DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.14393.953 Run by irisl at 19:05:28 on 2017-08-05 Microsoft Windows 10 Home 10.0.14393.0.1252.47.1044.18.6018.429 [GMT 2:00] . AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\dwm.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe C:\WINDOWS\system32\dashost.exe C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\svchost.exe -k utcsvc C:\WINDOWS\system32\AdminService.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe C:\Program Files (x86)\Wondershare\WAF\2.3.2.219\WsAppService.exe C:\WINDOWS\system32\svchost.exe -k appmodel C:\Program Files (x86)\Popcorn Time\Updater.exe C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\WINDOWS\system32\sihost.exe C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup C:\WINDOWS\system32\taskhostw.exe C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\RuntimeBroker.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxEM.exe C:\Users\irisl\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Acer\Acer Quick Access\QASvc.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Acer\Acer Quick Access\QALSvc.exe C:\Program Files\Acer\Acer Quick Access\QAAgent.exe C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxext.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Windows\System32\CastSrv.exe C:\Program Files\Windows Defender\MSASCuiL.exe C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe C:\Program Files\DAEMON Tools Lite\DTAgent.exe C:\Program Files\CCleaner\CCleaner64.exe C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe C:\WINDOWS\system32\SettingSyncHost.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe C:\Program Files (x86)\Acer\Care Center\ACCStd.exe C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe C:\Windows\System32\SystemSettingsBroker.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Windows\System32\smartscreen.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\WINDOWS\system32\fontdrvhost.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\taskhostw.exe C:\WINDOWS\System32\svchost.exe -k WerSvcGroup C:\WINDOWS\system32\SearchProtocolHost.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\backgroundTaskHost.exe C:\Program Files\Windows Defender\MpCmdRun.exe C:\WINDOWS\system32\AUDIODG.EXE C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Users\irisl\Desktop\SecurityCheck.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\WINDOWS\SysWOW64\cmd.exe C:\WINDOWS\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-838b363c mStart Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-838b363c uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR uRun: [GoogleChromeAutoLaunch_C6C737B7D93E4924C8E500905989DF95] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 uRun: [uTorrent] "C:\Users\irisl\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED uRun: [CCleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO uRun: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun uRun: [Steam] "C:\Users\irisl\OneDrive\Dokumenter\steam\steam.exe" -silent StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\HANDYA~1.LNK - C:\Program Files\Andy\HandyAndy.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\SOFTET~1.LNK - C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe mPolicies-System: DSCAutomationHostEnabled = dword:2 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll TCP: NameServer = 193.213.112.4 130.67.15.198 TCP: Interfaces\{05b35933-a4f0-4abd-8a29-47c4cae4c3d3} : DHCPNameServer = 193.213.112.4 130.67.15.198 192.168.1.1 TCP: Interfaces\{05b35933-a4f0-4abd-8a29-47c4cae4c3d3}\A474D27457563747 : DHCPNameServer = 193.75.75.75 193.75.75.193 TCP: Interfaces\{05b35933-a4f0-4abd-8a29-47c4cae4c3d3}\B496C64656E6F56416365626F6F6B6 : DHCPNameServer = 10.128.128.128 TCP: Interfaces\{05b35933-a4f0-4abd-8a29-47c4cae4c3d3}\D61676163796E626C6161666275656 : DHCPNameServer = 212.33.132.30 212.33.135.184 TCP: Interfaces\{dde3b3d9-74a0-4352-8c00-ef686e9fa312} : DHCPNameServer = 192.168.38.1 TCP: Interfaces\{dde3b3d9-74a0-4352-8c00-ef686e9fa312}\25F47464B4 : DHCPNameServer = 152.93.122.51 152.93.122.52 TCP: Interfaces\{dde3b3d9-74a0-4352-8c00-ef686e9fa312}\35B4D2055524C49434 : DHCPNameServer = 92.220.228.70 8.8.8.8 109.247.114.4 TCP: Interfaces\{dde3b3d9-74a0-4352-8c00-ef686e9fa312}\64C6972657373756E6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{dde3b3d9-74a0-4352-8c00-ef686e9fa312}\E4162767563756E602B457E64656E6564747 : DHCPNameServer = 10.128.128.128 TCP: Interfaces\{dde3b3d9-74a0-4352-8c00-ef686e9fa312}\E4F627C65646F5B657E64656E6564747 : DHCPNameServer = 10.42.228.1 8.8.8.8 TCP: Interfaces\{df77c3aa-ce99-4bbf-aa0b-48063dfdda76} : DHCPNameServer = 193.213.112.4 130.67.15.198 TCP: Interfaces\{df77c3aa-ce99-4bbf-aa0b-48063dfdda76}\B416D60756E60213 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{df77c3aa-ce99-4bbf-aa0b-48063dfdda76}\B416D60756E6022302 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{df77c3aa-ce99-4bbf-aa0b-48063dfdda76}\B4F6C602B4861627160212 : DHCPNameServer = 192.168.1.1 Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll SSODL: WebCheck - LSA: Security Packages = "" mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\57.0.2987.133\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll x64-mStart Page = hxxps://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-838b363c x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s x64-Run: [RtHDVBg_TrueHarmony] "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /TRUEHARMONY x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe" x64-Run: [SoftEther VPN Client UI Helper] "C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe" /uihelp x64-mPolicies-System: DSCAutomationHostEnabled = dword:2 x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll x64-SSODL: WebCheck - x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com Hosts: 0.0.0.0 media.opencandy.com Hosts: 0.0.0.0 cdn.opencandy.com Hosts: 0.0.0.0 tracking.opencandy.com . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\irisl\AppData\Roaming\Mozilla\Firefox\Profiles\wjnhl6ja.default\ FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search?bcutc=sp-118-756 FF - prefs.js: browser.search.selectedEngine - Search Provided by Bing FF - prefs.js: browser.startup.homepage - hxxps://www.bing.com/search?FORM=INCOH1&PC=IC04&PTAG=ICO-838b363c FF - prefs.js: keyword.URL - true FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll FF - plugin: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL . ============= SERVICES / DRIVERS =============== . R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-8-28 1464752] R0 intelpep;Intel(R)-plugin-drivermodul for strømmotor;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152] R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2017-1-8 48992] R0 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-12-25 251832] R0 volume;Volumdriver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224] R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032] R0 WindowsTrustedRTProxy;Sikker tjeneste for klarert kjøretid fra Microsoft Windows;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944] R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-1-8 199008] R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-1-8 227328] R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576] R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192] R1 MpKsl32320a3b;MpKsl32320a3b;C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4FA3736E-D0A8-4E35-9395-B515A5902641}\MpKsl32320a3b.sys [2017-8-5 44928] R1 SeLow;SoftEther Lightweight Network Protocol;C:\WINDOWS\System32\drivers\SeLow_x64.sys [2017-6-8 51024] R1 vmkbd3;VMware Input Filter and Injection Driver (vmkbd);C:\WINDOWS\System32\drivers\vmkbd.sys [2017-4-13 52288] R2 AGSService;Adobe Genuine Software Integrity Service;C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2016-9-26 2246256] R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2017-3-17 83768] R2 AtherosSvc;AtherosSvc;C:\WINDOWS\System32\AdminService.exe [2016-6-26 355760] R2 CDPSvc;Plattformtjeneste for tilkoblede enheter;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496] R2 ClickToRunSvc;Microsoft Office-tjenesten Klik og kør;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2016-8-29 4412104] R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144] R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496] R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2015-8-18 18856] R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\igfxCUIService.exe [2017-2-7 350704] R2 IntelSSTSvc;Intel SST Parameter Service;C:\WINDOWS\System32\IntelSSTAPO\ParameterService\ParameterService.exe [2016-3-4 26592] R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2016-2-12 209184] R2 MBAMChameleon;MBAMChameleon;C:\WINDOWS\System32\drivers\MBAMChameleon.sys [2016-12-25 176064] R2 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2016-12-25 4355024] R2 SEVPNCLIENT;SoftEther VPN Client;C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [2017-6-8 5248456] R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336] R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496] R2 Update service;Update service;C:\Program Files (x86)\Popcorn Time\Updater.exe [2017-2-20 339968] R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-1-8 119648] R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560] R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2016-6-26 610656] R3 BthLEEnum;Driver for Bluetooth Low Energy;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2017-5-13 249856] R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2017-4-24 1471168] R3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2017-6-9 30264] R3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2017-6-9 47672] R3 ETDI2C;ELAN I2C Filter Driver;C:\WINDOWS\System32\drivers\ETDI2C.sys [2016-6-29 183896] R3 iaLPSS2i_I2C;Intel(R) Serial IO I2C-driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384] R3 IntcDAud;Intel(R) Skjermlyd;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-9-16 821224] R3 Intel(R) Security Assist;Intel(R) Security Assist;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [2016-2-5 335872] R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] R3 LMDriver;Launch Manager Wireless Driver;C:\WINDOWS\System32\drivers\LMDriver.sys [2016-5-23 21344] R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] R3 NdisVirtualBus;Adapternummerering for Microsoft virtuelt nettverk;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480] R3 Neo_VPN;VPN Client Device Driver - VPN;C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [2017-6-8 38216] R3 QALSvc;Quick Access Local Service;C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [2016-5-23 440224] R3 QASvc;Quick Access Service;C:\Program Files\Acer\Acer Quick Access\QASvc.exe [2016-5-23 481696] R3 Qcamain10x64;Qualcomm Atheros Extensible Wireless LAN 11AC device driver;C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2016-3-24 2381112] R3 RadioShim;Shim for HID-KMDF Interface layer;C:\WINDOWS\System32\drivers\RadioShim.sys [2016-5-23 14688] R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2016-8-29 935168] R3 RTSPER;Realtek PCIE Card Reader - PER;C:\WINDOWS\System32\drivers\RtsPer.sys [2016-8-29 769752] R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] R3 SmsRouter;SMS-rutertjeneste for Microsoft Windows;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496] R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496] R3 UEFI;Microsoft UEFI-driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512] R3 UEIPSvc;User Experience Improvement Program;C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [2016-2-1 291232] R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-7-12 719872] R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232] R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-5-13 347320] S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S2 isaHelperSvc;Intel(R) Security Assist Helper;C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [2016-2-5 8704] S2 KingoSoftService;KingoSoftService;C:\Users\irisl\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe "C:\Users\irisl\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe" --> C:\Users\irisl\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe C:\Users\irisl\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\checkupdate.exe [?] S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496] S3 AcpiDev;ACPI-enhetsdriver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432] S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456] S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496] S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360] S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496] S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496] S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728] S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728] S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496] S3 buttonconverter;Tjeneste for enheter for kontroll av bærbar enhet;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912] S3 CapImg;HID-driver for CapImg-berøringsskjerm;C:\WINDOWS\System32\drivers\capimg.sys [2017-1-8 118272] S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976] S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160] S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496] S3 cplspcon;Intel(R) Content Protection HDCP Service;C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_82119d956c80af5a\IntelCpHDCPSvc.exe [2017-2-7 488944] S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 diagnosticshub.standardcollector.service;Standard Collector-tjeneste for Microsoft (R) diagnose-hub;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184] S3 DmEnrollmentSvc;Tjenesten for administrasjon av registrering av enheten;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 embeddedmode;Innebygd modus;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496] S3 FrameServer;Server for Windows Kamera-bilder;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496] S3 genericusbfn;Generell USB-funksjonsklasse;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480] S3 ggflt;SOMC USB Flash Driver Filter;C:\WINDOWS\System32\drivers\ggflt.sys [2017-1-12 16088] S3 ggsomc;SOMC USB Flash Driver;C:\WINDOWS\System32\drivers\ggsomc.sys [2017-1-12 30424] S3 hidinterrupt;Felles driver for HID-knapper implementert med avbrudd;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016] S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280] S3 iai2c;Intel(R) Serial IO I2C-vertskontroller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408] S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512] S3 iaLPSSi_GPIO;Intel(R) GPIO-kontrollerdriver for seriell I/U;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128] S3 iaLPSSi_I2C;Intel(R) Serial IO I2C-kontrollerdriver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152] S3 iaStorAV;Intel(R) SATA RAID-kontroller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120] S3 ibbus;Mellanox InfiniBand buss/AL (filterdriver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176] S3 icssvc;Tjeneste for mobil trådløssone for Windows;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496] S3 IndirectKmd;Kjernemodusdriver for Indirect Displays;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840] S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2016-1-14 976848] S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496] S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824] S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216] S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-1-8 64352] S3 mlx4_bus;Mellanox ConnectX bussnummerering;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584] S3 ndfltr;NetworkDirect-tjenesten;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896] S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624] S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496] S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\WINDOWS\System32\drivers\nmwcdnsucx64.sys [2011-8-17 12800] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\WINDOWS\System32\drivers\nmwcdnsux64.sys [2011-8-17 171008] S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720] S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792] S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496] S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608] S3 RetailDemo;Tjenesten for forhandlerdemo;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 scmbus;Minnebussdriver for Microsoft-lagringsklasse;C:\WINDOWS\System32\drivers\scmbus.sys [2017-7-12 88416] S3 scmdisk0101;Microsoft NVDIMM-N-diskdriver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2017-7-12 124928] S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-21 1312768] S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904] S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496] S3 stornvme;Microsoft Standard NVM Express-driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-7-12 81760] S3 storufs;Driver for Microsoft Universal Flash Storage (UFS);C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096] S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744] S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744] S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544] S3 UcmUcsi;UCSI-klient for USB-tilkoblingsbehandling;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688] S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568] S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008] S3 UfxChipidea;USB Chipidea-kontroller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608] S3 ufxsynopsys;USB Synopsys-kontroller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056] S3 UrsChipidea;Chipidea USB Role-Switch-driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512] S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696] S3 UrsSynopsys;Synopsys USB Role-Switch-driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488] S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-17 54784] S3 vhf;VHF-driver (Virtual HID Framework);C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256] S3 vmgid;Driver for Microsoft Hyper-V-gjesteinfrastruktur;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240] S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496] S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496] S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496] S3 WinMad;WinMad-tjenesten;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096] S3 WinVerbs;WinVerbs-tjenesten;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864] S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064] S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-3-21 258560] S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-1-8 43520] S4 AdobeUpdateService;AdobeUpdateService;C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [2016-12-9 753240] S4 CCDMonitorService;CCDMonitorService;C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2016-5-5 2267352] S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496] S4 tzautoupdate;Automatisk oppdatering for tidssone;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496] SUnknown MpKsla2ace3af;MpKsla2ace3af; [x] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice] . =============== Created Last 30 ================ . 2017-08-05 15:11:26 -------- d-----w- C:\Program Files (x86)\MSECache 2017-08-05 15:07:30 44928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4FA3736E-D0A8-4E35-9395-B515A5902641}\MpKsl32320a3b.sys 2017-08-05 15:02:07 13476768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4FA3736E-D0A8-4E35-9395-B515A5902641}\mpengine.dll 2017-08-04 15:16:09 13476768 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2017-08-02 00:19:25 1078240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{26DBFABA-2A72-4B81-80DF-9EA85D0E603B}\gapaengine.dll 2017-07-17 23:11:46 451264 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE 2017-07-17 23:11:08 28352 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll 2017-07-17 23:00:52 213704 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 2017-07-12 04:39:59 642048 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.InkControls.dll 2017-07-12 04:38:59 9131008 ----a-w- C:\WINDOWS\System32\twinui.dll 2017-07-07 13:15:19 -------- d-----w- C:\Users\irisl\AppData\Local\UNP 2017-07-07 11:19:43 -------- d---a-w- C:\Program Files\UNP 2017-07-07 11:19:43 -------- d-----w- C:\WINDOWS\System32\UNP . ==================== Find3M ==================== . 2017-08-03 15:16:25 251832 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys 2017-07-12 04:22:54 157696 ----a-w- C:\WINDOWS\SysWow64\enrollmentapi.dll 2017-07-07 07:49:10 340824 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll 2017-07-07 07:46:15 781152 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe 2017-07-07 07:44:47 108896 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys 2017-07-07 07:42:58 7781720 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe 2017-07-07 07:40:33 376672 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys 2017-07-07 07:37:47 468320 ----a-w- C:\WINDOWS\System32\drivers\netio.sys 2017-07-07 07:37:39 118112 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys 2017-07-07 07:32:26 404824 ----a-w- C:\WINDOWS\System32\msv1_0.dll 2017-07-07 07:29:46 857440 ----a-w- C:\WINDOWS\System32\WWAHost.exe 2017-07-07 07:29:41 5686272 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll 2017-07-07 07:28:34 223584 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys 2017-07-07 07:23:48 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll 2017-07-07 07:23:39 1600624 ----a-w- C:\WINDOWS\System32\sppobjs.dll 2017-07-07 07:20:05 59904 ----a-w- C:\WINDOWS\SysWow64\l2gpstore.dll 2017-07-07 07:19:16 25088 ----a-w- C:\WINDOWS\SysWow64\eapprovp.dll 2017-07-07 07:18:39 450560 ----a-w- C:\WINDOWS\SysWow64\rastls.dll 2017-07-07 07:18:38 210432 ----a-w- C:\WINDOWS\SysWow64\onex.dll 2017-07-07 07:18:28 2532192 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys 2017-07-07 07:18:21 1100120 ----a-w- C:\WINDOWS\System32\drivers\http.sys 2017-07-07 07:18:10 57400 ----a-w- C:\WINDOWS\System32\lsass.exe 2017-07-07 07:17:57 118784 ----a-w- C:\WINDOWS\SysWow64\raschap.dll 2017-07-07 07:13:32 310272 ----a-w- C:\WINDOWS\SysWow64\Wldap32.dll 2017-07-07 07:13:03 364544 ----a-w- C:\WINDOWS\SysWow64\NetSetupShim.dll 2017-07-07 07:10:28 755200 ----a-w- C:\WINDOWS\SysWow64\kerberos.dll 2017-07-07 07:09:10 637952 ----a-w- C:\WINDOWS\SysWow64\SmartcardCredentialProvider.dll 2017-07-07 07:09:01 506368 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll 2017-07-07 07:06:39 7626752 ----a-w- C:\WINDOWS\SysWow64\twinui.dll 2017-07-07 07:06:16 18364928 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll 2017-07-07 07:03:44 337408 ----a-w- C:\WINDOWS\SysWow64\msinfo32.exe 2017-07-07 07:02:20 1313280 ----a-w- C:\WINDOWS\SysWow64\wdc.dll 2017-07-07 07:00:48 476160 ----a-w- C:\WINDOWS\SysWow64\wvc.dll 2017-07-07 06:58:17 7217152 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll 2017-07-07 06:56:47 6035456 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll 2017-07-07 06:55:50 3664896 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll 2017-07-07 06:55:41 4423680 ----a-w- C:\WINDOWS\SysWow64\ExplorerFrame.dll 2017-07-07 06:55:34 1571840 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll 2017-07-07 06:54:30 2027008 ----a-w- C:\WINDOWS\SysWow64\inetcpl.cpl 2017-07-07 06:54:11 2997248 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys 2017-07-07 06:53:59 2483200 ----a-w- C:\WINDOWS\SysWow64\wininet.dll 2017-07-07 06:52:53 1413632 ----a-w- C:\WINDOWS\SysWow64\OpcServices.dll 2017-07-07 06:52:47 4561408 ----a-w- C:\WINDOWS\SysWow64\dbgeng.dll 2017-07-07 06:51:23 22569984 ----a-w- C:\WINDOWS\System32\edgehtml.dll 2017-07-07 06:49:39 115200 ----a-w- C:\WINDOWS\System32\drivers\bridge.sys 2017-07-07 06:48:58 30208 ----a-w- C:\WINDOWS\System32\eapprovp.dll 2017-07-07 06:48:18 71680 ----a-w- C:\WINDOWS\System32\l2gpstore.dll 2017-07-07 06:47:53 128512 ----a-w- C:\WINDOWS\System32\drivers\bthpan.sys 2017-07-07 06:47:52 201728 ----a-w- C:\WINDOWS\System32\ScDeviceEnum.dll 2017-07-07 06:46:38 52224 ----a-w- C:\WINDOWS\System32\drivers\tcpipreg.sys 2017-07-07 06:46:16 231424 ----a-w- C:\WINDOWS\System32\shutdownux.dll 2017-07-07 06:45:34 488960 ----a-w- C:\WINDOWS\System32\NetSetupShim.dll 2017-07-07 06:45:33 289792 ----a-w- C:\WINDOWS\System32\DeveloperOptionsSettingsHandlers.dll 2017-07-07 06:44:59 238592 ----a-w- C:\WINDOWS\System32\onex.dll 2017-07-07 06:44:58 502784 ----a-w- C:\WINDOWS\System32\rastls.dll 2017-07-07 06:44:55 193536 ----a-w- C:\WINDOWS\System32\certprop.dll 2017-07-07 06:44:31 137728 ----a-w- C:\WINDOWS\System32\raschap.dll 2017-07-07 06:44:13 147456 ----a-w- C:\WINDOWS\System32\winsrv.dll 2017-07-07 06:43:48 1081856 ----a-w- C:\WINDOWS\System32\Chakradiag.dll 2017-07-07 06:43:15 431616 ----a-w- C:\WINDOWS\System32\WpAXHolder.dll 2017-07-07 06:42:16 805888 ----a-w- C:\WINDOWS\System32\jscript9diag.dll 2017-07-07 06:42:09 352256 ----a-w- C:\WINDOWS\System32\Wldap32.dll 2017-07-07 06:39:13 282624 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb10.sys 2017-07-07 06:36:57 369664 ----a-w- C:\WINDOWS\System32\msinfo32.exe 2017-07-07 06:35:44 1397760 ----a-w- C:\WINDOWS\System32\wdc.dll 2017-07-07 06:33:38 576000 ----a-w- C:\WINDOWS\System32\wvc.dll 2017-07-07 06:29:55 4749824 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll 2017-07-07 06:29:02 932864 ----a-w- C:\WINDOWS\System32\kerberos.dll 2017-07-07 06:28:59 589312 ----a-w- C:\WINDOWS\System32\vbscript.dll 2017-07-07 06:28:43 927744 ----a-w- C:\WINDOWS\System32\SmartcardCredentialProvider.dll 2017-07-07 06:28:32 2096640 ----a-w- C:\WINDOWS\System32\inetcpl.cpl 2017-07-07 06:27:54 8120832 ----a-w- C:\WINDOWS\System32\Chakra.dll 2017-07-07 06:25:12 4708864 ----a-w- C:\WINDOWS\System32\ExplorerFrame.dll 2017-07-07 06:24:37 2217472 ----a-w- C:\WINDOWS\System32\OpcServices.dll 2017-07-07 06:24:34 3615744 ----a-w- C:\WINDOWS\System32\win32kfull.sys 2017-07-07 06:24:30 5388800 ----a-w- C:\WINDOWS\System32\dbgeng.dll 2017-07-07 06:24:27 2895872 ----a-w- C:\WINDOWS\System32\wininet.dll 2017-07-07 06:24:16 1513472 ----a-w- C:\WINDOWS\System32\win32kbase.sys 2017-07-07 06:24:13 4744704 ----a-w- C:\WINDOWS\System32\jscript9.dll 2017-07-07 06:22:08 1826816 ----a-w- C:\WINDOWS\System32\msxml3.dll 2017-07-06 04:29:00 690008 ----a-w- C:\WINDOWS\System32\msvcp120_clr0400.dll 2017-06-30 14:46:35 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe 2017-06-30 14:46:35 177656 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl 2017-06-22 06:17:56 987840 ----a-w- C:\WINDOWS\SysWow64\msvcr120_clr0400.dll 2017-06-22 06:17:55 485576 ----a-w- C:\WINDOWS\SysWow64\msvcp120_clr0400.dll 2017-06-21 07:54:13 603488 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll 2017-06-21 07:53:56 794928 ----a-w- C:\WINDOWS\System32\Windows.Internal.Shell.Broker.dll 2017-06-21 07:52:57 2213760 ----a-w- C:\WINDOWS\System32\KernelBase.dll 2017-06-21 07:52:49 81760 ----a-w- C:\WINDOWS\System32\drivers\stornvme.sys 2017-06-21 07:52:31 88416 ----a-w- C:\WINDOWS\System32\drivers\scmbus.sys 2017-06-21 07:52:08 774224 ----a-w- C:\WINDOWS\System32\oleaut32.dll 2017-06-21 07:52:00 1886344 ----a-w- C:\WINDOWS\System32\ntdll.dll 2017-06-21 07:51:08 2255712 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys 2017-06-21 07:50:18 126304 ----a-w- C:\WINDOWS\System32\drivers\mup.sys 2017-06-21 07:48:37 2681200 ----a-w- C:\WINDOWS\System32\CoreUIComponents.dll 2017-06-21 07:47:20 764392 ----a-w- C:\WINDOWS\System32\CoreMessaging.dll 2017-06-21 07:42:23 601712 ----a-w- C:\WINDOWS\SysWow64\oleaut32.dll 2017-06-21 07:42:20 1573280 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll 2017-06-21 07:41:30 1706488 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll 2017-06-21 07:40:58 1069720 ----a-w- C:\WINDOWS\System32\MrmCoreR.dll . ============= FINISH: 19.07.01,79 ===============