Microsoft Corporation) C:\Windows\System32\policymanager.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000495616 _____ (Microsoft Corporation) C:\Windows\System32\DDDS.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000469504 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000461824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000454160 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\rdbss.sys
2019-05-04 04:22 - 2019-05-04 04:22 - 000451080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000424960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000424960 _____ (Microsoft Corporation) C:\Windows\System32\SDDS.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000421392 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pci.sys
2019-05-04 04:22 - 2019-05-04 04:22 - 000370176 _____ (Microsoft Corporation) C:\Windows\System32\dxdiag.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000366592 _____ (Microsoft Corporation) C:\Windows\System32\Wldap32.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000359936 _____ (Microsoft Corporation) C:\Windows\System32\DeviceEnroller.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000349696 _____ (Microsoft Corporation) C:\Windows\System32\AcGenral.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000326144 _____ (Microsoft Corporation) C:\Windows\System32\DiagnosticLogCSP.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000321024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wldap32.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000320512 _____ (Microsoft Corporation) C:\Windows\System32\omadmclient.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxdiag.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000302080 _____ (Microsoft Corporation) C:\Windows\System32\dmenterprisediagnostics.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000280592 _____ (Microsoft Corporation) C:\Windows\System32\browserbroker.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000263576 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\System32\notepad.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000254464 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000246784 _____ (Microsoft Corporation) C:\Windows\System32\mdmregistration.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000244224 _____ (Microsoft Corporation) C:\Windows\System32\JpnServiceDS.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000240128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000201728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000197120 _____ (Microsoft Corporation) C:\Windows\System32\updatepolicy.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000157200 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepositoryClient.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000153088 _____ (Microsoft Corporation) C:\Windows\System32\fcon.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000146744 _____ (Microsoft Corporation) C:\Windows\System32\mqmigplugin.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000129848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mqmigplugin.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000122680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000109568 _____ C:\Windows\System32\uwfcfgmgmt.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000101376 _____ (Microsoft Corporation) C:\Windows\System32\ActiveSyncCsp.dll
2019-05-04 04:22 - 2019-05-04 04:22 - 000086960 _____ (Microsoft Corporation) C:\Windows\System32\taskhostw.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000064000 _____ (Microsoft Corporation) C:\Windows\System32\EASPolicyManagerBrokerHost.exe
2019-05-04 04:22 - 2019-05-04 04:22 - 000051712 _____ (Microsoft Corporation) C:\Windows\System32\MdmDiagnosticsTool.exe
2019-04-24 10:45 - 2019-05-07 11:51 - 004340120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2019-04-24 10:45 - 2019-04-18 09:02 - 001722064 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6443039.dll
2019-04-24 10:45 - 2019-04-18 09:02 - 001467648 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6443039.dll
2019-04-24 10:45 - 2019-04-17 15:25 - 000046848 _____ (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll
2019-04-22 18:19 - 2019-04-10 06:52 - 001734288 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6442531.dll
2019-04-22 18:19 - 2019-04-10 06:52 - 001467864 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6442531.dll

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-05-21 12:02 - 2018-12-30 13:39 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-05-21 12:02 - 2018-09-14 22:09 - 000524288 _____ C:\Windows\System32\config\BBI
2019-05-21 12:02 - 2017-08-05 23:51 - 000000000 ____D C:\ProgramData\NVIDIA
2019-05-21 12:01 - 2016-11-18 12:48 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\LocalLow\Mozilla
2019-05-21 11:56 - 2018-09-14 23:33 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2019-05-21 11:50 - 2018-12-30 13:25 - 000000000 ____D C:\Windows\System32\SleepStudy
2019-05-21 11:50 - 2016-10-30 09:59 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\WTablet
2019-05-21 09:47 - 2018-12-30 13:43 - 000972156 _____ C:\Windows\System32\PerfStringBackup.INI
2019-05-21 09:47 - 2018-09-14 23:31 - 000000000 ____D C:\Windows\INF
2019-05-21 09:41 - 2019-04-01 13:09 - 000006144 _____ () C:\Windows\System32\libntsc1.dll
2019-05-21 09:41 - 2016-09-22 10:24 - 000000000 ____D C:\ProgramData\Autodesk
2019-05-20 12:40 - 2016-09-22 10:51 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Battle.net
2019-05-19 12:34 - 2018-09-14 23:33 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2019-05-19 12:33 - 2016-09-30 05:12 - 000000000 ____D C:\Program Files\Microsoft Office
2019-05-19 08:31 - 2017-03-26 01:58 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\discord
2019-05-19 04:36 - 2018-01-26 05:10 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Personify
2019-05-18 14:49 - 2016-09-22 11:45 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\uTorrent
2019-05-18 08:48 - 2016-09-25 01:13 - 000000000 ____D C:\Program Files (x86)\Overwatch
2019-05-18 08:31 - 2018-09-14 22:09 - 000032768 _____ C:\Windows\System32\config\ELAM
2019-05-18 05:18 - 2018-12-30 13:39 - 000004562 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-05-16 07:19 - 2018-12-30 13:25 - 000495976 _____ C:\Windows\System32\FNTCACHE.DAT
2019-05-16 07:18 - 2018-09-14 23:33 - 000000000 ___SD C:\Windows\System32\DiagSvcs
2019-05-16 07:18 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\bcastdvr
2019-05-16 07:15 - 2018-09-14 23:23 - 000000000 ____D C:\Windows\CbsTemp
2019-05-16 07:10 - 2018-09-14 23:33 - 000000000 ___HD C:\Program Files\WindowsApps
2019-05-16 07:10 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\AppReadiness
2019-05-15 07:00 - 2018-12-30 13:39 - 000003628 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2019-05-15 07:00 - 2018-12-30 13:39 - 000003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2019-05-15 06:46 - 2016-09-22 08:08 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2019-05-14 12:32 - 2016-09-24 01:43 - 000000000 ____D C:\Windows\System32\MRT
2019-05-14 12:30 - 2016-09-24 01:43 - 132445408 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2019-05-14 12:25 - 2018-12-30 13:39 - 000004600 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2019-05-14 12:25 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-05-14 12:25 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\System32\Macromed
2019-05-13 13:23 - 2018-09-14 23:36 - 000835688 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-05-13 13:23 - 2018-09-14 23:36 - 000179816 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-05-11 10:38 - 2016-09-22 11:04 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\NVIDIA
2019-05-10 09:35 - 2018-05-13 10:36 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\D3DSCache
2019-05-07 11:51 - 2018-12-14 09:44 - 005085152 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2019-05-07 11:47 - 2016-09-22 10:51 - 000000000 ____D C:\Program Files (x86)\Battle.net
2019-05-06 11:16 - 2016-09-22 14:01 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\CrashDumps
2019-05-05 21:35 - 2018-12-14 09:44 - 000052319 _____ C:\Windows\System32\nvinfo.pb
2019-05-05 18:43 - 2017-08-05 23:51 - 005432176 _____ (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll
2019-05-05 18:43 - 2017-08-05 23:51 - 002637808 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll
2019-05-05 18:43 - 2017-08-05 23:51 - 001767736 _____ (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll
2019-05-05 18:43 - 2017-08-05 23:51 - 000651248 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshext.dll
2019-05-05 18:43 - 2017-08-05 23:51 - 000450416 _____ (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll
2019-05-05 18:43 - 2017-08-05 23:51 - 000125424 _____ (NVIDIA Corporation) C:\Windows\System32\nvshext.dll
2019-05-05 18:43 - 2017-08-05 23:51 - 000082984 _____ (NVIDIA Corporation) C:\Windows\System32\nv3dappshextr.dll
2019-05-05 13:40 - 2018-09-14 23:33 - 000000000 ___HD C:\Windows\ELAMBKUP
2019-05-05 13:03 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\System32\NDF
2019-05-05 09:13 - 2016-09-22 12:41 - 000000000 ___RD C:\Users\Bogdan Placintescu\OneDrive
2019-05-05 09:12 - 2016-09-30 06:38 - 000000000 ____D C:\ProgramData\Apple
2019-05-05 09:12 - 2016-09-30 06:38 - 000000000 ____D C:\Program Files\Common Files\Apple
2019-05-05 04:25 - 2017-12-11 03:02 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Packages
2019-05-05 04:25 - 2016-12-25 02:50 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\Samsung
2019-05-05 04:25 - 2016-12-25 02:50 - 000000000 ____D C:\Program Files (x86)\Samsung
2019-05-05 04:25 - 2016-09-22 11:08 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2019-05-05 04:23 - 2017-10-19 05:36 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Roaming\Visual Studio Setup
2019-05-05 04:23 - 2017-10-19 05:36 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2019-05-05 04:22 - 2018-12-30 23:15 - 000000000 ____D C:\Program Files (x86)\MSBuild
2019-05-05 03:49 - 2016-09-22 06:34 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\ElevatedDiagnostics
2019-05-05 01:53 - 2017-08-05 23:50 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2019-05-04 12:01 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\TextInput
2019-05-04 12:01 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\ShellExperiences
2019-05-04 12:01 - 2018-09-14 23:33 - 000000000 ____D C:\Windows\PolicyDefinitions
2019-04-27 07:54 - 2019-03-31 10:44 - 000000000 ____D C:\Users\Bogdan Placintescu\Documents\Gaem 2.0
2019-04-27 07:54 - 2019-03-31 10:38 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Unity
2019-04-27 07:53 - 2019-03-31 10:38 - 000000000 ____D C:\ProgramData\Unity
2019-04-25 11:45 - 2017-08-05 23:51 - 008571382 _____ C:\Windows\System32\nvcoproc.bin
2019-04-25 11:03 - 2019-04-13 03:48 - 000000000 ____D C:\Users\Bogdan Placintescu\Documents\BotaniculaSaves
2019-04-24 13:11 - 2017-08-05 23:50 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2019-04-23 11:04 - 2018-02-24 17:33 - 000000000 ____D C:\Windows\System32\Drivers\wd
2019-04-23 10:28 - 2016-09-22 10:51 - 000000000 ____D C:\Users\Bogdan Placintescu\AppData\Local\Blizzard Entertainment
2019-04-22 18:15 - 2018-12-30 13:39 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000004106 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003976 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003926 _____ C:\Windows\System32\Tasks\NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2018-12-30 13:39 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2019-04-22 18:15 - 2017-08-05 23:50 - 000000000 ____D C:\Program Files\NVIDIA Corporation

==================== KnownDLLs (Whitelisted) =========================

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\dllhost.exe => MD5 is legit
C:\Windows\SysWOW64\dllhost.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Association (Whitelisted) =============

==================== Restore Points =========================

Restore point date: 2019-05-20 09:12

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16343.69 MB
Available physical RAM: 15187.5 MB
Total Virtual: 16343.69 MB
Available Virtual: 15234.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:222.97 GB) (Free:19.37 GB) NTFS
Drive d: (docs) (Fixed) (Total:465.56 GB) (Free:87.66 GB) NTFS
Drive e: (External HDD) (Fixed) (Total:931.48 GB) (Free:370.17 GB) NTFS
Drive f: (ESD-USB) (Removable) (Total:14.44 GB) (Free:10.47 GB) FAT32
Drive g: (ESD-USB) (Removable) (Total:29.83 GB) (Free:29.22 GB) FAT32
Drive I: () (Fixed) (Total:0.5 GB) (Free:0.08 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.49 GB) (Free:0.49 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]

\\?\Volume{f64b6e0d-6061-4478-9504-b6e3c22eadef}\ () (Fixed) (Total:0.2 GB) (Free:0.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 223.6 GB) (Disk ID: B8F57F55)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=509 MB) - (Type=27)

========================================================
Disk: 1 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 931.5 GB) (Disk ID: 16F2A91F)

Partition: GPT.

========================================================
Disk: 3 (MBR Code: Windows 7/8/10) (Size: 14.5 GB) (Disk ID: 5E42AD9F)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)

========================================================
Disk: 4 (MBR Code: Windows 7/8/10) (Size: 29.9 GB) (Disk ID: 23C09768)
Partition 1: (Active) - (Size=29.9 GB) - (Type=0C)
==================== End of FRST.txt ============================

TSemp · May 21, 2019

Err.. I'm not sure if this is related to Process Monitor or to something else, but after the last restart, my C: drive is getting filled by... something. I used to have quite little space remaining on it (around 20 GB), but now it's under 10 and it keeps dropping visibly.

Broni · May 21, 2019

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8/10: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

==========================================================

Next, reboot normally, open Process Monitor, go File>Save.
Save the file to known location, zip it and upload it in your next reply.

TSemp · May 21, 2019

I tried to upload the logfile.zip but I get a file too large error (it has 15.7 mb)

Fix result of Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by SYSTEM (22-05-2019 00:01:54) Run:5
Running from G:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
S1 ydsashiz; C:\WINDOWS\system32\drivers\ydsashiz.sys [72816 2019-05-21] (Microsoft Corporation -> Microsoft Corporation)
C:\WINDOWS\system32\drivers\ydsashiz.sys
2019-05-21 09:41 - 2019-05-21 09:41 - 000015360 _____ () C:\Windows\System32\tlpless.dll
2019-05-21 09:41 - 2019-04-01 13:09 - 000006144 _____ () C:\Windows\System32\libntsc1.dll

*****************

ydsashiz => service not found.
"C:\WINDOWS\system32\drivers\ydsashiz.sys" => not found
C:\Windows\System32\tlpless.dll => moved successfully
C:\Windows\System32\libntsc1.dll => moved successfully

==== End of Fixlog 00:01:54 ====

Broni · May 21, 2019

Upload the file(s) here: http://www.sendspace.com/
Click on Browse button and navigate to the file you want to upload.
Click on Upload button.
Click on FIRST Copy Link button and paste the link in your next reply.

TSemp · May 21, 2019

https://www.sendspace.com/file/cwx1ox

Broni · May 21, 2019

I got the file but it's past midnight here so I'll take a look at it tomorrow.
BTW, after restart, same issue?

TSemp · May 21, 2019

Yup, still same problem. And don't worry, I really appreciate all your help!

Broni · May 22, 2019

Thank you.
I have to discuss that log file with my colleagues.

Broni · May 22, 2019

Re-run FRST normally.
In the search window type:

tlpless

Click on Search Registry button.
Post SearchReg.txt log here.

TSemp · May 22, 2019

Farbar Recovery Scan Tool (x64) Version: 19-05.2019
Ran by Bogdan Placintescu (22-05-2019 20:54:36)
Running from C:\Users\Bogdan Placintescu\Desktop
Boot Mode: Normal

================== Search Registry: "tlpless" ===========

====== End of Search ======

Broni · May 22, 2019

Open Process Monitor.
Try to unload and remove "tlpless.dll" via DLL Uninjector
Wait till the file will reappear on disk and then save the standard Process Monitor log (File>Save).

Upload the file(s) here: http://www.sendspace.com/
Click on Browse button and navigate to the file you want to upload.
Click on Upload button.
Click on FIRST Copy Link button and paste the link in your next reply.

TSemp · May 22, 2019

I ran DLL Uninjector. When Unloading tlpless.dll, Uninjector shows the process as C:\Windows\System32\svchost.exe and Windows Defender warns me again that a threat was found. When I try to delete it, I get a popup saying "Failed to delete the file. Do you want to delete the file on the next reboot?" Should I accept it?
As a side note, I noticed the "Enable boot logging" option resets to off whenever I open Process Monitor again. Should I turn it back on when I have to save a log from it?

Broni · May 22, 2019

Yes to both.

TSemp · May 22, 2019

Did that and rebooted PC, here's the log from File>Save https://www.sendspace.com/file/5nrg5c
When turning it on again, Process Monitor asked me if I wanted to save the Bootlog as well and I accepted just in case. Should I upload those files as well? (it's 5 of them of 300+MB each, so it might take a few minutes)

Broni · May 22, 2019

OK, to save you and me some time let's use some filters on all logs including the one you just uploaded.
Open each log with ProcMon.
Go Filter>Filter...
In first field select "Path" from drop down menu. Leave 2nd field as it is ("is").
In third field enter this:
C:\Windows\System32\tlpless.dll
Click OK.
Now go File>Save, name the log as you wish and save it to known location.
Do this for every log you have there.
This way all logs will be much smaller, so most likely you can zip all of them together into one file.

Then again...

Upload the file(s) here: http://www.sendspace.com/
Click on Browse button and navigate to the file you want to upload.
Click on Upload button.
Click on FIRST Copy Link button and paste the link in your next reply.

Solved Trojan Occamy

Posts: 67 +0

Posts: 56,041 +516

Posts: 67 +0

Posts: 67 +0

Posts: 56,041 +516

Attachments

Posts: 67 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 67 +0

Posts: 67 +0

Posts: 67 +0

Posts: 56,041 +516

Attachments

Posts: 67 +0

Posts: 56,041 +516

Posts: 67 +0

Posts: 56,041 +516

Posts: 67 +0

Posts: 56,041 +516

Posts: 56,041 +516

Posts: 67 +0

Posts: 56,041 +516

Posts: 67 +0

Posts: 56,041 +516

Posts: 67 +0

Posts: 56,041 +516

Similar threads