Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

what is up with this computer


  • This topic is locked This topic is locked
15 replies to this topic

#1 chilidog33

chilidog33

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 22 February 2018 - 02:30 PM

It seems i am hijacked...i run windows 10 home but have numerous indications of some typoe of remote infiltration.. a directory scan in the recovery drive lists many references to windows PE partitions as well as many hyper v and vm activities, i have done nothing virtually. i also find references to windows core , windows for school, or pro in the directories.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.02.2018
Ran by John (administrator) on DESKTOP-KG14MNT (22-02-2018 12:52:59)
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John & Administrator)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHDCPSvc.exe
(Sutherland Global Services, Inc.) C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByUpdateService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHeciSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.16.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Lighting Analysts, Inc.) C:\Program Files (x86)\Lighting Analysts\AGi32\AGI32-18.3.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google) C:\Program Files\Google\Google Earth Pro\client\googleearth.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Trend Micro Inc.) C:\Users\John\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sysinternals - www.sysinternals.com) C:\Users\John\AppData\Local\Temp\Temp2_ProcessExplorer(1).zip\procexp64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2018-01-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2018-01-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_CTPreset] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2018-01-09] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1034160 2017-10-10] (McAfee Inc.)
HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\...\Run: [HijackThis startup scan] => C:\Users\John\Downloads\HijackThis.exe [388608 2018-01-31] (Trend Micro Inc.)
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{73c57a01-a14b-4530-81d7-69295780e215}: [NameServer] 75.75.75.75,75.75.76.76
Tcpip\..\Interfaces\{73c57a01-a14b-4530-81d7-69295780e215}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-1041191953-2805693150-4082675335-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-12-04] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: vvx9q6ee.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vvx9q6ee.default [2018-02-22]
FF Extension: (ADB Helper) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vvx9q6ee.default\Extensions\adbhelper@mozilla.org [2018-02-20] [Legacy]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vvx9q6ee.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-02-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-31] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-31] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2018-02-22]
CHR Extension: (Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-18]
CHR Extension: (Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-18]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-18]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-18]
CHR Extension: (Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-18]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-18]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 AnswersByDownloadService; C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByUpdateService.exe [3389856 2017-10-02] (Sutherland Global Services, Inc.)
S4 BthHFSrvz; C:\WINDOWS\System32\BthHFSrv.dll [456704 2017-09-29] (Microsoft Corporation)
S3 camsvcz; C:\WINDOWS\system32\CapabilityAccessManager.dll [227328 2017-12-13] (Microsoft Corporation)
S4 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe [169576 2018-01-09] (Intel)
S4 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [320944 2017-10-10] ()
S4 PhoneSvcz; C:\WINDOWS\System32\PhoneService.dll [791552 2018-01-01] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-30] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 BthHFEnumz; C:\WINDOWS\System32\drivers\bthhfenum.sys [107008 2017-09-29] (Microsoft Corporation)
S3 BthLEEnumz; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [78848 2017-09-29] (Microsoft Corporation)
S4 BthPanz; C:\WINDOWS\System32\drivers\bthpan.sys [129536 2017-09-29] (Microsoft Corporation)
S3 BthzAvrcpTg; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [45056 2017-09-29] (Microsoft Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [174600 2017-04-13] (Intel Corporation)
R1 MpKsl0349b6b7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3DDF0396-868D-4F8F-903B-31479BC9BC5D}\MpKsl0349b6b7.sys [58120 2018-02-22] (Microsoft Corporation)
S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2018-02-12] (Greatis Software)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2018-01-09] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [66144 2016-09-06] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-30] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E
C:\WINDOWS\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD
C:\WINDOWS\System32\drivers\ACPI.sys 69481E5474C7E61CDB3FE6A8A0F3B1B4
C:\WINDOWS\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35
C:\WINDOWS\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83
C:\WINDOWS\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE
C:\WINDOWS\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E
C:\WINDOWS\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C
C:\WINDOWS\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5
C:\WINDOWS\system32\drivers\afd.sys 7AE4EBDC221235BF9E1008B515C0B8DB
C:\WINDOWS\System32\DRIVERS\ahcache.sys 56166D110D3ECFFC595E5FA02D9BA491
C:\WINDOWS\System32\drivers\amdk8.sys 62619E31AFF88F906A7E793AC4A9FF51
C:\WINDOWS\System32\drivers\amdppm.sys 735142DD039BEB35632765C41FC6E397
C:\WINDOWS\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30
C:\WINDOWS\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2
C:\WINDOWS\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954
C:\WINDOWS\System32\drivers\appid.sys 3692C75C47285D388C886D162F54C430
C:\WINDOWS\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0
C:\WINDOWS\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74
C:\WINDOWS\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367
C:\WINDOWS\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86
C:\WINDOWS\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB
C:\WINDOWS\System32\drivers\bam.sys 763CF81762483E244BAEB83DEFFC53F3
C:\WINDOWS\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE
C:\WINDOWS\System32\drivers\BasicRender.sys 2E1EE0F10FAF1250D1AC05BFB0E6BD3D
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys EDDAA3A563E7EB71C991FE91249C7D81
C:\WINDOWS\System32\DRIVERS\bowser.sys D030A1203680D66716F4E74053468627
C:\WINDOWS\system32\DRIVERS\BthEnum.sys 82BD96D56574231AD0E9BBF293EA2E7F
C:\WINDOWS\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA
C:\WINDOWS\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C
C:\WINDOWS\system32\DRIVERS\bthl2cap.sys 338B8D45C7DFB03DB7957188E16C9661
C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 47BF82E2A6D11279C8501E08518AB835
C:\WINDOWS\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464
C:\WINDOWS\System32\drivers\bthpan.sys 4F58D8C265FFA943878CF7F922432847
C:\WINDOWS\system32\DRIVERS\BTHport.sys D970480A59C314CC344118D7B185D7E6
C:\WINDOWS\system32\DRIVERS\BTHUSB.sys 55C836530A9602255BFB4F5D9DA2B737
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A
C:\WINDOWS\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B
C:\WINDOWS\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901
C:\WINDOWS\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B
C:\WINDOWS\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA
C:\WINDOWS\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF
C:\WINDOWS\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7
C:\WINDOWS\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58
C:\WINDOWS\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308
C:\WINDOWS\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80
C:\WINDOWS\System32\drivers\cldflt.sys 3B5973C9D50DE90CEB6D7DC85216AA86
C:\WINDOWS\System32\drivers\CLFS.sys 59D46CE57A49353A733D162DBA65A4FA
C:\WINDOWS\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B
C:\WINDOWS\System32\Drivers\cng.sys B3CC988A9D8B8EC66ED2B7B7B3413652
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508
C:\WINDOWS\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE
C:\WINDOWS\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100
C:\WINDOWS\System32\drivers\dc3d.sys A4700D1F78539C0ED32FA50E64F9C692
C:\WINDOWS\System32\Drivers\dfsc.sys 9910E9CFF5ECDCB225F82E72CE9DE459
C:\WINDOWS\System32\drivers\disk.sys 811173C821171BB910219E53C7FD97AD
C:\WINDOWS\System32\drivers\dmvsc.sys 569FE16775E15A49DC904DE20BF8CAA0
C:\WINDOWS\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389
C:\WINDOWS\System32\drivers\dxgkrnl.sys 0DF6B436F579E1DD23C8EBD61EE749E8
C:\WINDOWS\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97
C:\WINDOWS\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837
C:\WINDOWS\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F
C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65
C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1
C:\WINDOWS\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8
C:\WINDOWS\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908
C:\WINDOWS\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602
C:\WINDOWS\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6
C:\WINDOWS\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712
C:\WINDOWS\System32\drivers\fltmgr.sys 56F9EAA7099159759B2F6C523007A13F
C:\WINDOWS\System32\drivers\FsDepends.sys 5D8A0E58E3F82583697E3F07052435AA
C:\Windows\System32\Drivers\Fs_Rec.sys BB82CC2F51F7C3D5DCD13FA3B040D8F8
C:\WINDOWS\System32\DRIVERS\fvevol.sys 69C669540A850553AF9589DB05A2A7D0
C:\WINDOWS\System32\drivers\vmgencounter.sys 3B5DDF1061930A0A891FA63DB0CB878B
C:\WINDOWS\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681
C:\WINDOWS\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317
C:\WINDOWS\System32\drivers\gpuenergydrv.sys C7DEA3458E50B691E69EFF0B47CBCCDB
C:\WINDOWS\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2
C:\WINDOWS\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02
C:\WINDOWS\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161
C:\WINDOWS\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A
C:\WINDOWS\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986
C:\WINDOWS\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF
C:\WINDOWS\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF
C:\WINDOWS\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8
C:\WINDOWS\System32\drivers\HTTP.sys 717D6E92D0143BCC4C36976BFFD94753
C:\WINDOWS\System32\drivers\hvservice.sys 9F2CFC90306532866C62BDCDFD2532AA
C:\WINDOWS\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52
C:\WINDOWS\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE
C:\WINDOWS\System32\drivers\hyperkbd.sys 7E00234C67A322988AFEA717D5609C9E
C:\WINDOWS\System32\drivers\HyperVideo.sys FBF5BB641DE99AE1DF4835E88D4F8993
C:\WINDOWS\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F
C:\WINDOWS\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E
C:\WINDOWS\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506
C:\WINDOWS\system32\DRIVERS\ibtusb.sys DBDE256246284C8B976AD91457FA0B56
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igdkmd64.sys 038BEF3FD29A4364EF64DDE4DF3E333F
C:\WINDOWS\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5
C:\WINDOWS\System32\drivers\IntcAudioBus.sys 6812970274D5A8FB6D58E9E10311D2C1
C:\WINDOWS\system32\drivers\RTKVHD64.sys 234B41FA634FA61B888285458E89547C
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys DA7859458D03EF47FA344DF60AEAC28D
C:\WINDOWS\System32\drivers\IntcOED.sys F48709A2BC8866197F980B230E415FCA
C:\WINDOWS\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA
C:\WINDOWS\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE
C:\WINDOWS\System32\drivers\intelppm.sys 10F2757836F41BFAEA2AE19F6FE869B2
C:\WINDOWS\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E
C:\WINDOWS\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4
C:\WINDOWS\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B
C:\WINDOWS\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70
C:\WINDOWS\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A
C:\WINDOWS\system32\drivers\irda.sys 359CDDBC825959DA28FA886B3C271B53
C:\WINDOWS\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765
C:\WINDOWS\System32\drivers\isapnp.sys 2296B158C43C306B0AC5B4D57EA9F0E1
C:\WINDOWS\System32\drivers\msiscsi.sys 2DC0765992CFECE3B13F3BFD20E69DCC
C:\WINDOWS\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1
C:\WINDOWS\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89
C:\WINDOWS\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D
C:\WINDOWS\System32\Drivers\ksecdd.sys 69FA8BEBADF807089FEFCD3F59CFAC1E
C:\WINDOWS\System32\Drivers\ksecpkg.sys C1081E2B36F77781167FD9401119B98E
C:\WINDOWS\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37
C:\WINDOWS\System32\drivers\lltdio.sys CB5A6E117502156794F0DA9E61506006
C:\WINDOWS\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D
C:\WINDOWS\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F
C:\WINDOWS\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64
C:\WINDOWS\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15
C:\WINDOWS\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9
C:\WINDOWS\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396
C:\WINDOWS\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E
C:\WINDOWS\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF
C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys 3B3B28756F9A8CCF19B3C092A23FBEA2
C:\WINDOWS\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE
C:\WINDOWS\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA
C:\WINDOWS\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B
C:\WINDOWS\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A
C:\WINDOWS\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00
C:\WINDOWS\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E
C:\WINDOWS\System32\drivers\mountmgr.sys 6434BC884502E95EEA2379C92DD22B60
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3DDF0396-868D-4F8F-903B-31479BC9BC5D}\MpKsl0349b6b7.sys BF2513029E231BE96D82F7C3ABFF87F4
C:\WINDOWS\System32\drivers\mpsdrv.sys F36E4074C66DD31855A8D79EF0AE8066
C:\WINDOWS\system32\drivers\mrxdav.sys 215D672CB71987CD98EB2298EFB84DDC
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 34898F29BF0E9A84E183046318D17814
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 87FF93E7420C9068C0D5B2F3109809F4
C:\WINDOWS\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024
C:\Windows\System32\Drivers\Msfs.sys AE111778CA6AC08862B3C713F0413333
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F
C:\WINDOWS\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF
C:\WINDOWS\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB
C:\WINDOWS\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B
C:\WINDOWS\System32\drivers\MSKSSRV.sys B25B2CD3E052D68075A3814AAA0C6421
C:\WINDOWS\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258
C:\WINDOWS\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A
C:\Windows\System32\Drivers\MsRPC.sys 4EB9B77179BDEE89C496E60D4BF85CC1
C:\WINDOWS\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C
C:\WINDOWS\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D
C:\WINDOWS\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34
C:\WINDOWS\System32\Drivers\mup.sys DB5B1539F5EBB3DD3A7ED25ADBC4D6D9
C:\WINDOWS\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB
C:\WINDOWS\System32\DRIVERS\nwifi.sys 8A9CD53B0FBE679116638120CCBB201E
C:\WINDOWS\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D
C:\WINDOWS\System32\drivers\ndis.sys 7FF306C78B0DC31192657B47539D5688
C:\WINDOWS\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065
C:\WINDOWS\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4
C:\WINDOWS\System32\drivers\ndisuio.sys 8D977AFC195A3F4B15B05D02B2BD0292
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5
C:\WINDOWS\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 8ABF5B8D5839F8DAE2E0D3165AE732F6
C:\WINDOWS\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552
C:\WINDOWS\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596
C:\WINDOWS\System32\drivers\netbios.sys E899D26A0C2555AC30ACDD526056E51F
C:\WINDOWS\System32\DRIVERS\netbt.sys 7FC54F2AF5EC52C7AC05AD90FFC757E6
C:\WINDOWS\System32\drivers\netvsc.sys 680EB4AEA08EAC80C384E90E430DF16D
C:\WINDOWS\System32\drivers\Netwtw04.sys 9018527E56D9CADB80FE5D1CB824D5D9
C:\Windows\System32\Drivers\Npfs.sys 84EB8F01B140618518AFF30B9951F132
C:\WINDOWS\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D
C:\WINDOWS\System32\drivers\nsiproxy.sys 958921BB7AE2671983743FDA0DD587C4
C:\Windows\System32\Drivers\NTFS.sys E20EC8E25969ABD9F5FED6EDEA57EC0C
C:\Windows\System32\Drivers\Null.sys 0D1E03A5F87F4DE04D97622C686910A2
C:\WINDOWS\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1
C:\WINDOWS\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5
C:\WINDOWS\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117
C:\WINDOWS\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB
C:\Windows\SysWOW64\drivers\Partizan.sys 032F1C32A6A97C317AEFF9D64D2A1D8A
C:\WINDOWS\System32\drivers\partmgr.sys 023DDF9DE429B2E6F0BADA72AA98EF8B
C:\WINDOWS\System32\drivers\pci.sys 9BF965EE361849567DB1664BEDFA9569
C:\WINDOWS\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156
C:\WINDOWS\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298
C:\WINDOWS\System32\drivers\pcw.sys ACD510CF2B631A2D36B2CFB7D31E22FD
C:\WINDOWS\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894
C:\WINDOWS\System32\drivers\peauth.sys F21127EDE5D72090A1B029AFF4AFFD17
C:\WINDOWS\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF
C:\WINDOWS\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4
C:\WINDOWS\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1
C:\WINDOWS\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86
C:\WINDOWS\System32\drivers\raspptp.sys AACA74DEF7BE3DED322411787494878B
C:\WINDOWS\System32\drivers\processr.sys B1111C47F128C946BDC87A18E44007EB
C:\WINDOWS\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F
C:\WINDOWS\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A
C:\WINDOWS\System32\DRIVERS\rasacd.sys F57D1DE0C9522BCD590A69D044641B5A
C:\WINDOWS\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F
C:\WINDOWS\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5
C:\WINDOWS\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8
C:\WINDOWS\System32\DRIVERS\rdbss.sys 4525664EFB5EB71D4B155405F78D93DB
C:\WINDOWS\System32\drivers\rdpbus.sys 8A5285B38A203D15110E142DE68406DD
C:\WINDOWS\System32\drivers\rdpdr.sys DF83769C92527DB50653F8FB57D001FF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE
C:\WINDOWS\System32\drivers\rdyboost.sys 12AF835862F2B6B2FB9DEA8BA2288587
C:\Windows\System32\Drivers\ReFS.sys FB0577F6BC9E07549CEACF5224327499
C:\Windows\System32\Drivers\ReFSv1.sys 4136BCA61BCDCC79DCE145F9CB639CD6
C:\WINDOWS\System32\drivers\rfcomm.sys 5BF7698021DB13B55753FD921BEBE318
C:\WINDOWS\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB
C:\WINDOWS\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A
C:\WINDOWS\System32\drivers\rt640x64.sys AB7C0639DF052528C2CB06D0EAE115EC
C:\WINDOWS\system32\DRIVERS\RtsPer.sys FAEE7E2ABA25F975F2A14551DF385609
C:\WINDOWS\System32\drivers\vms3cap.sys F0FA6B67B16EEFDEF8E8AFAD47A4F9B8
C:\WINDOWS\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE
C:\WINDOWS\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7
C:\WINDOWS\System32\drivers\sdbus.sys 0FB6CCFA52FE5AD0B8D86E8AB370EF34
C:\WINDOWS\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0
C:\WINDOWS\System32\drivers\sdstor.sys C289832A3174DC9D393C7603C511DF79
C:\WINDOWS\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5
C:\WINDOWS\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412
C:\WINDOWS\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC
C:\WINDOWS\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD
C:\WINDOWS\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F
C:\WINDOWS\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1
C:\WINDOWS\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF
C:\WINDOWS\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5
C:\WINDOWS\System32\drivers\spaceport.sys B2ABF0F8A49752B5CD9DEE2EADF7416A
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys CCECE7E96B4F7B0E9F0FC82F6DADA917
C:\WINDOWS\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A
C:\WINDOWS\System32\DRIVERS\srv2.sys 41181D890542EB0E8D9822F73F9FD5D7
C:\WINDOWS\System32\DRIVERS\srvnet.sys 43480B3EE4D23F5AA8EE7C6D83B09487
C:\WINDOWS\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156
C:\WINDOWS\System32\drivers\storahci.sys DD1F00B80DDD12252B7B228ABCE181A9
C:\WINDOWS\System32\drivers\vmstorfl.sys A12CFAAA0F113A25D8CEFE58B1CBB207
C:\WINDOWS\System32\drivers\stornvme.sys B6F8D1FA73F6E102AEA60D2BBD1DDF78
C:\WINDOWS\System32\drivers\storqosflt.sys 57377953F5688158054BC8CB5A243115
C:\WINDOWS\System32\drivers\storufs.sys B59D29E535AF7E82717C2AD2C57EEC67
C:\WINDOWS\System32\drivers\storvsc.sys 9B431079624306B5659B3B7208A71C75
C:\WINDOWS\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0
C:\WINDOWS\System32\drivers\SynRMIHID.sys 1A98072E9B008D4FD85AF2B8BE94A2E8
C:\WINDOWS\System32\drivers\Synth3dVsc.sys AB15F9FDCD11D5283891BC956E8C5C95
C:\WINDOWS\System32\drivers\tap0901.sys 9C2D73902E96A42A9758AE7ACB70DF41
C:\WINDOWS\System32\drivers\tcpip.sys 9900BD38D592CF4EE6F2EAE3847A24D8
C:\WINDOWS\System32\drivers\tcpip.sys 9900BD38D592CF4EE6F2EAE3847A24D8
C:\WINDOWS\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E
C:\WINDOWS\system32\DRIVERS\tdx.sys 571D82ABAC428D902ACA0CF60373C039
C:\WINDOWS\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A
C:\WINDOWS\System32\drivers\tpm.sys 1658D060057C85DEC82BFCB018C4C22F
C:\WINDOWS\System32\drivers\tsusbflt.sys 8D811209E34358EAD3FD8E40F657E59C
C:\WINDOWS\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B
C:\WINDOWS\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46
C:\WINDOWS\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF
C:\WINDOWS\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5
C:\WINDOWS\System32\drivers\UcmUcsi.sys 149CBBB74DFC3E52F242029A27B0F8EB
C:\WINDOWS\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993
C:\WINDOWS\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE
C:\WINDOWS\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888
C:\WINDOWS\System32\drivers\UEFI.sys AB7FE51D818B6059C2F56FA62268CCAC
C:\WINDOWS\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED
C:\WINDOWS\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D
C:\WINDOWS\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780
C:\WINDOWS\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6
C:\WINDOWS\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73
C:\WINDOWS\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835
C:\WINDOWS\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA
C:\WINDOWS\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4
C:\WINDOWS\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B
C:\WINDOWS\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4
C:\WINDOWS\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8
C:\WINDOWS\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF
C:\WINDOWS\System32\drivers\UsbHub3.sys 4FA9C956E569D0D380C2859542361780
C:\WINDOWS\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1
C:\WINDOWS\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA
C:\WINDOWS\system32\DRIVERS\usbscan.sys E55C9AF5EE8905879048118824B06816
C:\WINDOWS\System32\drivers\usbser.sys 913CFF365DB1803525DBD2AA8B8188B4
C:\WINDOWS\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A
C:\WINDOWS\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B
C:\WINDOWS\System32\Drivers\usbvideo.sys 68788AE61B2E6A7D97CAD73B632F5BF5
C:\WINDOWS\System32\drivers\USBXHCI.SYS 41E5A6188180DC72BCECA999ED2532D4
C:\WINDOWS\System32\drivers\vdrvroot.sys C77C537077822D8EA529AD4EBFD971D6
C:\WINDOWS\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5
C:\WINDOWS\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E
C:\WINDOWS\System32\drivers\vmbus.sys 079B4378614A40A308F9C721A50C7B87
C:\WINDOWS\System32\drivers\VMBusHID.sys DC9E0600B356258E31403789119C78A9
C:\WINDOWS\System32\drivers\vmgid.sys B24F74B2710B66F647419697BDB9E163
C:\WINDOWS\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749
C:\WINDOWS\System32\drivers\volmgr.sys C9052650BBF2124CD525A26D5C2A6671
C:\WINDOWS\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC
C:\WINDOWS\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F
C:\WINDOWS\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA
C:\WINDOWS\System32\drivers\vpci.sys 702273C7C1BE9D366BAF1305D382F03C
C:\WINDOWS\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9
C:\WINDOWS\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89
C:\WINDOWS\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86
C:\WINDOWS\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC
C:\WINDOWS\System32\drivers\vwifimp.sys 0D34F98DBDF09D239533AC345C360F03
C:\WINDOWS\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\system32\drivers\wcifs.sys 520E4FD6B5BF5349DD1499F2AEFB7C50
C:\WINDOWS\system32\drivers\wcnfs.sys 9DE3FDFF295F2534DF0A8B6FC4F06355
C:\WINDOWS\System32\drivers\wd\WdBoot.sys 16D3F1C6CB3D6BBFDF4893C7A14D6F12
C:\WINDOWS\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD
C:\WINDOWS\System32\drivers\wd\WdFilter.sys 64EB43131121ADD90A061A75C8ADE9E6
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 2D50C46EFE924BC24F63A45D2DB1AA3A
C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys BE3C9DF77543C78004C400B1CAFCAB49
C:\WINDOWS\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC
C:\WINDOWS\System32\drivers\wfplwfs.sys 8E101DF42D36E04EC610581BA478B38F
C:\WINDOWS\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 0484B0D01EA6F7017519EBDDBADE759D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732
C:\WINDOWS\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56
C:\WINDOWS\System32\drivers\winnat.sys EABEF39BBEEDB3845C36893931DADCD1
C:\WINDOWS\System32\drivers\WinUSB.SYS E92F3539C4758F6A9F4B80CBAC75B3E6
C:\WINDOWS\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4
C:\WINDOWS\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754
C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9EAE1EF282864674355B4B81DF6AE935
C:\WINDOWS\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567
C:\WINDOWS\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D
C:\WINDOWS\System32\drivers\WudfRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6
C:\WINDOWS\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-22 12:52 - 2018-02-22 12:52 - 002403328 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2018-02-22 12:20 - 2018-02-22 12:22 - 133360352 _____ (Microsoft Corporation) C:\Users\John\Downloads\mpam-fe.exe
2018-02-22 11:59 - 2018-02-22 11:59 - 000000000 ___HD C:\$SysReset
2018-02-21 20:12 - 2018-02-21 20:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-21 03:46 - 2018-02-21 03:46 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1041191953-2805693150-4082675335-1001
2018-02-21 03:46 - 2018-02-21 03:46 - 000002364 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-20 07:23 - 2018-02-05 20:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-20 07:23 - 2018-02-05 20:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-18 18:24 - 2018-02-18 18:24 - 000113050 _____ C:\Users\John\Desktop\a.jfif
2018-02-18 18:22 - 2018-02-18 18:23 - 000127059 _____ C:\Users\John\Desktop\thumbnail.jfif
2018-02-18 17:16 - 2018-02-18 17:16 - 000003734 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP OfficeJet 3830 series
2018-02-18 17:15 - 2018-02-18 17:15 - 000002345 _____ C:\Users\Public\Desktop\HP OfficeJet 3830 series.lnk
2018-02-18 17:15 - 2018-02-18 17:15 - 000002345 _____ C:\ProgramData\Desktop\HP OfficeJet 3830 series.lnk
2018-02-18 17:15 - 2018-02-18 17:15 - 000001266 _____ C:\Users\Public\Desktop\Shop for Supplies - HP OfficeJet 3830 series.lnk
2018-02-18 17:15 - 2018-02-18 17:15 - 000001266 _____ C:\ProgramData\Desktop\Shop for Supplies - HP OfficeJet 3830 series.lnk
2018-02-18 17:06 - 2018-02-18 17:06 - 000002087 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2018-02-18 17:06 - 2018-02-18 17:06 - 000002087 _____ C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk
2018-02-18 17:06 - 2018-02-18 17:06 - 000000000 ____D C:\Users\John\AppData\Roaming\HPPSDr
2018-02-18 17:05 - 2018-02-18 17:05 - 011097040 _____ C:\Users\John\Downloads\HPPSdr.exe
2018-02-18 17:04 - 2018-02-18 17:05 - 171414760 _____ C:\Users\John\Downloads\DJ3830_Full_WebPack_40.11.1124(1).exe
2018-02-18 17:03 - 2018-02-18 17:03 - 004414576 _____ C:\Users\John\Downloads\DJ3830_R1804A.exe
2018-02-18 16:54 - 2018-02-18 16:54 - 000003726 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP DeskJet 3830 series
2018-02-18 16:54 - 2018-02-18 16:54 - 000002078 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2018-02-18 16:54 - 2018-02-18 16:54 - 000002078 _____ C:\ProgramData\Desktop\HP Photo Creations.lnk
2018-02-18 16:54 - 2018-02-18 16:54 - 000000000 ____D C:\ProgramData\Visan
2018-02-18 16:54 - 2018-02-18 16:54 - 000000000 ____D C:\ProgramData\HP Photo Creations
2018-02-18 16:54 - 2018-02-18 16:54 - 000000000 ____D C:\Program Files (x86)\HP Photo Creations
2018-02-18 16:53 - 2018-02-18 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2018-02-18 16:53 - 2018-02-18 17:15 - 000000000 ____D C:\Program Files\HP
2018-02-18 16:53 - 2018-02-18 17:15 - 000000000 ____D C:\Program Files (x86)\HP
2018-02-18 16:53 - 2018-02-18 16:53 - 000002317 _____ C:\Users\Public\Desktop\HP DeskJet 3830 series.lnk
2018-02-18 16:53 - 2018-02-18 16:53 - 000002317 _____ C:\ProgramData\Desktop\HP DeskJet 3830 series.lnk
2018-02-18 16:53 - 2018-02-18 16:53 - 000001250 _____ C:\Users\Public\Desktop\Shop for Supplies - HP DeskJet 3830 series.lnk
2018-02-18 16:53 - 2018-02-18 16:53 - 000001250 _____ C:\ProgramData\Desktop\Shop for Supplies - HP DeskJet 3830 series.lnk
2018-02-18 16:52 - 2018-02-18 17:16 - 000000000 ____D C:\Users\John\AppData\Local\HP
2018-02-18 16:45 - 2018-02-18 16:47 - 171414760 _____ C:\Users\John\Downloads\DJ3830_Full_WebPack_40.11.1124.exe
2018-02-18 16:40 - 2018-02-18 17:15 - 000000000 ____D C:\ProgramData\HP
2018-02-18 13:09 - 2018-02-18 13:10 - 001535075 _____ C:\Users\John\Downloads\IES Files & LM-79 Test Reports_ OSQ Series High Output Area_Flood, Automotive FrontlineOptic™ Type (1).zip
2018-02-18 13:02 - 2018-02-18 13:10 - 001535075 _____ C:\Users\John\Documents\IES Files & LM-79 Test Reports_ OSQ Series High Output Area_Flood, Automotive FrontlineOptic™ Type (1).zip
2018-02-18 12:55 - 2018-02-18 12:55 - 001535075 _____ C:\Users\John\Downloads\IES Files & LM-79 Test Reports_ OSQ Series High Output Area_Flood, Automotive FrontlineOptic™ Type.zip
2018-02-18 12:54 - 2018-02-18 12:54 - 001496636 _____ C:\Users\John\Downloads\IES Files & LM-79 Test Reports_ OSQ Series High Output Area_Flood, Type II Medium.zip
2018-02-18 12:37 - 2018-02-18 12:41 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-18 12:37 - 2018-02-18 12:41 - 000002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-18 12:37 - 2018-02-18 12:41 - 000002338 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-02-18 03:20 - 2018-02-18 03:20 - 000003584 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-KG14MNT-John
2018-02-18 03:16 - 2018-02-18 03:16 - 000000000 ____D C:\Users\John\AppData\Local\CEF
2018-02-18 00:57 - 2018-02-18 00:58 - 004903358 _____ C:\Users\John\Downloads\getfile(2).aspx
2018-02-18 00:55 - 2018-02-18 00:55 - 001496636 _____ C:\Users\John\Downloads\getfile(1).aspx
2018-02-18 00:35 - 2018-02-18 00:35 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\36240368.sys
2018-02-17 23:46 - 2018-01-01 06:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-02-17 23:42 - 2018-02-22 12:52 - 000000000 ____D C:\Users\John\Downloads\FRST-OlderVersion
2018-02-17 22:56 - 2018-02-17 22:56 - 001535075 _____ C:\Users\John\Downloads\getfile.aspx
2018-02-17 22:21 - 2018-02-17 22:21 - 000001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-02-17 22:21 - 2018-02-17 22:21 - 000001308 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-02-17 22:21 - 2018-02-17 22:21 - 000001308 _____ C:\ProgramData\Desktop\Adobe Creative Cloud.lnk
2018-02-17 22:17 - 2018-02-18 04:52 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-17 22:14 - 2018-02-17 22:14 - 000000000 ____D C:\ProgramData\Adobe
2018-02-17 22:13 - 2018-02-17 22:13 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-02-17 22:11 - 2018-02-17 22:12 - 001926640 _____ (Adobe Systems Incorporated) C:\Users\John\Downloads\Photoshop_Set-Up(1).exe
2018-02-17 22:09 - 2018-02-17 22:09 - 001926496 _____ (Adobe Systems Incorporated) C:\Users\John\Downloads\Photoshop_Set-Up.exe
2018-02-17 22:07 - 2018-02-18 01:16 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazing Photo Editor
2018-02-17 22:07 - 2018-02-18 01:16 - 000000000 ____D C:\Program Files (x86)\Amazing Photo Editor
2018-02-17 22:07 - 2018-02-17 22:07 - 000001160 _____ C:\Users\John\Desktop\Amazing Photo Editor.lnk
2018-02-17 22:04 - 2018-02-17 22:04 - 002798973 _____ C:\Users\John\Downloads\Ape.exe
2018-02-17 22:02 - 2018-02-17 22:04 - 012454296 _____ C:\Users\John\Downloads\PosFreePhotoEditor_Setup.exe
2018-02-16 20:42 - 2018-01-24 23:56 - 1792076769 _____ C:\Users\John\Documents\DJI_0001.MP4
2018-02-16 11:23 - 2018-02-16 11:23 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4737E73F.sys
2018-02-16 11:01 - 2018-02-16 11:01 - 000002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2018-02-16 11:01 - 2018-02-16 11:01 - 000002205 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2018-02-16 11:01 - 2018-02-16 11:01 - 000002205 _____ C:\ProgramData\Desktop\Belarc Advisor.lnk
2018-02-16 09:02 - 2018-02-16 09:02 - 002247877 _____ C:\Users\John\Documents\45.AGI
2018-02-16 09:02 - 2018-02-16 09:02 - 002229236 _____ C:\Users\John\Documents\45.AGI.bak
2018-02-16 08:21 - 2018-02-16 08:21 - 002746375 _____ C:\Users\John\Documents\mcclarty template.AGI
2018-02-16 07:18 - 2018-02-16 07:18 - 000000002 RSHOT C:\WINDOWS\system32\CONFIG.NT
2018-02-16 07:18 - 2018-02-16 07:18 - 000000002 RSHOT C:\WINDOWS\system32\AUTOEXEC.NT
2018-02-16 07:16 - 2018-02-16 07:16 - 011508297 _____ C:\Users\John\Downloads\bootracer_free.zip
2018-02-16 07:16 - 2018-02-16 07:16 - 011508297 _____ C:\Users\John\Downloads\bootracer_free(1).zip
2018-02-14 17:56 - 2018-02-14 17:56 - 000651697 _____ C:\Users\John\Desktop\AF1QipOfUeEljVZELFu-5v9_MFCSDNTmdUpbNwK2s-B4.htm
2018-02-14 13:34 - 2018-02-14 13:34 - 000000040 _____ C:\Users\John\Documents\45-Copy-48842-InUse.a3~
2018-02-14 13:33 - 2018-02-14 13:33 - 002177837 _____ C:\Users\John\Documents\45-Copy-48842.AGI
2018-02-14 12:27 - 2018-02-14 12:27 - 000003418 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2018-02-14 12:27 - 2018-02-14 12:27 - 000001080 _____ C:\Users\John\Desktop\UnHackMe.lnk
2018-02-14 12:15 - 2018-02-14 12:15 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7463A624.sys
2018-02-12 06:27 - 2018-02-12 06:27 - 000005954 _____ C:\Users\John\Documents\reg backup.reg
2018-02-12 03:56 - 2018-02-12 03:56 - 000040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2018-02-12 03:47 - 2018-02-21 20:12 - 000000252 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2018-02-12 03:34 - 2018-02-17 23:14 - 000000000 ____D C:\ProgramData\RegRun
2018-02-12 03:33 - 2018-02-22 07:53 - 000000000 ____D C:\Users\John\Documents\RegRun2
2018-02-12 03:33 - 2018-02-21 03:47 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-02-12 03:33 - 2018-02-21 03:47 - 000000000 ____D C:\ProgramData\Documents\regruninfo
2018-02-12 03:33 - 2018-02-18 01:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2018-02-12 03:33 - 2018-02-16 07:18 - 000000002 RSHOT C:\WINDOWS\winstart.bat
2018-02-12 03:33 - 2018-02-16 07:18 - 000000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2018-02-12 03:33 - 2018-02-16 07:18 - 000000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2018-02-12 03:33 - 2018-02-08 14:33 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-02-12 03:33 - 2018-01-31 13:32 - 000014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2018-02-12 03:33 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2018-02-12 03:32 - 2018-02-18 01:16 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-02-12 03:20 - 2018-02-12 03:30 - 018297972 _____ C:\Users\John\Downloads\unhackmeb.zip
2018-02-12 02:44 - 2018-02-12 02:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Group Policy
2018-02-12 02:43 - 2018-02-12 02:43 - 012971008 _____ C:\Users\John\Downloads\Windows_ 10_Creators_Update_ADMX.msi
2018-02-12 01:04 - 2018-02-01 20:56 - 002090043 _____ C:\Users\John\Documents\49.AGI
2018-02-12 01:04 - 2017-11-08 22:10 - 002596871 _____ C:\Users\John\Documents\mcclarty template.AGI.bak
2018-02-12 01:03 - 2018-02-18 01:16 - 000000000 ____D C:\Users\John\Documents\ies files
2018-02-12 01:03 - 2018-02-12 01:03 - 000000000 ____D C:\Users\John\Documents\mclarty
2018-02-12 01:03 - 2018-02-01 15:15 - 002113076 _____ C:\Users\John\Documents\43.AGI
2018-02-12 01:02 - 2018-02-22 05:51 - 000000000 ____D C:\Users\John\Documents\cree ies files qso ho
2018-02-12 01:02 - 2017-10-14 21:42 - 000406772 _____ C:\Users\John\Documents\170921HO1CJW.pdf
2018-02-10 02:39 - 2018-02-10 02:39 - 001931969 _____ C:\Users\John\Downloads\ProcessExplorer(1).zip
2018-02-10 02:37 - 2018-02-10 02:37 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4664B2E6.sys
2018-02-10 02:16 - 2018-02-10 02:16 - 000291606 _____ C:\Users\John\Downloads\TCPView.zip
2018-02-09 15:43 - 2018-02-09 15:43 - 000000000 ____D C:\Users\John\Documents\FeedbackHub
2018-02-09 03:04 - 2018-02-09 03:04 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\447503E3.sys
2018-02-09 03:04 - 2018-02-09 03:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-09 03:03 - 2018-02-20 22:24 - 000000000 ____D C:\Users\John\Desktop\mbar
2018-02-09 03:03 - 2018-02-18 00:49 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-09 03:03 - 2018-02-18 00:35 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-02-09 03:02 - 2018-02-09 03:02 - 014178840 _____ (Malwarebytes Corp.) C:\Users\John\Downloads\mbar-1.10.3.1001.exe
2018-02-08 22:12 - 2018-02-08 22:12 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-08 22:12 - 2018-02-08 22:12 - 000002217 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-02-08 22:12 - 2018-02-08 22:12 - 000002217 _____ C:\ProgramData\Desktop\Google Earth Pro.lnk
2018-02-08 22:12 - 2018-02-08 22:12 - 000000000 ____D C:\Program Files\Google
2018-02-08 12:34 - 2018-02-12 13:40 - 000000000 ____D C:\Users\John\Documents\mclarty honda
2018-02-08 07:29 - 2018-02-18 13:11 - 000000000 ____D C:\Users\John\Documents\cree 5000k
2018-02-08 07:29 - 2018-02-08 07:29 - 000000000 ____D C:\Users\John\Documents\New folder
2018-02-08 07:28 - 2018-02-08 07:27 - 000003770 _____ C:\Users\John\Documents\ipconfig.all.txt
2018-02-08 06:55 - 2018-02-18 01:16 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-08 06:46 - 2018-02-08 06:46 - 001931969 _____ C:\Users\John\Downloads\ProcessExplorer.zip
2018-02-08 06:42 - 2018-02-09 16:04 - 000000000 ____D C:\Users\John\Documents\ProcessExplorer
2018-02-08 06:37 - 2018-02-17 23:39 - 000003146 _____ C:\Users\John\Desktop\Rkill.txt
2018-02-08 06:37 - 2018-02-08 06:37 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2018-02-08 06:35 - 2018-02-08 06:36 - 005659876 _____ (Swearware) C:\Users\John\Downloads\ComboFix.exe
2018-02-08 06:18 - 2018-02-08 06:18 - 000044048 _____ C:\Users\John\Desktop\dds.txt
2018-02-08 06:18 - 2018-02-08 06:18 - 000025606 _____ C:\Users\John\Desktop\attach.txt
2018-02-08 06:15 - 2018-02-08 06:16 - 000688992 ____R (Swearware) C:\Users\John\Downloads\dds.com
2018-02-08 06:08 - 2018-02-08 06:08 - 000025555 _____ C:\Users\John\Downloads\Fixlog.txt
2018-02-07 04:07 - 2018-02-07 04:14 - 000000000 ____D C:\Users\John\Documents\SDHC
2018-02-07 03:03 - 2018-02-07 03:03 - 000001885 _____ C:\Users\John\Desktop\IpConfig_Backup_02_07_2018_03_03_04.txt
2018-02-07 02:43 - 2018-02-21 08:28 - 000041497 _____ C:\Users\John\Downloads\Addition.txt
2018-02-07 02:43 - 2018-02-07 02:43 - 000032161 _____ C:\Users\John\Downloads\Shortcut.txt
2018-02-07 02:42 - 2018-02-22 12:54 - 000039945 _____ C:\Users\John\Downloads\FRST.txt
2018-02-07 02:42 - 2018-02-22 12:52 - 000000000 ____D C:\FRST
2018-02-07 02:32 - 2018-02-07 02:32 - 023195976 _____ (Solvusoft Corporation) C:\Users\John\Downloads\Setup_WinThruster_2017.exe
2018-02-07 02:23 - 2018-02-07 02:23 - 006398792 _____ C:\Users\John\Downloads\advisorinstaller.exe
2018-02-07 02:23 - 2018-02-07 02:23 - 000000000 ____D C:\Program Files (x86)\Belarc
2018-02-04 04:29 - 2018-02-04 04:29 - 001106707 _____ C:\Users\John\Desktop\Untitled.AGI
2018-02-03 16:32 - 2018-02-03 16:32 - 000001076 _____ C:\Users\John\Desktop\IpConfig_Backup_02_03_2018_16_32_15.txt
2018-02-03 16:30 - 2018-02-03 16:30 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devcon64.exe
2018-02-03 16:18 - 2018-02-18 01:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1041191953-2805693150-4082675335-1001
2018-02-03 07:47 - 2018-02-03 07:47 - 000000000 ____D C:\Users\John\AppData\LocalLow\Google
2018-02-03 07:44 - 2018-02-18 13:09 - 000000000 ____D C:\Users\John\AppData\Local\Google
2018-02-03 07:44 - 2018-02-18 12:37 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-03 07:44 - 2018-02-03 07:44 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-03 07:44 - 2018-02-03 07:44 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-03 07:43 - 2018-02-03 07:43 - 001129816 _____ (Google Inc.) C:\Users\John\Downloads\GoogleEarthProSetup(1).exe
2018-02-03 02:03 - 2018-02-03 02:03 - 000002934 _____ C:\Users\John\Desktop\IpConfig_Backup_02_03_2018_02_03_58.txt
2018-02-03 01:43 - 2018-02-18 17:01 - 000000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2018-02-03 00:40 - 2018-02-03 00:40 - 000006798 _____ C:\Users\John\Desktop\MSFT_DSCMetaConfiguration.mfl
2018-02-03 00:39 - 2018-02-03 00:39 - 000014468 _____ C:\Users\John\Desktop\MSFT_MetaConfigurationExtensionClasses.Schema.mfl
2018-02-02 11:28 - 2018-02-02 11:28 - 001129816 _____ (Google Inc.) C:\Users\John\Downloads\GoogleEarthProSetup.exe
2018-02-01 14:53 - 2018-02-01 14:53 - 000000593 _____ C:\Users\John\Desktop\mclarty45 - Shortcut.lnk
2018-01-31 12:31 - 2018-02-12 03:46 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-01-31 12:05 - 2018-02-03 04:04 - 000000000 ____D C:\Users\John\AppData\Local\McAfee_Inc
2018-01-31 12:05 - 2018-02-03 04:04 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2018-01-31 12:05 - 2018-01-31 12:05 - 000001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Safe Connect.lnk
2018-01-31 12:05 - 2018-01-31 12:05 - 000001198 _____ C:\Users\Public\Desktop\McAfee Safe Connect.lnk
2018-01-31 12:05 - 2018-01-31 12:05 - 000001198 _____ C:\ProgramData\Desktop\McAfee Safe Connect.lnk
2018-01-31 12:05 - 2018-01-31 12:05 - 000000000 ____D C:\Users\John\AppData\Roaming\McAfee Safe Connect
2018-01-31 11:59 - 2018-02-03 04:04 - 000000000 ____D C:\ProgramData\McAfee
2018-01-31 11:58 - 2018-02-18 03:15 - 000000000 ____D C:\Users\John\AppData\Local\Adobe
2018-01-31 11:32 - 2018-02-22 05:25 - 000000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
2018-01-31 11:32 - 2018-02-18 01:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-31 11:32 - 2018-02-18 01:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-31 11:32 - 2018-02-12 01:49 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-31 11:32 - 2018-01-31 11:36 - 000000000 ____D C:\Users\John\AppData\Local\Mozilla
2018-01-31 11:32 - 2018-01-31 11:32 - 000000999 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-01-31 11:32 - 2018-01-31 11:32 - 000000999 _____ C:\ProgramData\Desktop\Firefox.lnk
2018-01-31 11:32 - 2018-01-31 11:32 - 000000000 ____D C:\Users\John\AppData\Roaming\Mozilla
2018-01-31 11:31 - 2018-01-31 11:31 - 000313552 _____ (Mozilla) C:\Users\John\Downloads\Firefox Installer.exe
2018-01-31 11:26 - 2018-02-21 20:12 - 000232008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-31 05:52 - 2018-01-31 05:52 - 000000000 ____D C:\Users\John\AppData\Local\DBG
2018-01-31 05:01 - 2018-01-31 05:04 - 010787510 _____ C:\Users\John\Documents\DESKTOP-KG14MNT.arn
2018-01-31 04:46 - 2018-01-31 04:46 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-01-31 04:32 - 2018-02-22 08:33 - 000000000 ____D C:\Users\John\AppData\Local\AGI32
2018-01-31 04:32 - 2018-02-12 01:02 - 000000000 ____D C:\Users\John\Documents\AGI32
2018-01-31 04:31 - 2018-02-22 08:18 - 000000000 ____D C:\ProgramData\AGi32
2018-01-31 04:31 - 2018-02-22 05:42 - 000000000 ____D C:\ProgramData\Lighting Analysts
2018-01-31 04:31 - 2018-02-03 04:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lighting Analysts
2018-01-31 04:31 - 2018-01-31 04:31 - 000002123 _____ C:\Users\Public\Desktop\AGi32-18.3.lnk
2018-01-31 04:31 - 2018-01-31 04:31 - 000002123 _____ C:\ProgramData\Desktop\AGi32-18.3.lnk
2018-01-31 04:31 - 2018-01-31 04:31 - 000000000 ____D C:\Program Files (x86)\Lighting Analysts
2018-01-31 04:29 - 2018-02-03 04:04 - 000000000 ____D C:\ProgramData\Downloaded Installations
2018-01-31 04:29 - 2018-01-31 04:29 - 143969624 _____ (Lighting Analysts, Inc.) C:\Users\John\Downloads\AGI32-18.3_Setup.exe
2018-01-31 04:05 - 2018-01-31 04:05 - 000388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HijackThis.exe
2018-01-30 17:58 - 2018-01-30 17:58 - 000003370 _____ C:\WINDOWS\System32\Tasks\RunAnswersByUpdateSVC
2018-01-30 17:34 - 2018-01-30 17:34 - 000000000 ___HD C:\$Windows.~WS
2018-01-30 17:33 - 2018-01-30 17:33 - 004972960 _____ C:\Users\John\Downloads\SysinternalsSuite-Nano.zip
2018-01-30 17:30 - 2018-01-30 17:30 - 018617536 _____ (Microsoft Corporation) C:\Users\John\Downloads\MediaCreationTool (1).exe
2018-01-30 17:30 - 2018-01-30 17:30 - 000000000 ____D C:\$WINDOWS.~BT
2018-01-30 17:26 - 2018-01-30 17:26 - 018617536 _____ (Microsoft Corporation) C:\Users\John\Downloads\MediaCreationTool.exe
2018-01-30 17:08 - 2018-01-30 17:08 - 000000000 __HDC C:\ProgramData\{5972383B-4083-46A8-B11A-806AF9BB05D7}
2018-01-30 17:07 - 2018-02-20 18:20 - 000000000 ____D C:\Program Files (x86)\AnswersBy PC Smartcare
2018-01-30 17:07 - 2018-02-09 02:02 - 000001096 _____ C:\Users\Public\Desktop\AnswersBy PC SmartCare.lnk
2018-01-30 17:07 - 2018-02-09 02:02 - 000001096 _____ C:\ProgramData\Desktop\AnswersBy PC SmartCare.lnk
2018-01-30 17:07 - 2018-01-30 17:07 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnswersBy PC SmartCare.lnk
2018-01-30 17:07 - 2018-01-30 17:07 - 000000000 ____D C:\Users\John\AppData\Roaming\AnswersBy PC SmartCare
2018-01-30 17:07 - 2018-01-30 17:07 - 000000000 ____D C:\Users\John\AppData\Local\III
2018-01-30 17:07 - 2018-01-30 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnswersBy PC Smartcare
2018-01-30 16:56 - 2018-01-30 16:56 - 018692056 _____ (My Company ) C:\PCSmartcare.exe
2018-01-30 16:36 - 2018-01-30 16:36 - 000000079 _____ C:\StandardScanScanLog.csv
2018-01-30 16:35 - 2018-01-31 11:29 - 001369088 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\libeay32.dll
2018-01-30 16:35 - 2018-01-31 11:29 - 000337408 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\ssleay32.dll
2018-01-30 16:35 - 2018-01-31 11:29 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\subinacl.exe
2018-01-30 16:35 - 2018-01-30 16:35 - 000658797 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\SQLite3.dll
2018-01-30 16:34 - 2018-01-30 16:34 - 000000000 ____D C:\Users\John\AppData\Roaming\Macromedia
2018-01-30 16:23 - 2018-01-30 16:23 - 000000000 ____D C:\Users\John\AppData\Local\Deployment
2018-01-30 16:23 - 2018-01-30 16:23 - 000000000 ____D C:\Users\John\AppData\Local\Apps\2.0
2018-01-30 16:20 - 2018-01-30 16:17 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-30 16:19 - 2018-02-20 07:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-30 16:19 - 2018-02-20 07:21 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-30 16:18 - 2018-02-20 07:21 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-28 12:17 - 2018-01-28 12:17 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-28 12:10 - 2018-02-22 12:23 - 000862202 _____ C:\WINDOWS\ntbtlog.txt
2018-01-28 12:09 - 2018-02-18 01:16 - 000000000 ____D C:\WINDOWS\pss
2018-01-16 21:16 - 2018-01-16 21:16 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-01-16 18:19 - 2018-01-16 18:19 - 000002387 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-16 18:19 - 2018-01-16 18:19 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-01-16 18:17 - 2018-02-03 04:04 - 000000000 ___RD C:\Users\Administrator\3D Objects
2018-01-16 18:17 - 2018-02-03 04:04 - 000000000 ____D C:\Users\Administrator
2018-01-16 18:17 - 2018-01-16 18:17 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-01-16 18:17 - 2018-01-16 18:17 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2018-01-16 18:17 - 2018-01-16 18:17 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-01-16 18:17 - 2018-01-16 18:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-01-16 18:17 - 2018-01-16 18:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-01-16 18:17 - 2018-01-16 16:56 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-01-16 18:15 - 2018-02-20 07:11 - 000000000 ___HD C:\Users\John\MicrosoftEdgeBackups
2018-01-16 18:14 - 2018-01-30 16:14 - 000000000 ____D C:\Users\John\AppData\Local\MicrosoftEdge
2018-01-16 18:13 - 2018-02-21 03:46 - 000000000 ___RD C:\Users\John\OneDrive
2018-01-16 18:13 - 2018-01-16 18:19 - 000003306 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-01-16 18:13 - 2018-01-16 18:13 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-01-16 18:11 - 2018-02-21 20:13 - 000000000 __SHD C:\Users\John\IntelGraphicsProfiles
2018-01-16 18:11 - 2018-02-18 03:16 - 000000000 ____D C:\Users\John\AppData\Roaming\Adobe
2018-01-16 18:11 - 2018-02-17 22:05 - 000000000 ____D C:\Users\John\AppData\Local\VirtualStore
2018-01-16 18:11 - 2018-01-30 16:38 - 000000000 ____D C:\Users\John\AppData\Local\Packages
2018-01-16 18:11 - 2018-01-16 18:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-16 18:11 - 2018-01-16 18:11 - 000000000 ___RD C:\Users\John\3D Objects
2018-01-16 18:11 - 2018-01-16 18:11 - 000000000 ____D C:\Users\John\AppData\Local\Publishers
2018-01-16 18:11 - 2018-01-16 18:11 - 000000000 ____D C:\Users\John\AppData\Local\ConnectedDevicesPlatform
2018-01-16 18:10 - 2018-02-19 05:36 - 000000000 ____D C:\Users\John
2018-01-16 18:10 - 2018-01-16 18:10 - 000000020 ___SH C:\Users\John\ntuser.ini
2018-01-16 17:47 - 2018-01-16 17:47 - 000000000 ____D C:\Users\John\AppData\Local\Comms
2018-01-16 16:32 - 2018-01-16 16:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2018-01-16 16:25 - 2018-01-16 16:25 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups
2018-01-16 16:25 - 2018-01-16 16:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2018-01-16 03:43 - 2018-02-21 20:19 - 001565954 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-16 03:40 - 2017-09-29 07:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-01-16 03:38 - 2018-01-16 03:38 - 000000000 _SHDL C:\Users\Default User
2018-01-16 03:38 - 2018-01-16 03:38 - 000000000 _SHDL C:\Documents and Settings
2018-01-16 03:38 - 2018-01-16 03:38 - 000000000 __SHD C:\Users\All Users
2018-01-16 03:35 - 2018-01-16 03:35 - 000000000 ____D C:\ProgramData\USOShared
2018-01-16 03:29 - 2018-01-16 03:29 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-01-16 03:29 - 2018-01-16 03:29 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-16 03:29 - 2018-01-16 03:29 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-01-16 03:29 - 2017-11-13 05:21 - 000140296 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-01-16 03:29 - 2017-11-13 05:21 - 000116744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-01-16 03:29 - 2017-07-20 11:21 - 000905504 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-01-16 03:29 - 2017-07-20 11:21 - 000776992 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-01-16 03:29 - 2017-07-20 11:21 - 000578848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-01-16 03:29 - 2017-07-20 11:21 - 000477472 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-01-16 03:28 - 2018-01-16 03:28 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-01-16 03:28 - 2018-01-16 03:28 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-01-16 03:28 - 2018-01-16 03:28 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-01-16 03:28 - 2018-01-16 03:28 - 000000000 ____D C:\Program Files\Realtek
2018-01-16 03:28 - 2018-01-16 03:28 - 000000000 ____D C:\Program Files\Intel
2018-01-16 03:28 - 2018-01-16 03:28 - 000000000 ____D C:\Intel
2018-01-16 03:25 - 2018-02-21 21:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-16 03:25 - 2018-02-21 20:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-16 03:25 - 2018-01-16 03:25 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-01-15 23:13 - 2018-01-15 23:14 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-01-15 23:13 - 2018-01-15 23:13 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-01-15 23:11 - 2018-01-15 23:11 - 000000000 ____D C:\WINDOWS\system32\Intel
2018-01-15 23:11 - 2018-01-15 23:11 - 000000000 ____D C:\WINDOWS\system32\cAVS
2018-01-15 23:10 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\Setup
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\OCR
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\Program Files\MSBuild
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\0409
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-01-15 22:59 - 2018-01-15 23:13 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-01-15 22:59 - 2018-01-15 22:56 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-01-15 22:59 - 2018-01-15 22:56 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-01-15 22:59 - 2018-01-15 22:56 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-01-15 22:59 - 2018-01-15 22:56 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-01-15 22:59 - 2018-01-15 22:56 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2018-01-15 22:59 - 2018-01-15 22:56 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-01-15 22:59 - 2018-01-15 22:56 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2018-01-15 22:59 - 2018-01-15 22:56 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-01-15 22:59 - 2018-01-15 22:56 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2018-01-15 22:59 - 2018-01-15 22:56 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-01-15 22:59 - 2018-01-15 22:56 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-01-15 22:59 - 2018-01-15 22:56 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-01-15 22:59 - 2018-01-15 22:56 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2018-01-15 22:58 - 2018-02-22 05:01 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-15 22:58 - 2018-02-20 08:41 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-01-15 22:58 - 2018-02-19 22:05 - 000000000 ____D C:\WINDOWS\rescache
2018-01-15 22:58 - 2018-02-19 05:52 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-15 22:58 - 2018-02-18 16:54 - 000000000 ___RD C:\Program Files (x86)
2018-01-15 22:58 - 2018-02-18 12:43 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-15 22:58 - 2018-02-18 01:16 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-01-15 22:58 - 2018-02-18 01:16 - 000000000 ____D C:\WINDOWS\appcompat
2018-01-15 22:58 - 2018-02-18 01:10 - 000000000 ____D C:\WINDOWS\registration
2018-01-15 22:58 - 2018-02-09 16:04 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-01-15 22:58 - 2018-02-06 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-15 22:58 - 2018-02-06 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 __RSD C:\WINDOWS\media
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\setup
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\com
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\Program Files\Windows Defender
2018-01-15 22:58 - 2018-01-31 11:59 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-15 22:58 - 2018-01-31 11:59 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-15 22:58 - 2018-01-28 12:29 - 000000000 ____D C:\Program Files\Common Files\Services
2018-01-15 22:58 - 2018-01-16 03:41 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-01-15 22:58 - 2018-01-16 03:40 - 000000000 ____D C:\WINDOWS\system32\spool
2018-01-15 22:58 - 2018-01-16 03:40 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-01-15 22:58 - 2018-01-16 03:35 - 000000000 ____D C:\ProgramData\USOPrivate
2018-01-15 22:58 - 2018-01-16 03:30 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-01-15 22:58 - 2018-01-16 03:24 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-01-15 22:58 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-15 22:58 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-01-15 22:58 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\IME
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\Help
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\Program Files\Common Files\system
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\ias
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 __RHD C:\Users\Public\Libraries
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Web
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Vss
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\tracing
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\TAPI
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SystemResources
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SystemApps
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\ras
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\IME
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\System
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SKB
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\security
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\schemas
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SchCache
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Resources
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\PLA
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Performance
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\InputMethod
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Globalization
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Cursors
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Branding
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\addins
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Windows Security
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\windows nt
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-01-15 22:58 - 2018-01-15 22:56 - 000000219 _____ C:\WINDOWS\system.ini
2018-01-15 22:58 - 2018-01-15 22:56 - 000000092 _____ C:\WINDOWS\win.ini
2018-01-15 22:57 - 2018-02-18 17:15 - 000000000 ____D C:\WINDOWS\INF
2018-01-15 22:48 - 2018-02-20 07:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-15 22:44 - 2018-02-21 10:31 - 076546048 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-01-15 22:44 - 2018-02-21 10:31 - 016252928 _____ C:\WINDOWS\system32\config\SYSTEM
2018-01-15 22:44 - 2018-02-21 10:31 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2018-01-15 22:44 - 2018-02-21 10:31 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2018-01-15 22:44 - 2018-02-21 08:30 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2018-01-15 22:44 - 2018-02-21 08:30 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-15 22:44 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\servicing
2018-01-15 22:44 - 2018-01-16 03:26 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-15 22:44 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-01-15 22:43 - 2018-01-30 20:36 - 000000000 ____D C:\WINDOWS\Panther
2018-01-09 14:46 - 2018-01-09 13:10 - 013079786 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-01-09 14:46 - 2018-01-09 13:10 - 005887976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2018-01-09 14:46 - 2018-01-09 13:10 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-01-09 14:46 - 2018-01-09 13:10 - 003516984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 003509200 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 003410840 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 003122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 002211304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 001347144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000406456 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2018-01-09 14:46 - 2018-01-09 13:09 - 000766048 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcOED.sys
2018-01-09 14:46 - 2018-01-09 13:09 - 000246376 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcAudioBus.sys
2018-01-09 14:46 - 2018-01-09 13:09 - 000243016 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release.bin
2018-01-09 14:46 - 2018-01-09 13:09 - 000012288 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_7CAD0808-AB10-CD23-EF45-12AB34CD56EF.bin
2018-01-09 14:45 - 2018-01-09 13:10 - 005347000 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2018-01-09 14:45 - 2018-01-09 13:10 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2018-01-09 14:45 - 2018-01-09 13:10 - 001326424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2018-01-09 14:45 - 2018-01-09 13:10 - 001170872 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2018-01-09 14:45 - 2018-01-09 13:10 - 001159184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2018-01-09 13:42 - 2018-01-09 12:17 - 009891328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2018-01-09 13:42 - 2018-01-09 12:17 - 004332032 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCRU64.exe
2018-01-09 13:42 - 2018-01-09 12:17 - 000782304 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsPer.sys
2018-01-09 13:42 - 2018-01-09 12:17 - 000084480 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2018-01-09 13:16 - 2017-09-22 18:19 - 000778936 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-01-09 13:16 - 2017-09-22 18:19 - 000103120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-01-09 13:16 - 2017-09-22 18:19 - 000035456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-01-09 13:15 - 2017-09-28 15:50 - 001166520 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-01-09 13:15 - 2017-09-28 15:50 - 000124624 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-01-09 13:15 - 2017-09-28 15:50 - 000035456 ____N (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-01-09 10:57 - 2018-01-01 11:15 - 000956416 ____N (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-09 10:57 - 2018-01-01 06:54 - 000924648 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-09 10:57 - 2018-01-01 06:53 - 001090984 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-09 10:57 - 2018-01-01 06:52 - 000066712 ____N (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-09 10:57 - 2018-01-01 06:51 - 001414784 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-09 10:57 - 2018-01-01 06:51 - 001209240 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-09 10:57 - 2018-01-01 06:51 - 001055128 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-09 10:57 - 2018-01-01 06:51 - 000191816 ____N (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-09 10:57 - 2018-01-01 06:51 - 000059800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-09 10:57 - 2018-01-01 06:50 - 005905752 ____N (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-09 10:57 - 2018-01-01 06:50 - 000780464 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-09 10:57 - 2018-01-01 06:50 - 000479912 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-09 10:57 - 2018-01-01 06:50 - 000077208 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-09 10:57 - 2018-01-01 06:49 - 008605080 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-09 10:57 - 2018-01-01 06:49 - 000599448 ____N (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-09 10:57 - 2018-01-01 06:49 - 000319352 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-09 10:57 - 2018-01-01 06:48 - 007831760 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-09 10:57 - 2018-01-01 06:48 - 001954048 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-09 10:57 - 2018-01-01 06:48 - 000382360 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-09 10:57 - 2018-01-01 06:47 - 000649304 ____N (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-09 10:57 - 2018-01-01 06:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-09 10:57 - 2018-01-01 06:46 - 002709704 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-09 10:57 - 2018-01-01 06:46 - 000898216 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-09 10:57 - 2018-01-01 06:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-09 10:57 - 2018-01-01 06:46 - 000471960 ____N (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-09 10:57 - 2018-01-01 06:45 - 002395032 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-09 10:57 - 2018-01-01 06:45 - 001277848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-09 10:57 - 2018-01-01 06:45 - 000398744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-09 10:57 - 2018-01-01 06:43 - 001173576 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-09 10:57 - 2018-01-01 06:43 - 000367336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-09 10:57 - 2018-01-01 06:43 - 000062872 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-09 10:57 - 2018-01-01 06:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-09 10:57 - 2018-01-01 06:42 - 000494488 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-09 10:57 - 2018-01-01 06:42 - 000184984 ____N (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-09 10:57 - 2018-01-01 06:41 - 007676296 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-09 10:57 - 2018-01-01 06:41 - 000559512 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-09 10:57 - 2018-01-01 06:40 - 001206680 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-09 10:57 - 2018-01-01 06:39 - 000902416 ____N (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-09 10:57 - 2018-01-01 06:39 - 000677784 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-09 10:57 - 2018-01-01 06:39 - 000508264 ____N (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-09 10:57 - 2018-01-01 06:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-09 10:57 - 2018-01-01 06:39 - 000129432 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-09 10:57 - 2018-01-01 06:38 - 003904808 ____N (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-09 10:57 - 2018-01-01 06:38 - 000727448 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-09 10:57 - 2018-01-01 06:38 - 000519152 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-09 10:57 - 2018-01-01 06:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-09 10:57 - 2018-01-01 06:37 - 001426664 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-09 10:57 - 2018-01-01 06:37 - 000461720 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-09 10:57 - 2018-01-01 06:36 - 000413888 ____N (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-09 10:57 - 2018-01-01 06:36 - 000374032 ____N (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-09 10:57 - 2018-01-01 06:36 - 000166296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-09 10:57 - 2018-01-01 06:35 - 001170008 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-09 10:57 - 2018-01-01 06:34 - 007385088 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-09 10:57 - 2018-01-01 06:34 - 001336344 ____N (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-09 10:57 - 2018-01-01 06:34 - 000260896 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-09 10:57 - 2018-01-01 06:34 - 000087384 ____N (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-09 10:57 - 2018-01-01 06:33 - 002773400 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-09 10:57 - 2018-01-01 06:33 - 000603920 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-09 10:57 - 2018-01-01 06:32 - 004481240 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-09 10:57 - 2018-01-01 06:32 - 000617304 ____N (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-09 10:57 - 2018-01-01 06:27 - 000163736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-09 10:57 - 2018-01-01 06:26 - 000428952 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-09 10:57 - 2018-01-01 06:25 - 000615768 ____N (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-09 10:57 - 2018-01-01 06:25 - 000147864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-09 10:57 - 2018-01-01 06:23 - 021352144 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-09 10:57 - 2018-01-01 06:21 - 001103768 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-09 10:57 - 2018-01-01 06:21 - 000614296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-09 10:57 - 2018-01-01 06:06 - 000311192 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-09 10:57 - 2018-01-01 06:03 - 000777904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-09 10:57 - 2018-01-01 06:03 - 000650328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-09 10:57 - 2018-01-01 06:03 - 000566664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-09 10:57 - 2018-01-01 06:03 - 000123512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-09 10:57 - 2018-01-01 05:53 - 001615712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-09 10:57 - 2018-01-01 05:49 - 000481464 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-09 10:57 - 2018-01-01 05:46 - 003485392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-09 10:57 - 2018-01-01 05:46 - 000289816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-09 10:57 - 2018-01-01 05:45 - 006092152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-09 10:57 - 2018-01-01 05:45 - 005615968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-09 10:57 - 2018-01-01 05:45 - 002192624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-09 10:57 - 2018-01-01 05:43 - 020286120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 006479552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 004644912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 001246432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 001003152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 000982528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 000386424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 000129184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 000074992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-09 10:57 - 2018-01-01 05:37 - 025247232 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-09 10:57 - 2018-01-01 05:34 - 000703568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-09 10:57 - 2018-01-01 05:25 - 002905600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-09 10:57 - 2018-01-01 05:25 - 001008640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-09 10:57 - 2018-01-01 05:25 - 000475648 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-09 10:57 - 2018-01-01 05:25 - 000344576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-09 10:57 - 2018-01-01 05:25 - 000097792 ____N C:\WINDOWS\system32\runexehelper.exe
2018-01-09 10:57 - 2018-01-01 05:24 - 003668480 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-09 10:57 - 2018-01-01 05:24 - 000240640 ____N (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-09 10:57 - 2018-01-01 05:24 - 000202240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-09 10:57 - 2018-01-01 05:23 - 001313792 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-09 10:57 - 2018-01-01 05:23 - 000561152 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-09 10:57 - 2018-01-01 05:23 - 000536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-09 10:57 - 2018-01-01 05:23 - 000385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-09 10:57 - 2018-01-01 05:23 - 000250368 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-09 10:57 - 2018-01-01 05:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-09 10:57 - 2018-01-01 05:20 - 019337216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-09 10:57 - 2018-01-01 05:20 - 018917888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-09 10:57 - 2018-01-01 05:20 - 000524288 ____N (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-09 10:57 - 2018-01-01 05:20 - 000212992 ____N (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-09 10:57 - 2018-01-01 05:20 - 000204288 ____N (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 008014848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000795136 ____N (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000461312 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000450048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000416768 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-09 10:57 - 2018-01-01 05:19 - 000369152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000365568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000334848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000073216 ____N (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-09 10:57 - 2018-01-01 05:18 - 000699904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000432640 ____N (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000431616 ____N (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000427008 ____N (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000380928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000374784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000276480 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000261632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000259072 ____N (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 011923968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 006564864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 000616960 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 000568832 ____N (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 000542208 ____N (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 005833216 ____N (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 004839424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 003676672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000956928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000831488 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000815616 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000812544 ____N (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000720896 ____N (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000664576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000594944 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000463360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000401920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 012687872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 006029312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 002349568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 001657856 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 001245184 ____N (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 000970240 ____N (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 000951808 ____N (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 000756736 ____N (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 000588800 ____N (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 000434176 ____N (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 023655936 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 002465280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 001495040 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 001097728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 001003008 ____N (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 000985600 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 000917504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 000870912 ____N (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-09 10:57 - 2018-01-01 05:13 - 013657600 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-09 10:57 - 2018-01-01 05:13 - 012830208 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-09 10:57 - 2018-01-01 05:13 - 003121664 ____N (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-09 10:57 - 2018-01-01 05:13 - 002869760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-09 10:57 - 2018-01-01 05:13 - 001559552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-09 10:57 - 2018-01-01 05:13 - 000897024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-09 10:57 - 2018-01-01 05:12 - 002633216 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-09 10:57 - 2018-01-01 05:12 - 002208768 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-09 10:57 - 2018-01-01 05:12 - 001573376 ____N (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-09 10:57 - 2018-01-01 05:12 - 001547776 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-09 10:57 - 2018-01-01 05:12 - 001424896 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-09 10:57 - 2018-01-01 05:12 - 000464384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 008108544 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 004748288 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 003334144 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 003165696 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 002859520 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 002082304 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-09 10:57 - 2018-01-01 05:11 - 001822208 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 001816576 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 001597952 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 001343488 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 001231872 ____N (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 000880640 ____N (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 000812032 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 000715776 ____N (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-09 10:57 - 2018-01-01 05:10 - 003126272 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-09 10:57 - 2018-01-01 05:09 - 001487872 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-09 10:57 - 2018-01-01 05:09 - 000925184 ____N (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-09 10:57 - 2018-01-01 05:09 - 000666624 ____N (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-09 10:57 - 2018-01-01 05:09 - 000599552 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-09 10:57 - 2018-01-01 05:08 - 000963072 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-09 10:57 - 2018-01-01 05:08 - 000726016 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-09 10:57 - 2018-01-01 05:08 - 000685056 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-09 10:57 - 2018-01-01 05:05 - 002510848 ____N (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-09 10:57 - 2018-01-01 05:05 - 001160704 ____N (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-09 10:56 - 2018-01-01 06:49 - 000292376 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-09 10:56 - 2018-01-01 06:42 - 001029016 ____N (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-09 10:56 - 2018-01-01 06:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-09 10:56 - 2018-01-01 06:41 - 000549552 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-09 10:56 - 2018-01-01 06:38 - 000038808 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-09 10:56 - 2018-01-01 06:36 - 000113560 ____N (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-09 10:56 - 2018-01-01 06:36 - 000057752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-09 10:56 - 2018-01-01 06:35 - 000075160 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-09 10:56 - 2018-01-01 06:26 - 000081304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-09 10:56 - 2018-01-01 05:49 - 000258808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-09 10:56 - 2018-01-01 05:45 - 000450928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-09 10:56 - 2018-01-01 05:24 - 000096256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-09 10:56 - 2018-01-01 05:24 - 000038912 ____N (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-09 10:56 - 2018-01-01 05:23 - 000232960 ____N (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-09 10:56 - 2018-01-01 05:23 - 000121344 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-09 10:56 - 2018-01-01 05:23 - 000080384 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-09 10:56 - 2018-01-01 05:23 - 000047104 ____N (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-09 10:56 - 2018-01-01 05:22 - 000031744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-09 10:56 - 2018-01-01 05:22 - 000025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-09 10:56 - 2018-01-01 05:22 - 000017408 ____N (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-09 10:56 - 2018-01-01 05:21 - 000268288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-09 10:56 - 2018-01-01 05:21 - 000233984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-09 10:56 - 2018-01-01 05:21 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-09 10:56 - 2018-01-01 05:21 - 000097280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-09 10:56 - 2018-01-01 05:21 - 000097280 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-09 10:56 - 2018-01-01 05:21 - 000080896 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-09 10:56 - 2018-01-01 05:21 - 000062976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-09 10:56 - 2018-01-01 05:20 - 000459776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000397824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000225792 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-09 10:56 - 2018-01-01 05:20 - 000215552 ____N (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000186368 ____N (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000175616 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000134656 ____N (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000104960 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000082432 ____N (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-09 10:56 - 2018-01-01 05:20 - 000035328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000675328 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000430080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000340480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-09 10:56 - 2018-01-01 05:19 - 000316928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-09 10:56 - 2018-01-01 05:19 - 000188416 ____N (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000174592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000149504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000142848 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000097792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000093696 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000079872 ____N (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000063488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000043008 ____N (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000748032 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000588800 ____N (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000465920 ____N (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000436224 ____N (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000425984 ____N (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000391168 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000369664 ____N (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000343040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000336896 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000210944 ____N (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000144896 ____N (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000082944 ____N (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 001485312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000791552 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000594432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000555520 ____N (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000456704 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000423936 ____N (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000341504 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000228352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-09 10:56 - 2018-01-01 05:17 - 000112640 ____N (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-09 10:56 - 2018-01-01 05:16 - 000966656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-09 10:56 - 2018-01-01 05:16 - 000668160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-09 10:56 - 2018-01-01 05:16 - 000624128 ____N (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-09 10:56 - 2018-01-01 05:16 - 000235008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-09 10:56 - 2018-01-01 05:16 - 000086528 ____N (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-09 10:56 - 2018-01-01 05:16 - 000076288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-09 10:56 - 2018-01-01 05:15 - 000258560 ____N (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-09 10:56 - 2018-01-01 05:13 - 002013184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-09 10:56 - 2018-01-01 05:13 - 001474560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-09 10:56 - 2018-01-01 05:12 - 000760320 ____N (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-09 10:56 - 2018-01-01 05:10 - 002528256 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-09 10:56 - 2018-01-01 05:10 - 000012800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-09 10:56 - 2018-01-01 05:08 - 000505344 ____N (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-09 10:56 - 2018-01-01 05:06 - 000018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-09 10:56 - 2018-01-01 05:05 - 000050176 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 021754368 ____N (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 017159680 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 017084416 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 013703168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 007545344 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 006791472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 006466048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 006015200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 004814848 ____N (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 004772352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 004592640 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 004504456 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 004385280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 004249600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 003578368 ____N (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 003478016 ____N (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 003331520 ____N C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 003211776 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 003186688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 003010720 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002972672 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002890240 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002864640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002859520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002783744 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002717392 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002666496 ____N (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002596352 ____N (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 002573208 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 002491112 ____N C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002465848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002446744 ____N (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002412168 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002393600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002339296 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002269080 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002117632 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002105856 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 001990160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001980928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001970520 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001925296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001806336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001776272 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001739264 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001694224 ____N (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001670656 ____N (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001666048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001664000 ____N (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001663488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001642520 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001636376 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001634288 ____N (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001585376 ____N (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001570816 ____N (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 001558856 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001554216 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001528904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001522176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001509888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001507736 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001498112 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001490328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001488792 ____N (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001474680 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001470976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001463856 ____N (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001454568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001432816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001425408 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001377080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001353728 ____N (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001323840 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001321472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001289216 ____N (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001280000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001261864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001259344 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001230848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001167360 ____N (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001148216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001145104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001124760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001058304 ____N (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001057824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001054720 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001054280 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 001015008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001012120 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001003104 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000979352 ____N (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000975872 ____N C:\WINDOWS\system32\FaceProcessor.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000899584 ____N (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000891800 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000887296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000882688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000841728 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000840440 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000830464 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000823808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000791960 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000770048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000769096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000768512 ____N (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000754688 ____N (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000749976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000747416 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000746904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000739696 ____N (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000721592 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000710912 ____N (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000705944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000703536 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000676352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000666112 ____N (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000665088 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000661664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000660480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000654848 ____N (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000654048 ____N (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000640512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000630752 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000618496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000614912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000612760 ____N (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000610712 ____N (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000601088 ____N (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000597160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000592280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000591872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000590944 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000566272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000559616 ____N (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000557056 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000556544 ____N (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-12-13 19:33 - 2017-12-13 19:33 - 000539136 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000534528 ____N (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000529408 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000525208 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000516096 ____N (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000514560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000506256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000496640 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000495000 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000487424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000481792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000479912 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000478208 ____N (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000474112 ____N (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000464408 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000462336 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000456704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000444928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000442880 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-13 19:33 - 2017-12-13 19:33 - 000436120 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000432640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000418712 ____N (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000404888 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000401304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000394752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000373656 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000372224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000363008 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000362176 ____N (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000361984 ____N (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000354304 ____N (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000354200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000353848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000353688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000351232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000339968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000336896 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000329728 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000327680 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000326144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000315392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000308736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000306688 ____N (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000301056 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000293888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000292864 ____N (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000271872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000269696 ____N C:\WINDOWS\system32\FaceProcessorCore.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000266752 ____N (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000264040 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000259072 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000254976 ____N (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000246272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000246168 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000242176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000239104 ____N (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000238080 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000235520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000230296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000227328 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000222208 ____N (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000211456 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000206336 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000198888 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000175104 ____N (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000174080 ____N (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000172544 ____N (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000170496 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000169472 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000168448 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000160256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000151040 ____N (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000150528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000147456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000143360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000137544 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000136704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000135168 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000126464 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000124928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000115200 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000114688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000101376 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 19:33 - 2017-12-13 19:33 - 000098304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000097144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000095744 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000092160 ____N (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000086016 ____N (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000085504 ____N (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000084992 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000079360 ____N (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000070656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000068096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000065536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000064512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000060824 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000059392 ____N (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000058880 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000057856 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000056320 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000048112 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000041984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000041472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000022528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000022528 ____N (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000021504 ____N (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000019456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000008704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-30 17:35 - 2006-11-01 14:06 - 000174968 _____ (Sysinternals - www.sysinternals.com) C:\Users\John\Desktop\AccessEnum.exe
2018-01-30 17:35 - 2006-11-01 14:05 - 000150328 _____ C:\Users\John\Desktop\ctrl2cap.exe
2018-01-30 17:35 - 2006-09-27 18:04 - 000010104 _____ (Systems Internals) C:\Users\John\Desktop\ctrl2cap.amd.sys

Some files in TEMP:
====================
2018-02-16 11:01 - 2001-09-28 16:00 - 000164864 _____ () C:\Users\John\AppData\Local\Temp\GLB1A2B.EXE
2018-02-18 17:10 - 2018-02-18 17:12 - 172147200 _____ () C:\Users\John\AppData\Local\Temp\HPInstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {f80db3b6-fa7b-11e7-8a08-8e612c5a83c2}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0

Windows Boot Loader
-------------------
identifier              {81da7bfe-f4f9-11e7-8589-9e6b66af72c9}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{81da7bff-f4f9-11e7-8589-9e6b66af72c9}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{81da7bff-f4f9-11e7-8589-9e6b66af72c9}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.exe
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {81da7bfe-f4f9-11e7-8589-9e6b66af72c9}
displaymessageoverride  CommandPrompt
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {f80db3b6-fa7b-11e7-8a08-8e612c5a83c2}
nx                      OptIn
bootmenupolicy          Standard
bootlog                 Yes
sos                     Yes

Resume from Hibernate
---------------------
identifier              {f80db3b6-fa7b-11e7-8a08-8e612c5a83c2}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {81da7bfe-f4f9-11e7-8589-9e6b66af72c9}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {81da7bff-f4f9-11e7-8589-9e6b66af72c9}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


LastRegBack: 2018-02-20 08:41

==================== End of FRST.txt ============================

 

 

 

=================


Edited by Chris Cosgrove, 22 February 2018 - 06:47 PM.
Moved from 'am I infected' to 'Virus, trojan, etc. logs'


BC AdBot (Login to Remove)

 


#2 chilidog33

chilidog33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 22 February 2018 - 02:33 PM

It seems i am hijacked...i run windows 10 home but have numerous indications of some typoe of remote infiltration.. a directory scan in the recovery drive lists many references to windows PE partitions as well as many hyper v and vm activities, i have done nothing virtually. i also find references to windows core , windows for school, or pro in the directories.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21.02.2018
Ran by John (administrator) on DESKTOP-KG14MNT (22-02-2018 12:52:59)
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John & Administrator)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHDCPSvc.exe
(Sutherland Global Services, Inc.) C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByUpdateService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHeciSvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe
(Greatis Software) C:\Program Files (x86)\UnHackMe\hackmon.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.16.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Lighting Analysts, Inc.) C:\Program Files (x86)\Lighting Analysts\AGi32\AGI32-18.3.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google) C:\Program Files\Google\Google Earth Pro\client\googleearth.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Trend Micro Inc.) C:\Users\John\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sysinternals - www.sysinternals.com) C:\Users\John\AppData\Local\Temp\Temp2_ProcessExplorer(1).zip\procexp64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2018-01-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2018-01-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_CTPreset] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2018-01-09] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [315880 2018-01-05] (Adobe Systems, Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409936 2018-02-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1034160 2017-10-10] (McAfee Inc.)
HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\...\Run: [HijackThis startup scan] => C:\Users\John\Downloads\HijackThis.exe [388608 2018-01-31] (Trend Micro Inc.)
BootExecute: autocheck autochk * Partizan

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{73c57a01-a14b-4530-81d7-69295780e215}: [NameServer] 75.75.75.75,75.75.76.76
Tcpip\..\Interfaces\{73c57a01-a14b-4530-81d7-69295780e215}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-1041191953-2805693150-4082675335-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-12-04] (Belarc, Inc.)

FireFox:
========
FF DefaultProfile: vvx9q6ee.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vvx9q6ee.default [2018-02-22]
FF Extension: (ADB Helper) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vvx9q6ee.default\Extensions\adbhelper@mozilla.org [2018-02-20] [Legacy]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vvx9q6ee.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-02-16]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-31] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-02-14] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-31] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-02-14] (Adobe Systems)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2018-02-22]
CHR Extension: (Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-18]
CHR Extension: (Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-18]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-18]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-18]
CHR Extension: (Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-18]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-18]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-02-14] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2319848 2018-01-05] (Adobe Systems, Incorporated)
R2 AnswersByDownloadService; C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByUpdateService.exe [3389856 2017-10-02] (Sutherland Global Services, Inc.)
S4 BthHFSrvz; C:\WINDOWS\System32\BthHFSrv.dll [456704 2017-09-29] (Microsoft Corporation)
S3 camsvcz; C:\WINDOWS\system32\CapabilityAccessManager.dll [227328 2017-12-13] (Microsoft Corporation)
S4 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe [169576 2018-01-09] (Intel)
S4 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [320944 2017-10-10] ()
S4 PhoneSvcz; C:\WINDOWS\System32\PhoneService.dll [791552 2018-01-01] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-30] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 BthHFEnumz; C:\WINDOWS\System32\drivers\bthhfenum.sys [107008 2017-09-29] (Microsoft Corporation)
S3 BthLEEnumz; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [78848 2017-09-29] (Microsoft Corporation)
S4 BthPanz; C:\WINDOWS\System32\drivers\bthpan.sys [129536 2017-09-29] (Microsoft Corporation)
S3 BthzAvrcpTg; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [45056 2017-09-29] (Microsoft Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [174600 2017-04-13] (Intel Corporation)
R1 MpKsl0349b6b7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3DDF0396-868D-4F8F-903B-31479BC9BC5D}\MpKsl0349b6b7.sys [58120 2018-02-22] (Microsoft Corporation)
S3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2018-02-12] (Greatis Software)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2018-01-09] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [66144 2016-09-06] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-30] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\WINDOWS\System32\drivers\1394ohci.sys 08312DEEF0D3F8647AA53AD90A69094E
C:\WINDOWS\System32\drivers\3ware.sys 645009E711BBF117CCEE917A03FB0CDD
C:\WINDOWS\System32\drivers\ACPI.sys 69481E5474C7E61CDB3FE6A8A0F3B1B4
C:\WINDOWS\System32\drivers\AcpiDev.sys 44EA35A4B397898A83BF1B9B4B8DAE35
C:\WINDOWS\System32\Drivers\acpiex.sys 91D113A1532B8AB1E25B7DE5AB3C2F83
C:\WINDOWS\System32\drivers\acpipagr.sys 620BB2682BA625DF037072D89F44F6EE
C:\WINDOWS\System32\drivers\acpipmi.sys B9805A3C479390CEAEA5AEF5E4A90A2E
C:\WINDOWS\System32\drivers\acpitime.sys ABD4EB55C661143B015BD0B9B47B235C
C:\WINDOWS\System32\drivers\ADP80XX.SYS 8C58BD711FAD5F11E8CFDBC5CED973A5
C:\WINDOWS\system32\drivers\afd.sys 7AE4EBDC221235BF9E1008B515C0B8DB
C:\WINDOWS\System32\DRIVERS\ahcache.sys 56166D110D3ECFFC595E5FA02D9BA491
C:\WINDOWS\System32\drivers\amdk8.sys 62619E31AFF88F906A7E793AC4A9FF51
C:\WINDOWS\System32\drivers\amdppm.sys 735142DD039BEB35632765C41FC6E397
C:\WINDOWS\System32\drivers\amdsata.sys F1C16AABA27E9E153AEC7BD2AB853F30
C:\WINDOWS\System32\drivers\amdsbs.sys C834D0F1ECB8473E9E6D18EE1BCEECB2
C:\WINDOWS\System32\drivers\amdxata.sys 49203D2FFE30CBB36BE66A0E70F3D954
C:\WINDOWS\System32\drivers\appid.sys 3692C75C47285D388C886D162F54C430
C:\WINDOWS\System32\drivers\applockerfltr.sys 1E085E2302D568F0CE041732B3E887B0
C:\WINDOWS\System32\drivers\arcsas.sys B42C83DE28776B80DBA1310C56DD4F74
C:\WINDOWS\System32\drivers\asyncmac.sys C2151380227CD1F7DDA2401C1F151367
C:\WINDOWS\System32\drivers\atapi.sys 6191B9B2EE0E8CB957C683B9B341CC86
C:\WINDOWS\System32\drivers\bxvbda.sys A921805C1ED3253DF48FCA4D724173EB
C:\WINDOWS\System32\drivers\bam.sys 763CF81762483E244BAEB83DEFFC53F3
C:\WINDOWS\System32\drivers\BasicDisplay.sys 2A7267AA15E508F6D05A5B562F1FD1CE
C:\WINDOWS\System32\drivers\BasicRender.sys 2E1EE0F10FAF1250D1AC05BFB0E6BD3D
C:\WINDOWS\System32\drivers\bcmfn2.sys 739D089777D2B66DBE7201E5EA4BA2D7
C:\Windows\System32\Drivers\Beep.sys EDDAA3A563E7EB71C991FE91249C7D81
C:\WINDOWS\System32\DRIVERS\bowser.sys D030A1203680D66716F4E74053468627
C:\WINDOWS\system32\DRIVERS\BthEnum.sys 82BD96D56574231AD0E9BBF293EA2E7F
C:\WINDOWS\System32\drivers\bthhfenum.sys 9C9EE272C11252C651C5DE6A1AC1EDAA
C:\WINDOWS\System32\drivers\BthHFHid.sys 69734E386826ED857C889330F35B4D9C
C:\WINDOWS\system32\DRIVERS\bthl2cap.sys 338B8D45C7DFB03DB7957188E16C9661
C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys 47BF82E2A6D11279C8501E08518AB835
C:\WINDOWS\System32\drivers\bthmodem.sys A94AFAEA86F5F792BB4ECA095B231464
C:\WINDOWS\System32\drivers\bthpan.sys 4F58D8C265FFA943878CF7F922432847
C:\WINDOWS\system32\DRIVERS\BTHport.sys D970480A59C314CC344118D7B185D7E6
C:\WINDOWS\system32\DRIVERS\BTHUSB.sys 55C836530A9602255BFB4F5D9DA2B737
C:\WINDOWS\System32\drivers\BthAvrcpTg.sys A4863B7B1F0DB513D6E34547BACC211A
C:\WINDOWS\System32\drivers\bttflt.sys 39E7437FC59CDD7A303ABD514E462E8B
C:\WINDOWS\System32\drivers\buttonconverter.sys 522888590B0C19BC8128119060AE7901
C:\WINDOWS\System32\drivers\CAD.sys 2AB01CE5E233A6FBA3E91BD57772AA4B
C:\WINDOWS\System32\drivers\capimg.sys F6F97879F53AD57194C6BC8272FD73EA
C:\WINDOWS\System32\DRIVERS\cdfs.sys 9E82A95D77AC78C84BA75FF896B060BF
C:\WINDOWS\System32\drivers\cdrom.sys 6D83565C1652E80447EDEA6947FA89D7
C:\WINDOWS\System32\drivers\cht4sx64.sys D81954CE5E016FD716EDDB2B2FD9BA58
C:\WINDOWS\System32\drivers\cht4vx64.sys F9A8570805807FFD66488F0A858E1308
C:\WINDOWS\System32\drivers\circlass.sys 9798D58461706930190F1F2F6BF21D80
C:\WINDOWS\System32\drivers\cldflt.sys 3B5973C9D50DE90CEB6D7DC85216AA86
C:\WINDOWS\System32\drivers\CLFS.sys 59D46CE57A49353A733D162DBA65A4FA
C:\WINDOWS\System32\drivers\CmBatt.sys 2BA3BA38B5A6A667B0EAEC477276707B
C:\WINDOWS\System32\Drivers\cng.sys B3CC988A9D8B8EC66ED2B7B7B3413652
C:\WINDOWS\System32\DRIVERS\cnghwassist.sys C65AF00EF12A1755E7CA370B0C71935D
C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_9c1fb8f4db31c348\CompositeBus.sys A50300498D56B2448F3593D25478D508
C:\WINDOWS\System32\drivers\condrv.sys 65602B0DB49199647FECB2D1212147BE
C:\WINDOWS\System32\drivers\dam.sys 72BE43ABD786E86AAE7EA2193201E100
C:\WINDOWS\System32\drivers\dc3d.sys A4700D1F78539C0ED32FA50E64F9C692
C:\WINDOWS\System32\Drivers\dfsc.sys 9910E9CFF5ECDCB225F82E72CE9DE459
C:\WINDOWS\System32\drivers\disk.sys 811173C821171BB910219E53C7FD97AD
C:\WINDOWS\System32\drivers\dmvsc.sys 569FE16775E15A49DC904DE20BF8CAA0
C:\WINDOWS\System32\drivers\drmkaud.sys F4800922F4ABA619585CE320A72E6389
C:\WINDOWS\System32\drivers\dxgkrnl.sys 0DF6B436F579E1DD23C8EBD61EE749E8
C:\WINDOWS\System32\drivers\evbda.sys C99D40C97841E0A7F0F90B8629593A97
C:\WINDOWS\System32\drivers\EhStorClass.sys 260BBD6B1ED06298E509B452354EDB91
C:\WINDOWS\System32\drivers\EhStorTcgDrv.sys F3BEBDC1B9DBA32F183079EAE6244837
C:\WINDOWS\System32\drivers\errdev.sys 1B63CA857FD03FD0A5A1379F2996784F
C:\Windows\System32\Drivers\exfat.sys F1ACA42D448E3986565EA54275EEEA65
C:\Windows\System32\Drivers\fastfat.sys 0AF4B36754A6EAE794EE4398E219A9E1
C:\WINDOWS\System32\drivers\fdc.sys 7CD8426A33F06EB72BFEC51F7C264AF8
C:\WINDOWS\System32\drivers\filecrypt.sys DE51BBBCF358188F9736F031546F9908
C:\WINDOWS\System32\drivers\fileinfo.sys 822F664952B0F8D11BB6BD2F11779602
C:\WINDOWS\System32\drivers\filetrace.sys 5A4935682A0D47A4EAC4BE3C2ACF74D6
C:\WINDOWS\System32\drivers\flpydisk.sys 60641F22D1D38EAD197C25F0339C9712
C:\WINDOWS\System32\drivers\fltmgr.sys 56F9EAA7099159759B2F6C523007A13F
C:\WINDOWS\System32\drivers\FsDepends.sys 5D8A0E58E3F82583697E3F07052435AA
C:\Windows\System32\Drivers\Fs_Rec.sys BB82CC2F51F7C3D5DCD13FA3B040D8F8
C:\WINDOWS\System32\DRIVERS\fvevol.sys 69C669540A850553AF9589DB05A2A7D0
C:\WINDOWS\System32\drivers\vmgencounter.sys 3B5DDF1061930A0A891FA63DB0CB878B
C:\WINDOWS\System32\drivers\genericusbfn.sys 8B34E3F794F652082D7E8AF112F71681
C:\WINDOWS\System32\Drivers\msgpioclx.sys 127C23F4720C8902A3AB0FEE12205317
C:\WINDOWS\System32\drivers\gpuenergydrv.sys C7DEA3458E50B691E69EFF0B47CBCCDB
C:\WINDOWS\System32\drivers\HDAudBus.sys 99A34FD1F6431A10D8C3BB50E170D0F2
C:\WINDOWS\System32\drivers\HidBatt.sys 2443FC6EEB9CF092B62127D867901B02
C:\WINDOWS\System32\drivers\hidbth.sys 205043CDC16ADE85E252DD54AE925161
C:\WINDOWS\System32\drivers\hidi2c.sys B521DDDC9038C066B1B957BF063A531A
C:\WINDOWS\System32\drivers\hidinterrupt.sys 5AC0EBFA76E93273A806176D3178E986
C:\WINDOWS\System32\drivers\hidir.sys 366AC0E05EBF5D5C375F65CD8BC7F0DF
C:\WINDOWS\System32\drivers\hidusb.sys 7CB54D02746024648FCE184FC3F941FF
C:\WINDOWS\System32\drivers\HpSAMD.sys 835FB95D85D362057A72D21A48C2C7F8
C:\WINDOWS\System32\drivers\HTTP.sys 717D6E92D0143BCC4C36976BFFD94753
C:\WINDOWS\System32\drivers\hvservice.sys 9F2CFC90306532866C62BDCDFD2532AA
C:\WINDOWS\System32\Drivers\mshwnclx.sys 3737FE486929AFC48F1D10677B698E52
C:\WINDOWS\System32\drivers\hwpolicy.sys 3C65EBF7F1BFD98426C355D66876ECEE
C:\WINDOWS\System32\drivers\hyperkbd.sys 7E00234C67A322988AFEA717D5609C9E
C:\WINDOWS\System32\drivers\HyperVideo.sys FBF5BB641DE99AE1DF4835E88D4F8993
C:\WINDOWS\System32\drivers\i8042prt.sys 56FF074E50F9042FD2856AB3418F4B18
C:\WINDOWS\System32\drivers\iagpio.sys B5EC43755E62591197DE5CBBDAA9FEB7
C:\WINDOWS\System32\drivers\iai2c.sys D8CA23F9C5FEF44296FDE1E005C06EC0
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys 7B769C9D19C013F94874C4B15D59A005
C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys E0F1B3A2A70FABE3BE1C9140BB55E607
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys 89A869BCC0588A3009ECB875B09ECD39
C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys 2E693DF3C02A0859DB8DE25772751100
C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\WINDOWS\System32\drivers\iaStorAV.sys 435883A27A376B125BD4DF888417C85F
C:\WINDOWS\System32\drivers\iaStorV.sys 7118E4390C4ACDE61E280CE52BCAF44E
C:\WINDOWS\System32\drivers\ibbus.sys 9DBE8C359ABACE1BE1BBAB687D114506
C:\WINDOWS\system32\DRIVERS\ibtusb.sys DBDE256246284C8B976AD91457FA0B56
C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igdkmd64.sys 038BEF3FD29A4364EF64DDE4DF3E333F
C:\WINDOWS\System32\drivers\IndirectKmd.sys 42CAF6216A6E516DC56BA319ACC7EEC5
C:\WINDOWS\System32\drivers\IntcAudioBus.sys 6812970274D5A8FB6D58E9E10311D2C1
C:\WINDOWS\system32\drivers\RTKVHD64.sys 234B41FA634FA61B888285458E89547C
C:\WINDOWS\system32\DRIVERS\IntcDAud.sys DA7859458D03EF47FA344DF60AEAC28D
C:\WINDOWS\System32\drivers\IntcOED.sys F48709A2BC8866197F980B230E415FCA
C:\WINDOWS\System32\drivers\intelide.sys 40943C1CD031ACE06A8374AD56B9E5EA
C:\WINDOWS\System32\drivers\intelpep.sys 327D9CCF5492543AEF3979F9EEAD02BE
C:\WINDOWS\System32\drivers\intelppm.sys 10F2757836F41BFAEA2AE19F6FE869B2
C:\WINDOWS\System32\drivers\invdimm.sys 8387E90B551B9B7F32EDC69909591E9E
C:\WINDOWS\System32\drivers\iorate.sys E207078E0E1BB3524277DB9077E4148E
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys FD8F64B7B345E539F2EA7F72846F83B4
C:\WINDOWS\System32\drivers\IPMIDrv.sys 8AAB863E72A4F9C578FED2EE3541545B
C:\WINDOWS\System32\drivers\ipnat.sys 7BEC2AF23F586EFF0DB4DBF4331B0C70
C:\WINDOWS\System32\drivers\ipt.sys 35A54F19E703D4FE5919F812F6CC5D0A
C:\WINDOWS\system32\drivers\irda.sys 359CDDBC825959DA28FA886B3C271B53
C:\WINDOWS\System32\drivers\irenum.sys F88664A2A82DDA456180FFF95A771765
C:\WINDOWS\System32\drivers\isapnp.sys 2296B158C43C306B0AC5B4D57EA9F0E1
C:\WINDOWS\System32\drivers\msiscsi.sys 2DC0765992CFECE3B13F3BFD20E69DCC
C:\WINDOWS\System32\drivers\kbdclass.sys E320F986BBE0CD9324EA0A193EBF29B1
C:\WINDOWS\System32\drivers\kbdhid.sys AFF5DDCC1A79217C9526FF5E01A69E89
C:\WINDOWS\System32\drivers\kdnic.sys 916E62AF3386F7A74603E5C545F6FF2D
C:\WINDOWS\System32\Drivers\ksecdd.sys 69FA8BEBADF807089FEFCD3F59CFAC1E
C:\WINDOWS\System32\Drivers\ksecpkg.sys C1081E2B36F77781167FD9401119B98E
C:\WINDOWS\system32\drivers\ksthunk.sys DD8C4726127CFE313233372D70787C37
C:\WINDOWS\System32\drivers\lltdio.sys CB5A6E117502156794F0DA9E61506006
C:\WINDOWS\System32\drivers\lsi_sas.sys 20048BEE892138A745B1C23EBB0E069F
C:\WINDOWS\System32\drivers\lsi_sas2i.sys 9EAB16572B576979D585DDEDB12417CD
C:\WINDOWS\System32\drivers\lsi_sas3i.sys 3B7B359C0870317106DF3438D4FF491D
C:\WINDOWS\System32\drivers\lsi_sss.sys 2DE03BA338A4B0ACDB416A30F1C7D56F
C:\WINDOWS\system32\drivers\luafv.sys 9A497169E145FCE2D8AA7DBC67377F64
C:\WINDOWS\System32\drivers\mausbhost.sys BF56CB9D02DEE8CA9CBA50220BE16F15
C:\WINDOWS\System32\drivers\mausbip.sys 01BDEE1FFF6D2216797DFEE4ABD937D9
C:\WINDOWS\System32\drivers\megasas.sys C7B8B5053D646CBD30BE1BA6B487D396
C:\WINDOWS\System32\drivers\MegaSas2i.sys EB8ED3204499DDB2D3BA094A4563EE3E
C:\WINDOWS\System32\drivers\megasr.sys F1C1D4E752DE1D58295040E5BE8813AF
C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys 3B3B28756F9A8CCF19B3C092A23FBEA2
C:\WINDOWS\System32\drivers\mlx4_bus.sys 16B078D1089FEA98710C9D07C152DCEE
C:\WINDOWS\system32\drivers\mmcss.sys 20C57CE47B1A877C48A4B68E9A4E21FA
C:\WINDOWS\System32\drivers\modem.sys A4467A5C080318F0CCCF5ED463821F8B
C:\WINDOWS\System32\drivers\monitor.sys 78BE85C1F1C7F3AF6C87BCE127007D5A
C:\WINDOWS\System32\drivers\mouclass.sys 8E262B34A8BD184B4B3025AA8C396B00
C:\WINDOWS\System32\drivers\mouhid.sys C094A555F148495EA130D3BBC5232D5E
C:\WINDOWS\System32\drivers\mountmgr.sys 6434BC884502E95EEA2379C92DD22B60
C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{3DDF0396-868D-4F8F-903B-31479BC9BC5D}\MpKsl0349b6b7.sys BF2513029E231BE96D82F7C3ABFF87F4
C:\WINDOWS\System32\drivers\mpsdrv.sys F36E4074C66DD31855A8D79EF0AE8066
C:\WINDOWS\system32\drivers\mrxdav.sys 215D672CB71987CD98EB2298EFB84DDC
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 34898F29BF0E9A84E183046318D17814
C:\WINDOWS\System32\DRIVERS\mrxsmb20.sys 87FF93E7420C9068C0D5B2F3109809F4
C:\WINDOWS\System32\drivers\bridge.sys 167408B38458ECAE545C57527BC99024
C:\Windows\System32\Drivers\Msfs.sys AE111778CA6AC08862B3C713F0413333
C:\WINDOWS\System32\drivers\msgpiowin32.sys 6DDDFCAB646BBBCFC583135C4430E10F
C:\WINDOWS\System32\drivers\mshidkmdf.sys 01C6A86BEA8279E557A5056148F068BF
C:\WINDOWS\System32\drivers\mshidumdf.sys F65ABC7DE945047147F17330F79732CB
C:\WINDOWS\System32\drivers\msisadrv.sys 05B23012427801E710BDD12720B9020B
C:\WINDOWS\System32\drivers\MSKSSRV.sys B25B2CD3E052D68075A3814AAA0C6421
C:\WINDOWS\System32\drivers\mslldp.sys C3F5EA6B9041A30B4F11BE2E7863E487
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 601D666820F0408B896791D19BE6D258
C:\WINDOWS\System32\drivers\MSPQM.sys 46E61FBA0097E48E5628C74A3F72233A
C:\Windows\System32\Drivers\MsRPC.sys 4EB9B77179BDEE89C496E60D4BF85CC1
C:\WINDOWS\System32\drivers\mssmbios.sys CBD56E0B55FB3672BA80382EC2F8835C
C:\WINDOWS\System32\drivers\MSTEE.sys 5734B2A36D3BB13A638E5305EEEC582D
C:\WINDOWS\System32\drivers\MTConfig.sys 85270E0DC6907C6B99F72A36F17AED34
C:\WINDOWS\System32\Drivers\mup.sys DB5B1539F5EBB3DD3A7ED25ADBC4D6D9
C:\WINDOWS\System32\drivers\mvumis.sys 3C57FF3BCF496D24C39C2198158864BB
C:\WINDOWS\System32\DRIVERS\nwifi.sys 8A9CD53B0FBE679116638120CCBB201E
C:\WINDOWS\System32\drivers\ndfltr.sys 77B047B109CE758A017F58FAE5038D0D
C:\WINDOWS\System32\drivers\ndis.sys 7FF306C78B0DC31192657B47539D5688
C:\WINDOWS\System32\drivers\ndiscap.sys 067AE5BA349CC35AF8975D22DC483DDF
C:\WINDOWS\System32\drivers\NdisImPlatform.sys 6FC4D7EB5D38CFB7966405036116F065
C:\WINDOWS\System32\DRIVERS\ndistapi.sys ED7CC4E16B76B2603C9F827188EA63B4
C:\WINDOWS\System32\drivers\ndisuio.sys 8D977AFC195A3F4B15B05D02B2BD0292
C:\WINDOWS\System32\drivers\NdisVirtualBus.sys DC1D26D62F40B7552BCF49D92774F0C5
C:\WINDOWS\System32\drivers\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 66F56AC744101DB870934D0EB31C2426
C:\WINDOWS\System32\DRIVERS\NDProxy.sys 8ABF5B8D5839F8DAE2E0D3165AE732F6
C:\WINDOWS\System32\drivers\Ndu.sys A791792DC412CCD83DA0AF6871682552
C:\WINDOWS\System32\drivers\NetAdapterCx.sys BE79982A50AC88BC0765F3AFECFCB596
C:\WINDOWS\System32\drivers\netbios.sys E899D26A0C2555AC30ACDD526056E51F
C:\WINDOWS\System32\DRIVERS\netbt.sys 7FC54F2AF5EC52C7AC05AD90FFC757E6
C:\WINDOWS\System32\drivers\netvsc.sys 680EB4AEA08EAC80C384E90E430DF16D
C:\WINDOWS\System32\drivers\Netwtw04.sys 9018527E56D9CADB80FE5D1CB824D5D9
C:\Windows\System32\Drivers\Npfs.sys 84EB8F01B140618518AFF30B9951F132
C:\WINDOWS\System32\drivers\npsvctrig.sys 5CB8082E51DE7D19042F0FF8C517CB0D
C:\WINDOWS\System32\drivers\nsiproxy.sys 958921BB7AE2671983743FDA0DD587C4
C:\Windows\System32\Drivers\NTFS.sys E20EC8E25969ABD9F5FED6EDEA57EC0C
C:\Windows\System32\Drivers\Null.sys 0D1E03A5F87F4DE04D97622C686910A2
C:\WINDOWS\System32\drivers\nvdimmn.sys 532F27A2B62D70C327E763F035AED6C1
C:\WINDOWS\System32\drivers\nvraid.sys 7E04652EB1A476BC0A72ECDC613AF0C5
C:\WINDOWS\System32\drivers\nvstor.sys 880B3E874914DAEF97119876543AE117
C:\WINDOWS\System32\drivers\parport.sys 2E07EC2C1622F5E7B535D62DCD61F3AB
C:\Windows\SysWOW64\drivers\Partizan.sys 032F1C32A6A97C317AEFF9D64D2A1D8A
C:\WINDOWS\System32\drivers\partmgr.sys 023DDF9DE429B2E6F0BADA72AA98EF8B
C:\WINDOWS\System32\drivers\pci.sys 9BF965EE361849567DB1664BEDFA9569
C:\WINDOWS\System32\drivers\pciide.sys E5AF806815ED797086629741F29E4156
C:\WINDOWS\System32\drivers\pcmcia.sys 2A631D447B988AFBE847CBAA8E5CC298
C:\WINDOWS\System32\drivers\pcw.sys ACD510CF2B631A2D36B2CFB7D31E22FD
C:\WINDOWS\System32\drivers\pdc.sys 1796112EB89559910BC18865A29C8894
C:\WINDOWS\System32\drivers\peauth.sys F21127EDE5D72090A1B029AFF4AFFD17
C:\WINDOWS\System32\drivers\percsas2i.sys 35FD028E4323018202C0B7D115FD3AEF
C:\WINDOWS\System32\drivers\percsas3i.sys F9F3D8BE9BC9241CC726197261362AC4
C:\WINDOWS\System32\drivers\pmem.sys 36D43EA5517F3F4AAAC8EE061C957EF1
C:\WINDOWS\System32\drivers\pnpmem.sys 59048555B59FD69287CFAB6022B5CC86
C:\WINDOWS\System32\drivers\raspptp.sys AACA74DEF7BE3DED322411787494878B
C:\WINDOWS\System32\drivers\processr.sys B1111C47F128C946BDC87A18E44007EB
C:\WINDOWS\System32\drivers\pacer.sys 5818FE76C3C6AE0CA723EBE483BF447F
C:\WINDOWS\system32\drivers\qwavedrv.sys 16F9A6B593B52EB18F7ECB9D251BDF7A
C:\WINDOWS\System32\DRIVERS\ramdisk.sys 13600C467512147E99052806F2C1307A
C:\WINDOWS\System32\DRIVERS\rasacd.sys F57D1DE0C9522BCD590A69D044641B5A
C:\WINDOWS\System32\drivers\AgileVpn.sys ED0EE10911C16AD8B21B9003C90E968F
C:\WINDOWS\System32\drivers\rasl2tp.sys E0220BB6580D34001D4D1D133052DAA4
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 12EE1D92F4E5FAE4B6F65195A2016CE5
C:\WINDOWS\System32\drivers\rassstp.sys 91CE469015979E5B3C3DBC2C41A476E8
C:\WINDOWS\System32\DRIVERS\rdbss.sys 4525664EFB5EB71D4B155405F78D93DB
C:\WINDOWS\System32\drivers\rdpbus.sys 8A5285B38A203D15110E142DE68406DD
C:\WINDOWS\System32\drivers\rdpdr.sys DF83769C92527DB50653F8FB57D001FF
C:\WINDOWS\System32\drivers\rdpvideominiport.sys 4D1A63ACEC42A88E52AFC4E84A8CE9EE
C:\WINDOWS\System32\drivers\rdyboost.sys 12AF835862F2B6B2FB9DEA8BA2288587
C:\Windows\System32\Drivers\ReFS.sys FB0577F6BC9E07549CEACF5224327499
C:\Windows\System32\Drivers\ReFSv1.sys 4136BCA61BCDCC79DCE145F9CB639CD6
C:\WINDOWS\System32\drivers\rfcomm.sys 5BF7698021DB13B55753FD921BEBE318
C:\WINDOWS\System32\drivers\rhproxy.sys BBC228CA2F96B784B01FE7F1C5E3CFBB
C:\WINDOWS\System32\drivers\rspndr.sys 27B80E5766B114621980F82FB78E912A
C:\WINDOWS\System32\drivers\rt640x64.sys AB7C0639DF052528C2CB06D0EAE115EC
C:\WINDOWS\system32\DRIVERS\RtsPer.sys FAEE7E2ABA25F975F2A14551DF385609
C:\WINDOWS\System32\drivers\vms3cap.sys F0FA6B67B16EEFDEF8E8AFAD47A4F9B8
C:\WINDOWS\System32\drivers\sbp2port.sys 324FA3C337EB54B43448F7B08444DC8D
C:\WINDOWS\System32\DRIVERS\scfilter.sys 62A33CE69DB508BCEC63F4D3BFF400CE
C:\WINDOWS\System32\drivers\scmbus.sys 7B057373146CC4E5A1F1DA665EA55DC7
C:\WINDOWS\System32\drivers\sdbus.sys 0FB6CCFA52FE5AD0B8D86E8AB370EF34
C:\WINDOWS\System32\drivers\SDFRd.sys 6D3853838864886B4F10B074282772E0
C:\WINDOWS\System32\drivers\sdstor.sys C289832A3174DC9D393C7603C511DF79
C:\WINDOWS\System32\drivers\SerCx.sys 75A27472AFD009255DBDE52038E3BDB5
C:\WINDOWS\System32\drivers\SerCx2.sys 84005F54308109A022413D628E966412
C:\WINDOWS\System32\drivers\serenum.sys 40384793F74CFFA45BCC38DF65E978EC
C:\WINDOWS\System32\drivers\serial.sys 699470AD24D67908991A777716A352FD
C:\WINDOWS\System32\drivers\sermouse.sys 92453F065F52A8EF0328A926B2C9502F
C:\WINDOWS\System32\drivers\sfloppy.sys 1D8920C40F19B5FBA5F4897779840AD1
C:\WINDOWS\System32\drivers\SiSRaid2.sys A871F9CC9CF388DC7193D22EF8D8C8DF
C:\WINDOWS\System32\drivers\sisraid4.sys D30FC341550CC364880950152AE8B1C5
C:\WINDOWS\System32\drivers\spaceport.sys B2ABF0F8A49752B5CD9DEE2EADF7416A
C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys CCECE7E96B4F7B0E9F0FC82F6DADA917
C:\WINDOWS\System32\drivers\SpbCx.sys 545507AF670BC88B89200A118513ED9A
C:\WINDOWS\System32\DRIVERS\srv2.sys 41181D890542EB0E8D9822F73F9FD5D7
C:\WINDOWS\System32\DRIVERS\srvnet.sys 43480B3EE4D23F5AA8EE7C6D83B09487
C:\WINDOWS\System32\drivers\stexstor.sys 162A805E13B3C0DD06AE8B6FC1900156
C:\WINDOWS\System32\drivers\storahci.sys DD1F00B80DDD12252B7B228ABCE181A9
C:\WINDOWS\System32\drivers\vmstorfl.sys A12CFAAA0F113A25D8CEFE58B1CBB207
C:\WINDOWS\System32\drivers\stornvme.sys B6F8D1FA73F6E102AEA60D2BBD1DDF78
C:\WINDOWS\System32\drivers\storqosflt.sys 57377953F5688158054BC8CB5A243115
C:\WINDOWS\System32\drivers\storufs.sys B59D29E535AF7E82717C2AD2C57EEC67
C:\WINDOWS\System32\drivers\storvsc.sys 9B431079624306B5659B3B7208A71C75
C:\WINDOWS\System32\drivers\swenum.sys 027B27E4B9DB3931D64159B81BD915A0
C:\WINDOWS\System32\drivers\SynRMIHID.sys 1A98072E9B008D4FD85AF2B8BE94A2E8
C:\WINDOWS\System32\drivers\Synth3dVsc.sys AB15F9FDCD11D5283891BC956E8C5C95
C:\WINDOWS\System32\drivers\tap0901.sys 9C2D73902E96A42A9758AE7ACB70DF41
C:\WINDOWS\System32\drivers\tcpip.sys 9900BD38D592CF4EE6F2EAE3847A24D8
C:\WINDOWS\System32\drivers\tcpip.sys 9900BD38D592CF4EE6F2EAE3847A24D8
C:\WINDOWS\System32\drivers\tcpipreg.sys 74A1BF4093FA7B7D6C9366A39911A78E
C:\WINDOWS\system32\DRIVERS\tdx.sys 571D82ABAC428D902ACA0CF60373C039
C:\WINDOWS\System32\drivers\terminpt.sys B4B68E1DB59456419D9E49645729502A
C:\WINDOWS\System32\drivers\tpm.sys 1658D060057C85DEC82BFCB018C4C22F
C:\WINDOWS\System32\drivers\tsusbflt.sys 8D811209E34358EAD3FD8E40F657E59C
C:\WINDOWS\System32\drivers\TsUsbGD.sys 68DE1735FB020AE8948BD7B60F2EBD3B
C:\WINDOWS\System32\drivers\tunnel.sys ACD39B0E5CFDA7B1AB7DF33FC5CC0E46
C:\WINDOWS\System32\drivers\uaspstor.sys 04FC2C7F73AE58BF0DD674164E28A6DF
C:\WINDOWS\System32\Drivers\UcmCx.sys E437FC4B1833F6B745184F78C4921FB8
C:\WINDOWS\System32\Drivers\UcmTcpciCx.sys 950A3E42167904CAB9AA64863C31CEB5
C:\WINDOWS\System32\drivers\UcmUcsi.sys 149CBBB74DFC3E52F242029A27B0F8EB
C:\WINDOWS\System32\drivers\ucx01000.sys E6E91B3980A495D2A9D28A09580EA993
C:\WINDOWS\System32\drivers\udecx.sys DACA289DFFA7658C04FEF6DCFA2AA9CE
C:\WINDOWS\System32\DRIVERS\udfs.sys 12383D410AEF99AD6979A8EFD3D61888
C:\WINDOWS\System32\drivers\UEFI.sys AB7FE51D818B6059C2F56FA62268CCAC
C:\WINDOWS\System32\drivers\ufx01000.sys 58447F28E697A93521DD20530A8D50ED
C:\WINDOWS\System32\drivers\UfxChipidea.sys 69ED2D00A7787D9D84E6C90CE0B02B2D
C:\WINDOWS\System32\drivers\ufxsynopsys.sys F061EC57330FBC597A4E7298BE667780
C:\WINDOWS\System32\drivers\umbus.sys D40BCED160D332005AF612E1228825E6
C:\WINDOWS\System32\drivers\umpass.sys 64CF24D7B1FA4975C52A31BF4C82EB73
C:\WINDOWS\System32\drivers\urschipidea.sys ACE4C3B4C7D17B154FFC5BBE5F7A9835
C:\WINDOWS\System32\drivers\urscx01000.sys ECE40EB976A5ACB366808AECF6B235BA
C:\WINDOWS\System32\drivers\urssynopsys.sys EB738F830D3E7EA62A218F101EF91FD4
C:\WINDOWS\System32\drivers\usbccgp.sys B43E28E5CF868517EEC0923AB2BC366B
C:\WINDOWS\System32\drivers\usbcir.sys 1080D80B5F6D249F23BAE1C0C36233A4
C:\WINDOWS\System32\drivers\usbehci.sys EE162DA2C92026A5B96ED89737975AA8
C:\WINDOWS\System32\drivers\usbhub.sys C27FEE9758E3BEDE4D48B5EDBE1122CF
C:\WINDOWS\System32\drivers\UsbHub3.sys 4FA9C956E569D0D380C2859542361780
C:\WINDOWS\System32\drivers\usbohci.sys 44B954306BB2B311E070EDA276FECAB1
C:\WINDOWS\System32\drivers\usbprint.sys EEF26F9034F0608B93D4D239534BB0BA
C:\WINDOWS\system32\DRIVERS\usbscan.sys E55C9AF5EE8905879048118824B06816
C:\WINDOWS\System32\drivers\usbser.sys 913CFF365DB1803525DBD2AA8B8188B4
C:\WINDOWS\System32\drivers\USBSTOR.SYS 441CAE778B6A1FF6E618E37814A7A52A
C:\WINDOWS\System32\drivers\usbuhci.sys 2D6BB2157B37B2D9DABF8C218F2A805B
C:\WINDOWS\System32\Drivers\usbvideo.sys 68788AE61B2E6A7D97CAD73B632F5BF5
C:\WINDOWS\System32\drivers\USBXHCI.SYS 41E5A6188180DC72BCECA999ED2532D4
C:\WINDOWS\System32\drivers\vdrvroot.sys C77C537077822D8EA529AD4EBFD971D6
C:\WINDOWS\System32\drivers\VerifierExt.sys 9D4EEE333603F3675685F644053499D5
C:\WINDOWS\System32\drivers\vhf.sys E10FEBB566E1F0A3936AB304F338637E
C:\WINDOWS\System32\drivers\vmbus.sys 079B4378614A40A308F9C721A50C7B87
C:\WINDOWS\System32\drivers\VMBusHID.sys DC9E0600B356258E31403789119C78A9
C:\WINDOWS\System32\drivers\vmgid.sys B24F74B2710B66F647419697BDB9E163
C:\WINDOWS\System32\drivers\vnvdimm.sys D81F6B790519A60F3D1788B45D04B749
C:\WINDOWS\System32\drivers\volmgr.sys C9052650BBF2124CD525A26D5C2A6671
C:\WINDOWS\System32\drivers\volmgrx.sys 6D6CACED512C1EF1FEAC215E37E3A9BC
C:\WINDOWS\System32\drivers\volsnap.sys 5B27846CF4B1C21AFB3A35A8336BA02F
C:\WINDOWS\System32\drivers\volume.sys 72A95A844D6BAF2924A4C15BEDFD6BCA
C:\WINDOWS\System32\drivers\vpci.sys 702273C7C1BE9D366BAF1305D382F03C
C:\WINDOWS\System32\drivers\vsmraid.sys 075CE3C9E77D2666AFA888951E5F07A9
C:\WINDOWS\System32\drivers\vstxraid.sys 26D00E85BE4726B114335250FCDEDA89
C:\WINDOWS\System32\drivers\vwifibus.sys 3DFDB573E4D49EA8F416B573525B7A86
C:\WINDOWS\System32\drivers\vwififlt.sys A40FA64655AB5B8773A96A821616C5FC
C:\WINDOWS\System32\drivers\vwifimp.sys 0D34F98DBDF09D239533AC345C360F03
C:\WINDOWS\System32\drivers\wacompen.sys 5B5430522E0BDF2A753D758710BE7C5E
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\System32\DRIVERS\wanarp.sys 1FC3A8FB032B62A88283BC8113FDF1C5
C:\WINDOWS\system32\drivers\wcifs.sys 520E4FD6B5BF5349DD1499F2AEFB7C50
C:\WINDOWS\system32\drivers\wcnfs.sys 9DE3FDFF295F2534DF0A8B6FC4F06355
C:\WINDOWS\System32\drivers\wd\WdBoot.sys 16D3F1C6CB3D6BBFDF4893C7A14D6F12
C:\WINDOWS\System32\drivers\Wdf01000.sys FCC960498E3CD899F0A429F7CF9E77AD
C:\WINDOWS\System32\drivers\wd\WdFilter.sys 64EB43131121ADD90A061A75C8ADE9E6
C:\WINDOWS\System32\DRIVERS\wdiwifi.sys 2D50C46EFE924BC24F63A45D2DB1AA3A
C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys BE3C9DF77543C78004C400B1CAFCAB49
C:\WINDOWS\System32\drivers\wdnsfltr.sys DF58AA71FBA55E15F572C93447696DEC
C:\WINDOWS\System32\drivers\wfplwfs.sys 8E101DF42D36E04EC610581BA478B38F
C:\WINDOWS\System32\drivers\wimmount.sys C8D3FC38426E990E2787771678B19C6D
C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys 0484B0D01EA6F7017519EBDDBADE759D
C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys 813EE0F4D4B8D599DB1968682D080732
C:\WINDOWS\System32\drivers\winmad.sys E23475E9150E6A50B12DB176EA5CDD56
C:\WINDOWS\System32\drivers\winnat.sys EABEF39BBEEDB3845C36893931DADCD1
C:\WINDOWS\System32\drivers\WinUSB.SYS E92F3539C4758F6A9F4B80CBAC75B3E6
C:\WINDOWS\System32\drivers\winverbs.sys 59126AFCC64270747B5CC9B44A4A48F4
C:\WINDOWS\System32\drivers\wmiacpi.sys E8C793ED028E132771988760819E3754
C:\Windows\System32\Drivers\Wof.sys 8D6E6F6C233AF450C50FA615530B44D2
C:\WINDOWS\System32\drivers\WpdUpFltr.sys 9EAE1EF282864674355B4B81DF6AE935
C:\WINDOWS\system32\drivers\ws2ifsl.sys 367B3ED0C688AFE28C376B0230814567
C:\WINDOWS\System32\drivers\WudfPf.sys BD5E68B369DF3453A0A87663C6C5476D
C:\WINDOWS\System32\drivers\WudfRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\system32\DRIVERS\WUDFRd.sys A86A249314FD0A780214028B0C31A386
C:\WINDOWS\System32\drivers\xboxgip.sys 2244A4CEFE8F9C74091369ACE2E9EBC6
C:\WINDOWS\System32\drivers\xinputhid.sys 4A91B49C6B1E41151D47CB919ADF013A

==================== N



#3 chilidog33

chilidog33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 22 February 2018 - 02:36 PM

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-22 12:52 - 2018-02-22 12:52 - 002403328 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2018-02-22 12:20 - 2018-02-22 12:22 - 133360352 _____ (Microsoft Corporation) C:\Users\John\Downloads\mpam-fe.exe
2018-02-22 11:59 - 2018-02-22 11:59 - 000000000 ___HD C:\$SysReset
2018-02-21 20:12 - 2018-02-21 20:35 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-21 03:46 - 2018-02-21 03:46 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1041191953-2805693150-4082675335-1001
2018-02-21 03:46 - 2018-02-21 03:46 - 000002364 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-02-20 07:23 - 2018-02-05 20:49 - 000835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-02-20 07:23 - 2018-02-05 20:49 - 000177648 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-02-18 18:24 - 2018-02-18 18:24 - 000113050 _____ C:\Users\John\Desktop\a.jfif
2018-02-18 18:22 - 2018-02-18 18:23 - 000127059 _____ C:\Users\John\Desktop\thumbnail.jfif
2018-02-18 17:16 - 2018-02-18 17:16 - 000003734 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP OfficeJet 3830 series
2018-02-18 17:15 - 2018-02-18 17:15 - 000002345 _____ C:\Users\Public\Desktop\HP OfficeJet 3830 series.lnk
2018-02-18 17:15 - 2018-02-18 17:15 - 000002345 _____ C:\ProgramData\Desktop\HP OfficeJet 3830 series.lnk
2018-02-18 17:15 - 2018-02-18 17:15 - 000001266 _____ C:\Users\Public\Desktop\Shop for Supplies - HP OfficeJet 3830 series.lnk
2018-02-18 17:15 - 2018-02-18 17:15 - 000001266 _____ C:\ProgramData\Desktop\Shop for Supplies - HP OfficeJet 3830 series.lnk
2018-02-18 17:06 - 2018-02-18 17:06 - 000002087 _____ C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2018-02-18 17:06 - 2018-02-18 17:06 - 000002087 _____ C:\ProgramData\Desktop\HP Print and Scan Doctor.lnk
2018-02-18 17:06 - 2018-02-18 17:06 - 000000000 ____D C:\Users\John\AppData\Roaming\HPPSDr
2018-02-18 17:05 - 2018-02-18 17:05 - 011097040 _____ C:\Users\John\Downloads\HPPSdr.exe
2018-02-18 17:04 - 2018-02-18 17:05 - 171414760 _____ C:\Users\John\Downloads\DJ3830_Full_WebPack_40.11.1124(1).exe
2018-02-18 17:03 - 2018-02-18 17:03 - 004414576 _____ C:\Users\John\Downloads\DJ3830_R1804A.exe
2018-02-18 16:54 - 2018-02-18 16:54 - 000003726 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP DeskJet 3830 series
2018-02-18 16:54 - 2018-02-18 16:54 - 000002078 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2018-02-18 16:54 - 2018-02-18 16:54 - 000002078 _____ C:\ProgramData\Desktop\HP Photo Creations.lnk
2018-02-18 16:54 - 2018-02-18 16:54 - 000000000 ____D C:\ProgramData\Visan
2018-02-18 16:54 - 2018-02-18 16:54 - 000000000 ____D C:\ProgramData\HP Photo Creations
2018-02-18 16:54 - 2018-02-18 16:54 - 000000000 ____D C:\Program Files (x86)\HP Photo Creations
2018-02-18 16:53 - 2018-02-18 17:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2018-02-18 16:53 - 2018-02-18 17:15 - 000000000 ____D C:\Program Files\HP
2018-02-18 16:53 - 2018-02-18 17:15 - 000000000 ____D C:\Program Files (x86)\HP
2018-02-18 16:53 - 2018-02-18 16:53 - 000002317 _____ C:\Users\Public\Desktop\HP DeskJet 3830 series.lnk
2018-02-18 16:53 - 2018-02-18 16:53 - 000002317 _____ C:\ProgramData\Desktop\HP DeskJet 3830 series.lnk
2018-02-18 16:53 - 2018-02-18 16:53 - 000001250 _____ C:\Users\Public\Desktop\Shop for Supplies - HP DeskJet 3830 series.lnk
2018-02-18 16:53 - 2018-02-18 16:53 - 000001250 _____ C:\ProgramData\Desktop\Shop for Supplies - HP DeskJet 3830 series.lnk
2018-02-18 16:52 - 2018-02-18 17:16 - 000000000 ____D C:\Users\John\AppData\Local\HP
2018-02-18 16:45 - 2018-02-18 16:47 - 171414760 _____ C:\Users\John\Downloads\DJ3830_Full_WebPack_40.11.1124.exe
2018-02-18 16:40 - 2018-02-18 17:15 - 000000000 ____D C:\ProgramData\HP
2018-02-18 13:09 - 2018-02-18 13:10 - 001535075 _____ C:\Users\John\Downloads\IES Files & LM-79 Test Reports_ OSQ Series High Output Area_Flood, Automotive FrontlineOptic™ Type (1).zip
2018-02-18 13:02 - 2018-02-18 13:10 - 001535075 _____ C:\Users\John\Documents\IES Files & LM-79 Test Reports_ OSQ Series High Output Area_Flood, Automotive FrontlineOptic™ Type (1).zip
2018-02-18 12:55 - 2018-02-18 12:55 - 001535075 _____ C:\Users\John\Downloads\IES Files & LM-79 Test Reports_ OSQ Series High Output Area_Flood, Automotive FrontlineOptic™ Type.zip
2018-02-18 12:54 - 2018-02-18 12:54 - 001496636 _____ C:\Users\John\Downloads\IES Files & LM-79 Test Reports_ OSQ Series High Output Area_Flood, Type II Medium.zip
2018-02-18 12:37 - 2018-02-18 12:41 - 000002379 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-02-18 12:37 - 2018-02-18 12:41 - 000002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-02-18 12:37 - 2018-02-18 12:41 - 000002338 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2018-02-18 03:20 - 2018-02-18 03:20 - 000003584 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-KG14MNT-John
2018-02-18 03:16 - 2018-02-18 03:16 - 000000000 ____D C:\Users\John\AppData\Local\CEF
2018-02-18 00:57 - 2018-02-18 00:58 - 004903358 _____ C:\Users\John\Downloads\getfile(2).aspx
2018-02-18 00:55 - 2018-02-18 00:55 - 001496636 _____ C:\Users\John\Downloads\getfile(1).aspx
2018-02-18 00:35 - 2018-02-18 00:35 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\36240368.sys
2018-02-17 23:46 - 2018-01-01 06:27 - 000713624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-02-17 23:42 - 2018-02-22 12:52 - 000000000 ____D C:\Users\John\Downloads\FRST-OlderVersion
2018-02-17 22:56 - 2018-02-17 22:56 - 001535075 _____ C:\Users\John\Downloads\getfile.aspx
2018-02-17 22:21 - 2018-02-17 22:21 - 000001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2018-02-17 22:21 - 2018-02-17 22:21 - 000001308 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2018-02-17 22:21 - 2018-02-17 22:21 - 000001308 _____ C:\ProgramData\Desktop\Adobe Creative Cloud.lnk
2018-02-17 22:17 - 2018-02-18 04:52 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-17 22:14 - 2018-02-17 22:14 - 000000000 ____D C:\ProgramData\Adobe
2018-02-17 22:13 - 2018-02-17 22:13 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-02-17 22:11 - 2018-02-17 22:12 - 001926640 _____ (Adobe Systems Incorporated) C:\Users\John\Downloads\Photoshop_Set-Up(1).exe
2018-02-17 22:09 - 2018-02-17 22:09 - 001926496 _____ (Adobe Systems Incorporated) C:\Users\John\Downloads\Photoshop_Set-Up.exe
2018-02-17 22:07 - 2018-02-18 01:16 - 000000000 ____D C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazing Photo Editor
2018-02-17 22:07 - 2018-02-18 01:16 - 000000000 ____D C:\Program Files (x86)\Amazing Photo Editor
2018-02-17 22:07 - 2018-02-17 22:07 - 000001160 _____ C:\Users\John\Desktop\Amazing Photo Editor.lnk
2018-02-17 22:04 - 2018-02-17 22:04 - 002798973 _____ C:\Users\John\Downloads\Ape.exe
2018-02-17 22:02 - 2018-02-17 22:04 - 012454296 _____ C:\Users\John\Downloads\PosFreePhotoEditor_Setup.exe
2018-02-16 20:42 - 2018-01-24 23:56 - 1792076769 _____ C:\Users\John\Documents\DJI_0001.MP4
2018-02-16 11:23 - 2018-02-16 11:23 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4737E73F.sys
2018-02-16 11:01 - 2018-02-16 11:01 - 000002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2018-02-16 11:01 - 2018-02-16 11:01 - 000002205 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2018-02-16 11:01 - 2018-02-16 11:01 - 000002205 _____ C:\ProgramData\Desktop\Belarc Advisor.lnk
2018-02-16 09:02 - 2018-02-16 09:02 - 002247877 _____ C:\Users\John\Documents\45.AGI
2018-02-16 09:02 - 2018-02-16 09:02 - 002229236 _____ C:\Users\John\Documents\45.AGI.bak
2018-02-16 08:21 - 2018-02-16 08:21 - 002746375 _____ C:\Users\John\Documents\mcclarty template.AGI
2018-02-16 07:18 - 2018-02-16 07:18 - 000000002 RSHOT C:\WINDOWS\system32\CONFIG.NT
2018-02-16 07:18 - 2018-02-16 07:18 - 000000002 RSHOT C:\WINDOWS\system32\AUTOEXEC.NT
2018-02-16 07:16 - 2018-02-16 07:16 - 011508297 _____ C:\Users\John\Downloads\bootracer_free.zip
2018-02-16 07:16 - 2018-02-16 07:16 - 011508297 _____ C:\Users\John\Downloads\bootracer_free(1).zip
2018-02-14 17:56 - 2018-02-14 17:56 - 000651697 _____ C:\Users\John\Desktop\AF1QipOfUeEljVZELFu-5v9_MFCSDNTmdUpbNwK2s-B4.htm
2018-02-14 13:34 - 2018-02-14 13:34 - 000000040 _____ C:\Users\John\Documents\45-Copy-48842-InUse.a3~
2018-02-14 13:33 - 2018-02-14 13:33 - 002177837 _____ C:\Users\John\Documents\45-Copy-48842.AGI
2018-02-14 12:27 - 2018-02-14 12:27 - 000003418 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2018-02-14 12:27 - 2018-02-14 12:27 - 000001080 _____ C:\Users\John\Desktop\UnHackMe.lnk
2018-02-14 12:15 - 2018-02-14 12:15 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\7463A624.sys
2018-02-12 06:27 - 2018-02-12 06:27 - 000005954 _____ C:\Users\John\Documents\reg backup.reg
2018-02-12 03:56 - 2018-02-12 03:56 - 000040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2018-02-12 03:47 - 2018-02-21 20:12 - 000000252 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2018-02-12 03:34 - 2018-02-17 23:14 - 000000000 ____D C:\ProgramData\RegRun
2018-02-12 03:33 - 2018-02-22 07:53 - 000000000 ____D C:\Users\John\Documents\RegRun2
2018-02-12 03:33 - 2018-02-21 03:47 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-02-12 03:33 - 2018-02-21 03:47 - 000000000 ____D C:\ProgramData\Documents\regruninfo
2018-02-12 03:33 - 2018-02-18 01:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2018-02-12 03:33 - 2018-02-16 07:18 - 000000002 RSHOT C:\WINDOWS\winstart.bat
2018-02-12 03:33 - 2018-02-16 07:18 - 000000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2018-02-12 03:33 - 2018-02-16 07:18 - 000000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2018-02-12 03:33 - 2018-02-08 14:33 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-02-12 03:33 - 2018-01-31 13:32 - 000014984 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2018-02-12 03:33 - 2015-12-28 11:32 - 000049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2018-02-12 03:32 - 2018-02-18 01:16 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-02-12 03:20 - 2018-02-12 03:30 - 018297972 _____ C:\Users\John\Downloads\unhackmeb.zip
2018-02-12 02:44 - 2018-02-12 02:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Group Policy
2018-02-12 02:43 - 2018-02-12 02:43 - 012971008 _____ C:\Users\John\Downloads\Windows_ 10_Creators_Update_ADMX.msi
2018-02-12 01:04 - 2018-02-01 20:56 - 002090043 _____ C:\Users\John\Documents\49.AGI
2018-02-12 01:04 - 2017-11-08 22:10 - 002596871 _____ C:\Users\John\Documents\mcclarty template.AGI.bak
2018-02-12 01:03 - 2018-02-18 01:16 - 000000000 ____D C:\Users\John\Documents\ies files
2018-02-12 01:03 - 2018-02-12 01:03 - 000000000 ____D C:\Users\John\Documents\mclarty
2018-02-12 01:03 - 2018-02-01 15:15 - 002113076 _____ C:\Users\John\Documents\43.AGI
2018-02-12 01:02 - 2018-02-22 05:51 - 000000000 ____D C:\Users\John\Documents\cree ies files qso ho
2018-02-12 01:02 - 2017-10-14 21:42 - 000406772 _____ C:\Users\John\Documents\170921HO1CJW.pdf
2018-02-10 02:39 - 2018-02-10 02:39 - 001931969 _____ C:\Users\John\Downloads\ProcessExplorer(1).zip
2018-02-10 02:37 - 2018-02-10 02:37 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\4664B2E6.sys
2018-02-10 02:16 - 2018-02-10 02:16 - 000291606 _____ C:\Users\John\Downloads\TCPView.zip
2018-02-09 15:43 - 2018-02-09 15:43 - 000000000 ____D C:\Users\John\Documents\FeedbackHub
2018-02-09 03:04 - 2018-02-09 03:04 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\447503E3.sys
2018-02-09 03:04 - 2018-02-09 03:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-09 03:03 - 2018-02-20 22:24 - 000000000 ____D C:\Users\John\Desktop\mbar
2018-02-09 03:03 - 2018-02-18 00:49 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-09 03:03 - 2018-02-18 00:35 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-02-09 03:02 - 2018-02-09 03:02 - 014178840 _____ (Malwarebytes Corp.) C:\Users\John\Downloads\mbar-1.10.3.1001.exe
2018-02-08 22:12 - 2018-02-08 22:12 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-08 22:12 - 2018-02-08 22:12 - 000002217 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-02-08 22:12 - 2018-02-08 22:12 - 000002217 _____ C:\ProgramData\Desktop\Google Earth Pro.lnk
2018-02-08 22:12 - 2018-02-08 22:12 - 000000000 ____D C:\Program Files\Google
2018-02-08 12:34 - 2018-02-12 13:40 - 000000000 ____D C:\Users\John\Documents\mclarty honda
2018-02-08 07:29 - 2018-02-18 13:11 - 000000000 ____D C:\Users\John\Documents\cree 5000k
2018-02-08 07:29 - 2018-02-08 07:29 - 000000000 ____D C:\Users\John\Documents\New folder
2018-02-08 07:28 - 2018-02-08 07:27 - 000003770 _____ C:\Users\John\Documents\ipconfig.all.txt
2018-02-08 06:55 - 2018-02-18 01:16 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-08 06:46 - 2018-02-08 06:46 - 001931969 _____ C:\Users\John\Downloads\ProcessExplorer.zip
2018-02-08 06:42 - 2018-02-09 16:04 - 000000000 ____D C:\Users\John\Documents\ProcessExplorer
2018-02-08 06:37 - 2018-02-17 23:39 - 000003146 _____ C:\Users\John\Desktop\Rkill.txt
2018-02-08 06:37 - 2018-02-08 06:37 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2018-02-08 06:35 - 2018-02-08 06:36 - 005659876 _____ (Swearware) C:\Users\John\Downloads\ComboFix.exe
2018-02-08 06:18 - 2018-02-08 06:18 - 000044048 _____ C:\Users\John\Desktop\dds.txt
2018-02-08 06:18 - 2018-02-08 06:18 - 000025606 _____ C:\Users\John\Desktop\attach.txt
2018-02-08 06:15 - 2018-02-08 06:16 - 000688992 ____R (Swearware) C:\Users\John\Downloads\dds.com
2018-02-08 06:08 - 2018-02-08 06:08 - 000025555 _____ C:\Users\John\Downloads\Fixlog.txt
2018-02-07 04:07 - 2018-02-07 04:14 - 000000000 ____D C:\Users\John\Documents\SDHC
2018-02-07 03:03 - 2018-02-07 03:03 - 000001885 _____ C:\Users\John\Desktop\IpConfig_Backup_02_07_2018_03_03_04.txt
2018-02-07 02:43 - 2018-02-21 08:28 - 000041497 _____ C:\Users\John\Downloads\Addition.txt
2018-02-07 02:43 - 2018-02-07 02:43 - 000032161 _____ C:\Users\John\Downloads\Shortcut.txt
2018-02-07 02:42 - 2018-02-22 12:54 - 000039945 _____ C:\Users\John\Downloads\FRST.txt
2018-02-07 02:42 - 2018-02-22 12:52 - 000000000 ____D C:\FRST
2018-02-07 02:32 - 2018-02-07 02:32 - 023195976 _____ (Solvusoft Corporation) C:\Users\John\Downloads\Setup_WinThruster_2017.exe
2018-02-07 02:23 - 2018-02-07 02:23 - 006398792 _____ C:\Users\John\Downloads\advisorinstaller.exe
2018-02-07 02:23 - 2018-02-07 02:23 - 000000000 ____D C:\Program Files (x86)\Belarc
2018-02-04 04:29 - 2018-02-04 04:29 - 001106707 _____ C:\Users\John\Desktop\Untitled.AGI
2018-02-03 16:32 - 2018-02-03 16:32 - 000001076 _____ C:\Users\John\Desktop\IpConfig_Backup_02_03_2018_16_32_15.txt
2018-02-03 16:30 - 2018-02-03 16:30 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devcon64.exe
2018-02-03 16:18 - 2018-02-18 01:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1041191953-2805693150-4082675335-1001
2018-02-03 07:47 - 2018-02-03 07:47 - 000000000 ____D C:\Users\John\AppData\LocalLow\Google
2018-02-03 07:44 - 2018-02-18 13:09 - 000000000 ____D C:\Users\John\AppData\Local\Google
2018-02-03 07:44 - 2018-02-18 12:37 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-03 07:44 - 2018-02-03 07:44 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-03 07:44 - 2018-02-03 07:44 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-03 07:43 - 2018-02-03 07:43 - 001129816 _____ (Google Inc.) C:\Users\John\Downloads\GoogleEarthProSetup(1).exe
2018-02-03 02:03 - 2018-02-03 02:03 - 000002934 _____ C:\Users\John\Desktop\IpConfig_Backup_02_03_2018_02_03_58.txt
2018-02-03 01:43 - 2018-02-18 17:01 - 000000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2018-02-03 00:40 - 2018-02-03 00:40 - 000006798 _____ C:\Users\John\Desktop\MSFT_DSCMetaConfiguration.mfl
2018-02-03 00:39 - 2018-02-03 00:39 - 000014468 _____ C:\Users\John\Desktop\MSFT_MetaConfigurationExtensionClasses.Schema.mfl
2018-02-02 11:28 - 2018-02-02 11:28 - 001129816 _____ (Google Inc.) C:\Users\John\Downloads\GoogleEarthProSetup.exe
2018-02-01 14:53 - 2018-02-01 14:53 - 000000593 _____ C:\Users\John\Desktop\mclarty45 - Shortcut.lnk
2018-01-31 12:31 - 2018-02-12 03:46 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-01-31 12:05 - 2018-02-03 04:04 - 000000000 ____D C:\Users\John\AppData\Local\McAfee_Inc
2018-01-31 12:05 - 2018-02-03 04:04 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2018-01-31 12:05 - 2018-01-31 12:05 - 000001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Safe Connect.lnk
2018-01-31 12:05 - 2018-01-31 12:05 - 000001198 _____ C:\Users\Public\Desktop\McAfee Safe Connect.lnk
2018-01-31 12:05 - 2018-01-31 12:05 - 000001198 _____ C:\ProgramData\Desktop\McAfee Safe Connect.lnk
2018-01-31 12:05 - 2018-01-31 12:05 - 000000000 ____D C:\Users\John\AppData\Roaming\McAfee Safe Connect
2018-01-31 11:59 - 2018-02-03 04:04 - 000000000 ____D C:\ProgramData\McAfee
2018-01-31 11:58 - 2018-02-18 03:15 - 000000000 ____D C:\Users\John\AppData\Local\Adobe
2018-01-31 11:32 - 2018-02-22 05:25 - 000000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
2018-01-31 11:32 - 2018-02-18 01:16 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-31 11:32 - 2018-02-18 01:16 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-31 11:32 - 2018-02-12 01:49 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-31 11:32 - 2018-01-31 11:36 - 000000000 ____D C:\Users\John\AppData\Local\Mozilla
2018-01-31 11:32 - 2018-01-31 11:32 - 000000999 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-01-31 11:32 - 2018-01-31 11:32 - 000000999 _____ C:\ProgramData\Desktop\Firefox.lnk
2018-01-31 11:32 - 2018-01-31 11:32 - 000000000 ____D C:\Users\John\AppData\Roaming\Mozilla
2018-01-31 11:31 - 2018-01-31 11:31 - 000313552 _____ (Mozilla) C:\Users\John\Downloads\Firefox Installer.exe
2018-01-31 11:26 - 2018-02-21 20:12 - 000232008 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-31 05:52 - 2018-01-31 05:52 - 000000000 ____D C:\Users\John\AppData\Local\DBG
2018-01-31 05:01 - 2018-01-31 05:04 - 010787510 _____ C:\Users\John\Documents\DESKTOP-KG14MNT.arn
2018-01-31 04:46 - 2018-01-31 04:46 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-01-31 04:32 - 2018-02-22 08:33 - 000000000 ____D C:\Users\John\AppData\Local\AGI32
2018-01-31 04:32 - 2018-02-12 01:02 - 000000000 ____D C:\Users\John\Documents\AGI32
2018-01-31 04:31 - 2018-02-22 08:18 - 000000000 ____D C:\ProgramData\AGi32
2018-01-31 04:31 - 2018-02-22 05:42 - 000000000 ____D C:\ProgramData\Lighting Analysts
2018-01-31 04:31 - 2018-02-03 04:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lighting Analysts
2018-01-31 04:31 - 2018-01-31 04:31 - 000002123 _____ C:\Users\Public\Desktop\AGi32-18.3.lnk
2018-01-31 04:31 - 2018-01-31 04:31 - 000002123 _____ C:\ProgramData\Desktop\AGi32-18.3.lnk
2018-01-31 04:31 - 2018-01-31 04:31 - 000000000 ____D C:\Program Files (x86)\Lighting Analysts
2018-01-31 04:29 - 2018-02-03 04:04 - 000000000 ____D C:\ProgramData\Downloaded Installations
2018-01-31 04:29 - 2018-01-31 04:29 - 143969624 _____ (Lighting Analysts, Inc.) C:\Users\John\Downloads\AGI32-18.3_Setup.exe
2018-01-31 04:05 - 2018-01-31 04:05 - 000388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HijackThis.exe
2018-01-30 17:58 - 2018-01-30 17:58 - 000003370 _____ C:\WINDOWS\System32\Tasks\RunAnswersByUpdateSVC
2018-01-30 17:34 - 2018-01-30 17:34 - 000000000 ___HD C:\$Windows.~WS
2018-01-30 17:33 - 2018-01-30 17:33 - 004972960 _____ C:\Users\John\Downloads\SysinternalsSuite-Nano.zip
2018-01-30 17:30 - 2018-01-30 17:30 - 018617536 _____ (Microsoft Corporation) C:\Users\John\Downloads\MediaCreationTool (1).exe
2018-01-30 17:30 - 2018-01-30 17:30 - 000000000 ____D C:\$WINDOWS.~BT
2018-01-30 17:26 - 2018-01-30 17:26 - 018617536 _____ (Microsoft Corporation) C:\Users\John\Downloads\MediaCreationTool.exe
2018-01-30 17:08 - 2018-01-30 17:08 - 000000000 __HDC C:\ProgramData\{5972383B-4083-46A8-B11A-806AF9BB05D7}
2018-01-30 17:07 - 2018-02-20 18:20 - 000000000 ____D C:\Program Files (x86)\AnswersBy PC Smartcare
2018-01-30 17:07 - 2018-02-09 02:02 - 000001096 _____ C:\Users\Public\Desktop\AnswersBy PC SmartCare.lnk
2018-01-30 17:07 - 2018-02-09 02:02 - 000001096 _____ C:\ProgramData\Desktop\AnswersBy PC SmartCare.lnk
2018-01-30 17:07 - 2018-01-30 17:07 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnswersBy PC SmartCare.lnk
2018-01-30 17:07 - 2018-01-30 17:07 - 000000000 ____D C:\Users\John\AppData\Roaming\AnswersBy PC SmartCare
2018-01-30 17:07 - 2018-01-30 17:07 - 000000000 ____D C:\Users\John\AppData\Local\III
2018-01-30 17:07 - 2018-01-30 17:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnswersBy PC Smartcare
2018-01-30 16:56 - 2018-01-30 16:56 - 018692056 _____ (My Company ) C:\PCSmartcare.exe
2018-01-30 16:36 - 2018-01-30 16:36 - 000000079 _____ C:\StandardScanScanLog.csv
2018-01-30 16:35 - 2018-01-31 11:29 - 001369088 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\libeay32.dll
2018-01-30 16:35 - 2018-01-31 11:29 - 000337408 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\ssleay32.dll
2018-01-30 16:35 - 2018-01-31 11:29 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\subinacl.exe
2018-01-30 16:35 - 2018-01-30 16:35 - 000658797 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\SQLite3.dll
2018-01-30 16:34 - 2018-01-30 16:34 - 000000000 ____D C:\Users\John\AppData\Roaming\Macromedia
2018-01-30 16:23 - 2018-01-30 16:23 - 000000000 ____D C:\Users\John\AppData\Local\Deployment
2018-01-30 16:23 - 2018-01-30 16:23 - 000000000 ____D C:\Users\John\AppData\Local\Apps\2.0
2018-01-30 16:20 - 2018-01-30 16:17 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-30 16:19 - 2018-02-20 07:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-30 16:19 - 2018-02-20 07:21 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-30 16:18 - 2018-02-20 07:21 - 130067560 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-28 12:17 - 2018-01-28 12:17 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-28 12:10 - 2018-02-22 12:23 - 000862202 _____ C:\WINDOWS\ntbtlog.txt
2018-01-28 12:09 - 2018-02-18 01:16 - 000000000 ____D C:\WINDOWS\pss
2018-01-16 21:16 - 2018-01-16 21:16 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-01-16 18:19 - 2018-01-16 18:19 - 000002387 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-16 18:19 - 2018-01-16 18:19 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-01-16 18:17 - 2018-02-03 04:04 - 000000000 ___RD C:\Users\Administrator\3D Objects
2018-01-16 18:17 - 2018-02-03 04:04 - 000000000 ____D C:\Users\Administrator
2018-01-16 18:17 - 2018-01-16 18:17 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-01-16 18:17 - 2018-01-16 18:17 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2018-01-16 18:17 - 2018-01-16 18:17 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2018-01-16 18:17 - 2018-01-16 18:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-01-16 18:17 - 2018-01-16 18:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-01-16 18:17 - 2018-01-16 16:56 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-01-16 18:15 - 2018-02-20 07:11 - 000000000 ___HD C:\Users\John\MicrosoftEdgeBackups
2018-01-16 18:14 - 2018-01-30 16:14 - 000000000 ____D C:\Users\John\AppData\Local\MicrosoftEdge
2018-01-16 18:13 - 2018-02-21 03:46 - 000000000 ___RD C:\Users\John\OneDrive
2018-01-16 18:13 - 2018-01-16 18:19 - 000003306 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-01-16 18:13 - 2018-01-16 18:13 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-01-16 18:11 - 2018-02-21 20:13 - 000000000 __SHD C:\Users\John\IntelGraphicsProfiles
2018-01-16 18:11 - 2018-02-18 03:16 - 000000000 ____D C:\Users\John\AppData\Roaming\Adobe
2018-01-16 18:11 - 2018-02-17 22:05 - 000000000 ____D C:\Users\John\AppData\Local\VirtualStore
2018-01-16 18:11 - 2018-01-30 16:38 - 000000000 ____D C:\Users\John\AppData\Local\Packages
2018-01-16 18:11 - 2018-01-16 18:17 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-01-16 18:11 - 2018-01-16 18:11 - 000000000 ___RD C:\Users\John\3D Objects
2018-01-16 18:11 - 2018-01-16 18:11 - 000000000 ____D C:\Users\John\AppData\Local\Publishers
2018-01-16 18:11 - 2018-01-16 18:11 - 000000000 ____D C:\Users\John\AppData\Local\ConnectedDevicesPlatform
2018-01-16 18:10 - 2018-02-19 05:36 - 000000000 ____D C:\Users\John
2018-01-16 18:10 - 2018-01-16 18:10 - 000000020 ___SH C:\Users\John\ntuser.ini
2018-01-16 17:47 - 2018-01-16 17:47 - 000000000 ____D C:\Users\John\AppData\Local\Comms
2018-01-16 16:32 - 2018-01-16 16:32 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2018-01-16 16:25 - 2018-01-16 16:25 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups
2018-01-16 16:25 - 2018-01-16 16:25 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2018-01-16 03:43 - 2018-02-21 20:19 - 001565954 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-01-16 03:40 - 2017-09-29 07:41 - 002241024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-01-16 03:38 - 2018-01-16 03:38 - 000000000 _SHDL C:\Users\Default User
2018-01-16 03:38 - 2018-01-16 03:38 - 000000000 _SHDL C:\Documents and Settings
2018-01-16 03:38 - 2018-01-16 03:38 - 000000000 __SHD C:\Users\All Users
2018-01-16 03:35 - 2018-01-16 03:35 - 000000000 ____D C:\ProgramData\USOShared
2018-01-16 03:29 - 2018-01-16 03:29 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-01-16 03:29 - 2018-01-16 03:29 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-01-16 03:29 - 2018-01-16 03:29 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-01-16 03:29 - 2017-11-13 05:21 - 000140296 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-01-16 03:29 - 2017-11-13 05:21 - 000116744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-01-16 03:29 - 2017-07-20 11:21 - 000905504 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-01-16 03:29 - 2017-07-20 11:21 - 000776992 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-01-16 03:29 - 2017-07-20 11:21 - 000578848 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-01-16 03:29 - 2017-07-20 11:21 - 000477472 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-01-16 03:28 - 2018-01-16 03:28 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-01-16 03:28 - 2018-01-16 03:28 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-01-16 03:28 - 2018-01-16 03:28 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-01-16 03:28 - 2018-01-16 03:28 - 000000000 ____D C:\Program Files\Realtek
2018-01-16 03:28 - 2018-01-16 03:28 - 000000000 ____D C:\Program Files\Intel
2018-01-16 03:28 - 2018-01-16 03:28 - 000000000 ____D C:\Intel
2018-01-16 03:25 - 2018-02-21 21:24 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-01-16 03:25 - 2018-02-21 20:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-01-16 03:25 - 2018-01-16 03:25 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-01-15 23:13 - 2018-01-15 23:14 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-01-15 23:13 - 2018-01-15 23:13 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-01-15 23:11 - 2018-01-15 23:11 - 000000000 ____D C:\WINDOWS\system32\Intel
2018-01-15 23:11 - 2018-01-15 23:11 - 000000000 ____D C:\WINDOWS\system32\cAVS
2018-01-15 23:10 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\Setup
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-01-15 23:05 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-01-15 23:05 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-01-15 23:05 - 2018-01-15 23:09 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\OCR
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\Program Files\MSBuild
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-01-15 23:05 - 2018-01-15 23:05 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\0409
2018-01-15 23:04 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-01-15 22:59 - 2018-01-15 23:13 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-01-15 22:59 - 2018-01-15 22:56 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-01-15 22:59 - 2018-01-15 22:56 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-01-15 22:59 - 2018-01-15 22:56 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-01-15 22:59 - 2018-01-15 22:56 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-01-15 22:59 - 2018-01-15 22:56 - 000017635 _____ C:\WINDOWS\system32\Drivers\etc\services
2018-01-15 22:59 - 2018-01-15 22:56 - 000017572 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-01-15 22:59 - 2018-01-15 22:56 - 000004096 _____ C:\WINDOWS\system32\config\VSMIDK
2018-01-15 22:59 - 2018-01-15 22:56 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-01-15 22:59 - 2018-01-15 22:56 - 000001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2018-01-15 22:59 - 2018-01-15 22:56 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-01-15 22:59 - 2018-01-15 22:56 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-01-15 22:59 - 2018-01-15 22:56 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-01-15 22:59 - 2018-01-15 22:56 - 000000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2018-01-15 22:58 - 2018-02-22 05:01 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-01-15 22:58 - 2018-02-20 08:41 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-01-15 22:58 - 2018-02-19 22:05 - 000000000 ____D C:\WINDOWS\rescache
2018-01-15 22:58 - 2018-02-19 05:52 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-01-15 22:58 - 2018-02-18 16:54 - 000000000 ___RD C:\Program Files (x86)
2018-01-15 22:58 - 2018-02-18 12:43 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-01-15 22:58 - 2018-02-18 01:16 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-01-15 22:58 - 2018-02-18 01:16 - 000000000 ____D C:\WINDOWS\appcompat
2018-01-15 22:58 - 2018-02-18 01:10 - 000000000 ____D C:\WINDOWS\registration
2018-01-15 22:58 - 2018-02-09 16:04 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-01-15 22:58 - 2018-02-06 02:14 - 000000000 ___HD C:\Program Files\WindowsApps
2018-01-15 22:58 - 2018-02-06 02:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 __RSD C:\WINDOWS\media
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\setup
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\com
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\Provisioning
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-01-15 22:58 - 2018-02-03 04:04 - 000000000 ____D C:\Program Files\Windows Defender
2018-01-15 22:58 - 2018-01-31 11:59 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-01-15 22:58 - 2018-01-31 11:59 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-01-15 22:58 - 2018-01-28 12:29 - 000000000 ____D C:\Program Files\Common Files\Services
2018-01-15 22:58 - 2018-01-16 03:41 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-01-15 22:58 - 2018-01-16 03:40 - 000000000 ____D C:\WINDOWS\system32\spool
2018-01-15 22:58 - 2018-01-16 03:40 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-01-15 22:58 - 2018-01-16 03:35 - 000000000 ____D C:\ProgramData\USOPrivate
2018-01-15 22:58 - 2018-01-16 03:30 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-01-15 22:58 - 2018-01-16 03:24 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-01-15 22:58 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\TextInput
2018-01-15 22:58 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-01-15 22:58 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\IME
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\Help
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\Program Files\Common Files\system
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-01-15 22:58 - 2018-01-15 23:04 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\ias
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-01-15 22:58 - 2018-01-15 22:59 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 __RHD C:\Users\Public\Libraries
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Web
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Vss
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\tracing
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\TAPI
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SystemResources
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SystemApps
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\ras
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\IME
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\System
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SKB
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\security
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\schemas
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SchCache
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Resources
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\PLA
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Performance
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\InputMethod
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Globalization
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Cursors
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Branding
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\addins
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Windows Security
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\windows nt
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-01-15 22:58 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-01-15 22:58 - 2018-01-15 22:56 - 000000219 _____ C:\WINDOWS\system.ini
2018-01-15 22:58 - 2018-01-15 22:56 - 000000092 _____ C:\WINDOWS\win.ini
2018-01-15 22:57 - 2018-02-18 17:15 - 000000000 ____D C:\WINDOWS\INF
2018-01-15 22:48 - 2018-02-20 07:23 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-01-15 22:44 - 2018-02-21 10:31 - 076546048 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-01-15 22:44 - 2018-02-21 10:31 - 016252928 _____ C:\WINDOWS\system32\config\SYSTEM
2018-01-15 22:44 - 2018-02-21 10:31 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2018-01-15 22:44 - 2018-02-21 10:31 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2018-01-15 22:44 - 2018-02-21 08:30 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2018-01-15 22:44 - 2018-02-21 08:30 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-01-15 22:44 - 2018-02-03 04:04 - 000000000 ____D C:\WINDOWS\servicing
2018-01-15 22:44 - 2018-01-16 03:26 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-01-15 22:44 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-01-15 22:43 - 2018-01-30 20:36 - 000000000 ____D C:\WINDOWS\Panther
2018-01-09 14:46 - 2018-01-09 13:10 - 013079786 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-01-09 14:46 - 2018-01-09 13:10 - 005887976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2018-01-09 14:46 - 2018-01-09 13:10 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-01-09 14:46 - 2018-01-09 13:10 - 003516984 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 003509200 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 003410840 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 003122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 002211304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 001347144 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000406456 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2APIPCLL.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2018-01-09 14:46 - 2018-01-09 13:10 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2018-01-09 14:46 - 2018-01-09 13:09 - 000766048 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcOED.sys
2018-01-09 14:46 - 2018-01-09 13:09 - 000246376 _____ (Intel® Corporation) C:\WINDOWS\system32\Drivers\IntcAudioBus.sys
2018-01-09 14:46 - 2018-01-09 13:09 - 000243016 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release.bin
2018-01-09 14:46 - 2018-01-09 13:09 - 000012288 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_7CAD0808-AB10-CD23-EF45-12AB34CD56EF.bin
2018-01-09 14:45 - 2018-01-09 13:10 - 005347000 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2018-01-09 14:45 - 2018-01-09 13:10 - 001554600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOProp.dll
2018-01-09 14:45 - 2018-01-09 13:10 - 001326424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DAX3APOv251.dll
2018-01-09 14:45 - 2018-01-09 13:10 - 001170872 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOvlldp.dll
2018-01-09 14:45 - 2018-01-09 13:10 - 001159184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2018-01-09 13:42 - 2018-01-09 12:17 - 009891328 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2018-01-09 13:42 - 2018-01-09 12:17 - 004332032 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCRU64.exe
2018-01-09 13:42 - 2018-01-09 12:17 - 000782304 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsPer.sys
2018-01-09 13:42 - 2018-01-09 12:17 - 000084480 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2018-01-09 13:16 - 2017-09-22 18:19 - 000778936 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-01-09 13:16 - 2017-09-22 18:19 - 000103120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-01-09 13:16 - 2017-09-22 18:19 - 000035456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-01-09 13:15 - 2017-09-28 15:50 - 001166520 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-01-09 13:15 - 2017-09-28 15:50 - 000124624 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-01-09 13:15 - 2017-09-28 15:50 - 000035456 ____N (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-01-09 10:57 - 2018-01-01 11:15 - 000956416 ____N (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-01-09 10:57 - 2018-01-01 06:54 - 000924648 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-01-09 10:57 - 2018-01-01 06:53 - 001090984 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-01-09 10:57 - 2018-01-01 06:52 - 000066712 ____N (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-01-09 10:57 - 2018-01-01 06:51 - 001414784 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-01-09 10:57 - 2018-01-01 06:51 - 001209240 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-01-09 10:57 - 2018-01-01 06:51 - 001055128 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-01-09 10:57 - 2018-01-01 06:51 - 000191816 ____N (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-01-09 10:57 - 2018-01-01 06:51 - 000059800 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-01-09 10:57 - 2018-01-01 06:50 - 005905752 ____N (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-01-09 10:57 - 2018-01-01 06:50 - 000780464 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-01-09 10:57 - 2018-01-01 06:50 - 000479912 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-01-09 10:57 - 2018-01-01 06:50 - 000077208 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-01-09 10:57 - 2018-01-01 06:49 - 008605080 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-01-09 10:57 - 2018-01-01 06:49 - 000599448 ____N (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-01-09 10:57 - 2018-01-01 06:49 - 000319352 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-01-09 10:57 - 2018-01-01 06:48 - 007831760 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-01-09 10:57 - 2018-01-01 06:48 - 001954048 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-01-09 10:57 - 2018-01-01 06:48 - 000382360 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-01-09 10:57 - 2018-01-01 06:47 - 000649304 ____N (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-01-09 10:57 - 2018-01-01 06:47 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-01-09 10:57 - 2018-01-01 06:46 - 002709704 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-01-09 10:57 - 2018-01-01 06:46 - 000898216 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-01-09 10:57 - 2018-01-01 06:46 - 000733592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-01-09 10:57 - 2018-01-01 06:46 - 000471960 ____N (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-01-09 10:57 - 2018-01-01 06:45 - 002395032 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-01-09 10:57 - 2018-01-01 06:45 - 001277848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-01-09 10:57 - 2018-01-01 06:45 - 000398744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-01-09 10:57 - 2018-01-01 06:43 - 001173576 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-01-09 10:57 - 2018-01-01 06:43 - 000367336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-01-09 10:57 - 2018-01-01 06:43 - 000062872 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-01-09 10:57 - 2018-01-01 06:42 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-01-09 10:57 - 2018-01-01 06:42 - 000494488 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-01-09 10:57 - 2018-01-01 06:42 - 000184984 ____N (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-01-09 10:57 - 2018-01-01 06:41 - 007676296 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-01-09 10:57 - 2018-01-01 06:41 - 000559512 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-01-09 10:57 - 2018-01-01 06:40 - 001206680 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-01-09 10:57 - 2018-01-01 06:39 - 000902416 ____N (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-01-09 10:57 - 2018-01-01 06:39 - 000677784 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-01-09 10:57 - 2018-01-01 06:39 - 000508264 ____N (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-01-09 10:57 - 2018-01-01 06:39 - 000362904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-01-09 10:57 - 2018-01-01 06:39 - 000129432 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-01-09 10:57 - 2018-01-01 06:38 - 003904808 ____N (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-01-09 10:57 - 2018-01-01 06:38 - 000727448 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-01-09 10:57 - 2018-01-01 06:38 - 000519152 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-01-09 10:57 - 2018-01-01 06:38 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-01-09 10:57 - 2018-01-01 06:37 - 001426664 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-01-09 10:57 - 2018-01-01 06:37 - 000461720 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-01-09 10:57 - 2018-01-01 06:36 - 000413888 ____N (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-01-09 10:57 - 2018-01-01 06:36 - 000374032 ____N (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-01-09 10:57 - 2018-01-01 06:36 - 000166296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-01-09 10:57 - 2018-01-01 06:35 - 001170008 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-01-09 10:57 - 2018-01-01 06:34 - 007385088 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-01-09 10:57 - 2018-01-01 06:34 - 001336344 ____N (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-01-09 10:57 - 2018-01-01 06:34 - 000260896 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-01-09 10:57 - 2018-01-01 06:34 - 000087384 ____N (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-01-09 10:57 - 2018-01-01 06:33 - 002773400 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-01-09 10:57 - 2018-01-01 06:33 - 000603920 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-01-09 10:57 - 2018-01-01 06:32 - 004481240 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-01-09 10:57 - 2018-01-01 06:32 - 000617304 ____N (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-01-09 10:57 - 2018-01-01 06:27 - 000163736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-01-09 10:57 - 2018-01-01 06:26 - 000428952 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-01-09 10:57 - 2018-01-01 06:25 - 000615768 ____N (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-01-09 10:57 - 2018-01-01 06:25 - 000147864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-01-09 10:57 - 2018-01-01 06:23 - 021352144 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-01-09 10:57 - 2018-01-01 06:21 - 001103768 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-01-09 10:57 - 2018-01-01 06:21 - 000614296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-01-09 10:57 - 2018-01-01 06:06 - 000311192 ____N (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-01-09 10:57 - 2018-01-01 06:03 - 000777904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-01-09 10:57 - 2018-01-01 06:03 - 000650328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-01-09 10:57 - 2018-01-01 06:03 - 000566664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-01-09 10:57 - 2018-01-01 06:03 - 000123512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-01-09 10:57 - 2018-01-01 05:53 - 001615712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-01-09 10:57 - 2018-01-01 05:49 - 000481464 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-01-09 10:57 - 2018-01-01 05:46 - 003485392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-01-09 10:57 - 2018-01-01 05:46 - 000289816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-01-09 10:57 - 2018-01-01 05:45 - 006092152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-01-09 10:57 - 2018-01-01 05:45 - 005615968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-01-09 10:57 - 2018-01-01 05:45 - 002192624 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-01-09 10:57 - 2018-01-01 05:43 - 020286120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 006479552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 004644912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 001246432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 001003152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 000982528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 000386424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 000129184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-01-09 10:57 - 2018-01-01 05:42 - 000074992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2018-01-09 10:57 - 2018-01-01 05:37 - 025247232 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-01-09 10:57 - 2018-01-01 05:34 - 000703568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-01-09 10:57 - 2018-01-01 05:25 - 002905600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-01-09 10:57 - 2018-01-01 05:25 - 001008640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-01-09 10:57 - 2018-01-01 05:25 - 000475648 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-01-09 10:57 - 2018-01-01 05:25 - 000344576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-01-09 10:57 - 2018-01-01 05:25 - 000097792 ____N C:\WINDOWS\system32\runexehelper.exe
2018-01-09 10:57 - 2018-01-01 05:24 - 003668480 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-01-09 10:57 - 2018-01-01 05:24 - 000240640 ____N (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-01-09 10:57 - 2018-01-01 05:24 - 000202240 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-01-09 10:57 - 2018-01-01 05:23 - 001313792 ____N (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-01-09 10:57 - 2018-01-01 05:23 - 000561152 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-01-09 10:57 - 2018-01-01 05:23 - 000536576 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-01-09 10:57 - 2018-01-01 05:23 - 000385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-01-09 10:57 - 2018-01-01 05:23 - 000250368 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-01-09 10:57 - 2018-01-01 05:21 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-01-09 10:57 - 2018-01-01 05:20 - 019337216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-01-09 10:57 - 2018-01-01 05:20 - 018917888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-01-09 10:57 - 2018-01-01 05:20 - 000524288 ____N (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-01-09 10:57 - 2018-01-01 05:20 - 000212992 ____N (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-01-09 10:57 - 2018-01-01 05:20 - 000204288 ____N (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 008014848 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000795136 ____N (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000461312 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000450048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000416768 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-01-09 10:57 - 2018-01-01 05:19 - 000369152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000365568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000334848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-01-09 10:57 - 2018-01-01 05:19 - 000073216 ____N (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-01-09 10:57 - 2018-01-01 05:18 - 000699904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000432640 ____N (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000431616 ____N (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000427008 ____N (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000380928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000374784 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000276480 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000261632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-01-09 10:57 - 2018-01-01 05:18 - 000259072 ____N (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 011923968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 006564864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 000616960 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 000568832 ____N (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-01-09 10:57 - 2018-01-01 05:17 - 000542208 ____N (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 005833216 ____N (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 004839424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 003676672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000956928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000831488 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000815616 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000812544 ____N (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000720896 ____N (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000664576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000594944 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000463360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-01-09 10:57 - 2018-01-01 05:16 - 000401920 ____N (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 012687872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 006029312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 002349568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 001657856 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 001245184 ____N (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 000970240 ____N (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 000951808 ____N (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 000756736 ____N (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 000588800 ____N (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 000434176 ____N (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-01-09 10:57 - 2018-01-01 05:15 - 000366080 ____N (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 023655936 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 002465280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 001495040 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 001097728 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 001003008 ____N (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 000985600 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 000917504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-01-09 10:57 - 2018-01-01 05:14 - 000870912 ____N (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-01-09 10:57 - 2018-01-01 05:13 - 013657600 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-01-09 10:57 - 2018-01-01 05:13 - 012830208 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-01-09 10:57 - 2018-01-01 05:13 - 003121664 ____N (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-01-09 10:57 - 2018-01-01 05:13 - 002869760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-01-09 10:57 - 2018-01-01 05:13 - 001559552 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-01-09 10:57 - 2018-01-01 05:13 - 000897024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-01-09 10:57 - 2018-01-01 05:12 - 002633216 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-01-09 10:57 - 2018-01-01 05:12 - 002208768 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-01-09 10:57 - 2018-01-01 05:12 - 001573376 ____N (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-01-09 10:57 - 2018-01-01 05:12 - 001547776 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-01-09 10:57 - 2018-01-01 05:12 - 001424896 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-01-09 10:57 - 2018-01-01 05:12 - 000464384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 008108544 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 004748288 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 003334144 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 003165696 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 002859520 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 002082304 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-01-09 10:57 - 2018-01-01 05:11 - 001822208 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 001816576 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 001597952 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 001343488 ____N (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 001231872 ____N (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 000880640 ____N (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 000812032 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-01-09 10:57 - 2018-01-01 05:11 - 000715776 ____N (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-01-09 10:57 - 2018-01-01 05:10 - 003126272 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-01-09 10:57 - 2018-01-01 05:09 - 001487872 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-01-09 10:57 - 2018-01-01 05:09 - 000925184 ____N (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-01-09 10:57 - 2018-01-01 05:09 - 000666624 ____N (Microsoft Corporation) C:\WINDOWS\system32\DbgModel.dll
2018-01-09 10:57 - 2018-01-01 05:09 - 000599552 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-01-09 10:57 - 2018-01-01 05:08 - 000963072 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-01-09 10:57 - 2018-01-01 05:08 - 000726016 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-01-09 10:57 - 2018-01-01 05:08 - 000685056 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-01-09 10:57 - 2018-01-01 05:05 - 002510848 ____N (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-01-09 10:57 - 2018-01-01 05:05 - 001160704 ____N (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-01-09 10:56 - 2018-01-01 06:49 - 000292376 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-01-09 10:56 - 2018-01-01 06:42 - 001029016 ____N (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-01-09 10:56 - 2018-01-01 06:42 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-01-09 10:56 - 2018-01-01 06:41 - 000549552 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-01-09 10:56 - 2018-01-01 06:38 - 000038808 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-01-09 10:56 - 2018-01-01 06:36 - 000113560 ____N (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-01-09 10:56 - 2018-01-01 06:36 - 000057752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-01-09 10:56 - 2018-01-01 06:35 - 000075160 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-01-09 10:56 - 2018-01-01 06:26 - 000081304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-01-09 10:56 - 2018-01-01 05:49 - 000258808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2018-01-09 10:56 - 2018-01-01 05:45 - 000450928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-01-09 10:56 - 2018-01-01 05:24 - 000096256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-01-09 10:56 - 2018-01-01 05:24 - 000038912 ____N (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2018-01-09 10:56 - 2018-01-01 05:23 - 000232960 ____N (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-01-09 10:56 - 2018-01-01 05:23 - 000121344 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-01-09 10:56 - 2018-01-01 05:23 - 000080384 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-01-09 10:56 - 2018-01-01 05:23 - 000047104 ____N (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-01-09 10:56 - 2018-01-01 05:22 - 000031744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-01-09 10:56 - 2018-01-01 05:22 - 000025600 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-01-09 10:56 - 2018-01-01 05:22 - 000017408 ____N (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-01-09 10:56 - 2018-01-01 05:21 - 000268288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-01-09 10:56 - 2018-01-01 05:21 - 000233984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppLockerCSP.dll
2018-01-09 10:56 - 2018-01-01 05:21 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-01-09 10:56 - 2018-01-01 05:21 - 000097280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2018-01-09 10:56 - 2018-01-01 05:21 - 000097280 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-01-09 10:56 - 2018-01-01 05:21 - 000080896 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-01-09 10:56 - 2018-01-01 05:21 - 000062976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-01-09 10:56 - 2018-01-01 05:20 - 000459776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000397824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000225792 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-01-09 10:56 - 2018-01-01 05:20 - 000215552 ____N (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000186368 ____N (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000175616 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000134656 ____N (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000104960 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000082432 ____N (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2018-01-09 10:56 - 2018-01-01 05:20 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-01-09 10:56 - 2018-01-01 05:20 - 000035328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshhttp.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000675328 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000430080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000340480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-01-09 10:56 - 2018-01-01 05:19 - 000316928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-01-09 10:56 - 2018-01-01 05:19 - 000188416 ____N (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000174592 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\P2P.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000149504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000142848 ____N (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000097792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msoert2.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000093696 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000079872 ____N (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000063488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2018-01-09 10:56 - 2018-01-01 05:19 - 000043008 ____N (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000748032 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000588800 ____N (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000465920 ____N (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000436224 ____N (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000425984 ____N (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000391168 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000369664 ____N (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000343040 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000336896 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000210944 ____N (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000144896 ____N (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-01-09 10:56 - 2018-01-01 05:18 - 000082944 ____N (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 001485312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000791552 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000594432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000555520 ____N (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000456704 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000423936 ____N (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000341504 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-01-09 10:56 - 2018-01-01 05:17 - 000228352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-01-09 10:56 - 2018-01-01 05:17 - 000112640 ____N (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-01-09 10:56 - 2018-01-01 05:16 - 000966656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-01-09 10:56 - 2018-01-01 05:16 - 000668160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-01-09 10:56 - 2018-01-01 05:16 - 000624128 ____N (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-01-09 10:56 - 2018-01-01 05:16 - 000235008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-01-09 10:56 - 2018-01-01 05:16 - 000086528 ____N (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-01-09 10:56 - 2018-01-01 05:16 - 000076288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2018-01-09 10:56 - 2018-01-01 05:15 - 000258560 ____N (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-01-09 10:56 - 2018-01-01 05:13 - 002013184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-01-09 10:56 - 2018-01-01 05:13 - 001474560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-01-09 10:56 - 2018-01-01 05:12 - 000760320 ____N (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-01-09 10:56 - 2018-01-01 05:10 - 002528256 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-01-09 10:56 - 2018-01-01 05:10 - 000012800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscproxystub.dll
2018-01-09 10:56 - 2018-01-01 05:08 - 000505344 ____N (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-01-09 10:56 - 2018-01-01 05:06 - 000018944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-01-09 10:56 - 2018-01-01 05:05 - 000050176 ____N (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 021754368 ____N (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 017159680 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 017084416 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 013703168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 007545344 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 006791472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 006466048 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 006015200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 004814848 ____N (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 004772352 ____N (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 004592640 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 004504456 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 004385280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 004249600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 003578368 ____N (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 003478016 ____N (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 003331520 ____N C:\WINDOWS\system32\Windows.Mirage.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 003211776 ____N (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 003186688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 003010720 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002972672 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002890240 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002864640 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002859520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002783744 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002717392 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002666496 ____N (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002596352 ____N (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 002573208 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 002491112 ____N C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002465848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002446744 ____N (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002412168 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002393600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002339296 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002269080 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002117632 ____N (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 002105856 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 001990160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001980928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001970520 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001925296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001806336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001776272 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001739264 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001694224 ____N (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001670656 ____N (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001666048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001664000 ____N (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001663488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001642520 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001636376 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001634288 ____N (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001585376 ____N (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001570816 ____N (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 001558856 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001554216 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001528904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001522176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001509888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001507736 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001498112 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001490328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001488792 ____N (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001474680 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001470976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001463856 ____N (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001454568 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001432816 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001425408 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001377080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001353728 ____N (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001323840 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001321472 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001289216 ____N (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001280000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001261864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001259344 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001230848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001167360 ____N (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001148216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001145104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001124760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001058304 ____N (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001057824 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001054720 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001054280 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 001015008 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001012120 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001003104 ____N (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000979352 ____N (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000975872 ____N C:\WINDOWS\system32\FaceProcessor.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000899584 ____N (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000891800 ____N (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000887296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000882688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000841728 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000840440 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000830464 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000823808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000791960 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000770048 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000769096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcrt.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000768512 ____N (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000754688 ____N (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000749976 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000747416 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000746904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Services.TargetedContent.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000739696 ____N (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000721592 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000710912 ____N (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000708096 ____N (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000705944 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000703536 ____N (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000676352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000666112 ____N (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000665088 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000661664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000660480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000654848 ____N (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000654048 ____N (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000640512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000630752 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000618496 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000614912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000612760 ____N (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000610712 ____N (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000601088 ____N (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000597160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000592280 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000591872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000590944 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000566272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000559616 ____N (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000557056 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9on12.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000556544 ____N (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000555416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-12-13 19:33 - 2017-12-13 19:33 - 000539136 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicExtensions.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000534528 ____N (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000529408 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000525208 ____N (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000516096 ____N (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000514560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtrmgr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000506256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000496640 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000495000 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000487424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcSpecfc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000481792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000479912 ____N (Microsoft Corporation) C:\WINDOWS\system32\wow64win.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000478208 ____N (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000474112 ____N (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000464408 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000462336 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000456704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000444928 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000442880 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000437144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-12-13 19:33 - 2017-12-13 19:33 - 000436120 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000432640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000418712 ____N (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000404888 ____N (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000401304 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000394752 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000373656 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000372224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000363008 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000362176 ____N (Microsoft Corporation) C:\WINDOWS\system32\BioIso.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000361984 ____N (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000354304 ____N (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000354200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000353848 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000353688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000351232 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000339968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000336896 ____N (Microsoft Corporation) C:\WINDOWS\system32\HolographicRuntimes.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000329728 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000327680 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000326144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000315392 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000308736 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000306688 ____N (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000301056 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000293888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000292864 ____N (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000285080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000271872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SpatializerApo.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000269696 ____N C:\WINDOWS\system32\FaceProcessorCore.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000266752 ____N (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000264040 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000259072 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000254976 ____N (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000246272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000246168 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000242176 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000239104 ____N (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000238080 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000235520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000230296 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000227328 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000222208 ____N (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000211456 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000206336 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000198888 ____N (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000187288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000175104 ____N (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000174080 ____N (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000172544 ____N (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000170496 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000169472 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000168448 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000164864 ____N (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000160256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000151040 ____N (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000150528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000149400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000147456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscript.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000143360 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000137544 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000136704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gamingtcui.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000135168 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000133632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000126464 ____N (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000124928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000115200 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000114688 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000101376 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscript.ocx
2017-12-13 19:33 - 2017-12-13 19:33 - 000098304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000097144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000095744 ____N (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000092160 ____N (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000086016 ____N (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000085504 ____N (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000084992 ____N (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000079360 ____N (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000070656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000068096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\acppage.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000065536 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000064512 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CapabilityAccessManagerClient.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000060824 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000059392 ____N (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000058880 ____N (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000057856 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000056320 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000048112 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000046080 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000045464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000041984 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdrleakdiag.exe
2017-12-13 19:33 - 2017-12-13 19:33 - 000041472 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-12-13 19:33 - 2017-12-13 19:33 - 000022528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcVSp1res.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000022528 ____N (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000021504 ____N (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000019456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000008704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-01-30 17:35 - 2006-11-01 14:06 - 000174968 _____ (Sysinternals - www.sysinternals.com) C:\Users\John\Desktop\AccessEnum.exe
2018-01-30 17:35 - 2006-11-01 14:05 - 000150328 _____ C:\Users\John\Desktop\ctrl2cap.exe
2018-01-30 17:35 - 2006-09-27 18:04 - 000010104 _____ (Systems Internals) C:\Users\John\Desktop\ctrl2cap.amd.sys

Some files in TEMP:
====================
2018-02-16 11:01 - 2001-09-28 16:00 - 000164864 _____ () C:\Users\John\AppData\Local\Temp\GLB1A2B.EXE
2018-02-18 17:10 - 2018-02-18 17:12 - 172147200 _____ () C:\Users\John\AppData\Local\Temp\HPInstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {f80db3b6-fa7b-11e7-8a08-8e612c5a83c2}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 0

Windows Boot Loader
-------------------
identifier              {81da7bfe-f4f9-11e7-8589-9e6b66af72c9}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{81da7bff-f4f9-11e7-8589-9e6b66af72c9}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{81da7bff-f4f9-11e7-8589-9e6b66af72c9}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.exe
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {81da7bfe-f4f9-11e7-8589-9e6b66af72c9}
displaymessageoverride  CommandPrompt
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {f80db3b6-fa7b-11e7-8a08-8e612c5a83c2}
nx                      OptIn
bootmenupolicy          Standard
bootlog                 Yes
sos                     Yes

Resume from Hibernate
---------------------
identifier              {f80db3b6-fa7b-11e7-8a08-8e612c5a83c2}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {81da7bfe-f4f9-11e7-8589-9e6b66af72c9}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Local

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {81da7bff-f4f9-11e7-8589-9e6b66af72c9}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


LastRegBack: 2018-02-20 08:41



#4 chilidog33

chilidog33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 22 February 2018 - 02:38 PM

\ditional scan result of Farbar Recovery Scan Tool (x64) Version: 21.02.2018
Ran by John (22-02-2018 12:55:26)
Running from C:\Users\John\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2018-01-16 09:40:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1041191953-2805693150-4082675335-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1041191953-2805693150-4082675335-503 - Limited - Disabled)
Guest (S-1-5-21-1041191953-2805693150-4082675335-501 - Limited - Disabled)
John (S-1-5-21-1041191953-2805693150-4082675335-1001 - Administrator - Enabled) => C:\Users\John
WDAGUtilityAccount (S-1-5-21-1041191953-2805693150-4082675335-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Administrative Templates (.admx) for Windows 10 Creators Update (HKLM-x32\...\{975FF7BB-54F2-4982-9905-F2E2EBA5A620}) (Version: 2.0 - Microsoft Corporation)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.4.1.298 - Adobe Systems Incorporated)
Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AGI32-18.3 (HKLM-x32\...\{8153829E-E629-4240-A676-E6E9C1C2A1E1}) (Version: 18.03.00 - Lighting Analysts, Inc.)
Amazing Photo Editor V7.9.2 (HKLM-x32\...\Amazing Photo Editor V7.9.2) (Version: hxxp://www.SilverEagleSoft.com - Silver Eagle Software, Inc.)
AnswersBy PC Smartcare (HKLM-x32\...\{4137CB7D-7777-4374-BC93-CE7E7E72799E}) (Version: 1.2.0.2 - My Company) Hidden
AnswersBy PC Smartcare (HKLM-x32\...\AnswersBy PC Smartcare) (Version: 1.2.0.2 - Sutherland Global Services)
Belarc Advisor 8.6 (HKLM-x32\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 64.0.3282.167 - Google Inc.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
HP DeskJet 3830 series Basic Device Software (HKLM\...\{B681E60C-50B0-4376-8BF8-696084197023}) (Version: 40.11.1124.17107 - HP Inc.)
HP DeskJet 3830 series Help (HKLM-x32\...\{71454577-027B-4866-A57A-F1D96AD8617E}) (Version: 35.0.0 - Hewlett Packard)
HP Dropbox Plugin (HKLM-x32\...\{D12BC084-97D6-438A-AA7C-5962608D17A0}) (Version: 36.0.41.58587 - HP)
HP Google Drive Plugin (HKLM-x32\...\{BFA42100-DB54-467A-BB87-CF70732B4065}) (Version: 36.0.41.58587 - HP)
HP OfficeJet 3830 series Basic Device Software (HKLM\...\{165CDB14-4CD3-4D4D-A38A-3FF93FAAFD5C}) (Version: 40.11.1119.1786 - HP Inc.)
HP OfficeJet 3830 series Help (HKLM-x32\...\{1FCCD112-2F27-463D-8C36-1D5C29A3BB3E}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
McAfee Safe Connect (HKLM-x32\...\{F210DAEC-9E43-467E-87E8-B02DA469CFFC}) (Version: 1.4.1.150 - McAfee, Inc)
Microsoft OneDrive (HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\...\OneDriveSetup.exe) (Version: 17.005.0107.0008 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
Product Improvement Study for HP DeskJet 3830 series (HKLM\...\{2C00CB98-358F-450B-BC7F-AD614055AA94}) (Version: 40.11.1124.17107 - HP Inc.)
Product Improvement Study for HP OfficeJet 3830 series (HKLM\...\{F1E13468-92EB-4AB7-8F1C-CC09A286C9B9}) (Version: 40.11.1119.1786 - HP Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8224 - Realtek Semiconductor Corp.)
UnHackMe 9.60 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1041191953-2805693150-4082675335-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxDTCM.dll [2017-11-13] (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {35757C6F-5966-4CBA-A22B-2444E50085AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-30] (Microsoft Corporation)
Task: {3D3D2457-799D-4AEB-A112-CA9B22D88833} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2018-01-31] (Greatis Software)
Task: {3DE31DE8-0B1A-480A-9775-5D3FCCA498EE} - System32\Tasks\RunAnswersByUpdateSVC => C:\Program Files (x86)\AnswersBy PC SmartCare\AnswersByUpdateSVC.exe [2017-10-02] ()
Task: {61FCB0E3-917D-49E1-8A19-F3F667B175CE} - System32\Tasks\S-1-5-21-1041191953-2805693150-4082675335-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {67987A37-BDCD-44DC-A967-582E2FCCCD69} - System32\Tasks\AdobeGCInvoker-1.0-DESKTOP-KG14MNT-John => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-01-05] (Adobe Systems, Incorporated)
Task: {8426CCB7-5485-44BB-87D2-B3AAF951448E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-30] (Microsoft Corporation)
Task: {8C1EEE8A-D95A-480F-9906-EB3940F64A14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-30] (Microsoft Corporation)
Task: {AF9C0446-3330-4144-A42B-1D95122EE964} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: {B2B85D68-3780-4725-946D-80A85716B2FD} - System32\Tasks\HPCustParticipation HP OfficeJet 3830 series => C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPCustPartic.exe [2017-03-27] (HP Inc.)
Task: {C1B2736C-EA73-4FC8-8C52-64548D3AEE1D} - System32\Tasks\HPCustParticipation HP DeskJet 3830 series => C:\Program Files\HP\HP DeskJet 3830 series\Bin\HPCustPartic.exe [2017-04-18] (HP Inc.)
Task: {F11E1BF3-6FE1-4185-BDE6-935EBAB31579} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-30] (Microsoft Corporation)
Task: {F65F8423-223D-47A2-98BF-279215E98D7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 ____N () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 011044864 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001804288 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-16 16:56 - 2018-01-16 16:56 - 004698840 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11712.1001.16.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 001558136 _____ () C:\Program Files\Google\Google Earth Pro\client\IGCore.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 000352888 _____ () C:\Program Files\Google\Google Earth Pro\client\IGUtils.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 000766072 _____ () C:\Program Files\Google\Google Earth Pro\client\IGMath.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 001686136 _____ () C:\Program Files\Google\Google Earth Pro\client\alchemy\ogl\IGSg.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 000938104 _____ () C:\Program Files\Google\Google Earth Pro\client\alchemy\ogl\IGAttrs.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 006699640 _____ () C:\Program Files\Google\Google Earth Pro\client\alchemy\ogl\IGGfx.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 034359928 _____ () C:\Program Files\Google\Google Earth Pro\client\googleearth_pro.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 006056568 _____ () C:\Program Files\Google\Google Earth Pro\client\avcodec-57.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 002456696 _____ () C:\Program Files\Google\Google Earth Pro\client\avformat-57.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 000823928 _____ () C:\Program Files\Google\Google Earth Pro\client\avutil-55.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 000364664 _____ () C:\Program Files\Google\Google Earth Pro\client\swresample-2.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 000909944 _____ () C:\Program Files\Google\Google Earth Pro\client\swscale-4.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 000034424 _____ () C:\Program Files\Google\Google Earth Pro\client\alchemyext.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 000902776 _____ () C:\Program Files\Google\Google Earth Pro\client\IGExportCommon.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 001300088 _____ () C:\Program Files\Google\Google Earth Pro\client\IGOpt.dll
2018-02-05 16:41 - 2018-02-05 16:41 - 000139776 _____ () C:\Program Files\Google\Google Earth Pro\client\libexpat.dll
2018-02-05 18:03 - 2018-02-05 18:03 - 000181368 _____ () C:\Program Files\Google\Google Earth Pro\client\alchemy\optimizations\IGOptExtension.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 000047616 ____N () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 004173824 ____N () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2017-09-29 07:41 - 2017-09-29 07:41 - 003634176 ____N () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2018-02-14 05:03 - 2018-02-14 05:03 - 067115984 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2018-01-30 08:38 - 2018-01-30 08:38 - 000118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2018-01-30 08:39 - 2018-01-30 08:39 - 000214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2018-01-30 08:38 - 2018-01-30 08:38 - 000117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2018-01-30 08:38 - 2018-01-30 08:38 - 000125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2018-02-14 05:26 - 2018-02-14 05:26 - 000099800 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2018-01-30 08:38 - 2018-01-30 08:38 - 000086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-01-15 22:59 - 2018-02-21 07:30 - 000009444 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 12finance.com
0.0.0.0 12kotov.ru
0.0.0.0 144.76.201.175
0.0.0.0 195.22.127.157
0.0.0.0 1dnscontrol.com
0.0.0.0 adsrvr.org
0.0.0.0 adsymptotic.com
0.0.0.0 advertising.com
0.0.0.0 akisho.ru
0.0.0.0 alphashoppers.com
0.0.0.0 altocloudmedia.com
0.0.0.0 amtomil.ru
0.0.0.0 appchucklegift.com
0.0.0.0 asedownloadgate.com
0.0.0.0 atwola.com
0.0.0.0 backupcdn.com
0.0.0.0 bestapps4ever161.download
0.0.0.0 bet-booom.ru
0.0.0.0 bfmio.com
0.0.0.0 bluekai.com
0.0.0.0 butcaketforthen.com
0.0.0.0 bywinners.men
0.0.0.0 cdndepot.com
0.0.0.0 cd-sec.com
0.0.0.0 celebritytrends.tv
0.0.0.0 champlaintechnology.com
0.0.0.0 chromesearch.win
0.0.0.0 clapflab.ru
0.0.0.0 click-now-on.me
0.0.0.0 corulu.com

There are 322 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"
HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [AllJoyn-Router-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [AllJoyn-Router-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [ProximityUxHost-Sharing-Out-TCP-NoScope] => (Block) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [FPS-LLMNR-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [Collab-PNRP-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-OUT] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-RAServer-Out-TCP-NoScope-Active] => (Block) %SystemRoot%\system32\raserver.exe
FirewallRules: [RemoteAssistance-Out-TCP-Active] => (Block) %SystemRoot%\system32\msra.exe
FirewallRules: [RemoteAssistance-SSDPSrv-Out-UDP-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [RemoteAssistance-PnrpSvc-UDP-OUT-Active] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [PlayTo-Out-UDP-NoScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-LocalSubnetScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-Out-UDP-PlayToScope] => (Block) %SystemRoot%\system32\mdeserver.exe
FirewallRules: [PlayTo-QWave-Out-UDP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [PlayTo-QWave-Out-TCP-PlayToScope] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [WFDPRINT-DAFWSD-Out-Active] => (Block) %SystemRoot%\system32\dashost.exe
FirewallRules: [WFDPRINT-SPOOL-Out-Active] => (Block) %SystemRoot%\system32\spoolsv.exe
FirewallRules: [WFDPRINT-SCAN-Out-Active] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [Microsoft-Windows-WLANSvc-ASP-CP-Out] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [MCX-SSDPSrv-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MCX-QWave-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MCX-QWave-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MCX-MCX2SVC-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MCX-PlayTo-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MCX-PlayTo-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MCX-FDPHost-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [CDPSvc-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [CDPSvc-Out-TCP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [MDNS-Out-UDP] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{28F77A9A-5ACE-408A-8AAA-430AAAD2ADB5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{5A67B42C-8206-483E-8AD3-CF853377F90E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{62E9A9E9-5DE6-4131-820E-1E7656864B37}] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{828C47D3-B352-493A-8831-87683A99318A}] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{DB7F6219-9707-468F-AEC8-2BE3CBFFA018}] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{51A9716D-F9CB-4B49-977F-84D8313ECAF7}] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{FE8EAF56-74D1-4274-B3D0-4491B5FFA921}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{9D763CAE-C982-4A63-B918-BA938410F6DB}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{E57FB24B-9DDF-4A2F-9321-ECF8BEE4D3D8}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{E68ADD09-B646-4E68-A68C-C406652CADDB}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{B7824AF4-B37E-4292-B390-297B83D12382}] => (Block) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [{CCB1D2A1-6213-4385-B807-9DE86EDA9D56}] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [{0F5C4044-FCEC-4DC7-B190-800E02480F74}] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{9BC9E88A-F3FE-4E8D-8A21-960FFD934AF3}] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{8DC55326-4A41-4C78-AD48-0E4BCF212EE7}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B9B1323D-7E2E-4420-8CA8-EF2389BC79EA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{C307D148-F1BA-49AC-9A00-F094036CFEDF}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{A0879E3F-1E12-48AD-87D2-415C6F1F5774}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{31E891FC-4F69-45F6-8A0C-AE007AA6F0AF}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{BBB15103-2C36-4091-8CAB-F4A6A87E9D02}] => (Block) %systemroot%\system32\svchost.exe
FirewallRules: [{27EE7519-1FB7-4EAC-AA65-3ABE21777C07}] => (Block) %SystemRoot%\system32\svchost.exe
FirewallRules: [{DA40D397-3416-4C6D-AD54-F777CE69DAC2}] => (Block) %SystemRoot%\system32\proximityuxhost.exe
FirewallRules: [{62B1A029-FCF5-430F-9371-D4854B09D0B9}] => (Allow) LPort=139
FirewallRules: [{30CCAAFC-15A9-4829-A67F-D59769E02409}] => (Block) LPort=139
FirewallRules: [{EEB7D5C6-3942-4363-935D-A1310281BA32}] => (Block) LPort=139
FirewallRules: [{D6F71E79-6C3B-4DEB-83F3-0D53B9D63F86}] => (Block) LPort=445
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777935}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA9}}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{85B34758-97A3-4a63-832A-9825D8777934}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{9187CF69-6824-487d-A9F0-AFF5C2C29BA8}}] => (Allow) C:\Program Files (x86)\UnHackMe\regruninfo.exe
FirewallRules: [{DB4B96D0-9F7C-4FE7-84FD-47F99921E5B1}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{76FEC9F0-5F21-486D-BE8A-43555832CBE0}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{13A64E32-1098-41B7-9A48-2D18236F8529}] => (Allow) C:\Program Files (x86)\UnHackMe\wu.exe
FirewallRules: [{F801C86D-64B0-4AC8-A1AE-887F8598B594}] => (Allow) C:\Program Files (x86)\UnHackMe\RegRunInfo.exe
FirewallRules: [{4167C961-37D6-4D03-B7B1-160A3A5ED1C3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DFD29422-F706-4EB2-BCEF-4CD47961C0AC}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\bin\FaxApplications.exe
FirewallRules: [{495EDC8F-6502-4478-B110-455E29816323}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\bin\DigitalWizards.exe
FirewallRules: [{813E7A5B-FA34-4924-AFB8-0A3A25F999CE}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\bin\SendAFax.exe
FirewallRules: [{8F361402-B195-4563-B909-DA1F0ADF7829}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\bin\FaxPrinterUtility.exe
FirewallRules: [{19B2D538-E68D-4821-A807-DCE197549F43}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\Bin\DeviceSetup.exe
FirewallRules: [{32F8E511-904C-45E5-826F-40BA726A8662}] => (Allow) LPort=5357
FirewallRules: [{769B7B4F-34AF-48B0-B866-0110AF03F026}] => (Allow) C:\Program Files\HP\HP DeskJet 3830 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8F6B75E3-94D0-48DE-862A-0B658296AD36}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS2EEE\HPDiagnosticCoreUI.exe
FirewallRules: [{C4FA4350-18AB-46DF-8A2D-C5D31F80CDA8}] => (Allow) C:\Users\John\AppData\Local\Temp\7zS2EEE\HPDiagnosticCoreUI.exe
FirewallRules: [{80320163-FBEB-4163-A708-47BB5B89DCA7}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxApplications.exe
FirewallRules: [{6DAAB3E7-A61E-4485-B399-7431ECC7C676}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\DigitalWizards.exe
FirewallRules: [{047990D0-64B9-4BE4-8A55-6C3CBAC53939}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\SendAFax.exe
FirewallRules: [{2F59C31E-3497-4EE7-B9D6-FB450F2B8DA9}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\bin\FaxPrinterUtility.exe
FirewallRules: [{884FB533-35F4-4574-86E1-B50492E97B0E}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\DeviceSetup.exe
FirewallRules: [{5966E637-F80C-4A82-8E9F-0866B1F57FEA}] => (Allow) C:\Program Files\HP\HP OfficeJet 3830 series\Bin\HPNetworkCommunicatorCom.exe

==================== Restore Points =========================

03-02-2018 03:36:47 Restore Operation
07-02-2018 02:32:54 Installed WinThruster.
09-02-2018 15:51:53 5
09-02-2018 15:54:09 Restore Operation
10-02-2018 11:10:06 aa
12-02-2018 01:39:09 Restore Operation
17-02-2018 22:19:04 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
18-02-2018 01:05:53 Restore Operation

==================== Faulty Device Manager Devices =============

Name: HD WebCam
Description: USB Video Device
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Radio Device Enumeration Bus
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Dual Band Wireless-AC 3168
Description: Intel® Dual Band Wireless-AC 3168
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: Netwtw04
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/21/2018 12:03:35 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AGI32-18.3.exe, version: 18.3.0.2, time stamp: 0x598200a3
Faulting module name: KERNELBASE.dll, version: 10.0.16299.15, time stamp: 0x2cd1ce3d
Exception code: 0xc000008f
Fault offset: 0x001008b2
Faulting process id: 0x914
Faulting application start time: 0x01d3aa657460d5cd
Faulting application path: C:\Program Files (x86)\Lighting Analysts\AGi32\AGI32-18.3.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 758e491d-b1ae-46af-811b-68421fa806a8
Faulting package full name:
Faulting package-relative application ID:

Error: (02/21/2018 12:03:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AGI32-18.3.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c000008f, exception address 744708B2
Stack:

Error: (02/20/2018 07:23:07 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (02/20/2018 03:41:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 10.0.16299.15, time stamp: 0x59cda938
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.98, time stamp: 0x950216af
Exception code: 0xc0000409
Fault offset: 0x000000000052302b
Faulting process id: 0x1500
Faulting application start time: 0x01d3aa2eeba4fa9c
Faulting application path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: c38029e4-3cbe-4d39-8b99-5763c7897b54
Faulting package full name:
Faulting package-relative application ID:

Error: (02/20/2018 03:40:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 10.0.16299.15, time stamp: 0x59cda938
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.98, time stamp: 0x950216af
Exception code: 0xc0000409
Fault offset: 0x000000000052302b
Faulting process id: 0xc44
Faulting application start time: 0x01d3aa2ee76618aa
Faulting application path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 31417358-99d1-45a3-887e-620fe20b366f
Faulting package full name:
Faulting package-relative application ID:

Error: (02/20/2018 03:15:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 10.0.16299.15, time stamp: 0x59cda938
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.98, time stamp: 0x950216af
Exception code: 0xc0000409
Fault offset: 0x000000000052302b
Faulting process id: 0x10c8
Faulting application start time: 0x01d3aa2b521f6025
Faulting application path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: a82e2287-c578-4cd7-ac7a-3078953a441a
Faulting package full name:
Faulting package-relative application ID:

Error: (02/20/2018 03:14:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 10.0.16299.15, time stamp: 0x59cda938
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.98, time stamp: 0x950216af
Exception code: 0xc0000409
Fault offset: 0x000000000052302b
Faulting process id: 0x2bcc
Faulting application start time: 0x01d3aa2b2e3234e0
Faulting application path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 9c6ca1c9-2316-400b-9146-2812f49924ce
Faulting package full name:
Faulting package-relative application ID:

Error: (02/20/2018 03:13:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 10.0.16299.15, time stamp: 0x59cda938
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.16299.98, time stamp: 0x950216af
Exception code: 0xc0000409
Fault offset: 0x000000000052302b
Faulting process id: 0x1f88
Faulting application start time: 0x01d3aa2b2016df55
Faulting application path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: e1cf4db8-72d0-4ba7-99af-503c28f17c7b
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (02/22/2018 10:48:32 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-KG14MNT)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-KG14MNT\John SID (S-1-5-21-1041191953-2805693150-4082675335-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (02/21/2018 08:15:14 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error:
Unspecified error

Error: (02/21/2018 08:15:14 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-KG14MNT)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.

Error: (02/21/2018 08:13:11 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The RasMan service depends on the SstpSvc service which failed to start because of the following error:
The operation completed successfully.

Error: (02/21/2018 08:13:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The CDPSvc service terminated with the following error:
Unspecified error

Error: (02/21/2018 08:12:41 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The IntelAudioService service terminated with the following service-specific error:
The operation completed successfully.

Error: (02/21/2018 08:12:18 PM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (02/21/2018 07:20:40 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WarpJITSvc service terminated unexpectedly.  It has done this 6 time(s).


Windows Defender:
===================================
Date: 2018-02-22 12:26:51.434
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {D399567E-0BEA-413B-AFC5-4E17EEB9F187}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-02-22 12:25:39.413
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {29CDD7D8-944B-46D8-8D56-7E5AF1D4D249}
Scan Type: Antimalware
Scan Parameters: Full Scan

Date: 2018-02-21 20:45:02.969
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B7A6665B-2584-4B7C-BC04-D7D94144CDF7}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-21 20:36:55.081
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {6A52C422-D36F-4BB7-8474-D43A515B5FE7}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-19 12:45:28.076
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {37058BF5-A87D-47D6-89C9-08331EC675B0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-22 11:55:30.778
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1320.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80070005
Error description: Access is denied.

Date: 2018-02-22 11:55:30.776
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1320.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80070005
Error description: Access is denied.

Date: 2018-02-22 11:55:29.998
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1320.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80070005
Error description: Access is denied.

Date: 2018-02-22 11:55:29.996
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1320.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80070005
Error description: Access is denied.

Date: 2018-02-22 11:55:28.927
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1320.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80070005
Error description: Access is denied.

CodeIntegrity:
===================================

Date: 2018-01-30 17:40:44.420
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\John\Desktop\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-16 03:36:17.029
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-01-16 03:36:17.026
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 59%
Total physical RAM: 8075.6 MB
Available physical RAM: 3238.96 MB
Total Virtual: 9355.6 MB
Available Virtual: 2820.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.55 GB) (Free:812.56 GB) NTFS

\\?\Volume{a8284e51-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{a8284e51-0000-0000-0000-70c2e8000000}\ () (Fixed) (Total:0.47 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A8284E51)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS)
 



#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:45 AM

Posted 27 February 2018 - 08:26 AM

chilidog33:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:45 AM

Posted 27 February 2018 - 12:03 PM

chilidog33:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Are you familiar with this program, which is installed on your computer?
 

AnswersBy PC Smartcare (HKLM-x32\...\AnswersBy PC Smartcare) (Version: 1.2.0.2 - Sutherland Global Services)

 

Bleeping Computer does not recommend the use of system optimizers. Please see this link for more details and decide for yourself whether you wish to keep it. If you uninstall it, please let me know, so that I can subsequently look for any remnants that may have been left behind.

.

:step2: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\Program Files (x86)\Lighting Analysts\AGi32\AGI32-18.3.exe;C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe
File: C:\WINDOWS\winstart.bat
CMD: type C:\Users\John\Downloads\Fixlog.txt
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 chilidog33

chilidog33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 28 February 2018 - 12:48 AM

answersby is a program from a software service Acer refereed me to.. quick waste of $150. I had to do a system restore before you replied to my post, ran a scan but forgot to save under a different name before i ran an after scan. ..here is the fixit it log as well as the scan results.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by John (27-02-2018 23:15:37) Run:2
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\Program Files (x86)\Lighting Analysts\AGi32\AGI32-18.3.exe;C:\WINDOWS\system32\cAVS\Intel® Audio
Service\IntelAudioService.exe
File: C:\WINDOWS\winstart.bat
CMD: type C:\Users\John\Downloads\Fixlog.txt
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

*****************

Restore point was successfully created.
Processes closed successfully.
VirusTotal: C:\Program Files (x86)\Lighting Analysts\AGi32\AGI32-18.3.exe => https://www.virustotal.com/file/2f6cd9d9c3d52735a2cce337668d6e3bb1a1ff87f24db3cdc0f47cc2fd3fde86/analysis/1512715389/
"VirusTotal: C:\WINDOWS\system32\cAVS\Intel® Audio" => not found
Service\IntelAudioService.exe => Error: No automatic fix found for this entry.

========================= File: C:\WINDOWS\winstart.bat ========================

"C:\WINDOWS\winstart.bat" => not found
====== End of File: ======


========= type C:\Users\John\Downloads\Fixlog.txt =========

Fix result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by John (27-02-2018 23:15:37) Run:2
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\Program Files (x86)\Lighting Analysts\AGi32\AGI32-18.3.exe;C:\WINDOWS\system32\cAVS\Intel® Audio
Service\IntelAudioService.exe
File: C:\WINDOWS\winstart.bat
CMD: type C:\Users\John\Downloads\Fixlog.txt
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

*****************

Restore point was successfully created.
Processes closed successfully.
VirusTotal: C:\Program Files (x86)\Lighting Analysts\AGi32\AGI32-18.3.exe => https://www.virustotal.com/file/2f6cd9d9c3d52735a2cce337668d6e3bb1a1ff87f24db3cdc0f47cc2fd3fde86/analysis/1512715389/
"VirusTotal: C:\WINDOWS\system32\cAVS\Intel® Audio" => not found
Service\IntelAudioService.exe => Error: No automatic fix found for this entry.

========================= File: C:\WINDOWS\winstart.bat ========================

"C:\WINDOWS\winstart.bat" => not found
====== End of File: ======


========= type C:\Users\John\Downloads\Fixlog.txt =========


========= End of CMD: =========

"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found


The system needed a reboot.

==== End of Fixlog 23:16:04 ====


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24.02.2018
Ran by John (administrator) on DESKTOP-KG14MNT (27-02-2018 23:13:25)
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John & Administrator)
Platform: Windows 10 Home Version 1709 16299.192 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxCUIService.exe
(Intel) C:\Windows\System32\cAVS\Intel® Audio Service\IntelAudioService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHDCPSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.18011-0\NisSrv.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1712.3351.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
() C:\Program Files (x86)\Wondershare\Wondershare dr.fone toolkit for Android\Library\ADB\adb.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Wondershare) C:\Program Files (x86)\Wondershare\Wondershare dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18382824 2018-01-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_ASC] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2018-01-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_CTPreset] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2018-01-09] (Realtek Semiconductor)
HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\...\Run: [McAfeeSafeConnect] => C:\Program Files (x86)\McAfee Safe Connect\McAfee Safe Connect.exe [1034160 2017-10-10] (McAfee Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2018-02-08]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.681\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1    mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{6507cf7f-3e0c-49e8-8cc8-4d859c94927b}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-1041191953-2805693150-4082675335-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-02-26] (Microsoft Corporation)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2017-12-04] (Belarc, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-26] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-26] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-26] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-02-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: vvx9q6ee.default
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vvx9q6ee.default [2018-02-27]
FF Extension: (ADB Helper) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vvx9q6ee.default\Extensions\adbhelper@mozilla.org.xpi [2018-02-25] [Legacy]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vvx9q6ee.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2018-02-23]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_28_0_0_137.dll [2018-01-31] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_28_0_0_137.dll [2018-01-31] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-02-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=3.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-02-09] (VideoLAN)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default [2018-02-24]
CHR Extension: (Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-02-18]
CHR Extension: (Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-02-18]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-02-18]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-02-18]
CHR Extension: (Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-02-18]
CHR Extension: (Google Docs Offline) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-02-18]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-02-18]
CHR Extension: (Chrome Media Router) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-02-18]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AnswersByDownloadService; C:\Program Files (x86)\AnswersBy PC Smartcare\AnswersByUpdateService.exe [3389856 2017-10-02] (Sutherland Global Services, Inc.)
S4 BthHFSrvz; C:\WINDOWS\System32\BthHFSrv.dll [456704 2017-09-29] (Microsoft Corporation)
S3 camsvcz; C:\WINDOWS\system32\CapabilityAccessManager.dll [227328 2017-12-13] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7968424 2018-02-08] (Microsoft Corporation)
S4 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
R2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe [169576 2018-01-09] (Intel)
S4 McAfee Vpn Service; C:\Program Files (x86)\McAfee Safe Connect\service\VpnService.exe [320944 2017-10-10] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.681\McCHSvc.exe [404376 2018-02-04] (McAfee, Inc.)
S4 PhoneSvcz; C:\WINDOWS\System32\PhoneService.dll [791552 2018-01-01] (Microsoft Corporation)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\NisSrv.exe [356168 2018-01-30] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MsMpEng.exe [105792 2018-01-30] (Microsoft Corporation)
R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe [492768 2017-06-21] (Wondershare)
R2 WsDrvInst; C:\Program Files (x86)\Wondershare\Wondershare dr.fone toolkit for Android\Library\DriverInstaller\DriverInstall.exe [118048 2017-06-22] (Wondershare)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 BthHFEnumz; C:\WINDOWS\System32\drivers\bthhfenum.sys [107008 2017-09-29] (Microsoft Corporation)
S3 BthLEEnumz; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [78848 2017-09-29] (Microsoft Corporation)
S3 BthPanz; C:\WINDOWS\System32\drivers\bthpan.sys [129536 2017-09-29] (Microsoft Corporation)
S3 BthzAvrcpTg; C:\WINDOWS\System32\drivers\BthAvrcpTg.sys [45056 2017-09-29] (Microsoft Corporation)
S3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [174600 2017-04-13] (Intel Corporation)
R1 MpKslc6e8e5cc; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB59E487-28EC-49C4-8912-64453946319E}\MpKslc6e8e5cc.sys [58120 2018-02-27] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2017-09-29] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [782304 2018-01-09] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\WINDOWS\System32\drivers\SynRMIHID.sys [66144 2016-09-06] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-01-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [288848 2018-01-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [129616 2018-01-30] (Microsoft Corporation)
S3 PORTMON; \??\C:\Users\John\Desktop\PORTMSYS.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-27 23:13 - 2018-02-27 23:13 - 002403328 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2018-02-27 23:13 - 2018-02-27 23:13 - 000000000 ____D C:\Users\John\Downloads\FRST-OlderVersion
2018-02-27 00:20 - 2018-02-27 03:16 - 002751742 _____ C:\Users\John\Desktop\honda 43.xlsm
2018-02-27 00:19 - 2018-02-27 00:19 - 000000000 ____D C:\Users\John\Documents\Custom Office Templates
2018-02-26 23:53 - 2018-02-26 23:53 - 000001484 _____ C:\Users\John\Downloads\South Lighting Calculator 17.2.3511.xlsm - Shortcut (2).lnk
2018-02-26 23:48 - 2018-02-26 23:48 - 000001484 _____ C:\Users\John\Desktop\South Lighting Calculator 17.2.3511.xlsm - Shortcut.lnk
2018-02-26 22:58 - 2018-02-26 22:58 - 002768614 _____ C:\Users\John\Desktop\South Lighting Calculator 17.2.3511.xlsm
2018-02-26 22:46 - 2018-02-26 22:46 - 000000000 ____D C:\Users\John\AppData\Roaming\Skype
2018-02-26 22:45 - 2018-02-26 22:45 - 000002503 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-02-26 22:45 - 2018-02-26 22:45 - 000002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-02-26 22:45 - 2018-02-26 22:45 - 000002466 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-02-26 22:45 - 2018-02-26 22:45 - 000002465 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-02-26 22:45 - 2018-02-26 22:45 - 000002459 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-02-26 22:45 - 2018-02-26 22:45 - 000002453 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-02-26 22:45 - 2018-02-26 22:45 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-02-26 22:45 - 2018-02-26 22:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-02-26 22:39 - 2018-02-27 03:30 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-02-26 22:39 - 2018-02-26 22:39 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-02-26 22:38 - 2018-02-26 22:38 - 004632872 _____ (Microsoft Corporation) C:\Users\John\Downloads\Setup.X86.en-US_O365HomePremRetail_042cb9a9-644e-4aa0-9c50-9e3994197e51_TX_PR_.exe
2018-02-26 15:59 - 2018-02-26 16:00 - 000001401 _____ C:\Users\John\Downloads\Untitled
2018-02-26 13:15 - 2018-02-26 13:15 - 000000000 ____D C:\Users\John\Documents\Sound recordings
2018-02-26 13:10 - 2018-02-26 13:10 - 005028439 _____ (ffdshow ) C:\Users\John\Downloads\ffdshow_rev4533_20140929_clsid_x64.exe
2018-02-26 13:02 - 2018-02-27 05:11 - 000000000 ____D C:\Users\John\AppData\Roaming\vlc
2018-02-26 12:51 - 2018-02-26 12:51 - 000001145 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-02-26 12:51 - 2018-02-26 12:51 - 000001145 _____ C:\ProgramData\Desktop\VLC media player.lnk
2018-02-26 12:51 - 2018-02-26 12:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-02-26 12:51 - 2018-02-26 12:51 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-02-26 12:48 - 2018-02-26 12:48 - 000083456 _____ C:\Users\John\Downloads\MD5_and_SHA_Checksum_Utility.exe
2018-02-26 12:45 - 2018-02-26 12:45 - 038911168 _____ C:\Users\John\Downloads\vlc-3.0.0-win32.exe
2018-02-26 12:01 - 2018-02-26 12:01 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-02-26 11:35 - 2018-02-26 11:35 - 000000000 ____D C:\ProgramData\wsr
2018-02-26 11:14 - 2018-02-26 11:14 - 000000000 ____D C:\Users\John\.android
2018-02-26 11:07 - 2018-02-26 11:07 - 000001771 _____ C:\Users\Public\Desktop\dr.fone toolkit for Android.lnk
2018-02-26 11:07 - 2018-02-26 11:07 - 000001771 _____ C:\ProgramData\Desktop\dr.fone toolkit for Android.lnk
2018-02-26 11:07 - 2018-02-26 11:07 - 000000000 ____D C:\Users\John\AppData\Roaming\Wondershare
2018-02-26 11:07 - 2018-02-26 11:07 - 000000000 ____D C:\ProgramData\Wondershare
2018-02-26 11:07 - 2018-02-26 11:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2018-02-26 11:07 - 2018-02-26 11:07 - 000000000 ____D C:\Program Files (x86)\Wondershare
2018-02-26 11:07 - 2017-06-20 14:18 - 000206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2018-02-26 11:07 - 2017-06-20 14:18 - 000110336 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2018-02-26 11:07 - 2015-02-27 10:35 - 000000232 _____ C:\WINDOWS\SysWOW64\dllhost.exe.config
2018-02-26 11:06 - 2018-02-26 11:58 - 000000000 ____D C:\Users\Public\Documents\Wondershare
2018-02-26 11:06 - 2018-02-26 11:58 - 000000000 ____D C:\ProgramData\Documents\Wondershare
2018-02-26 11:06 - 2018-02-26 11:06 - 001154272 _____ C:\Users\John\Downloads\drfone-for-android_setup_full1464.exe
2018-02-25 22:29 - 2018-01-24 23:56 - 1792076769 _____ C:\Users\John\Documents\djq.MP4
2018-02-25 22:13 - 2018-02-25 22:14 - 000000000 ____D C:\Users\John\Documents\1000media2(2)
2018-02-25 12:38 - 2018-02-25 22:25 - 000000000 ____D C:\Users\John\Documents\100MEDIA
2018-02-25 02:14 - 2018-02-25 02:14 - 000201455 _____ C:\Users\John\Downloads\hnda-Copy-5501.dwg
2018-02-24 16:39 - 2018-02-27 19:05 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-02-24 11:15 - 2018-02-24 11:21 - 000015467 _____ C:\Users\John\Downloads\netadapter-log-2018-02-24-11-15-14.txt
2018-02-24 11:14 - 2018-02-24 11:14 - 000001499 _____ C:\Users\John\Downloads\netadapter-log-2018-02-24-11-14-30.txt
2018-02-24 11:09 - 2014-06-19 11:17 - 000038400 _____ C:\Users\John\Downloads\GiveMePower.pdb
2018-02-23 23:28 - 2018-02-23 23:28 - 000203110 _____ C:\Users\John\Desktop\honda47222-Copy-8866.dwg
2018-02-23 22:58 - 2018-02-23 22:58 - 003827901 _____ C:\Users\John\Documents\honda47222-Copy-82669.AGI
2018-02-22 21:47 - 2018-02-22 21:47 - 000000000 ____D C:\Users\John\AppData\LocalLow\Temp
2018-02-22 21:02 - 2018-02-24 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACAD DWG to PDF Converter
2018-02-22 21:02 - 2018-02-24 15:10 - 000000000 ____D C:\Program Files (x86)\ACAD DWG to PDF Converter
2018-02-22 21:02 - 2018-02-22 21:02 - 000000000 ____D C:\Users\John\AppData\Roaming\New Version Available
2018-02-22 21:02 - 2018-02-22 21:02 - 000000000 ____D C:\Users\John\AppData\Roaming\ACAD DWG to PDF Converter
2018-02-22 14:19 - 2018-02-23 21:58 - 000000000 ____D C:\Users\John\Downloads\backups
2018-02-22 13:46 - 2018-02-22 13:46 - 000291606 _____ C:\Users\John\Downloads\TCPView(1).zip
2018-02-22 12:58 - 2018-02-22 12:58 - 000041406 _____ C:\Users\John\Desktop\addition txt1.txt
2018-02-18 18:24 - 2018-02-18 18:24 - 000113050 _____ C:\Users\John\Desktop\a.jfif
2018-02-18 18:22 - 2018-02-18 18:23 - 000127059 _____ C:\Users\John\Desktop\thumbnail.jfif
2018-02-18 17:06 - 2018-02-18 17:06 - 000000000 ____D C:\Users\John\AppData\Roaming\HPPSDr
2018-02-18 16:54 - 2018-02-24 15:10 - 000000000 ____D C:\ProgramData\HP Photo Creations
2018-02-18 16:54 - 2018-02-24 15:10 - 000000000 ____D C:\Program Files (x86)\HP Photo Creations
2018-02-18 16:53 - 2018-02-24 15:10 - 000000000 ____D C:\Program Files (x86)\HP
2018-02-18 16:53 - 2018-02-18 17:15 - 000000000 ____D C:\Program Files\HP
2018-02-18 16:52 - 2018-02-24 15:10 - 000000000 ____D C:\Users\John\AppData\Local\HP
2018-02-18 16:40 - 2018-02-24 15:10 - 000000000 ____D C:\ProgramData\HP
2018-02-18 13:09 - 2018-02-18 13:10 - 001535075 _____ C:\Users\John\Downloads\IES Files & LM-79 Test Reports_ OSQ Series High Output Area_Flood, Automotive FrontlineOptic™ Type (1).zip
2018-02-18 13:02 - 2018-02-18 13:10 - 001535075 _____ C:\Users\John\Documents\IES Files & LM-79 Test Reports_ OSQ Series High Output Area_Flood, Automotive FrontlineOptic™ Type (1).zip
2018-02-18 12:55 - 2018-02-18 12:55 - 001535075 _____ C:\Users\John\Downloads\IES Files & LM-79 Test Reports_ OSQ Series High Output Area_Flood, Automotive FrontlineOptic™ Type.zip
2018-02-18 12:54 - 2018-02-18 12:54 - 001496636 _____ C:\Users\John\Downloads\IES Files & LM-79 Test Reports_ OSQ Series High Output Area_Flood, Type II Medium.zip
2018-02-18 03:16 - 2018-02-18 03:16 - 000000000 ____D C:\Users\John\AppData\Local\CEF
2018-02-18 00:57 - 2018-02-18 00:58 - 004903358 _____ C:\Users\John\Downloads\getfile(2).aspx
2018-02-18 00:55 - 2018-02-18 00:55 - 001496636 _____ C:\Users\John\Downloads\getfile(1).aspx
2018-02-17 22:56 - 2018-02-17 22:56 - 001535075 _____ C:\Users\John\Downloads\getfile.aspx
2018-02-17 22:17 - 2018-02-18 04:52 - 000000000 ____D C:\ProgramData\Package Cache
2018-02-17 22:14 - 2018-02-17 22:14 - 000000000 ____D C:\ProgramData\Adobe
2018-02-17 22:13 - 2018-02-17 22:13 - 000000000 ____D C:\Program Files (x86)\Adobe
2018-02-17 22:07 - 2018-02-24 15:10 - 000000000 ____D C:\Program Files (x86)\Amazing Photo Editor
2018-02-16 20:42 - 2018-01-24 23:56 - 1792076769 _____ C:\Users\John\Documents\DJI_0001.MP4
2018-02-16 09:02 - 2018-02-16 09:02 - 002247877 _____ C:\Users\John\Documents\45.AGI
2018-02-16 09:02 - 2018-02-16 09:02 - 002229236 _____ C:\Users\John\Documents\45.AGI.bak
2018-02-16 08:21 - 2018-02-16 08:21 - 002746375 _____ C:\Users\John\Documents\mcclarty template.AGI
2018-02-16 07:16 - 2018-02-16 07:16 - 011508297 _____ C:\Users\John\Downloads\bootracer_free.zip
2018-02-16 07:16 - 2018-02-16 07:16 - 011508297 _____ C:\Users\John\Downloads\bootracer_free(1).zip
2018-02-14 17:56 - 2018-02-14 17:56 - 000651697 _____ C:\Users\John\Desktop\AF1QipOfUeEljVZELFu-5v9_MFCSDNTmdUpbNwK2s-B4.htm
2018-02-14 13:34 - 2018-02-14 13:34 - 000000040 _____ C:\Users\John\Documents\45-Copy-48842-InUse.a3~
2018-02-14 13:33 - 2018-02-14 13:33 - 002177837 _____ C:\Users\John\Documents\45-Copy-48842.AGI
2018-02-12 03:34 - 2018-02-22 20:25 - 000000000 ____D C:\ProgramData\RegRun
2018-02-12 03:33 - 2018-02-24 15:10 - 000000000 ____D C:\Users\John\Documents\RegRun2
2018-02-12 03:33 - 2018-02-21 03:47 - 000000000 ____D C:\Users\Public\Documents\regruninfo
2018-02-12 03:33 - 2018-02-21 03:47 - 000000000 ____D C:\ProgramData\Documents\regruninfo
2018-02-12 03:32 - 2018-02-24 15:10 - 000000000 ____D C:\Program Files (x86)\UnHackMe
2018-02-12 03:20 - 2018-02-12 03:30 - 018297972 _____ C:\Users\John\Downloads\unhackmeb.zip
2018-02-12 02:44 - 2018-02-12 02:44 - 000000000 ____D C:\Program Files (x86)\Microsoft Group Policy
2018-02-12 01:04 - 2018-02-01 20:56 - 002090043 _____ C:\Users\John\Documents\49.AGI
2018-02-12 01:04 - 2017-11-08 22:10 - 002596871 _____ C:\Users\John\Documents\mcclarty template.AGI.bak
2018-02-12 01:03 - 2018-02-24 15:10 - 000000000 ____D C:\Users\John\Documents\ies files
2018-02-12 01:03 - 2018-02-12 01:03 - 000000000 ____D C:\Users\John\Documents\mclarty
2018-02-12 01:03 - 2018-02-01 15:15 - 002113076 _____ C:\Users\John\Documents\43.AGI
2018-02-12 01:02 - 2018-02-22 05:51 - 000000000 ____D C:\Users\John\Documents\cree ies files qso ho
2018-02-12 01:02 - 2017-10-14 21:42 - 000406772 _____ C:\Users\John\Documents\170921HO1CJW.pdf
2018-02-10 02:39 - 2018-02-10 02:39 - 001931969 _____ C:\Users\John\Downloads\ProcessExplorer(1).zip
2018-02-10 02:16 - 2018-02-10 02:16 - 000291606 _____ C:\Users\John\Downloads\TCPView.zip
2018-02-09 15:43 - 2018-02-09 15:43 - 000000000 ____D C:\Users\John\Documents\FeedbackHub
2018-02-09 03:04 - 2018-02-09 03:04 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\447503E3.sys
2018-02-09 03:04 - 2018-02-09 03:04 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-02-09 03:03 - 2018-02-24 15:22 - 000000000 ____D C:\Users\John\Desktop\mbar
2018-02-09 03:03 - 2018-02-24 11:14 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-02-09 03:03 - 2018-02-09 03:03 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-02-09 03:02 - 2018-02-09 03:02 - 014178840 _____ (Malwarebytes Corp.) C:\Users\John\Downloads\mbar-1.10.3.1001.exe
2018-02-08 22:12 - 2018-02-24 14:06 - 000000000 ____D C:\Program Files\Google
2018-02-08 22:12 - 2018-02-08 22:12 - 000002255 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro.lnk
2018-02-08 22:12 - 2018-02-08 22:12 - 000002217 _____ C:\Users\Public\Desktop\Google Earth Pro.lnk
2018-02-08 22:12 - 2018-02-08 22:12 - 000002217 _____ C:\ProgramData\Desktop\Google Earth Pro.lnk
2018-02-08 14:33 - 2018-02-24 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2018-02-08 14:33 - 2018-02-24 15:22 - 000000000 ____D C:\ProgramData\McAfee Security Scan
2018-02-08 14:33 - 2018-02-08 14:33 - 000002021 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2018-02-08 14:33 - 2018-02-08 14:33 - 000002021 _____ C:\ProgramData\Desktop\McAfee Security Scan Plus.lnk
2018-02-08 12:34 - 2018-02-24 14:43 - 000000000 ____D C:\Users\John\Documents\mclarty honda
2018-02-08 07:29 - 2018-02-26 07:36 - 000000000 ____D C:\Users\John\Documents\New folder
2018-02-08 07:29 - 2018-02-18 13:11 - 000000000 ____D C:\Users\John\Documents\cree 5000k
2018-02-08 07:29 - 2018-02-08 07:27 - 000003770 _____ C:\Users\John\Desktop\ipconfig.all.txt
2018-02-08 07:28 - 2018-02-08 07:27 - 000003770 _____ C:\Users\John\Documents\ipconfig.all.txt
2018-02-08 06:55 - 2018-02-26 22:39 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-02-08 06:46 - 2018-02-08 06:46 - 001931969 _____ C:\Users\John\Downloads\ProcessExplorer.zip
2018-02-08 06:42 - 2018-02-24 15:22 - 000000000 ____D C:\Users\John\Documents\ProcessExplorer
2018-02-08 06:37 - 2018-02-17 23:39 - 000003146 _____ C:\Users\John\Desktop\Rkill.txt
2018-02-08 06:37 - 2018-02-08 06:37 - 001792640 _____ (Bleeping Computer, LLC) C:\Users\John\Downloads\rkill.exe
2018-02-08 06:35 - 2018-02-08 06:36 - 005659876 _____ (Swearware) C:\Users\John\Downloads\ComboFix.exe
2018-02-08 06:18 - 2018-02-08 06:18 - 000044048 _____ C:\Users\John\Desktop\dds.txt
2018-02-08 06:18 - 2018-02-08 06:18 - 000025606 _____ C:\Users\John\Desktop\attach.txt
2018-02-08 06:15 - 2018-02-08 06:16 - 000688992 _____ (Swearware) C:\Users\John\Downloads\dds.com
2018-02-08 06:08 - 2018-02-08 06:08 - 000025555 _____ C:\Users\John\Downloads\Fixlog.txt
2018-02-07 04:07 - 2018-02-07 04:14 - 000000000 ____D C:\Users\John\Documents\SDHC
2018-02-07 03:03 - 2018-02-07 03:03 - 000001885 _____ C:\Users\John\Desktop\IpConfig_Backup_02_07_2018_03_03_04.txt
2018-02-07 02:43 - 2018-02-22 12:55 - 000040783 _____ C:\Users\John\Downloads\Addition.txt
2018-02-07 02:43 - 2018-02-07 02:43 - 000032161 _____ C:\Users\John\Downloads\Shortcut.txt
2018-02-07 02:42 - 2018-02-27 23:14 - 000012618 _____ C:\Users\John\Downloads\FRST.txt
2018-02-07 02:42 - 2018-02-27 23:13 - 000000000 ____D C:\FRST
2018-02-07 02:32 - 2018-02-07 02:32 - 023195976 _____ (Solvusoft Corporation) C:\Users\John\Downloads\Setup_WinThruster_2017.exe
2018-02-07 02:23 - 2018-02-24 14:05 - 000000000 ____D C:\Program Files (x86)\Belarc
2018-02-07 02:23 - 2018-02-07 02:23 - 006398792 _____ C:\Users\John\Downloads\advisorinstaller.exe
2018-02-07 02:23 - 2018-02-07 02:23 - 000002217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2018-02-07 02:23 - 2018-02-07 02:23 - 000002205 _____ C:\Users\Public\Desktop\Belarc Advisor.lnk
2018-02-07 02:23 - 2018-02-07 02:23 - 000002205 _____ C:\ProgramData\Desktop\Belarc Advisor.lnk
2018-02-04 04:29 - 2018-02-04 04:29 - 001106707 _____ C:\Users\John\Desktop\Untitled.AGI
2018-02-03 16:32 - 2018-02-03 16:32 - 000001076 _____ C:\Users\John\Desktop\IpConfig_Backup_02_03_2018_16_32_15.txt
2018-02-03 16:30 - 2018-02-03 16:30 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devcon64.exe
2018-02-03 16:18 - 2018-02-24 15:22 - 000000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-1041191953-2805693150-4082675335-1001
2018-02-03 07:47 - 2018-02-24 14:08 - 000000000 ____D C:\Users\John\AppData\LocalLow\Google
2018-02-03 07:44 - 2018-02-24 14:06 - 000000000 ____D C:\Program Files (x86)\Google
2018-02-03 07:44 - 2018-02-18 13:09 - 000000000 ____D C:\Users\John\AppData\Local\Google
2018-02-03 07:44 - 2018-02-03 07:44 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-02-03 07:44 - 2018-02-03 07:44 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-02-03 07:43 - 2018-02-03 07:43 - 001129816 _____ (Google Inc.) C:\Users\John\Downloads\GoogleEarthProSetup(1).exe
2018-02-03 02:03 - 2018-02-03 02:03 - 000002934 _____ C:\Users\John\Desktop\IpConfig_Backup_02_03_2018_02_03_58.txt
2018-02-03 01:43 - 2018-02-18 17:01 - 000000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2018-02-03 00:40 - 2018-02-03 00:40 - 000006798 _____ C:\Users\John\Desktop\MSFT_DSCMetaConfiguration.mfl
2018-02-03 00:39 - 2018-02-03 00:39 - 000014468 _____ C:\Users\John\Desktop\MSFT_MetaConfigurationExtensionClasses.Schema.mfl
2018-02-02 11:28 - 2018-02-02 11:28 - 001129816 _____ (Google Inc.) C:\Users\John\Downloads\GoogleEarthProSetup.exe
2018-02-01 21:10 - 2018-02-01 21:10 - 000641696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
2018-02-01 21:10 - 2018-02-01 21:10 - 000389296 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
2018-02-01 21:10 - 2018-02-01 21:10 - 000331432 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
2018-02-01 21:10 - 2018-02-01 21:10 - 000087728 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
2018-02-01 21:09 - 2018-02-01 21:09 - 000440128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
2018-02-01 21:09 - 2018-02-01 21:09 - 000263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
2018-02-01 21:09 - 2018-02-01 21:09 - 000242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
2018-02-01 21:09 - 2018-02-01 21:09 - 000083792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
2018-02-01 14:53 - 2018-02-01 14:53 - 000000593 _____ C:\Users\John\Desktop\mclarty45 - Shortcut.lnk
2018-01-31 12:31 - 2018-02-24 15:20 - 000000000 ____D C:\Program Files\McAfee Security Scan
2018-01-31 12:05 - 2018-02-24 15:20 - 000000000 ____D C:\Program Files (x86)\McAfee Safe Connect
2018-01-31 12:05 - 2018-02-24 15:10 - 000000000 ____D C:\Users\John\AppData\Local\McAfee_Inc
2018-01-31 12:05 - 2018-01-31 12:05 - 000001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Safe Connect.lnk
2018-01-31 12:05 - 2018-01-31 12:05 - 000001198 _____ C:\Users\Public\Desktop\McAfee Safe Connect.lnk
2018-01-31 12:05 - 2018-01-31 12:05 - 000001198 _____ C:\ProgramData\Desktop\McAfee Safe Connect.lnk
2018-01-31 12:05 - 2018-01-31 12:05 - 000000000 ____D C:\Users\John\AppData\Roaming\McAfee Safe Connect
2018-01-31 11:59 - 2018-02-24 15:22 - 000000000 ____D C:\ProgramData\McAfee
2018-01-31 11:58 - 2018-02-18 03:15 - 000000000 ____D C:\Users\John\AppData\Local\Adobe
2018-01-31 11:32 - 2018-02-27 14:49 - 000000000 ____D C:\Users\John\AppData\LocalLow\Mozilla
2018-01-31 11:32 - 2018-02-26 08:30 - 000001011 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-01-31 11:32 - 2018-02-26 08:30 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-01-31 11:32 - 2018-02-26 08:30 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-01-31 11:32 - 2018-02-24 14:10 - 000000000 ____D C:\Users\John\AppData\Roaming\Mozilla
2018-01-31 11:32 - 2018-02-24 14:08 - 000000000 ____D C:\Users\John\AppData\Local\Mozilla
2018-01-31 11:32 - 2018-01-31 11:32 - 000000999 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-01-31 11:32 - 2018-01-31 11:32 - 000000999 _____ C:\ProgramData\Desktop\Firefox.lnk
2018-01-31 11:31 - 2018-01-31 11:31 - 000313552 _____ (Mozilla) C:\Users\John\Downloads\Firefox Installer.exe
2018-01-31 11:29 - 2018-01-31 11:29 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1041191953-2805693150-4082675335-1001
2018-01-31 11:29 - 2018-01-31 11:29 - 000002364 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-01-31 11:26 - 2018-01-31 11:26 - 000222832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-01-31 05:52 - 2018-01-31 05:52 - 000000000 ____D C:\Users\John\AppData\Local\DBG
2018-01-31 05:01 - 2018-01-31 05:04 - 010787510 _____ C:\Users\John\Documents\DESKTOP-KG14MNT.arn
2018-01-31 04:46 - 2018-01-31 04:46 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS
2018-01-31 04:32 - 2018-02-27 03:41 - 000000000 ____D C:\Users\John\AppData\Local\AGI32
2018-01-31 04:32 - 2018-02-12 01:02 - 000000000 ____D C:\Users\John\Documents\AGI32
2018-01-31 04:31 - 2018-02-26 22:58 - 000000000 ____D C:\ProgramData\Lighting Analysts
2018-01-31 04:31 - 2018-02-26 07:59 - 000000000 ____D C:\ProgramData\AGi32
2018-01-31 04:31 - 2018-02-24 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lighting Analysts
2018-01-31 04:31 - 2018-02-24 14:06 - 000000000 ____D C:\Program Files (x86)\Lighting Analysts
2018-01-31 04:31 - 2018-01-31 04:31 - 000002123 _____ C:\Users\Public\Desktop\AGi32-18.3.lnk
2018-01-31 04:31 - 2018-01-31 04:31 - 000002123 _____ C:\ProgramData\Desktop\AGi32-18.3.lnk
2018-01-31 04:29 - 2018-02-24 15:10 - 000000000 ____D C:\ProgramData\Downloaded Installations
2018-01-31 04:29 - 2018-01-31 04:29 - 143969624 _____ (Lighting Analysts, Inc.) C:\Users\John\Downloads\AGI32-18.3_Setup.exe
2018-01-31 04:05 - 2018-01-31 04:05 - 000388608 _____ (Trend Micro Inc.) C:\Users\John\Downloads\HijackThis.exe
2018-01-30 17:58 - 2018-01-30 17:58 - 000003370 _____ C:\WINDOWS\System32\Tasks\RunAnswersByUpdateSVC
2018-01-30 17:34 - 2018-01-30 17:34 - 000000000 ___HD C:\$Windows.~WS
2018-01-30 17:33 - 2018-01-30 17:33 - 004972960 _____ C:\Users\John\Downloads\SysinternalsSuite-Nano.zip
2018-01-30 17:30 - 2018-01-30 17:30 - 018617536 _____ (Microsoft Corporation) C:\Users\John\Downloads\MediaCreationTool (1).exe
2018-01-30 17:30 - 2018-01-30 17:30 - 000000000 ____D C:\$WINDOWS.~BT
2018-01-30 17:26 - 2018-01-30 17:26 - 018617536 _____ (Microsoft Corporation) C:\Users\John\Downloads\MediaCreationTool.exe
2018-01-30 17:08 - 2018-02-24 15:22 - 000000000 __HDC C:\ProgramData\{5972383B-4083-46A8-B11A-806AF9BB05D7}
2018-01-30 17:08 - 2018-01-30 17:22 - 000003542 _____ C:\WINDOWS\System32\Tasks\RunAnswersByPCSmartcare
2018-01-30 17:07 - 2018-02-26 04:46 - 000000000 ____D C:\Program Files (x86)\AnswersBy PC Smartcare
2018-01-30 17:07 - 2018-02-24 15:22 - 000000000 ____D C:\Users\John\AppData\Local\III
2018-01-30 17:07 - 2018-02-24 15:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnswersBy PC Smartcare
2018-01-30 17:07 - 2018-02-24 14:29 - 000001096 _____ C:\Users\Public\Desktop\AnswersBy PC SmartCare.lnk
2018-01-30 17:07 - 2018-02-24 14:29 - 000001096 _____ C:\ProgramData\Desktop\AnswersBy PC SmartCare.lnk
2018-01-30 17:07 - 2018-01-30 17:07 - 000001153 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnswersBy PC SmartCare.lnk
2018-01-30 17:07 - 2018-01-30 17:07 - 000000000 ____D C:\Users\John\AppData\Roaming\AnswersBy PC SmartCare
2018-01-30 16:56 - 2018-01-30 16:56 - 018692056 _____ (My Company ) C:\PCSmartcare.exe
2018-01-30 16:36 - 2018-01-30 16:36 - 000000079 _____ C:\StandardScanScanLog.csv
2018-01-30 16:35 - 2018-02-24 15:22 - 000000000 ____D C:\Users\John\AppData\Roaming\SmartSolve
2018-01-30 16:35 - 2018-01-31 11:29 - 001369088 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\libeay32.dll
2018-01-30 16:35 - 2018-01-31 11:29 - 000337408 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\WINDOWS\SysWOW64\ssleay32.dll
2018-01-30 16:35 - 2018-01-31 11:29 - 000290304 _____ (Microsoft Corporation) C:\WINDOWS\subinacl.exe
2018-01-30 16:35 - 2018-01-30 16:35 - 000658797 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\SQLite3.dll
2018-01-30 16:34 - 2018-01-30 16:34 - 000000000 ____D C:\Users\John\AppData\Roaming\Macromedia
2018-01-30 16:23 - 2018-01-30 16:23 - 000000000 ____D C:\Users\John\AppData\Local\Deployment
2018-01-30 16:23 - 2018-01-30 16:23 - 000000000 ____D C:\Users\John\AppData\Local\Apps\2.0
2018-01-30 16:20 - 2018-01-30 16:17 - 000548000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-01-30 16:19 - 2018-02-20 07:23 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-01-30 16:19 - 2018-01-30 16:19 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-01-30 16:18 - 2018-01-30 16:18 - 129365736 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-01-28 12:17 - 2018-01-28 12:17 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-01-28 12:10 - 2018-02-27 23:03 - 000535234 _____ C:\WINDOWS\ntbtlog.txt
2018-01-28 12:09 - 2018-02-24 15:12 - 000000000 ____D C:\WINDOWS\pss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-02-27 22:59 - 2018-01-16 03:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-02-26 23:54 - 2018-01-16 18:11 - 000000000 ____D C:\Users\John\AppData\Local\Packages
2018-02-26 22:51 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-02-26 22:46 - 2018-01-15 22:58 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-02-26 22:45 - 2018-01-15 22:57 - 000000000 ____D C:\WINDOWS\INF
2018-02-26 11:14 - 2018-01-16 18:10 - 000000000 ____D C:\Users\John
2018-02-24 18:31 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-02-24 16:43 - 2018-01-16 03:43 - 001233672 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-02-24 16:39 - 2018-01-16 18:11 - 000000000 __SHD C:\Users\John\IntelGraphicsProfiles
2018-02-24 16:38 - 2018-01-16 03:25 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-02-24 16:37 - 2018-01-15 22:44 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-02-24 15:23 - 2018-01-16 18:17 - 000000000 ____D C:\Users\Administrator
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-02-24 15:22 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 __RSD C:\WINDOWS\media
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\TextInput
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\setup
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\ras
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\ias
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\com
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Provisioning
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\IME
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Cursors
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\addins
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Common Files\system
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Common Files\Services
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-02-24 15:22 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-02-24 15:22 - 2018-01-15 22:44 - 000000000 ____D C:\WINDOWS\servicing
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-02-24 15:20 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-02-24 15:20 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\rescache
2018-02-24 15:20 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Windows Defender
2018-02-24 15:14 - 2018-01-16 03:29 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-02-24 15:14 - 2018-01-16 03:28 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-02-24 15:14 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-02-24 15:14 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-02-24 15:14 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-02-24 15:14 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-02-24 15:14 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-02-24 15:14 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-02-24 15:14 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-02-24 15:14 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Licenses
2018-02-24 15:14 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-02-24 15:14 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-02-24 15:14 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-02-24 15:14 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\System
2018-02-24 15:13 - 2018-01-16 03:28 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-02-24 15:13 - 2018-01-16 03:28 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-02-24 15:13 - 2018-01-15 23:11 - 000000000 ____D C:\WINDOWS\system32\Intel
2018-02-24 15:13 - 2018-01-15 23:10 - 000000000 ____D C:\WINDOWS\Setup
2018-02-24 15:13 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-02-24 15:13 - 2018-01-15 23:04 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-02-24 15:13 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-02-24 15:13 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-02-24 15:13 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-02-24 15:13 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-02-24 15:13 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\Licenses
2018-02-24 15:13 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-02-24 15:13 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\IME
2018-02-24 15:13 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-02-24 15:13 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SKB
2018-02-24 15:13 - 2018-01-15 22:44 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-02-24 15:12 - 2018-01-15 23:05 - 000000000 ____D C:\WINDOWS\OCR
2018-02-24 15:12 - 2018-01-15 22:58 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-02-24 15:12 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\schemas
2018-02-24 15:12 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\PLA
2018-02-24 15:12 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\InputMethod
2018-02-24 15:11 - 2018-01-16 18:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-02-24 15:11 - 2018-01-15 23:13 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-02-24 15:11 - 2018-01-15 22:58 - 000000000 __RHD C:\Users\Public\Libraries
2018-02-24 15:11 - 2018-01-15 22:58 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-02-24 15:11 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Help
2018-02-24 15:10 - 2018-01-16 18:17 - 000000000 ___RD C:\Users\Administrator\3D Objects
2018-02-24 15:10 - 2018-01-16 18:13 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-02-24 15:10 - 2018-01-16 18:11 - 000000000 ___RD C:\Users\John\3D Objects
2018-02-24 15:10 - 2018-01-16 03:28 - 000000000 ____D C:\Program Files\Intel
2018-02-24 15:10 - 2018-01-16 03:28 - 000000000 ____D C:\Intel
2018-02-24 15:10 - 2018-01-15 23:05 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-02-24 15:10 - 2018-01-15 23:05 - 000000000 ____D C:\Program Files\MSBuild
2018-02-24 15:10 - 2018-01-15 23:05 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-02-24 15:10 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\Windows Security
2018-02-24 15:10 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-02-24 14:57 - 2018-01-15 22:58 - 000000000 ___HD C:\Program Files\WindowsApps
2018-02-24 14:53 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\registration
2018-02-24 14:37 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Web
2018-02-24 14:37 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Vss
2018-02-24 14:35 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-02-24 14:33 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SystemResources
2018-02-24 14:33 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\SystemApps
2018-02-24 14:29 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\spool
2018-02-24 14:27 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-02-24 14:21 - 2018-01-15 23:11 - 000000000 ____D C:\WINDOWS\system32\cAVS
2018-02-24 14:18 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\security
2018-02-24 14:18 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Resources
2018-02-24 14:18 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Performance
2018-02-24 14:12 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Globalization
2018-02-24 14:11 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\Branding
2018-02-24 14:10 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\appcompat
2018-02-24 14:08 - 2018-01-16 18:11 - 000000000 ____D C:\Users\John\AppData\Local\VirtualStore
2018-02-24 14:07 - 2018-01-16 03:28 - 000000000 ____D C:\Program Files\Realtek
2018-02-24 14:07 - 2018-01-15 22:58 - 000000000 ____D C:\Program Files\windows nt
2018-02-24 14:06 - 2018-01-16 03:29 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-02-24 14:06 - 2018-01-15 23:05 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-02-24 14:05 - 2018-01-15 20:36 - 000000000 ___HD C:\$SysReset
2018-02-24 11:24 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-02-22 22:30 - 2018-01-15 22:48 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-02-21 03:46 - 2018-01-16 18:13 - 000000000 ___RD C:\Users\John\OneDrive
2018-02-20 07:11 - 2018-01-16 18:15 - 000000000 ___HD C:\Users\John\MicrosoftEdgeBackups
2018-02-19 05:52 - 2018-01-15 22:58 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-02-18 03:16 - 2018-01-16 18:11 - 000000000 ____D C:\Users\John\AppData\Roaming\Adobe
2018-01-30 20:36 - 2018-01-15 22:43 - 000000000 ____D C:\WINDOWS\Panther
2018-01-30 17:35 - 2006-11-01 14:06 - 000174968 _____ (Sysinternals - www.sysinternals.com) C:\Users\John\Desktop\AccessEnum.exe
2018-01-30 17:35 - 2006-11-01 14:05 - 000150328 _____ C:\Users\John\Desktop\ctrl2cap.exe
2018-01-30 17:35 - 2006-09-27 18:04 - 000010104 _____ (Systems Internals) C:\Users\John\Desktop\ctrl2cap.amd.sys
2018-01-30 16:14 - 2018-01-16 18:14 - 000000000 ____D C:\Users\John\AppData\Local\MicrosoftEdge

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-02-24 14:49

==================== End of FRST.txt ============================



#8 chilidog33

chilidog33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 28 February 2018 - 12:50 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24.02.2018
Ran by John (27-02-2018 23:14:28)
Running from C:\Users\John\Downloads
Windows 10 Home Version 1709 16299.192 (X64) (2018-01-16 09:40:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1041191953-2805693150-4082675335-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1041191953-2805693150-4082675335-503 - Limited - Disabled)
Guest (S-1-5-21-1041191953-2805693150-4082675335-501 - Limited - Disabled)
John (S-1-5-21-1041191953-2805693150-4082675335-1001 - Administrator - Enabled) => C:\Users\John
WDAGUtilityAccount (S-1-5-21-1041191953-2805693150-4082675335-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 28 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 28.0.0.137 - Adobe Systems Incorporated)
AGI32-18.3 (HKLM-x32\...\{8153829E-E629-4240-A676-E6E9C1C2A1E1}) (Version: 18.03.00 - Lighting Analysts, Inc.)
AnswersBy PC Smartcare (HKLM-x32\...\{4137CB7D-7777-4374-BC93-CE7E7E72799E}) (Version: 1.2.0.2 - My Company) Hidden
AnswersBy PC Smartcare (HKLM-x32\...\AnswersBy PC Smartcare) (Version: 1.2.0.2 - Sutherland Global Services)
Belarc Advisor 8.6 (HKLM-x32\...\Belarc Advisor) (Version: 8.6.0.0 - Belarc Inc.)
dr.fone toolkit for Android (Version 8.3.3) (HKLM-x32\...\{7B08A1E1-3644-4237-B39D-762B5F5564D0}_is1) (Version: 8.3.3.64 - Wondershare Technology Co.,Ltd.)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
McAfee Safe Connect (HKLM-x32\...\{F210DAEC-9E43-467E-87E8-B02DA469CFFC}) (Version: 1.4.1.150 - McAfee, Inc)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.681.1 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9001.2171 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\...\OneDriveSetup.exe) (Version: 17.3.7294.0108 - Microsoft Corporation)
Mozilla Firefox 58.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 58.0.2 (x64 en-US)) (Version: 58.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0.1 - Mozilla)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9001.2171 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.21299 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8224 - Realtek Semiconductor Corp.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - LunarG, Inc.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\ShellExt.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_ab736fe7f232ee1e\igfxDTCM.dll [2017-11-13] (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2021C10C-C142-4AB7-A780-A16738F295DE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-08] (Microsoft Corporation)
Task: {35757C6F-5966-4CBA-A22B-2444E50085AB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-30] (Microsoft Corporation)
Task: {37F7B294-F16D-4C66-BF6B-BB732C8D2EC2} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-26] (Microsoft Corporation)
Task: {3DE31DE8-0B1A-480A-9775-5D3FCCA498EE} - System32\Tasks\RunAnswersByUpdateSVC => C:\Program Files (x86)\AnswersBy PC SmartCare\AnswersByUpdateSVC.exe [2017-10-02] ()
Task: {5FA29E1F-0B32-455A-B26C-74FBD6D978AD} - System32\Tasks\RunAnswersByPCSmartcare => C:\Users\John\Desktop\AnswersByPCSmartCare.exe
Task: {61FCB0E3-917D-49E1-8A19-F3F667B175CE} - System32\Tasks\S-1-5-21-1041191953-2805693150-4082675335-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-09-29] (Microsoft Corporation)
Task: {658E5F2A-DCF1-412A-B30D-DB93C2F828FB} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-02-26] (Microsoft Corporation)
Task: {8426CCB7-5485-44BB-87D2-B3AAF951448E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-30] (Microsoft Corporation)
Task: {8C1EEE8A-D95A-480F-9906-EB3940F64A14} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-30] (Microsoft Corporation)
Task: {9EE22B55-8B14-4C1B-9D7B-1A2E5E707DD3} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-02-08] (Microsoft Corporation)
Task: {AF9C0446-3330-4144-A42B-1D95122EE964} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)
Task: {D13DA4C4-F2BB-4003-94BC-4F07CF83D825} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-02-26] (Microsoft Corporation)
Task: {F11E1BF3-6FE1-4185-BDE6-935EBAB31579} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.12.17007.18011-0\MpCmdRun.exe [2018-01-30] (Microsoft Corporation)
Task: {F65F8423-223D-47A2-98BF-279215E98D7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-02-03] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 07:41 - 2017-09-29 07:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-01-09 14:46 - 2018-01-09 13:09 - 000423016 _____ () C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelSstPpDll.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-12-13 19:33 - 2017-12-13 19:33 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-01-16 16:53 - 2018-01-16 16:53 - 004307968 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1712.3351.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-02-26 11:57 - 2017-06-20 14:18 - 001021440 _____ () C:\Program Files (x86)\Wondershare\Wondershare dr.fone toolkit for Android\Library\ADB\adb.exe
2018-01-16 16:57 - 2018-01-16 16:57 - 026507776 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-01-16 16:57 - 2018-01-16 16:57 - 008370176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-01-16 16:50 - 2018-01-16 16:50 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17112.13411.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-01-16 16:56 - 2018-01-16 16:56 - 035244544 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Music.UI.exe
2018-01-16 16:56 - 2018-01-16 16:56 - 009220608 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2018-01-16 16:56 - 2018-01-16 16:56 - 000957952 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Microsoft.Membership.MeControl.UI.Xaml.dll
2018-01-16 16:50 - 2018-01-16 16:50 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-01-16 16:56 - 2018-01-16 16:56 - 013224960 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17086.24711.0_x64__8wekyb3d8bbwe\Music.Visuals.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-01-15 22:59 - 2018-02-08 14:33 - 000000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1    mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\...\StartupApproved\Run: => "McAfeeSafeConnect"
HKU\S-1-5-21-1041191953-2805693150-4082675335-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{4A7FE3E7-3E05-4655-985A-A97852E1CA40}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{B38A3A31-EAFD-4258-BE57-F7BB3F65BFB6}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{505F0549-12DD-42AA-927A-1036F4999DDE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe

==================== Restore Points =========================

10-02-2018 11:10:06 aa
12-02-2018 01:39:09 Restore Operation
17-02-2018 22:19:04 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
18-02-2018 01:05:53 Restore Operation
22-02-2018 14:18:48 oo
23-02-2018 02:38:07 Restore Operation

==================== Faulty Device Manager Devices =============

Name: HD WebCam
Description: USB Video Device
Class Guid: {ca3e7ab9-b4c3-4ae6-8251-579ef933890f}
Manufacturer: Microsoft
Service: usbvideo
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Microsoft Radio Device Enumeration Bus
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Intel® Wireless Bluetooth®
Description: Intel® Wireless Bluetooth®
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2018 05:11:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Faulting module name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Exception code: 0xc0000005
Fault offset: 0x00023393
Faulting process id: 0x28ac
Faulting application start time: 0x01d3afbbbb4d658c
Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: 7be3ba12-4a06-4a97-a0ca-0339cee844c2
Faulting package full name:
Faulting package-relative application ID:

Error: (02/27/2018 05:11:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Faulting module name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Exception code: 0xc0000005
Fault offset: 0x00023393
Faulting process id: 0xe70
Faulting application start time: 0x01d3afbbb4262292
Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: a6b28e59-da23-4e74-821e-bf5330a7bd53
Faulting package full name:
Faulting package-relative application ID:

Error: (02/27/2018 04:44:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Faulting module name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Exception code: 0xc0000005
Fault offset: 0x00023393
Faulting process id: 0x1234
Faulting application start time: 0x01d3afb7f0c99235
Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: 1c425410-ed37-4c76-a420-7dba9f7b5029
Faulting package full name:
Faulting package-relative application ID:

Error: (02/27/2018 04:44:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Faulting module name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Exception code: 0xc0000005
Fault offset: 0x00023393
Faulting process id: 0x15ec
Faulting application start time: 0x01d3afb7df2917cc
Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: 04b33dc8-495a-47a4-a89c-27eea2817c2c
Faulting package full name:
Faulting package-relative application ID:

Error: (02/27/2018 04:43:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Faulting module name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Exception code: 0xc0000005
Fault offset: 0x00023393
Faulting process id: 0x1d04
Faulting application start time: 0x01d3afb7d1a1a8f8
Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: fab0a745-40ab-4d81-a9e6-96b9c030a2b7
Faulting package full name:
Faulting package-relative application ID:

Error: (02/27/2018 04:43:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Faulting module name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Exception code: 0xc0000005
Fault offset: 0x00023393
Faulting process id: 0x1f20
Faulting application start time: 0x01d3afb7be7aa1e0
Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: d5490b24-5939-442b-8106-9945aa156097
Faulting package full name:
Faulting package-relative application ID:

Error: (02/27/2018 04:42:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Faulting module name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Exception code: 0xc0000005
Fault offset: 0x00023393
Faulting process id: 0x2854
Faulting application start time: 0x01d3afb7ae4d7e27
Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: ad694de3-91e6-4f93-af3d-7d32de81fbd0
Faulting package full name:
Faulting package-relative application ID:

Error: (02/26/2018 01:29:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Faulting module name: vlc.exe, version: 3.0.0.0, time stamp: 0x00dee6e6
Exception code: 0xc0000005
Fault offset: 0x00023393
Faulting process id: 0x5a8
Faulting application start time: 0x01d3af3812fba2c4
Faulting application path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Faulting module path: C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
Report Id: a0755c8e-ea58-4eba-ae25-e12dea1ea39e
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (02/27/2018 02:21:29 PM) (Source: TPM) (EventID: 15) (User: )
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.

Error: (02/27/2018 04:51:52 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WarpJITSvc service terminated unexpectedly.  It has done this 26 time(s).

Error: (02/27/2018 04:51:39 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WarpJITSvc service terminated unexpectedly.  It has done this 25 time(s).

Error: (02/27/2018 04:51:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WarpJITSvc service terminated unexpectedly.  It has done this 24 time(s).

Error: (02/27/2018 04:51:16 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WarpJITSvc service terminated unexpectedly.  It has done this 23 time(s).

Error: (02/27/2018 04:51:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WarpJITSvc service terminated unexpectedly.  It has done this 22 time(s).

Error: (02/27/2018 04:50:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WarpJITSvc service terminated unexpectedly.  It has done this 21 time(s).

Error: (02/27/2018 04:50:18 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The WarpJITSvc service terminated unexpectedly.  It has done this 20 time(s).


Windows Defender:
===================================
Date: 2018-02-24 18:04:13.743
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {AB344F61-3EB4-4E71-A066-8026A75A1415}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-24 16:01:27.287
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {4A8FA886-D76D-4322-80C8-67BCDF409477}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-24 15:52:32.860
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {CF7F3C4E-A4E3-4D35-90BE-3F8A66FE2A85}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-24 15:46:54.985
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {B88A22A0-0282-4279-A523-D2433FC8B1A2}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-24 15:28:18.520
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {61ECCFD6-3CF3-46E6-A3C3-706F21A23928}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-02-24 18:14:23.529
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1507.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-02-24 18:14:23.529
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.2.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-02-24 18:14:23.514
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1507.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-02-24 18:14:23.513
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1507.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-02-24 18:14:23.512
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.261.1507.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14500.5
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-01-30 17:40:44.420
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\John\Desktop\PORTMSYS.SYS because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-01-16 03:36:17.029
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

Date: 2018-01-16 03:36:17.026
Description:
Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i5-7200U CPU @ 2.50GHz
Percentage of memory in use: 42%
Total physical RAM: 8075.6 MB
Available physical RAM: 4651.73 MB
Total Virtual: 9355.6 MB
Available Virtual: 5313.45 MB

==================== Drives ================================

Drive c: (Bc) (Fixed) (Total:930.55 GB) (Free:762.51 GB) NTFS

\\?\Volume{a8284e51-0000-0000-0000-100000000000}\ (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.45 GB) NTFS
\\?\Volume{a8284e51-0000-0000-0000-70c2e8000000}\ () (Fixed) (Total:0.47 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: A8284E51)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=484 MB) - (Type=27)

==================== End of Addition.txt ============================



#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:45 AM

Posted 28 February 2018 - 09:09 AM

chilidog33:

Thank you for your post and for your fresh set of FRST logs.

.

:step1: In your previous FRST log, I noticed the following file:



2018-02-08 06:08 - 2018-02-08 06:08 - 000025555 _____ C:\Users\John\Downloads\Fixlog.txt


This would indicate to me that either you, or someone else, ran a FRST "fixlist" script on 2018-02-08 on this computer. What can you tell me about this file and how it happens to appear in the listing of files? That is a rather large "Fixlog.txt" file by normal standards.

.

:step2: The computer has McAfee Security Scan Plus installed on it.
 

McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.681.1 - McAfee, Inc.)


I would recommend that you read this post and decide whether you wish to keep this program. It is your computer, so it is your decision. Please let me know if you uninstall this program.

.

:step3: Please run a FRST fix for me.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
S3 PORTMON; \??\C:\Users\John\Desktop\PORTMSYS.SYS [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
File: C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelSstPpDll.dll
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 chilidog33

chilidog33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 28 February 2018 - 12:30 PM

i m not certain about the first fixit log..i apologize for this.. there were a couple of files of unknown owner or unknown programs that i checked for fixing but i am thinking that was from unhackme...  i honestly didnt know how to run fixit until you gave me the script for doing so. i may have just hit fixit thinking that the system would automatically fix the errors before i was familiar the operation of the problem.



#11 chilidog33

chilidog33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 28 February 2018 - 01:27 PM

re the mcafee thing.. i dont even know how it got on my computer, i am pretty sure i uninstalled it but may have returned when i did the system restore before you responded. i dont use anything mcafee.  i sill say this, this problem started a while back.. i had kaspersky installed and had no virus alerts or blocking for months. i called them and they said nothing was wrong.  i talked to my isp provider and they showed my my computer router  on their screen, there was something named" we. pirahana" that was connected to my router. https://en.wikipedia.org/wiki/Piranha_(software). through allthis i have become convinced a virtual disk has been running another operation system on my computers.. microsoft told me somehow i had insiders software installed on my computer.. there are numerous other things that lead me to believe this as well.. there are multiple things running on my services that dont seem to be normal installations for a 10 home system. a scan by belarc advisor tells me secure boot is not supported and boots from legacy..etc

 

..

Fix result of Farbar Recovery Scan Tool (x64) Version: 28.02.2018
Ran by John (28-02-2018 11:38:04) Run:3
Running from C:\Users\John\Downloads
Loaded Profiles: John (Available Profiles: John & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
S3 PORTMON; \??\C:\Users\John\Desktop\PORTMSYS.SYS [X]
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
File: C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelSstPpDll.dll

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\System\CurrentControlSet\Services\PORTMON" => removed successfully
PORTMON => service removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => key not found
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => key not found

========================= File: C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelSstPpDll.dll ========================

"C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelSstPpDll.dll" => not found
====== End of File: ======



The system needed a reboot.

==== End of Fixlog 11:38:30 ====



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:45 AM

Posted 28 February 2018 - 02:13 PM

chilidog33:
 
Thank you for your posts, further explanations, and the copy of the results of running the FRST "fixlist" script that I provided you with.  As you can see from the brevity of the FRST "fixlist" script with which I provided you, the FRST scan did not reveal any serious malware on your computer; but then it primarily targets the really nefarious malware.
 
So let's run some standard anti-malware scans and see what turns up ...

:step1: Before doing that, your newest "Addition.txt" files shows two (2) McAfee programs installed:


McAfee Safe Connect (HKLM-x32\...\{F210DAEC-9E43-467E-87E8-B02DA469CFFC}) (Version: 1.4.1.150 - McAfee, Inc)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.681.1 - McAfee, Inc.)


I would recommend that you uninstall those programs via the Control Panel, Uninstall Programs. Note that you might have some issues trying to get McAfee products completely out of your computer.

I would advise you to also run the McAfee Consumer Product Removal (MCPR) tool. It has been my experience that McAfee products leave a lot of junk behind if you do not run their MCPR tool after doing the normal uninstall in Windows.  Please see this link for more information.
.
 
:step2: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected.  There will be no log if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step3: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.

Restart your computer when prompted to do so.The Scan log is available through History ->Application logs. Please copy and paste the contents of the log into your next reply.

.

:step4: Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait for it to complete the update.
  • Click on I Agree button.
  • Click on the Scan button.
  • AdwCleaner will begin its scan ... please be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, then make sure that you uncheck it before running the "Clean" process.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
  • After the scan has finished ...
  • Uncheck any PUP and adware applications that you want to keep.


If you are unsure about one or more of the detected programs, then please copy and paste the scan log, with your questions, and I will provide you with advice about those files.
The Scan logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
Do not follow the remaining "Clean" instructions until directed to do so by me, if you have any questions about one or more of the detections.
If you have no questions about any of the detections, then please proceed to the "Clean" steps below.

  • Then click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Please copy and paste the contents of that logfile into your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 chilidog33

chilidog33
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:45 AM

Posted 02 March 2018 - 11:48 AM

uninstalled mcafee as well as answersby..

 

eset.txt:  C:\Documents and Settings\John\Documents\My Music\New Folder\Dr.Fone for Android 02-27-2018 at 04.39.52\SAMSUNG SGH-I537\Documents\ZIP\00009514.zip    a variant of Android/AdDisplay.Mocean.B potentially unwanted application    deleted
C:\Documents and Settings\John\Downloads\Setup_WinThruster_2017.exe    a variant of Win32/SlowPCfighter potentially unwanted application    cleaned by deleting
D:\FileHistory\John\DESKTOP-KG14MNT\Data\C\Users\John\Downloads\Setup_WinThruster_2017 (2018_02_22 21_45_17 UTC).exe    a variant of Win32/SlowPCfighter potentially unwanted application    cleaned by deleting
D:\FileHistory\John\DESKTOP-KG14MNT\Data\C\Users\John\Downloads\Setup_WinThruster_2017 (2018_02_25 01_41_15 UTC).exe    a variant of Win32/SlowPCfighter potentially unwanted application    cleaned by deleting
D:\FileHistory\John\DESKTOP-KG14MNT\Data\C\Users\John\Music\New Folder\Dr.Fone for Android 02-27-2018 at 04.39.52\SAMSUNG SGH-I537\Documents\ZIP\00009514 (2018_03_01 05_23_59 UTC).zip    a variant of Android/AdDisplay.Mocean.B potentially unwanted application    deleted

 

 

 

malwarebytes: nothing

 

adware:

# AdwCleaner 7.0.8.0 - Logfile created on Thu Mar 01 18:11:48 2018
# Updated on 2018/08/02 by Malwarebytes
# Running on Windows 10 Home (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\Windows\\Installer\{773A8CA8-3876-4AA1-AB78-EECA231BFF3A}


***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKLM\SOFTWARE\MimarSinan


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1027 B] - [2018/3/1 18:6:21]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

 

***

 

 

 

 

***are you familiar with belarc advisor..?

 

1.  Boot Mode: Legacy BIOS in UEFI (Secure Boot not supported)

2. 

10.0.0.2 Windows 10 Workstation Desktop-kg14mnt (in WORKGROUP)

i have not joined a workgroup.

 

3.as well home should not have group policy running, as well as some other suspect services.



#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:45 AM

Posted 02 March 2018 - 12:55 PM

chilidog33:
 
Thank you for your post and your logs.  All is looking good! :thumbup2:
 
I am familiar with Belarc Advisor, and did I use it, until I replaced it with AIDA Extreme about five years ago.
 
1. I am not sure why you would be concerned about this entry?

 
2. I have not joined any WorkGroups either, but by default Windows assigns a default name "WORKGROUP".  I have attached a screenshot from my computer.
 
Link 1

 
3. Windows 10 Home does support and run group policies; it just lacks the native ability to edit/add/delete such policies using gpedit.msc.  Scroll down to see the answer at this link.  You can do a workaround to be able to edit group policies in Windows 10 Home; see this link.  There are many other links as well when you google "Windows 10 Home group policy editor".

 
What services to you consider suspect?  I did not see any "suspect" services in the FRST scan log.


.


From what I can tell, your computer is not infected with malware  How is it working?  Any errors?
 
From the FRST logs, I did notice two other, non-malware issues that we should explore when you are ready.  Unfortunately, today is my weekly backup day for my two computers, so it is unlikely that I will be back online today, though perhaps I might be finished by late this afternoon. I will definitely be back online tomorrow.
 
Have a great weekend.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,894 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:04:45 AM

Posted 05 March 2018 - 10:31 AM

chilidog33:

 
Are you still there?  Do you still require assistance?  It has been three days since I last posted to you.
 
According to Forum policy, topics must be concluded after five days of non-response from the Topic Starter.
 
If I have not heard from you in another two days, I will conclude your topic.  You can always reopen it by sending a Personal Message to me or to a Moderator.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users