Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Screen Flashing Black - Hardware or Software Issue?


  • This topic is locked This topic is locked
9 replies to this topic

#1 12345zzz

12345zzz

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 16 June 2017 - 08:41 PM

When I'm using my computer the screen occasionally flickers and turns black for a second every so often - I was wondering if this is a hardware issue or potentially malware. It happens pretty much every time I use the computer, a few flashes over a period of a few hours, sometimes more. While it isn't really getting in the way of my work, It is a bit concerning in a new computer. Any help much appreciated :)



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 PM

Posted 18 June 2017 - 08:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Please download Malwarebytes Anti-Malware from here
  • Right-click on the MBAM icon and select Run as administrator to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • Once the MBAM dashboard opens, on the right detail pane click on the word "Current" under the Scan Status to update the tool database.
  • On the left menu pane click the Settings tab, and then select the Protection tab on the top.
  • Under the Scan Options, turn on the button Scan for rootkits and Scan within archives.
  • Click the Scan tab on the right detail pane, select Threat Scan and click the Start Scan button
  • Note: The scan may take some time to finish, so please be patient.
  • If potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selected button.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
Please post the log for my review.

Note: If asked to restart the computer, please do so immediately.
===

First lets clean the computer of malware if any.

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===


Please post the logs.

Let me know what problems persists.
==============================

#3 12345zzz

12345zzz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 19 June 2017 - 07:06 PM

Hi Nasdaq,
 
Thanks a lot for your help - I've followed all the steps you outlined and attached malwarebites log (report.txt), AdwCleaner log (AwCleaner[S0].txt) and Farbar (Addition.txt, and the report pasted below)
 
Let me know if there are any further steps you think I should pursue.
 
Thanks,
 
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-06-2017 01
Ran by zw (administrator) on DESKTOP-U8M66JB (20-06-2017 01:00:17)
Running from C:\Users\zw\Desktop
Loaded Profiles: zw (Available Profiles: defaultuser0 & zw)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k121281.inf_amd64_c0deb15632bdb693\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k121281.inf_amd64_c0deb15632bdb693\IntelCpHDCPSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\MBApp\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k121281.inf_amd64_c0deb15632bdb693\IntelCpHeciSvc.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k121281.inf_amd64_c0deb15632bdb693\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.17.420.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Samsung Electronics) C:\ProgramData\Samsung Apps\Portable SSD\Samsung Portable SSD Daemon.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\MBApp\mbamtray.exe
(FrescoLogic) C:\Program Files\Fresco Logic\Fresco Logic USB Display Driver\FL2000\x64\flvga_tray.exe
(Spotify Ltd) C:\Users\zw\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9089560 2016-12-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_WAVES_SKYLAKE] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1489432 2016-12-07] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [940976 2016-11-19] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-06] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2017-01-19] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\MBAPP\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [flvga_tray] => C:\Program Files\Fresco Logic\Fresco Logic USB Display Driver\FL2000\x64\flvga_tray.exe [439424 2017-02-15] (FrescoLogic)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-06-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [flvga_tray32] => C:\Program Files\Fresco Logic\Fresco Logic USB Display Driver\FL2000\x86\flvga_tray.exe [419968 2017-02-15] (FrescoLogic)
HKLM\...\Policies\Explorer: [NoActiveDesktop] 1 [0 2017-06-20] ()
HKLM\...\Policies\Explorer: [NoActiveDesktopChanges] 1 [0 2017-06-20] ()
HKU\S-1-5-21-4279313113-2496393081-2471958111-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1191472 2017-03-08] (CyberGhost S.R.L.)
HKU\S-1-5-21-4279313113-2496393081-2471958111-1001\...\Run: [Spotify Web Helper] => C:\Users\zw\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1560176 2017-06-12] (Spotify Ltd)
HKU\S-1-5-21-4279313113-2496393081-2471958111-1001\...\Run: [Spotify] => C:\Users\zw\AppData\Roaming\Spotify\Spotify.exe [6949488 2017-06-12] (Spotify Ltd)
HKU\S-1-5-21-4279313113-2496393081-2471958111-1001\...\Run: [Franz] => C:\Users\zw\AppData\Local\Franz\app-4.0.4\Franz.exe [86039832 2016-09-06] (Franz)
HKU\S-1-5-21-4279313113-2496393081-2471958111-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-01-17] (Apple Inc.)
HKU\S-1-5-21-4279313113-2496393081-2471958111-1001\...\Run: [Google Update] => C:\Users\zw\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-30] (Google Inc.)
HKU\S-1-5-21-4279313113-2496393081-2471958111-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [799368 2017-06-05] (Sandboxie Holdings, LLC)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [391040 2017-03-19] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.16.0.dll [2017-06-12] (Dropbox, Inc.)
Startup: C:\Users\zw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2017-02-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a001fa4e-19d4-447d-b2fe-dc8803783b4d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ebc549db-b1fa-4a4b-b5a1-0a44a1bbb34c}: [DhcpNameServer] 172.20.10.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4279313113-2496393081-2471958111-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4279313113-2496393081-2471958111-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=uk&l=en&s=gen
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-26] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-26] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-26] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-26] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: p5s2j6d8.default
FF ProfilePath: C:\Users\zw\AppData\Roaming\Mozilla\Firefox\Profiles\p5s2j6d8.default [2017-06-19]
FF Extension: (ChatZilla) - C:\Users\zw\AppData\Roaming\Mozilla\Firefox\Profiles\p5s2j6d8.default\Extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2017-03-05]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-03-09] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-03-09] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4279313113-2496393081-2471958111-1001: @tools.google.com/Google Update;version=3 -> C:\Users\zw\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
FF Plugin HKU\S-1-5-21-4279313113-2496393081-2471958111-1001: @tools.google.com/Google Update;version=9 -> C:\Users\zw\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-30] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default [2017-06-20]
CHR Extension: (Google Slides) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-02-02]
CHR Extension: (Nice and Simple Pink Theme) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\adnkilmbkjceojmbdkdbepdhghapigdi [2017-02-05]
CHR Extension: (Google Docs) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-02-02]
CHR Extension: (Google Drive) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-02-02]
CHR Extension: (YouTube) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-02-02]
CHR Extension: (Strict Workflow) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgmnfnmlficgeijcalkgnnkigkefkbhd [2017-02-02]
CHR Extension: (uBlock Origin) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-05-18]
CHR Extension: (Full Page Screen Capture) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2017-03-10]
CHR Extension: (Google Sheets) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-02-02]
CHR Extension: (Google Docs Offline) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-02-02]
CHR Extension: (Grammarly for Chrome) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-06-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-02-02]
CHR Extension: (Chrome Media Router) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR Extension: (Privacy Badger) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkehgijcmpdhfbdbbnkijodmdjhbjlgp [2017-06-16]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [338312 2016-09-07] (Windows ® Win 7 DDK provider)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [77872 2017-03-08] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3971264 2017-05-14] (Microsoft Corporation)
R3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\k121281.inf_amd64_c0deb15632bdb693\IntelCpHeciSvc.exe [285696 2017-03-24] (Intel Corporation)
R2 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\k121281.inf_amd64_c0deb15632bdb693\IntelCpHDCPSvc.exe [463360 2017-03-24] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-02] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-02-02] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [48944 2017-06-12] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [77648 2016-12-22] (Dell Inc.)
R2 Dell SupportAssist Remediation; C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe [121376 2016-11-28] (Dell)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-12-13] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-12-13] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [230248 2016-09-22] (Dell Inc.)
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-02] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-06] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\k121281.inf_amd64_c0deb15632bdb693\igfxCUIService.exe [324096 2017-03-24] (Intel Corporation)
R3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [630048 2016-10-13] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [196200 2016-12-19] (Intel Corporation)
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [457432 2016-09-22] (Rivet Networks)
S3 MailbirdUpdater.exe; C:\Program Files (x86)\Mailbird\MailbirdUpdater.exe [398208 2017-02-27] (Mailbird)
R2 MBAMService; C:\Program Files\Malwarebytes\MBApp\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2013-11-15] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2013-11-15] (Hewlett-Packard) [File not signed]
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [338456 2016-12-07] (Realtek Semiconductor)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [198792 2017-06-05] (Sandboxie Holdings, LLC)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [32728 2017-04-13] (Dell Inc.)
S3 ThunderboltService; c:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [2018024 2016-11-17] (Intel Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [410032 2016-11-19] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [145736 2016-09-19] (Rivet Networks, LLC.)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32352 2016-10-13] (Dell Inc.)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [32952 2016-10-13] (Dell Computer Corporation)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [71232 2016-08-13] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-08-13] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-08-13] (Intel Corporation)
S3 fl2000; C:\WINDOWS\System32\drivers\fl2000.sys [166016 2017-02-15] (Fresco Logic)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54800 2016-08-16] (Intel Corporation)
S3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [89912 2016-08-30] (Intel Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\k121281.inf_amd64_c0deb15632bdb693\igdkmd64.sys [11070440 2017-03-24] (Intel Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-20] (Malwarebytes)
S3 mosuport; C:\WINDOWS\System32\drivers\mosuport.sys [371352 2016-08-04] (ASIX Electronics Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; c:\program files\dell\supportassist\pcdsrvc_x64.pkms [25584 2017-04-14] (PC-Doctor, Inc.)
R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2412976 2017-04-15] (Qualcomm Atheros, Inc.)
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [796672 2016-12-15] (Realsil Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [207496 2017-06-05] (Sandboxie Holdings, LLC)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [40008 2016-08-16] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 mfencbdc; system32\DRIVERS\mfencbdc.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-20 01:00 - 2017-06-20 01:00 - 00028171 _____ C:\Users\zw\Desktop\FRST.txt
2017-06-20 00:58 - 2017-06-20 00:58 - 02439680 _____ (Farbar) C:\Users\zw\Desktop\FRST64.exe
2017-06-20 00:52 - 2017-06-20 00:52 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\3F155A2D.sys
2017-06-20 00:51 - 2017-06-20 00:51 - 00000000 ____D C:\Users\zw\Desktop\2
2017-06-20 00:51 - 2017-06-20 00:51 - 00000000 ____D C:\Users\zw\Desktop\1
2017-06-20 00:47 - 2017-06-20 00:52 - 00000000 ____D C:\AdwCleaner
2017-06-20 00:47 - 2017-06-20 00:47 - 04110280 _____ C:\Users\zw\Downloads\adwcleaner_6.047.exe
2017-06-19 23:37 - 2017-06-19 23:38 - 64232976 _____ (Malwarebytes ) C:\Users\zw\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe
2017-06-19 14:42 - 2017-06-19 14:42 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignd0161a54f9e12fc8
2017-06-19 14:42 - 2017-06-19 14:42 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignafbee3458453335d
2017-06-19 13:42 - 2017-06-19 13:42 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignb16c72724d610720
2017-06-19 13:42 - 2017-06-19 13:42 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigna0bce3019614141d
2017-06-19 13:42 - 2017-06-19 13:42 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign9f862bc015ca02ef
2017-06-19 13:42 - 2017-06-19 13:42 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign92a0ad6c9ba5bb7c
2017-06-19 13:42 - 2017-06-19 13:42 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign74ba6254089a75cf
2017-06-19 13:42 - 2017-06-19 13:42 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign074a6c25cc99418e
2017-06-19 13:02 - 2017-06-19 13:03 - 01085440 _____ C:\Users\zw\Desktop\critical context plan.indd
2017-06-19 13:02 - 2017-06-19 13:02 - 00028986 _____ C:\Users\zw\Desktop\critcontplan.pdf
2017-06-19 12:56 - 2017-06-19 12:56 - 00031809 _____ C:\Users\zw\Desktop\mindmap.pdf
2017-06-19 10:50 - 2017-06-19 10:50 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign6fbad15eb9310255
2017-06-19 10:50 - 2017-06-19 10:50 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign2dc26943a9ae28ab
2017-06-19 10:49 - 2017-06-19 10:49 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign94b47a3f8ee2889a
2017-06-19 09:59 - 2017-06-19 09:59 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigncb792fcc2a7096b4
2017-06-19 09:59 - 2017-06-19 09:59 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignb4f6cae2a5e6b2d8
2017-06-19 09:59 - 2017-06-19 09:59 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigna6509c3dc1ca7f71
2017-06-19 08:06 - 2017-06-19 08:06 - 00133698 _____ C:\Users\zw\Desktop\MA GMD FT - Unit 4 Major Project 2016.17_Update_18 May.pdf
2017-06-19 08:06 - 2017-06-19 08:06 - 00041370 _____ C:\Users\zw\Desktop\Unit 4 — Major Project_MAGMD_FT_Guidelines.pdf
2017-06-18 10:24 - 2017-06-20 00:46 - 05332992 _____ C:\Users\zw\Desktop\mind map.indd
2017-06-17 21:47 - 2017-06-17 21:47 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignd7b3a95adec6961c
2017-06-17 21:47 - 2017-06-17 21:47 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigncf26828176d6a2ba
2017-06-17 21:47 - 2017-06-17 21:47 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign742f57faac15da30
2017-06-17 21:47 - 2017-06-17 21:47 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign00a51440a10ed30f
2017-06-17 17:22 - 2017-06-17 17:22 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignda3cf126c7c9f293
2017-06-17 02:02 - 2017-06-20 01:00 - 00000000 ____D C:\FRST
2017-06-17 02:02 - 2017-06-20 00:59 - 00000100 _____ C:\Users\zw\Downloads\FRST.txt
2017-06-16 18:10 - 2017-06-16 18:10 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign322f0811103da400
2017-06-16 18:10 - 2017-06-16 18:10 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign276189de5efee306
2017-06-16 18:06 - 2017-06-16 18:06 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignd0ee25c26ec95fed
2017-06-16 14:41 - 2017-06-16 14:41 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign9c3a2bde382c1592
2017-06-16 14:41 - 2017-06-16 14:41 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign8e2ee0c9a67172df
2017-06-16 14:32 - 2017-06-16 14:32 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignffb69c346669b25e
2017-06-16 14:32 - 2017-06-16 14:32 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignd8ee81093e5380de
2017-06-16 14:32 - 2017-06-16 14:32 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignbcbf3fb18a9bdb74
2017-06-16 14:32 - 2017-06-16 14:32 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign3b13329616446175
2017-06-15 15:51 - 2017-06-19 13:49 - 00000000 ____D C:\Users\zw\Desktop\Unit 4
2017-06-15 13:24 - 2017-06-15 13:24 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign4f87146ec214feb6
2017-06-15 13:09 - 2017-06-15 13:09 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign32020964a00efb73
2017-06-15 12:53 - 2017-06-15 12:53 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign6344b3cc3be68c25
2017-06-15 00:07 - 2017-06-15 00:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-06-14 17:15 - 2017-06-14 17:15 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignb5806f7952f7d058
2017-06-14 17:15 - 2017-06-14 17:15 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign230b2b7454a06bfd
2017-06-14 15:44 - 2017-06-14 15:44 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigne9df7092696e52f5
2017-06-14 15:44 - 2017-06-14 15:44 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigna3fb55b019558ccd
2017-06-14 15:44 - 2017-06-14 15:44 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign4f46c6a9fcb31340
2017-06-14 15:04 - 2017-06-03 11:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 15:04 - 2017-06-03 11:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 15:04 - 2017-06-03 11:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 15:04 - 2017-06-03 11:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 15:04 - 2017-06-03 11:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 15:04 - 2017-06-03 11:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 15:04 - 2017-06-03 11:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 15:04 - 2017-06-03 11:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 15:04 - 2017-06-03 11:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 15:04 - 2017-06-03 11:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 15:04 - 2017-06-03 11:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 15:04 - 2017-06-03 11:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 15:04 - 2017-06-03 11:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 15:04 - 2017-06-03 11:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 15:04 - 2017-06-03 11:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 15:04 - 2017-06-03 11:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 15:04 - 2017-06-03 10:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 15:04 - 2017-06-03 10:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 15:04 - 2017-06-03 10:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 15:04 - 2017-06-03 10:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 15:04 - 2017-06-03 10:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 15:04 - 2017-06-03 10:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 15:04 - 2017-06-03 10:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 15:04 - 2017-06-03 10:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 15:04 - 2017-06-03 10:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 15:04 - 2017-06-03 10:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 15:04 - 2017-06-03 10:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 15:04 - 2017-06-03 10:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 15:04 - 2017-06-03 10:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 15:04 - 2017-06-03 10:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 15:04 - 2017-06-03 10:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 15:04 - 2017-06-03 10:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 15:04 - 2017-06-03 10:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 15:04 - 2017-06-03 10:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 15:04 - 2017-06-03 10:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 15:04 - 2017-06-03 10:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 15:04 - 2017-06-03 10:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 15:04 - 2017-06-03 10:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 15:04 - 2017-06-03 10:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 15:04 - 2017-06-03 10:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 15:04 - 2017-06-03 10:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 15:04 - 2017-06-03 10:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 15:04 - 2017-06-03 10:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 15:04 - 2017-06-03 10:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 15:04 - 2017-06-03 10:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 15:04 - 2017-06-03 10:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 15:04 - 2017-06-03 10:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 15:04 - 2017-06-03 10:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 15:04 - 2017-06-03 10:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 15:04 - 2017-06-03 10:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 15:04 - 2017-06-03 10:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 15:04 - 2017-06-03 10:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 15:04 - 2017-06-03 10:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 15:04 - 2017-06-03 10:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 15:04 - 2017-06-03 10:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 15:04 - 2017-06-03 10:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 15:04 - 2017-06-03 10:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 15:04 - 2017-06-03 10:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 15:04 - 2017-06-03 10:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 15:04 - 2017-06-03 10:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 15:04 - 2017-06-03 10:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 15:04 - 2017-06-03 10:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 15:04 - 2017-06-03 10:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 15:04 - 2017-06-03 10:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 15:04 - 2017-06-03 10:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 15:04 - 2017-06-03 10:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 15:04 - 2017-06-03 10:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 15:04 - 2017-06-03 10:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 15:04 - 2017-06-03 10:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 15:04 - 2017-06-03 10:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 15:04 - 2017-06-03 10:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 15:04 - 2017-06-03 10:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 15:04 - 2017-06-03 10:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 15:04 - 2017-06-03 10:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 15:04 - 2017-06-03 10:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 15:04 - 2017-06-03 10:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 15:04 - 2017-06-03 09:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 15:04 - 2017-06-03 09:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 15:04 - 2017-06-03 09:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 15:04 - 2017-06-03 09:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 15:04 - 2017-06-03 09:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 15:04 - 2017-06-03 09:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 15:04 - 2017-06-03 09:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 15:04 - 2017-06-03 09:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 15:04 - 2017-06-03 09:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 15:04 - 2017-06-03 09:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 15:04 - 2017-06-03 09:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-14 15:04 - 2017-06-03 09:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 15:04 - 2017-06-03 09:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 15:04 - 2017-06-03 09:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 15:04 - 2017-06-03 09:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 15:04 - 2017-06-03 09:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 15:04 - 2017-06-03 09:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 15:04 - 2017-06-03 09:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 15:04 - 2017-06-03 09:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 15:04 - 2017-06-03 09:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 15:04 - 2017-06-03 09:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 15:04 - 2017-06-03 09:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 15:04 - 2017-06-03 09:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 15:04 - 2017-06-03 09:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 15:04 - 2017-06-03 09:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 15:04 - 2017-06-03 09:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 15:04 - 2017-06-03 09:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 15:04 - 2017-06-03 09:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 15:04 - 2017-06-03 09:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 15:04 - 2017-06-03 09:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-13 16:55 - 2017-06-13 16:55 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignbb59aaf64942eb2b
2017-06-13 16:55 - 2017-06-13 16:55 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign84c05826b6505c25
2017-06-13 16:55 - 2017-06-13 16:55 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign44f623577bfb4401
2017-06-13 12:38 - 2017-06-13 12:38 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigne02ff53413ce3760
2017-06-13 12:38 - 2017-06-13 12:38 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign9697b7be92080f94
2017-06-13 12:38 - 2017-06-13 12:38 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign002f1566a72e06eb
2017-06-12 16:38 - 2017-06-12 16:38 - 00015051 _____ C:\Users\zw\Downloads\Log-in-details-atvanishingpoint (1).pdf
2017-06-12 15:44 - 2017-06-12 15:44 - 00002058 _____ C:\Users\zw\Downloads\particlesjs-config.json
2017-06-12 14:50 - 2017-06-12 14:55 - 05785005 _____ C:\Users\zw\Desktop\javascript book.pdf
2017-06-12 14:18 - 2017-06-12 14:18 - 00000000 ____D C:\Users\zw\Desktop\transfonter.org-20170612-131749
2017-06-12 14:12 - 2017-06-12 14:12 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigndc32ea4d3a381e6c
2017-06-12 14:12 - 2017-06-12 14:12 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign28e1fd8e602533d9
2017-06-12 13:38 - 2017-06-12 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2017-06-12 12:55 - 2017-06-12 12:55 - 00048944 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-06-12 12:52 - 2017-06-12 12:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-06-12 12:52 - 2017-06-12 12:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-06-12 12:52 - 2017-06-12 12:52 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-06-12 01:23 - 2017-06-12 01:23 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign6c06a8a369977f16
2017-06-12 01:23 - 2017-06-12 01:23 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign452f87b311b7d7e1
2017-06-12 01:23 - 2017-06-12 01:23 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign16f1622fcd38ded3
2017-06-12 01:00 - 2017-06-12 01:00 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignf1a2c71efc561b20
2017-06-12 01:00 - 2017-06-12 01:00 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign2dc7a22c1efb3dc7
2017-06-12 01:00 - 2017-06-12 01:00 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign1e2380190b11b1fb
2017-06-12 00:51 - 2017-06-12 00:51 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign7bccffd965c346e0
2017-06-12 00:50 - 2017-06-12 00:50 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign9e7835632eef506d
2017-06-09 00:35 - 2017-06-09 00:35 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign7bb429c0498ada45
2017-06-07 16:18 - 2017-06-07 16:18 - 10689236 _____ C:\Users\zw\Downloads\dreaming.m4a
2017-06-07 16:03 - 2017-06-07 16:04 - 51200830 _____ C:\Users\zw\Downloads\Abrakadaniel - Burner Bee (Original Mix).wav
2017-06-07 16:03 - 2017-06-07 16:04 - 49963274 _____ C:\Users\zw\Downloads\DJ Yunomi - Wash Me.wav
2017-06-07 16:03 - 2017-06-07 16:04 - 33869066 _____ C:\Users\zw\Downloads\gentle sounds.wav
2017-06-07 16:03 - 2017-06-07 16:04 - 32364344 _____ C:\Users\zw\Downloads\Tabul8.wav
2017-06-07 16:03 - 2017-06-07 16:04 - 27556592 _____ C:\Users\zw\Downloads\3v3ryth1ng.wav
2017-06-07 16:02 - 2017-06-07 16:04 - 59303468 _____ C:\Users\zw\Downloads\Sorrows Pt. 1.wav
2017-06-07 00:32 - 2017-06-07 00:32 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignd8b63c7bdd6de654
2017-06-07 00:31 - 2017-06-07 00:31 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign77bb8b49507b7d1d
2017-06-07 00:31 - 2017-06-07 00:31 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign10223505670faba7
2017-06-07 00:29 - 2017-06-07 00:29 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign3a6f3da82116ced1
2017-06-07 00:29 - 2017-06-07 00:29 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign29ebb473559a3f09
2017-06-07 00:25 - 2017-06-07 00:25 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign885f7cfd463bd0ba
2017-06-07 00:25 - 2017-06-07 00:25 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign44bd709fb83abc0a
2017-06-06 23:58 - 2017-06-06 23:58 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignc36051afcfef055f
2017-06-06 14:44 - 2017-06-06 14:44 - 00000000 ____D C:\Users\zw\Desktop\wetransfer-4f125a
2017-06-06 14:07 - 2017-06-06 01:12 - 00036778 _____ C:\Users\zw\Desktop\homepage-business.html
2017-06-06 01:19 - 2017-06-06 01:12 - 00036778 _____ C:\Users\zw\Desktop\index.html
2017-06-05 21:04 - 2017-06-05 21:04 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign70d5b6e63ace2df6
2017-06-05 15:06 - 2017-06-05 15:06 - 07070840 _____ (Tim Kosse) C:\Users\zw\Downloads\FileZilla_3.26.1_win64-setup.exe
2017-06-05 12:17 - 2017-06-05 12:17 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignc7e0b2b68eae7a44
2017-06-05 12:17 - 2017-06-05 12:17 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign820a377ea84e0452
2017-06-05 12:17 - 2017-06-05 12:17 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign3533d060c761f259
2017-06-05 12:16 - 2017-06-05 12:16 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignbc7a48b50b17dea1
2017-06-05 12:16 - 2017-06-05 12:16 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign9c66c0c2decefa46
2017-06-05 11:25 - 2017-06-05 11:25 - 05657847 _____ C:\Users\zw\Downloads\Camouflage-Patterns.zip
2017-06-05 11:15 - 2017-06-05 11:15 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigne6997707a4448959
2017-06-05 11:05 - 2017-06-05 11:05 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign1ee18747b41e1bc6
2017-06-05 11:04 - 2017-06-05 11:04 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignb10da50c64ea0086
2017-06-05 02:39 - 2017-06-05 02:39 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign9827a08f58971e1f
2017-06-05 01:33 - 2017-06-05 01:33 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignda8c30cc758b613e
2017-06-04 23:57 - 2017-06-04 23:57 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignc44fa49608c03b17
2017-06-04 23:57 - 2017-06-04 23:57 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign868a01ef0c99c083
2017-06-04 22:49 - 2017-06-04 22:49 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigncf060ecf3652493f
2017-06-04 22:44 - 2017-06-04 22:44 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign7f021fe1d8d902dc
2017-06-04 22:44 - 2017-06-04 22:44 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign0c71d1f156f7cf8b
2017-06-04 22:44 - 2017-06-04 22:44 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign06ed70b65c173c9c
2017-06-04 22:23 - 2017-06-04 22:23 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignc2805a4d62486b7f
2017-06-04 22:22 - 2017-06-04 22:22 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign0e28b38841cf366b
2017-06-04 22:22 - 2017-06-04 22:22 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign06257dd3083d7e99
2017-06-04 22:04 - 2017-06-04 22:04 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignee8740f3604385b3
2017-06-04 21:02 - 2017-06-04 21:02 - 01172316 _____ C:\Users\zw\Downloads\BeausiteTrial (1).zip
2017-06-04 17:18 - 2017-06-04 17:18 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignd51d42dd6d0af720
2017-06-04 17:18 - 2017-06-04 17:18 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignd22fe2dbfaee83fd
2017-06-04 17:18 - 2017-06-04 17:18 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign59a4f9e205f791d7
2017-06-04 17:18 - 2017-06-04 17:18 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign34cf19e943358e65
2017-06-04 16:07 - 2017-06-04 16:07 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign5a77e3bfff535ae0
2017-06-04 16:07 - 2017-06-04 16:07 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign359ccf9994b7f555
2017-06-04 16:07 - 2017-06-04 16:07 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign059944ea890aced3
2017-06-04 15:23 - 2017-06-04 15:23 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignbd70fee9f48bf43a
2017-06-04 15:19 - 2017-06-04 15:19 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigne81386a9a9f5850b
2017-06-04 15:19 - 2017-06-04 15:19 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignda44bd748dd4237e
2017-06-04 15:19 - 2017-06-04 15:19 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign942bd2bb835865ce
2017-06-04 15:19 - 2017-06-04 15:19 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign6e79a69147378bc0
2017-06-04 00:36 - 2017-06-04 00:36 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign8c37ccb112b70a6d
2017-06-03 12:48 - 2017-06-03 12:48 - 00080690 _____ C:\Users\zw\Downloads\MA GMD Tutorial Form (PDF).pdf
2017-06-02 14:25 - 2017-06-02 14:25 - 00015051 _____ C:\Users\zw\Downloads\Log-in-details-atvanishingpoint.pdf
2017-06-02 13:20 - 2017-06-02 13:20 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignbdc3ed8e80330789
2017-06-02 13:20 - 2017-06-02 13:20 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign76f5785bb75d7a28
2017-06-02 11:28 - 2017-06-02 11:28 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigned28b29f6a600b19
2017-06-02 11:28 - 2017-06-02 11:28 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign4692450517355dcf
2017-06-02 11:28 - 2017-06-02 11:28 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign0d426bedbd903cfe
2017-06-02 07:48 - 2017-06-02 07:48 - 1365833729 _____ C:\WINDOWS\MEMORY.DMP
2017-06-02 07:48 - 2017-06-02 07:48 - 00795092 _____ C:\WINDOWS\Minidump\060217-6843-01.dmp
2017-06-02 07:48 - 2017-06-02 07:48 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-01 14:56 - 2017-06-01 14:56 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign5402bfa7f7e1817e
2017-06-01 14:56 - 2017-06-01 14:56 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign3cd177676dca602e
2017-06-01 14:22 - 2017-06-01 14:22 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign6c8dde62d6f5968c
2017-06-01 14:22 - 2017-06-01 14:22 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign674289f50de969cf
2017-06-01 14:22 - 2017-06-01 14:22 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign12f89e0238ae87f9
2017-06-01 13:24 - 2017-06-01 13:24 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignb41206fd06fd7a0c
2017-06-01 13:23 - 2017-06-01 13:23 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigna6576cab5406b389
2017-06-01 13:23 - 2017-06-01 13:23 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign89d3a9be9d7a43e1
2017-06-01 13:23 - 2017-06-01 13:23 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign41ca639477d68718
2017-05-31 15:48 - 2017-05-31 15:48 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign36406f86244bbacb
2017-05-30 01:27 - 2017-05-30 01:27 - 00033875 _____ C:\Users\zw\Downloads\MA GMD - FT — Term 03  04_2017 (1).pdf
2017-05-28 22:02 - 2017-05-20 10:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-05-28 22:02 - 2017-05-20 09:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-28 22:02 - 2017-05-20 09:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-28 22:02 - 2017-05-20 09:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-05-28 22:02 - 2017-05-20 09:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-05-28 22:02 - 2017-05-20 09:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-05-28 22:02 - 2017-05-20 09:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-05-28 22:02 - 2017-05-20 09:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-05-28 22:02 - 2017-05-20 09:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-05-28 22:02 - 2017-05-20 09:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-05-28 22:02 - 2017-05-20 09:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-05-28 22:02 - 2017-05-20 09:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-05-28 22:02 - 2017-05-20 09:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-05-28 22:02 - 2017-05-20 09:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-05-28 22:02 - 2017-05-20 09:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-05-28 22:02 - 2017-05-20 09:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-05-28 22:02 - 2017-05-20 09:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-05-28 22:02 - 2017-05-20 09:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-05-28 22:02 - 2017-05-20 09:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-28 22:02 - 2017-05-20 09:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-05-28 22:02 - 2017-05-20 09:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-05-28 22:02 - 2017-05-20 09:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-05-28 22:02 - 2017-05-20 09:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-28 22:02 - 2017-05-20 09:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-05-28 22:02 - 2017-05-20 09:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-05-28 22:02 - 2017-05-20 09:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-28 22:02 - 2017-05-20 09:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-28 22:02 - 2017-05-20 09:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-05-28 22:02 - 2017-05-20 09:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-05-28 22:02 - 2017-05-20 09:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-05-28 22:02 - 2017-05-20 09:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-05-28 22:02 - 2017-05-20 09:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-05-28 22:02 - 2017-05-20 09:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-05-28 22:02 - 2017-05-20 09:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-28 22:02 - 2017-05-20 09:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-28 22:02 - 2017-05-20 09:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-28 22:02 - 2017-05-20 09:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-05-28 22:02 - 2017-05-20 09:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-05-28 22:02 - 2017-05-20 09:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-05-28 22:02 - 2017-05-20 09:17 - 04544000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-05-28 22:02 - 2017-05-20 09:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-05-28 22:02 - 2017-05-20 09:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-05-28 22:02 - 2017-05-20 09:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-28 22:02 - 2017-05-20 09:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-05-28 22:02 - 2017-05-20 09:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-05-28 22:02 - 2017-05-20 09:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-28 22:02 - 2017-05-20 09:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-05-28 22:02 - 2017-05-20 09:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-05-28 22:02 - 2017-05-20 09:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-05-28 22:02 - 2017-05-20 09:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-05-28 22:02 - 2017-05-20 09:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-05-28 22:02 - 2017-05-20 09:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-05-28 22:02 - 2017-05-20 09:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-05-28 22:02 - 2017-05-20 09:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-05-28 22:02 - 2017-05-20 09:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-05-28 22:02 - 2017-05-20 09:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-05-28 22:02 - 2017-05-20 09:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-05-28 22:02 - 2017-05-20 09:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-28 22:02 - 2017-05-20 09:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-05-28 22:02 - 2017-05-20 08:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-28 22:02 - 2017-05-20 08:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-05-28 22:02 - 2017-05-20 08:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-28 22:02 - 2017-05-20 07:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-05-28 22:02 - 2017-05-20 07:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-28 22:02 - 2017-05-20 07:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-05-28 22:02 - 2017-05-20 07:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-05-28 22:02 - 2017-05-20 07:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-05-28 22:02 - 2017-05-20 07:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-05-28 22:02 - 2017-05-20 07:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-05-28 22:02 - 2017-05-20 07:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-05-28 22:02 - 2017-05-20 07:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-05-28 22:02 - 2017-05-20 07:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-05-28 22:02 - 2017-05-20 07:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-05-28 22:02 - 2017-05-20 07:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-05-28 22:02 - 2017-05-20 07:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-05-28 22:02 - 2017-05-20 07:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-05-28 22:02 - 2017-05-20 07:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-05-28 22:02 - 2017-05-20 07:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-05-28 22:02 - 2017-05-20 07:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-05-28 22:02 - 2017-05-20 07:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-05-28 22:02 - 2017-05-20 07:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-28 22:02 - 2017-05-20 07:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-05-28 22:02 - 2017-05-20 07:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-28 22:02 - 2017-05-20 07:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-05-28 22:02 - 2017-05-20 07:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-05-28 22:02 - 2017-05-20 07:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-28 22:02 - 2017-05-20 07:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-05-28 22:02 - 2017-05-20 07:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-05-28 22:02 - 2017-05-20 07:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-05-28 22:02 - 2017-05-20 07:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-05-28 22:02 - 2017-05-20 07:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-05-28 22:02 - 2017-05-20 07:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-05-28 22:02 - 2017-05-20 07:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-28 22:02 - 2017-05-20 07:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-05-28 22:02 - 2017-05-20 07:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-05-28 22:02 - 2017-05-20 07:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-28 22:02 - 2017-05-20 07:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-28 22:02 - 2017-05-20 07:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-05-28 22:02 - 2017-05-20 07:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-28 22:02 - 2017-05-20 07:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-05-28 22:02 - 2017-05-20 07:00 - 05776384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-05-28 22:02 - 2017-05-20 07:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-28 22:02 - 2017-05-20 07:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-28 22:02 - 2017-05-20 07:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-05-28 22:02 - 2017-05-20 06:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-05-28 22:02 - 2017-05-20 06:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-05-28 22:02 - 2017-05-20 06:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-05-28 22:02 - 2017-05-20 06:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-28 22:02 - 2017-05-20 06:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-05-28 22:02 - 2017-05-20 06:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-05-28 22:02 - 2017-05-20 06:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-28 22:02 - 2017-05-20 06:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-05-28 22:02 - 2017-05-20 06:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-05-28 22:02 - 2017-05-20 06:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-28 22:02 - 2017-05-20 06:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-28 22:02 - 2017-05-20 06:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-28 22:02 - 2017-05-20 06:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-05-28 22:02 - 2017-05-20 06:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-05-28 22:02 - 2017-05-20 06:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-05-28 22:02 - 2017-05-20 06:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-05-28 22:02 - 2017-05-20 06:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-05-28 22:02 - 2017-05-20 06:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-28 22:02 - 2017-05-20 06:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-28 22:02 - 2017-05-20 06:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-05-28 22:02 - 2017-05-20 06:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-05-28 22:02 - 2017-05-20 06:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-05-28 22:02 - 2017-05-20 06:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-05-28 22:02 - 2017-05-20 06:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-05-28 22:02 - 2017-05-20 06:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-28 22:01 - 2017-05-20 08:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-05-28 22:01 - 2017-05-20 07:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-05-28 22:01 - 2017-05-20 07:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-05-28 22:01 - 2017-05-20 07:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-05-28 22:01 - 2017-05-20 07:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-05-28 22:01 - 2017-05-20 07:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-28 22:01 - 2017-05-20 07:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-05-28 22:01 - 2017-05-20 07:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-05-28 22:01 - 2017-05-20 07:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-05-28 22:01 - 2017-05-20 07:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-05-28 22:01 - 2017-05-20 07:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-05-28 22:01 - 2017-05-20 07:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-05-28 22:01 - 2017-05-20 07:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-05-28 22:01 - 2017-05-20 07:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-05-28 22:01 - 2017-05-20 07:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-05-28 22:01 - 2017-05-20 07:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-05-28 22:01 - 2017-05-20 07:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-05-28 22:01 - 2017-05-20 07:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-05-28 22:01 - 2017-05-20 07:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-05-28 22:01 - 2017-05-20 07:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-05-28 22:01 - 2017-05-20 07:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-05-28 22:01 - 2017-05-20 07:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-05-28 22:01 - 2017-05-20 07:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-05-28 22:01 - 2017-05-20 07:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-05-28 22:01 - 2017-05-20 07:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-05-28 22:01 - 2017-05-20 07:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-05-28 22:01 - 2017-05-20 07:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-05-28 22:01 - 2017-05-20 06:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-05-28 22:01 - 2017-05-20 06:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-05-28 22:01 - 2017-05-20 06:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-05-28 22:01 - 2017-05-20 06:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-05-28 22:01 - 2017-05-20 06:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-05-28 22:01 - 2017-05-20 06:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-05-28 22:01 - 2017-05-20 06:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-05-28 22:01 - 2017-05-20 06:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-05-28 22:01 - 2017-05-20 06:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-05-28 22:01 - 2017-05-20 06:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-05-28 22:01 - 2017-05-20 06:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-05-28 22:01 - 2017-05-20 06:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-05-28 12:05 - 2017-05-28 12:05 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign6232ea47cfb746dc
2017-05-28 12:04 - 2017-05-28 12:04 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign8ddb555f28ae2992
2017-05-28 11:57 - 2017-05-28 11:57 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigne4a5cfd2c1dadd85
2017-05-28 11:57 - 2017-05-28 11:57 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignbbdac904424d8eff
2017-05-28 11:57 - 2017-05-28 11:57 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign17110cefd8e14f48
2017-05-25 12:38 - 2017-05-25 12:38 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignec2f926263bfbe69
2017-05-25 12:13 - 2017-05-25 12:13 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign2924c467d92f8be8
2017-05-25 12:11 - 2017-05-25 12:11 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign9982c8804afc6d0a
2017-05-25 12:11 - 2017-05-25 12:11 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign95a939736e444a19
2017-05-25 12:11 - 2017-05-25 12:11 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign913b2b366c2306a1
2017-05-25 12:10 - 2017-05-25 12:10 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignadbf1bc1674f4c46
2017-05-25 12:10 - 2017-05-25 12:10 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign7aefcf756765c3c1
2017-05-25 12:10 - 2017-05-25 12:10 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign7553aa69cf777a6d
2017-05-25 00:09 - 2017-05-25 00:09 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignabdaa4fe3c36fa7d
2017-05-25 00:09 - 2017-05-25 00:09 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign7a733ec0c2882811
2017-05-24 14:14 - 2017-05-24 14:14 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignf2365c3676e3b082
2017-05-24 14:14 - 2017-05-24 14:14 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign4764be04a4e6b3b4
2017-05-24 14:09 - 2017-05-24 14:09 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignb333c10234e95ee7
2017-05-24 14:09 - 2017-05-24 14:09 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign00e9b6871ca58e79
2017-05-24 12:18 - 2017-05-24 12:18 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign1a44e032b2d6e73e
2017-05-24 12:18 - 2017-05-24 12:18 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign10e3beb4204f3757
2017-05-24 12:04 - 2017-05-24 12:04 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignd4e10c08ad985746
2017-05-24 12:04 - 2017-05-24 12:04 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignbe51673342187458
2017-05-24 12:04 - 2017-05-24 12:04 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign89e54886b4f7815e
2017-05-23 23:02 - 2017-05-23 23:02 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign3453c503a92a3d51
2017-05-23 22:52 - 2017-05-23 22:52 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignd716e5fd522bd374
2017-05-23 22:52 - 2017-05-23 22:52 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign57d5975507214c99
2017-05-23 22:52 - 2017-05-23 22:52 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign2e8a74f5616ad2ab
2017-05-22 11:55 - 2017-05-22 11:55 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignee5b4e57dfa27f5b
2017-05-22 11:55 - 2017-05-22 11:55 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign9e9507fe0eb1412f
2017-05-22 11:55 - 2017-05-22 11:55 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign48b880a3b99b07f5
2017-05-22 11:53 - 2017-05-22 11:53 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignd2686725cbc31cf8
2017-05-22 11:24 - 2017-05-22 11:24 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignb1099c60c8103fc9
2017-05-22 11:24 - 2017-05-22 11:24 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignabdda228e2145f12
2017-05-22 11:24 - 2017-05-22 11:24 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign6bc4234f9c48725a
2017-05-22 06:32 - 2017-05-22 06:32 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignefd059dd8cf56331
2017-05-22 06:32 - 2017-05-22 06:32 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignc9697e6c9a3f62ec
2017-05-21 22:57 - 2017-05-21 22:57 - 00033875 _____ C:\Users\zw\Downloads\MA GMD - FT — Term 03  04_2017.pdf
2017-05-21 22:57 - 2017-05-21 22:57 - 00030040 _____ C:\Users\zw\Downloads\MA GMD - FT — Term 02.pdf
2017-05-21 21:29 - 2017-05-21 21:29 - 36889362 _____ C:\Users\zw\Downloads\Reading Images; Vanessa Price 2016.pdf
2017-05-21 21:29 - 2017-05-21 21:29 - 02576830 _____ C:\Users\zw\Downloads\From here to there and then what- Paul Bailey.pdf
2017-05-21 21:27 - 2017-05-21 21:28 - 12517627 _____ C:\Users\zw\Downloads\Rhetoric Lecture (sm).pdf
2017-05-21 21:27 - 2017-05-21 21:27 - 15507650 _____ C:\Users\zw\Downloads\Critical Writing; Vanessa Price 2016.pdf
2017-05-21 18:56 - 2017-05-21 18:56 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsigne3b5bd14c6c1eee5
2017-05-21 18:53 - 2017-05-21 18:53 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign1babcdbd14bf4315
2017-05-21 18:48 - 2017-05-21 18:48 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign5a215e896f525fc2
2017-05-21 15:32 - 2017-05-21 15:32 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignda0decc0a522a01e
2017-05-21 15:32 - 2017-05-21 15:32 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignd0cbc271b43bf703
2017-05-21 15:32 - 2017-05-21 15:32 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsignaa84948a41c3e706
2017-05-21 15:32 - 2017-05-21 15:32 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign2a849ac88f2454d7
2017-05-21 14:26 - 2017-05-21 14:26 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign62ad2395a099fb21
2017-05-21 14:26 - 2017-05-21 14:26 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign4a3fc51eca9626f7
2017-05-21 14:25 - 2017-05-21 14:25 - 00000000 ____D C:\Users\zw\AppData\Local\Tempzxpsign73fe1967af36994f
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-20 00:58 - 2017-04-20 00:42 - 01953028 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-20 00:54 - 2017-02-02 15:33 - 00000000 __SHD C:\Users\zw\IntelGraphicsProfiles
2017-06-20 00:53 - 2017-04-20 00:51 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-20 00:53 - 2017-03-18 12:40 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-06-20 00:53 - 2017-02-21 17:46 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-20 00:05 - 2017-04-20 00:40 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-19 14:35 - 2017-04-04 00:56 - 00002510 _____ C:\Users\zw\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk
2017-06-19 13:49 - 2017-02-06 22:24 - 00000000 ____D C:\Users\zw\Desktop\Play Imgs
2017-06-19 13:42 - 2017-02-03 12:32 - 00000034 _____ C:\Users\zw\AppData\Roaming\AdobeWLCMCache.dat
2017-06-19 13:40 - 2017-04-06 14:17 - 00001734 _____ C:\WINDOWS\Sandboxie.ini
2017-06-19 08:10 - 2017-03-18 22:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-19 08:10 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-19 08:04 - 2017-04-20 00:40 - 09793792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-19 08:03 - 2017-02-02 15:55 - 00000000 ____D C:\Users\zw\AppData\LocalLow\Mozilla
2017-06-19 08:00 - 2017-02-03 03:25 - 00000000 ____D C:\Users\zw\AppData\Local\Adobe
2017-06-17 20:22 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-17 11:51 - 2017-02-21 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-06-17 02:58 - 2017-02-05 20:45 - 00000000 ____D C:\Users\zw\AppData\Local\Spotify
2017-06-17 02:46 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-17 02:45 - 2017-02-14 09:02 - 00000000 ____D C:\Users\zw\Desktop\experiments
2017-06-17 02:09 - 2017-02-25 16:38 - 00000000 ____D C:\ProgramData\Red Giant
2017-06-17 02:09 - 2017-02-25 16:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Giant
2017-06-17 02:03 - 2017-03-18 22:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-17 01:48 - 2017-02-05 20:45 - 00000000 ____D C:\Users\zw\AppData\Roaming\Spotify
2017-06-16 12:20 - 2017-01-16 20:25 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-16 02:06 - 2017-04-20 00:42 - 00000000 ____D C:\Users\zw
2017-06-16 02:05 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2017-06-16 02:05 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-16 02:05 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\en-GB
2017-06-16 02:05 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-15 13:09 - 2017-03-20 23:51 - 00000000 ____D C:\Users\zw\AppData\Roaming\FileZilla
2017-06-15 00:08 - 2017-02-02 15:34 - 00000000 ____D C:\Users\zw\AppData\Local\Dropbox
2017-06-15 00:08 - 2017-01-22 15:32 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-06-14 16:00 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-14 15:08 - 2017-02-04 16:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 15:06 - 2017-03-18 21:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 15:06 - 2017-02-04 16:20 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-12 16:50 - 2017-04-26 14:10 - 00000000 ____D C:\Users\zw\Desktop\web dev
2017-06-12 03:01 - 2017-02-02 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-06-07 00:31 - 2017-02-02 15:33 - 00000000 ____D C:\Users\zw\AppData\Roaming\Adobe
2017-06-06 01:23 - 2017-02-02 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-04 15:54 - 2017-02-06 22:27 - 00000000 ____D C:\Users\zw\Desktop\Freelance
2017-06-03 07:32 - 2017-03-18 22:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 07:32 - 2017-03-18 22:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-01 23:37 - 2017-02-02 15:33 - 00000000 ____D C:\Users\zw\AppData\Local\Packages
2017-06-01 01:16 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-01 01:16 - 2017-03-18 22:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-01 01:16 - 2017-03-18 22:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-01 01:16 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-01 01:16 - 2017-03-18 22:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-01 01:16 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-01 01:16 - 2017-03-18 22:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-31 23:27 - 2017-01-22 15:28 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-05-31 23:27 - 2017-01-22 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-05-31 23:25 - 2017-02-06 20:12 - 00000000 ____D C:\Users\zw\AppData\Roaming\Kodi
2017-05-31 13:26 - 2017-02-04 16:16 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-26 16:17 - 2017-03-18 22:03 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-26 16:16 - 2017-01-16 19:41 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-25 11:58 - 2017-02-21 17:46 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-25 00:08 - 2017-02-06 02:44 - 00000000 ____D C:\Users\zw\Desktop\Unit 3
2017-05-22 08:48 - 2017-02-06 22:28 - 00000000 ____D C:\Users\zw\Desktop\Unit 1
 
==================== Files in the root of some directories =======
 
2017-02-03 12:32 - 2017-06-19 13:42 - 0000034 _____ () C:\Users\zw\AppData\Roaming\AdobeWLCMCache.dat
2017-03-15 16:34 - 2017-03-15 16:43 - 0000100 _____ () C:\Users\zw\AppData\Roaming\Camdata.ini
2017-03-15 16:34 - 2017-03-15 16:43 - 0000408 _____ () C:\Users\zw\AppData\Roaming\CamLayout.ini
2017-03-15 16:34 - 2017-03-15 16:43 - 0000408 _____ () C:\Users\zw\AppData\Roaming\CamShapes.ini
2017-03-15 16:34 - 2017-03-15 16:43 - 0004536 _____ () C:\Users\zw\AppData\Roaming\CamStudio.cfg
2017-03-15 16:34 - 2017-03-15 16:40 - 0000096 _____ () C:\Users\zw\AppData\Roaming\version2.xml
2017-03-21 19:06 - 2017-04-28 12:31 - 0001456 _____ () C:\Users\zw\AppData\Local\Adobe Save for Web 13.0 Prefs
2017-04-10 01:16 - 2017-04-10 01:16 - 0000218 _____ () C:\Users\zw\AppData\Local\recently-used.xbel
 
Some files in TEMP:
====================
2017-06-12 13:37 - 2017-06-12 13:37 - 8981640 _____ (Sandboxie Holdings, LLC) C:\Users\zw\AppData\Local\Temp\SandboxieInstall.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-06-11 21:30
 
==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 PM

Posted 20 June 2017 - 09:17 AM


Hi,

Remove this program in bold via the Control Panel > Programs > Programs and Features.
Unity (HKLM-x32\...\Unity) (Version: 5.5.1f1 - Unity Technologies ApS)
+++

Please run the AdwCleaner and remove all items found.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CustomCLSID: HKU\S-1-5-21-4279313113-2496393081-2471958111-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\zw\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-4279313113-2496393081-2471958111-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\zw\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CHR Extension: (Chrome Web Store Payments) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Chrome Media Router) - C:\Users\zw\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
S3 mfencbdc; system32\DRIVERS\mfencbdc.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Post the logs and let me know if the problem persists.

#5 12345zzz

12345zzz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 21 June 2017 - 07:47 AM

Hi Nasdaq,

 

Unity is an application I use a fair amount - happy to uninstall it, but I assume I can reinstall when I've completed this process?

 

Thanks



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 PM

Posted 21 June 2017 - 09:01 AM

Do not remove it just now.

Continue with the rest of the Fix.

Let me know what problem persists.

#7 12345zzz

12345zzz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 25 June 2017 - 10:42 AM

Thanks a lot. JRT is below, fixlog is attached.
 
Any more things I should do?
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x64 
Ran by zw (Administrator) on 25/06/2017 at 16:37:54.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/06/2017 at 16:39:27.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 PM

Posted 25 June 2017 - 12:58 PM

Is the problem persisting?

#9 12345zzz

12345zzz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 26 June 2017 - 04:38 AM

This morning I was working on my computer in the sun and it started to flash black far more regularly - this stopped when I moved the computer into the shade - do you think I can assume it's a GPU issue? And is there anything I can do to reduce this?



#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:32 PM

Posted 26 June 2017 - 08:19 AM

The computer may just be on the verge to over heat.

Navigate to this page.
http://www.tomshardware.com/answers/id-3296996/test-cpu-temperature-load.html

Check the answer by Multipack download and run the HWInfo (Hard Ware Info)

If this is the problem you should consult a Technician in the Hardware Forum.
https://www.bleepingcomputer.com/forums/f/7/internal-hardware/

This is not my forte.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users