Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VBScript that queries a LOT of system and network information.


  • This topic is locked This topic is locked
5 replies to this topic

#1 astronautchick

astronautchick

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:11:52 AM

Posted 31 March 2018 - 11:18 PM

My computer and internet has been acting funny. The computer is very slow starting up, I can type and it takes quite a bit of time before any characters show up, it has really high CPU usage, out of the blue there was two drives. There was my normal C:\ drive and then there was a F:\ drive that just appeared out of nowhere it seemed. I could not access it, it kept telling me that I would have to get access from under the security tab with I right clicked it and tried to view the properties.
 
So, I decided to use Glary portable to see what was in my startup.
 
Glary's startup manager 20 minutes 53 seconds in red at the top.
 
and these are the things it said was in the startup: https://imgur.com/a/BGTFW
 
In the second tab there was this weird vbs. I right clicked on it trying to see what was all in the properties. There was nothing in the security tab but a red circle with a white X and under the details tab it did not list any information, not a creators name or anything. I was located in the windows\system32 folder. I called a friend and told me to open it with notepad and make a copy of it. I did that, but I also panicked and deleted. After I deleted it, my curiosity got the better of me. I started reading the text file and it had lots of weird stuff on it. I was not sure if I could copy and paste it or if you guys wanted me to do screenshots of it. I wanted to know if you guys could look at it and tell me what all of it means.
 
As I stated earlier my internet has not been working correctly, it is slow, I have connectivity issues and there are like 25 devices on my WiFi. And that is even if I hide my network, change the SSID and password and even change the login for the router admin page.
 
If you could please let me know if I can copy and paste the vbs text or if you want me to add screenshots of it.
 
Thank you
 
Update* https://drive.google.com/drive/folders/1fRWTWf7ciHdCuwgRaMGdP5fpRPCSpho7?usp=sharing I saved it as a PDF and it can be viewed there.
 
Thanks again

 
 
 
Windows 10 Pro
Version 1803
OS build 17133.1
 
 
Lenovo C540 All-in-One/Non-Touch
Machine Type:6267
Manufacturing Date: Week 1, Year 2012
 
 
Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Installed memory (RAM): 4.00 GB (3.90 GB usable)
System type: 64-bit Operating System, x64-based processor

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by lopez (administrator) on DESKTOP-7LCG84P (31-03-2018 22:56:56)
Running from C:\Users\lopez\Desktop
Loaded Profiles: lopez (Available Profiles: lopez)
Platform: Windows 10 Pro Version 1803 17133.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Registry
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\SgrmBroker.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Carifred) C:\Users\lopez\Downloads\Tech tool store tools\TechToolStore64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-03-24] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-03-24] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-03-24] (Microsoft Corporation)
HKU\S-1-5-21-1257469720-80147945-486867430-1001\...\Run: [GUDelayStartup] => C:\Users\lopez\Downloads\Tech tool store tools\guportable\Portable\StartupManager.exe [43984 2018-03-16] (Glarysoft Ltd)
GroupPolicy: Restriction <==== ATTENTION
GroupPolicy\User: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\WINDOWS\SysWOW64\wlidNSP.dll [41984 2018-03-24] (Microsoft Corporation)
Winsock: Catalog5 08 C:\WINDOWS\SysWOW64\wlidNSP.dll [41984 2018-03-24] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\WINDOWS\system32\wlidnsp.dll [64512 2018-03-24] (Microsoft Corporation)
Winsock: Catalog5-x64 08 C:\WINDOWS\system32\wlidnsp.dll [64512 2018-03-24] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{289ce07e-1882-4819-a88a-2fccda225248}: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{d330e0bf-1444-41e0-8d5f-17c3ded74523}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{d330e0bf-1444-41e0-8d5f-17c3ded74523}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:
==================
HKU\S-1-5-21-1257469720-80147945-486867430-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-03-12] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-03-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @videolan.org/vlc,version=3.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2018-02-27] (VideoLAN)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-09] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-03-09] (Google Inc.)

Chrome:
=======
StartMenuInternet: Google Chrome Beta - C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BcastDVRUserService; C:\WINDOWS\System32\BcastDVRUserService.dll [1364992 2018-03-24] (Microsoft Corporation)
S3 BcastDVRUserService_3cd4d; C:\WINDOWS\system32\svchost.exe [51280 2018-03-24] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BcastDVRUserService_3cd4d; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-03-24] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [7013384 2018-03-18] ()
S3 BluetoothUserService; C:\WINDOWS\System32\Microsoft.Bluetooth.UserService.dll [464384 2018-03-24] (Microsoft Corporation)
S3 BluetoothUserService_3cd4d; C:\WINDOWS\system32\svchost.exe [51280 2018-03-24] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BluetoothUserService_3cd4d; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-03-24] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BTAGService; C:\WINDOWS\System32\BTAGService.dll [514048 2018-03-24] (Microsoft Corporation)
S3 BthAvctpSvc; C:\WINDOWS\System32\BthAvctpSvc.dll [395264 2018-03-24] (Microsoft Corporation)
S3 CaptureService; C:\WINDOWS\System32\CaptureService.dll [125952 2018-03-25] (Microsoft Corporation)
S3 CaptureService_3cd4d; C:\WINDOWS\system32\svchost.exe [51280 2018-03-24] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 CaptureService_3cd4d; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-03-24] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [7962288 2018-03-12] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\WINDOWS\System32\Windows.Devices.Picker.dll [400896 2018-03-24] (Microsoft Corporation)
S3 DevicePickerUserSvc; C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll [312832 2018-03-24] (Microsoft Corporation)
S3 EasyAntiCheat; C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe [774272 2018-03-18] (EasyAntiCheat Ltd)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S3 LxpSvc; C:\WINDOWS\System32\LanguageOverlayServer.dll [199680 2018-03-24] (Microsoft Corporation)
S2 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-03-25] (Microsoft Corporation)
R2 SgrmBroker; C:\WINDOWS\system32\SgrmBroker.exe [163336 2018-03-24] (Microsoft Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [754784 2016-01-08] (DEVGURU Co., LTD.)
S4 tzautoupdate; C:\WINDOWS\SysWOW64\tzautoupdate.dll [72192 2018-03-24] (Microsoft Corporation)
S3 VacSvc; C:\WINDOWS\System32\vac.dll [411256 2018-03-24] (Microsoft Corporation)
S3 WaaSMedicSvc; C:\WINDOWS\System32\WaaSMedicSvc.dll [392704 2018-03-24] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-03-24] (Microsoft Corporation)
S3 wisvc; C:\WINDOWS\SysWOW64\flightsettings.dll [729088 2018-03-24] (Microsoft Corporation)
S3 WpcMonSvc; C:\WINDOWS\System32\WpcDesktopMonSvc.dll [1457664 2018-03-24] (Microsoft Corporation)
S3 ImControllerService; "%SystemDrive%\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 afunix; C:\WINDOWS\system32\drivers\afunix.sys [39424 2018-03-24] (Microsoft Corporation)
R1 afunix; C:\Windows\SysWOW64\drivers\afunix.sys [29696 2018-03-24] (Microsoft Corporation)
S3 bindflt; C:\WINDOWS\system32\drivers\bindflt.sys [92056 2018-03-24] (Microsoft Corporation)
R0 EMSC; C:\WINDOWS\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
S1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [28424 2018-03-30] (Glarysoft Ltd)
S4 hvcrash; C:\WINDOWS\System32\drivers\hvcrash.sys [33176 2018-03-24] (Microsoft Corporation)
S0 iaStorAVC; C:\WINDOWS\System32\drivers\iaStorAVC.sys [885144 2018-03-24] (Intel Corporation)
S0 ItSas35i; C:\WINDOWS\System32\drivers\ItSas35i.sys [145816 2018-03-24] (Avago Technologies)
S0 megasas35i; C:\WINDOWS\System32\drivers\megasas35i.sys [82328 2018-03-24] (Avago Technologies)
S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-03-24] (Microsoft Corporation)
R1 MpKsl2fd06a1f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF245628-F0D1-41D5-9B29-0BB5EE88BFE9}\MpKsl2fd06a1f.sys [58120 2018-03-31] (Microsoft Corporation)
S3 nvdimm; C:\WINDOWS\System32\drivers\nvdimm.sys [104448 2018-03-24] (Microsoft Corporation)
R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] ()
R3 RSP2STOR; C:\WINDOWS\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-29] (Realtek Semiconductor Corp.)
S3 rspSanity; C:\WINDOWS\System32\DRIVERS\rspSanity64.sys [31328 2012-10-29] (Resplendence Software Projects Sp.)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-23] (Realtek )
R0 SgrmAgent; C:\WINDOWS\System32\drivers\SgrmAgent.sys [63896 2018-03-24] (Microsoft Corporation)
S3 smbdirect; C:\WINDOWS\System32\DRIVERS\smbdirect.sys [152064 2018-03-25] (Microsoft Corporation)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [33376 2016-01-08] (DEVGURU Co., LTD.)
R3 VMC412; C:\WINDOWS\System32\Drivers\VMC412.sys [241920 2015-06-19] (Vimicro Corporation)
R3 vmuacflt; C:\WINDOWS\System32\Drivers\vmuacflt.sys [24576 2015-06-12] (Vimicro Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44616 2018-03-24] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [331672 2018-03-24] (Microsoft Corporation)
S3 WdmCompanionFilter; C:\WINDOWS\System32\drivers\WdmCompanionFilter.sys [21400 2018-03-24] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: LxpSvc -> C:\Windows\System32\LanguageOverlayServer.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-31 22:56 - 2018-03-31 22:57 - 000013794 _____ C:\Users\lopez\Desktop\FRST.txt
2018-03-31 22:56 - 2018-03-31 22:56 - 002403328 _____ (Farbar) C:\Users\lopez\Desktop\FRST64.exe
2018-03-31 22:56 - 2018-03-31 22:56 - 000000000 ____D C:\FRST
2018-03-31 22:34 - 2018-03-31 22:36 - 000280010 _____ C:\TDSSKiller.3.1.0.16_31.03.2018_22.34.43_log.txt
2018-03-31 18:15 - 2018-03-31 18:31 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK
2018-03-31 17:20 - 2016-01-08 03:51 - 001490656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2018-03-31 17:20 - 2016-01-08 03:51 - 000213088 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2018-03-31 17:20 - 2016-01-08 03:51 - 000120416 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2018-03-31 17:20 - 2016-01-08 03:51 - 000033376 _____ (DEVGURU Co., LTD.) C:\WINDOWS\system32\Drivers\ss_conn_usb_driver.sys
2018-03-31 17:13 - 2018-03-31 17:13 - 000000000 ____D C:\Users\lopez\Documents\SideSync
2018-03-31 17:13 - 2018-03-31 17:13 - 000000000 ____D C:\Users\lopez\AppData\Roaming\Samsung
2018-03-31 17:08 - 2018-03-31 17:08 - 000000000 ____D C:\ProgramData\Samsung
2018-03-31 17:08 - 2018-03-31 17:08 - 000000000 ____D C:\Program Files\Samsung
2018-03-31 17:08 - 2018-03-31 17:08 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-03-31 17:07 - 2018-03-31 17:07 - 048364048 _____ (Samsung) C:\Users\lopez\Documents\SideSync_4.3.0.92.exe
2018-03-31 17:02 - 2018-03-31 17:02 - 000117956 _____ C:\Users\lopez\Documents\I_Got_A_Basketball_Game_Tomorrow _2.mp4
2018-03-31 16:59 - 2018-03-31 16:59 - 000270626 _____ C:\Users\lopez\Documents\I_Got_A_Basketball_Game_Tomorrow.mp4
2018-03-31 16:46 - 2018-03-31 16:46 - 000203343 _____ C:\Users\lopez\Documents\l.pdf
2018-03-31 05:44 - 2018-03-31 22:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2018-03-31 05:44 - 2018-03-31 05:44 - 000000000 ____D C:\Program Files (x86)\Seagate
2018-03-31 05:09 - 2018-03-31 05:09 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-03-31 05:08 - 2018-03-31 07:02 - 000000000 ____D C:\ProgramData\RogueKiller
2018-03-30 23:22 - 2018-03-30 23:22 - 000004274 _____ C:\WINDOWS\System32\Tasks\TR_Updater
2018-03-30 23:22 - 2018-03-30 23:22 - 000004062 _____ C:\WINDOWS\System32\Tasks\TR_FastScan_Daily_lopez
2018-03-30 23:22 - 2018-03-30 23:22 - 000003880 _____ C:\WINDOWS\System32\Tasks\TR_FastScan_AtLogon
2018-03-30 23:22 - 2018-03-30 23:22 - 000003790 _____ C:\WINDOWS\System32\Tasks\TR_AntiHijack
2018-03-30 23:22 - 2018-03-30 23:22 - 000000000 ____D C:\Users\lopez\Documents\Simply Super Software
2018-03-30 23:22 - 2018-03-30 23:22 - 000000000 ____D C:\ProgramData\Simply Super Software
2018-03-30 23:22 - 2018-03-30 23:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
2018-03-30 23:22 - 2018-03-30 23:22 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2018-03-30 23:20 - 2018-03-30 23:20 - 000055232 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2018-03-30 23:19 - 2018-03-30 23:30 - 000000000 ____D C:\ProgramData\HitmanPro.Alert
2018-03-30 23:19 - 2018-03-30 23:29 - 000000000 ____D C:\ProgramData\HitmanPro
2018-03-30 23:18 - 2018-03-30 23:18 - 000216616 _____ C:\Users\lopez\Documents\22.txt
2018-03-30 23:12 - 2018-03-30 23:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BhoScanner
2018-03-30 23:12 - 2018-03-30 23:12 - 000000000 ____D C:\Program Files (x86)\Nsasoft
2018-03-30 22:20 - 2018-03-31 19:12 - 000000000 ____D C:\WINDOWS\Minidump
2018-03-30 22:19 - 2018-03-30 22:19 - 000003285 _____ C:\Users\lopez\AppData\Local\Temp12.html
2018-03-30 22:08 - 2018-03-30 22:18 - 000001293 _____ C:\Users\lopez\AppData\Local\Temp1.html
2018-03-30 22:07 - 2012-10-29 22:41 - 000031328 _____ (Resplendence Software Projects Sp.) C:\WINDOWS\system32\Drivers\rspSanity64.sys
2018-03-30 07:51 - 2018-03-30 07:51 - 000394971 _____ C:\Users\lopez\Documents\RobertAlberson.pdf
2018-03-30 05:52 - 2018-03-30 05:52 - 000028424 _____ (Glarysoft Ltd) C:\WINDOWS\system32\Drivers\GUBootStartup.sys
2018-03-30 05:07 - 2018-03-30 05:07 - 000001894 _____ C:\Users\lopez\AppData\Local\recently-used.xbel
2018-03-29 23:41 - 2018-03-29 23:41 - 000000000 ____D C:\Users\lopez\AppData\Roaming\DiskDefrag
2018-03-29 18:48 - 2018-03-29 16:10 - 000000000 ____D C:\Windows.old
2018-03-29 17:49 - 2017-09-29 08:44 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.old
2018-03-29 17:48 - 2018-03-29 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anti-WebMiner
2018-03-29 17:48 - 2018-03-29 17:48 - 000000000 ____D C:\Program Files (x86)\AntiWebMiner
2018-03-29 16:14 - 2018-03-29 16:14 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-03-29 16:10 - 2018-03-29 16:10 - 000000432 __RSH C:\Users\lopez\ntuser.pol
2018-03-29 16:10 - 2018-03-29 16:10 - 000000020 ___SH C:\Users\lopez\ntuser.ini
2018-03-29 16:09 - 2018-03-31 22:05 - 000004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EB0D2AC2-F13A-4CA0-8526-98478185F322}
2018-03-29 16:09 - 2018-03-31 18:33 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-03-29 16:09 - 2018-03-29 16:09 - 000000000 ____D C:\WINDOWS\System32\Tasks\Lenovo
2018-03-29 16:08 - 2018-03-29 16:09 - 000007623 _____ C:\WINDOWS\diagwrn.xml
2018-03-29 16:08 - 2018-03-29 16:09 - 000007623 _____ C:\WINDOWS\diagerr.xml
2018-03-29 16:03 - 2018-03-31 18:23 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-03-29 15:54 - 2018-03-29 15:54 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-03-29 15:53 - 2018-03-29 15:53 - 000000000 ____D C:\ProgramData\USOShared
2018-03-29 15:53 - 2018-03-24 14:16 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-03-29 15:52 - 2018-03-31 18:35 - 000000000 ____D C:\Users\lopez
2018-03-29 15:51 - 2016-05-03 23:30 - 000081416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-03-29 15:49 - 2018-03-31 22:08 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-03-29 15:49 - 2018-03-29 15:56 - 000406392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-03-29 08:25 - 2018-03-29 18:48 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-03-29 08:22 - 2018-03-29 08:25 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-03-29 08:15 - 2018-03-29 08:15 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-03-29 08:15 - 2018-03-29 08:15 - 000000000 ____D C:\Program Files\MSBuild
2018-03-29 08:15 - 2018-03-29 08:15 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-03-29 08:15 - 2018-03-29 08:15 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-03-29 08:12 - 2018-03-29 08:12 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-03-29 08:12 - 2018-03-29 08:12 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-03-29 08:12 - 2018-03-29 08:12 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-03-29 08:12 - 2018-03-29 08:12 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-03-29 08:12 - 2018-03-29 08:12 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-03-29 08:12 - 2018-03-29 08:12 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-03-29 08:07 - 2018-03-29 08:07 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-03-29 08:07 - 2018-03-29 08:07 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-03-29 08:07 - 2018-03-29 08:07 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-03-29 08:06 - 2018-03-29 08:06 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-03-29 08:06 - 2018-03-29 08:06 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-03-29 08:06 - 2018-03-29 08:06 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-03-29 08:06 - 2018-03-29 08:06 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-03-29 08:06 - 2018-03-29 08:06 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-03-29 07:31 - 2018-03-29 07:31 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-03-29 06:30 - 2018-03-31 17:04 - 000000000 ____D C:\Users\lopez\AppData\Roaming\vlc
2018-03-29 05:45 - 2018-03-29 16:10 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-29 03:11 - 2018-03-29 03:11 - 000000000 ____D C:\ProgramData\Lenovo
2018-03-25 21:37 - 2018-03-25 21:37 - 000000000 ____D C:\Users\lopez\pkey
2018-03-25 21:12 - 2018-03-25 21:12 - 000000000 _____ C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2018-03-25 08:44 - 2018-03-25 08:44 - 000000000 ____D C:\ProgramData\Parmavex
2018-03-25 06:39 - 2018-03-25 06:39 - 000000000 ____D C:\WINDOWS\Containers
2018-03-25 06:22 - 2018-03-25 06:22 - 000000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2018-03-25 06:22 - 2018-03-25 06:22 - 000000000 ___SD C:\WINDOWS\system32\AppV
2018-03-25 06:22 - 2018-03-25 06:22 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-03-25 06:22 - 2018-03-25 06:22 - 000000000 ____D C:\WINDOWS\RemotePackages
2018-03-25 06:22 - 2018-03-25 06:22 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-03-25 06:22 - 2018-03-25 06:22 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2018-03-25 06:22 - 2018-03-24 14:16 - 000036112 _____ C:\WINDOWS\Professional.xml
2018-03-25 06:22 - 2016-05-03 23:30 - 000077832 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-03-25 06:21 - 2018-03-25 06:21 - 000000000 ____D C:\WINDOWS\OCR
2018-03-25 06:21 - 2018-03-23 11:26 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSPal.dll
2018-03-25 06:21 - 2018-03-23 11:25 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostClient.dll
2018-03-25 06:21 - 2018-03-23 11:25 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncProxy.dll
2018-03-25 06:21 - 2018-03-23 11:25 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\InprocLogger.dll
2018-03-25 06:21 - 2018-03-23 11:25 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncRes.dll
2018-03-25 06:21 - 2018-03-23 11:24 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSEngineShared.dll
2018-03-25 06:21 - 2018-03-23 11:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2018-03-25 06:21 - 2018-03-23 11:24 - 000093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\InternetMailCsp.dll
2018-03-25 06:21 - 2018-03-23 11:24 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\EASPolicyManagerBrokerHost.exe
2018-03-25 06:21 - 2018-03-23 11:24 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostRes.dll
2018-03-25 06:21 - 2018-03-23 11:24 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPolicyManagerBrokerPS.dll
2018-03-25 06:21 - 2018-03-23 11:23 - 000731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2018-03-25 06:21 - 2018-03-23 11:23 - 000391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2018-03-25 06:21 - 2018-03-23 11:23 - 000267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2018-03-25 06:21 - 2018-03-23 11:23 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\networkhelper.dll
2018-03-25 06:21 - 2018-03-23 11:22 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-03-25 06:21 - 2018-03-23 11:22 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\APHostClient.dll
2018-03-25 06:21 - 2018-03-23 11:21 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2018-03-25 06:21 - 2018-03-23 11:21 - 000403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\DavSyncProvider.dll
2018-03-25 06:21 - 2018-03-23 11:21 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-03-25 06:21 - 2018-03-23 11:21 - 000148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCCSEngineShared.dll
2018-03-25 06:21 - 2018-03-23 11:21 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\networkhelper.dll
2018-03-25 06:21 - 2018-03-23 11:21 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncProxy.dll
2018-03-25 06:21 - 2018-03-23 11:21 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncRes.dll
2018-03-25 06:21 - 2018-03-23 11:20 - 000520704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2018-03-25 06:21 - 2018-03-23 11:20 - 000214016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\accountaccessor.dll
2018-03-25 06:21 - 2018-03-23 11:19 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\syncutil.dll
2018-03-25 06:21 - 2018-03-23 11:18 - 001773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2018-03-25 06:21 - 2018-03-23 11:18 - 000361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2018-03-25 06:21 - 2018-03-23 11:18 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DavSyncProvider.dll
2018-03-25 06:21 - 2018-03-23 11:17 - 001537024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2018-03-25 06:21 - 2018-03-10 13:21 - 001999872 _____ C:\WINDOWS\system32\libcrypto.dll
2018-03-25 06:18 - 2018-03-25 06:18 - 000000000 ____D C:\WINDOWS\SKB
2018-03-25 06:18 - 2018-03-24 00:41 - 000387416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2018-03-25 06:18 - 2018-03-24 00:41 - 000277424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2018-03-25 06:18 - 2018-03-24 00:27 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-03-25 06:18 - 2018-03-24 00:19 - 000906240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlceqp40.dll
2018-03-25 06:18 - 2018-03-24 00:18 - 009137664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2018-03-25 06:18 - 2018-03-24 00:18 - 000517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlcese40.dll
2018-03-25 06:18 - 2018-03-24 00:18 - 000254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\unregmp2.exe
2018-03-25 06:18 - 2018-03-24 00:18 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2018-03-25 06:18 - 2018-03-24 00:18 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlceoledb40.dll
2018-03-25 06:18 - 2018-03-24 00:18 - 000137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqlcecompact40.dll
2018-03-25 06:18 - 2018-03-24 00:18 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2018-03-25 06:18 - 2018-03-24 00:18 - 000011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2018-03-25 06:18 - 2018-03-24 00:18 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2018-03-25 06:18 - 2018-03-24 00:18 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2018-03-25 06:18 - 2018-03-24 00:18 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmerror.dll
2018-03-25 06:18 - 2018-03-23 23:40 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.tlb
2018-03-25 06:18 - 2018-03-23 23:39 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\amcompat.tlb
2018-03-25 06:18 - 2018-03-23 22:38 - 000251096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2018-03-25 06:18 - 2018-03-23 22:37 - 000153968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpps.dll
2018-03-25 06:18 - 2018-03-23 22:33 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2018-03-25 06:18 - 2018-03-23 22:31 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-03-25 06:18 - 2018-03-23 22:25 - 009137664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2018-03-25 06:18 - 2018-03-23 22:25 - 000730624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqlceqp40.dll
2018-03-25 06:18 - 2018-03-23 22:25 - 000427520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqlcese40.dll
2018-03-25 06:18 - 2018-03-23 22:25 - 000215040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unregmp2.exe
2018-03-25 06:18 - 2018-03-23 22:25 - 000173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqlceoledb40.dll
2018-03-25 06:18 - 2018-03-23 22:25 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2018-03-25 06:18 - 2018-03-23 22:25 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqlcecompact40.dll
2018-03-25 06:18 - 2018-03-23 22:25 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2018-03-25 06:18 - 2018-03-23 22:25 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2018-03-25 06:18 - 2018-03-23 22:25 - 000005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2018-03-25 06:18 - 2018-03-23 22:25 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmerror.dll
2018-03-25 06:18 - 2018-03-23 21:47 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.tlb
2018-03-25 06:18 - 2018-03-23 21:47 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\amcompat.tlb
2018-03-25 06:18 - 2018-03-23 11:26 - 005739008 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0009.dll
2018-03-25 06:18 - 2018-03-23 11:26 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2018-03-25 06:18 - 2018-03-23 11:22 - 002629120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2018-03-25 06:18 - 2018-03-23 11:19 - 006350848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData0009.dll
2018-03-25 06:18 - 2018-03-23 11:17 - 005487616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData0009.dll
2018-03-25 06:18 - 2018-02-26 10:28 - 004171264 _____ (Gracenote, Inc.) C:\WINDOWS\SysWOW64\gnsdk_fp.dll
2018-03-24 14:12 - 2018-03-29 08:18 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-03-24 11:40 - 2018-03-31 18:15 - 091226112 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-03-24 11:40 - 2018-03-31 18:15 - 015466496 _____ C:\WINDOWS\system32\config\SYSTEM
2018-03-24 11:40 - 2018-03-31 18:15 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT
2018-03-24 11:40 - 2018-03-31 18:15 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2018-03-24 11:40 - 2018-03-31 18:15 - 000131072 _____ C:\WINDOWS\system32\config\BBI
2018-03-24 11:40 - 2018-03-31 18:15 - 000057344 _____ C:\WINDOWS\system32\config\SECURITY
2018-03-24 11:40 - 2018-03-29 16:09 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-03-24 11:40 - 2018-03-25 06:17 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-03-24 11:40 - 2018-03-25 06:17 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-03-24 11:40 - 2018-03-25 06:17 - 000000000 ____D C:\WINDOWS\servicing
2018-03-24 11:40 - 2018-03-24 14:22 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-03-24 11:40 - 2018-03-24 14:21 - 000000000 ____D C:\WINDOWS\WaaS
2018-03-24 11:40 - 2018-03-24 14:21 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-03-24 11:40 - 2018-03-24 11:40 - 000846744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmiEngine.dll
2018-03-24 11:40 - 2018-03-24 11:40 - 000795032 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-03-24 11:40 - 2018-03-24 11:40 - 000244632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdscore.dll
2018-03-24 11:40 - 2018-03-24 11:40 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\PkgMgr.exe
2018-03-24 11:40 - 2018-03-24 11:40 - 000141720 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-03-24 11:40 - 2018-03-24 11:40 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2018-03-24 11:40 - 2018-03-24 11:40 - 000131480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SSShim.dll
2018-03-24 11:40 - 2018-03-24 11:40 - 000118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2018-03-24 11:40 - 2018-03-24 11:40 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2018-03-24 11:40 - 2018-03-24 11:40 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-03-24 11:40 - 2018-03-24 11:40 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-03-19 16:31 - 2018-03-19 16:31 - 000000000 ____D C:\Users\lopez\AppData\Local\VirtualStore
2018-03-19 08:13 - 2018-03-29 18:49 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-03-18 17:16 - 2018-03-17 16:14 - 000000230 _____ C:\Users\Public\Libraries.ini
2018-03-18 17:07 - 2018-03-18 17:07 - 000000000 ____D C:\Program Files (x86)\EasyAntiCheat
2018-03-18 16:49 - 2018-03-30 16:27 - 000000000 ____D C:\Users\lopez\AppData\Local\D3DSCache
2018-03-18 16:49 - 2018-03-18 16:49 - 000000000 ____D C:\Users\lopez\AppData\Local\CEF
2018-03-18 16:48 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2018-03-18 16:48 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2018-03-18 16:48 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2018-03-18 16:48 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2018-03-18 16:48 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2018-03-18 16:48 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2018-03-18 16:48 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2018-03-18 16:48 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2018-03-18 16:48 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2018-03-18 16:48 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2018-03-18 16:48 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2018-03-18 16:48 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2018-03-18 16:48 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2018-03-18 16:47 - 2018-03-18 17:08 - 000000000 ____D C:\Users\lopez\AppData\Local\UnrealEngine
2018-03-18 16:47 - 2018-03-18 16:47 - 000000000 ____D C:\Users\lopez\AppData\Local\UnrealEngineLauncher
2018-03-18 16:47 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2018-03-18 16:47 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2018-03-18 16:47 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2018-03-18 16:47 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2018-03-18 16:47 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2018-03-18 16:46 - 2018-03-18 16:49 - 000000000 ____D C:\ProgramData\Epic
2018-03-18 13:57 - 2018-03-18 13:57 - 000000000 ____D C:\Users\lopez\AppData\Local\DBG
2018-03-18 13:15 - 2018-03-18 13:15 - 000000000 ____D C:\Users\lopez\AppData\Local\PeerDistRepub
2018-03-17 05:38 - 2018-03-29 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2018-03-17 01:14 - 2018-03-29 16:07 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-03-16 06:18 - 2018-03-30 21:55 - 000000000 ____D C:\ProgramData\GlarySoft
2018-03-16 06:09 - 2018-03-30 21:55 - 000000000 ____D C:\Users\lopez\AppData\Roaming\GlarySoft
2018-03-16 06:05 - 2018-03-31 22:57 - 000000000 ____D C:\Users\lopez\Downloads\Tech tool store tools
2018-03-16 06:02 - 2018-03-30 06:02 - 000000000 ___DX C:\Users\lopez\Documents\FAT
2018-03-14 20:28 - 2018-03-14 20:28 - 000000016 _____ C:\ProgramData\mntemp
2018-03-14 20:27 - 2018-03-29 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notezilla
2018-03-14 20:27 - 2018-03-14 20:27 - 000001283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Create New Note (Notezilla).lnk
2018-03-14 20:27 - 2018-03-14 20:27 - 000000000 ____D C:\Users\lopez\AppData\Roaming\Conceptworld
2018-03-14 20:27 - 2018-03-14 20:27 - 000000000 ____D C:\Program Files (x86)\Conceptworld
2018-03-14 20:02 - 2012-10-13 22:20 - 000805376 _____ C:\WINDOWS\SysWOW64\EditCtlsU.ocx
2018-03-14 20:02 - 2011-08-13 21:06 - 001031168 _____ C:\WINDOWS\SysWOW64\ExLVwU.ocx
2018-03-14 20:02 - 2011-05-21 00:02 - 000604672 _____ C:\WINDOWS\SysWOW64\ExTVwU.ocx
2018-03-14 20:02 - 2009-06-07 09:27 - 001071088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2018-03-14 20:02 - 2008-01-19 11:34 - 000554008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dao360.dll
2018-03-14 20:02 - 2005-04-15 15:58 - 001351392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.ocx
2018-03-14 20:02 - 2004-03-09 14:45 - 000212240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\richtx32.ocx
2018-03-14 20:02 - 2004-03-09 00:00 - 000662288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCT2.OCX
2018-03-14 20:02 - 2000-05-22 12:58 - 000140488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2018-03-14 20:02 - 1998-06-24 01:00 - 000198456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCI32.OCX
2018-03-13 19:51 - 2018-03-13 19:51 - 000000444 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2018-03-13 19:24 - 2018-03-13 19:24 - 000000000 ____D C:\ProgramData\Coronet_SecureConnect
2018-03-13 18:19 - 2018-03-13 18:19 - 000000000 _____ C:\WINDOWS\system32\Drivers\Msft_Kernel_ldiagio_uefi_01009.Wdf
2018-03-13 18:12 - 2018-03-25 02:54 - 000011424 _____ C:\WINDOWS\system32\InstallUtil.InstallLog
2018-03-13 18:08 - 2018-03-13 18:08 - 000000000 _____ C:\WINDOWS\system32\Drivers\Msft_User_iMDriver_01_11_00.Wdf
2018-03-13 18:08 - 2018-03-02 08:40 - 000103664 _____ (Lenovo Group Limited.) C:\WINDOWS\system32\ImController.CoInstaller.dll
2018-03-13 18:08 - 2017-11-12 18:03 - 002365288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WudfUpdate_01011.dll
2018-03-13 15:49 - 2018-03-29 18:48 - 000000000 ____D C:\WINDOWS\system32\appmgmt
2018-03-13 12:57 - 2018-03-13 12:57 - 005031432 _____ (Carifred) C:\Users\lopez\Downloads\TechToolStore.exe
2018-03-13 12:27 - 2018-03-31 22:55 - 000000000 ____D C:\ProgramData\Tech Tool Store
2018-03-13 12:27 - 2018-03-13 12:28 - 000000000 ____D C:\Users\lopez\AppData\Local\2Browse
2018-03-13 12:19 - 2018-03-17 05:51 - 000000000 ____D C:\Program Files\UVK - Ultra Virus Killer
2018-03-13 12:19 - 2018-03-17 05:43 - 000000000 ____D C:\ProgramData\UVK
2018-03-12 21:45 - 2018-03-29 23:00 - 000004374 __RSH C:\ProgramData\ntuser.pol
2018-03-12 19:32 - 2018-03-29 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2018-03-12 19:32 - 2018-03-12 19:32 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2018-03-12 19:32 - 2018-03-12 19:32 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2018-03-12 19:32 - 2018-03-12 19:32 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2018-03-12 19:32 - 2018-03-12 19:32 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2018-03-12 19:32 - 2018-03-12 19:32 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2018-03-12 19:32 - 2018-03-12 19:32 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2018-03-12 19:32 - 2018-03-12 19:32 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-03-12 19:30 - 2018-03-13 01:38 - 000000000 ____D C:\ESD
2018-03-12 19:28 - 2018-03-19 21:18 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-03-12 19:28 - 2018-03-12 19:28 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-03-12 19:11 - 2018-03-12 19:11 - 000000000 _____ C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-03-12 18:01 - 2018-03-12 18:01 - 000000000 ____D C:\Users\lopez\AppData\Local\Python-Eggs
2018-03-12 17:58 - 2018-03-29 22:36 - 000000000 ____D C:\Users\lopez\AppData\Roaming\deluge
2018-03-12 17:56 - 2018-03-29 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deluge
2018-03-12 17:55 - 2018-03-12 17:56 - 000000000 ____D C:\Program Files (x86)\Deluge
2018-03-10 10:45 - 2018-03-10 14:16 - 000000000 ___HD C:\ProgramData\CanonIJScan
2018-03-10 01:59 - 2018-03-10 01:59 - 000000000 ____D C:\Users\lopez\Downloads\nirsoft_package_enc_1.20.31
2018-03-10 00:56 - 2018-03-31 18:27 - 000007609 _____ C:\Users\lopez\AppData\Local\Resmon.ResmonCfg
2018-03-09 19:36 - 2018-03-29 16:02 - 000002356 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome Beta.lnk
2018-03-09 19:34 - 2018-03-09 19:34 - 000000000 _____ C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2018-03-08 23:31 - 2018-03-08 23:31 - 000000000 ____D C:\Program Files (x86)\Cisco
2018-03-06 23:41 - 2018-03-06 23:41 - 000000000 ____D C:\Users\lopez\AppData\LocalLow\Temp
2018-03-06 22:50 - 2018-03-06 22:50 - 000000000 ___HD C:\ProgramData\CanonIJMyPrinter
2018-03-06 20:18 - 2018-03-06 20:18 - 000000279 _____ C:\Users\lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin (2).lnk
2018-03-06 09:41 - 2018-03-15 13:27 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-03-06 09:40 - 2018-03-15 13:27 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-06 09:40 - 2018-03-15 13:27 - 130364688 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-06 07:47 - 2018-03-06 07:47 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-03-06 07:40 - 2018-03-06 07:40 - 000000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-03-05 23:19 - 2018-03-05 23:19 - 000000000 ____D C:\Users\lopez\AppData\Roaming\Macromedia
2018-03-05 22:53 - 2018-03-05 22:53 - 000548000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-03-05 22:04 - 2018-03-05 22:04 - 000000279 _____ C:\Users\lopez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recycle Bin.lnk
2018-03-05 22:00 - 2018-03-05 22:00 - 000000000 _SHDL C:\Documents and Settings
2018-03-05 21:41 - 2018-03-05 21:41 - 000000000 ___HD C:\ProgramData\CanonIJQuickMenu
2018-03-05 21:38 - 2018-03-05 21:39 - 000000000 ____D C:\Program Files\Canon
2018-03-05 21:24 - 2018-03-10 10:45 - 000000000 ____D C:\Users\lopez\AppData\Roaming\Canon
2018-03-05 21:24 - 2018-03-05 21:39 - 000000000 ____D C:\ProgramData\CanonIJWSpt
2018-03-05 21:13 - 2018-03-05 21:13 - 000000000 ____D C:\ProgramData\Canon
2018-03-05 20:59 - 2018-03-29 18:48 - 000000000 ____D C:\WINDOWS\system32\STRING
2018-03-05 20:59 - 2018-03-29 08:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2018-03-05 20:59 - 2018-03-08 23:34 - 000000000 ____D C:\Program Files (x86)\Canon
2018-03-05 20:59 - 2018-03-05 20:59 - 000000000 ___HD C:\ProgramData\CanonBJ
2018-03-05 20:59 - 2018-03-05 20:59 - 000000000 ____D C:\ProgramData\Canon IJ Network Tool
2018-03-05 20:59 - 2015-03-17 09:51 - 000375296 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6PPM.DLL
2018-03-05 20:59 - 2015-03-17 09:51 - 000039424 _____ (CANON INC.) C:\WINDOWS\system32\CNMN6UI.DLL
2018-03-05 20:59 - 2015-03-17 09:50 - 000380928 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNMNPPM.DLL
2018-03-05 20:59 - 2015-01-29 12:22 - 000353792 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_CTL.dll
2018-03-05 20:59 - 2014-12-02 17:01 - 000089088 _____ C:\WINDOWS\SysWOW64\CNC178AD.TBL
2018-03-05 20:59 - 2008-08-25 19:02 - 000015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2018-03-05 20:58 - 2018-03-05 20:58 - 000000000 ___HD C:\Program Files\CanonBJ
2018-03-05 20:58 - 2015-03-12 06:00 - 000406528 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMCT.DLL
2018-03-05 20:57 - 2018-03-29 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-03-05 20:56 - 2018-03-29 18:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-03-05 20:56 - 2018-03-06 09:17 - 000000000 ____D C:\Program Files\7-Zip
2018-03-05 20:56 - 2018-03-05 20:56 - 000000000 ____D C:\Program Files\VideoLAN
2018-03-05 20:53 - 2018-03-06 09:17 - 000000000 ____D C:\ProgramData\Win864
2018-03-05 20:53 - 2018-03-06 09:17 - 000000000 ____D C:\ProgramData\Win832
2018-03-05 20:53 - 2018-03-05 20:53 - 000000000 ____D C:\ProgramData\XP32
2018-03-05 20:53 - 2018-03-05 20:53 - 000000000 ____D C:\ProgramData\Win764
2018-03-05 20:53 - 2018-03-05 20:53 - 000000000 ____D C:\ProgramData\Win732
2018-03-05 20:53 - 2018-03-05 20:53 - 000000000 ____D C:\ProgramData\Vista64
2018-03-05 20:53 - 2018-03-05 20:53 - 000000000 ____D C:\ProgramData\Vista32
2018-03-05 20:43 - 2018-03-31 18:35 - 000000000 __SHD C:\Users\lopez\IntelGraphicsProfiles
2018-03-05 20:43 - 2018-03-29 16:10 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2018-03-05 20:35 - 2018-03-08 23:30 - 000000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2018-03-05 20:35 - 2018-03-05 20:35 - 000000000 ____D C:\WINDOWS\Options
2018-03-05 20:35 - 2015-05-21 23:44 - 000094864 _____ C:\WINDOWS\system32\athw10x.cat
2018-03-05 20:35 - 2015-05-21 23:44 - 000094845 _____ C:\WINDOWS\system32\athwbx.cat
2018-03-05 20:35 - 2015-05-18 00:33 - 004301304 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athw10x.sys
2018-03-05 20:35 - 2015-05-07 02:38 - 004274176 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\athwbx.sys
2018-03-05 20:34 - 2018-03-16 06:25 - 000000000 ____D C:\Users\lopez\AppData\Local\ElevatedDiagnostics
2018-03-05 20:33 - 2015-06-23 11:37 - 000895256 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2018-03-05 20:33 - 2015-06-23 11:37 - 000091272 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2018-03-05 20:31 - 2018-03-17 05:50 - 000000000 ____D C:\ProgramData\Qualcomm Atheros
2018-03-05 20:31 - 2018-03-05 20:53 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-03-05 20:31 - 2018-03-05 20:33 - 000000000 ____D C:\Program Files (x86)\REALTEK
2018-03-05 20:31 - 2014-03-24 13:37 - 000422400 _____ (Realtek) C:\WINDOWS\SwUSB.exe
2018-03-05 20:31 - 2013-10-18 17:42 - 000048856 _____ () C:\WINDOWS\runSW.exe
2018-03-05 20:31 - 2013-04-02 00:19 - 000574464 _____ (Realtek Semiconductor Corp. ) C:\WINDOWS\system32\Rtlihvs.dll
2018-03-05 20:31 - 2010-12-01 10:31 - 000451072 _____ C:\WINDOWS\SysWOW64\ISSRemoveSP.exe
2018-03-05 20:24 - 2018-03-31 05:45 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-05 20:24 - 2018-03-05 20:24 - 000000000 ____D C:\Users\lopez\AppData\Local\Downloaded Installations
2018-03-05 20:14 - 2018-03-09 19:37 - 000000000 ____D C:\Users\lopez\AppData\Roaming\Google
2018-03-05 20:13 - 2018-03-12 20:02 - 000000000 ___RD C:\Users\lopez\OneDrive
2018-03-05 20:13 - 2018-03-09 19:36 - 000000000 ____D C:\Users\lopez\AppData\Local\Google
2018-03-05 20:13 - 2018-03-09 19:36 - 000000000 ____D C:\Program Files (x86)\Google
2018-03-05 20:12 - 2018-03-05 20:12 - 000000000 ____D C:\Users\lopez\AppData\Local\Comms
2018-03-05 20:06 - 2018-03-05 20:06 - 000000000 ___HD C:\Users\lopez\MicrosoftEdgeBackups
2018-03-05 20:05 - 2018-03-29 16:11 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-03-05 20:05 - 2018-03-29 16:11 - 000000000 ___RD C:\Users\lopez\3D Objects
2018-03-05 20:05 - 2018-03-29 15:53 - 000000000 ____D C:\Users\lopez\AppData\Local\Packages
2018-03-05 20:05 - 2018-03-08 03:49 - 000000000 ____D C:\Users\lopez\AppData\Local\Publishers
2018-03-05 20:05 - 2018-03-05 20:06 - 000000000 ____D C:\Users\lopez\AppData\Local\MicrosoftEdge
2018-03-05 20:05 - 2018-03-05 20:06 - 000000000 ____D C:\Users\lopez\AppData\Local\ConnectedDevicesPlatform
2018-03-05 20:05 - 2018-03-05 20:05 - 000000000 ____D C:\Users\lopez\AppData\Roaming\Adobe
2018-03-05 20:04 - 2018-03-29 15:51 - 000000000 ____D C:\WINDOWS\VMC412
2018-03-05 20:04 - 2018-03-29 08:25 - 000000000 ____D C:\Program Files\Intel
2018-03-05 20:04 - 2018-03-05 20:04 - 000000000 ____D C:\Program Files (x86)\Intel
2018-03-05 20:04 - 2018-03-05 20:04 - 000000000 ____D C:\Intel
2018-03-05 20:03 - 2018-03-29 15:51 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-03-05 20:01 - 2018-03-05 20:01 - 000000000 ____D C:\WINDOWS\CSC
2018-03-05 20:00 - 2018-03-26 16:00 - 000000000 ____D C:\WINDOWS\softwaredistribution.bak

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-03-29 18:48 - 2017-09-29 08:46 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy

==================== Files in the root of some directories =======

2018-03-30 05:07 - 2018-03-30 05:07 - 000001894 _____ () C:\Users\lopez\AppData\Local\recently-used.xbel
2018-03-10 00:56 - 2018-03-31 18:27 - 000007609 _____ () C:\Users\lopez\AppData\Local\Resmon.ResmonCfg
2018-03-30 22:08 - 2018-03-30 22:18 - 000001293 _____ () C:\Users\lopez\AppData\Local\Temp1.html
2018-03-30 22:19 - 2018-03-30 22:19 - 000003285 _____ () C:\Users\lopez\AppData\Local\Temp12.html

Some files in TEMP:
====================
2018-03-31 05:08 - 2018-03-24 14:17 - 001946296 _____ (Microsoft Corporation) C:\Users\lopez\AppData\Local\Temp\dllnt_dump.dll
2018-03-30 23:20 - 2018-03-30 23:20 - 011605440 _____ (SurfRight B.V.) C:\Users\lopez\AppData\Local\Temp\HitmanPro_x64.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-03-29 15:49

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by lopez (31-03-2018 23:00:36)
Running from C:\Users\lopez\Desktop
Windows 10 Pro Version 1803 17133.1 (X64) (2018-03-29 21:10:17)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1257469720-80147945-486867430-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1257469720-80147945-486867430-503 - Limited - Disabled)
Guest (S-1-5-21-1257469720-80147945-486867430-501 - Limited - Disabled)
lopez (S-1-5-21-1257469720-80147945-486867430-1001 - Administrator - Enabled) => C:\Users\lopez
WDAGUtilityAccount (S-1-5-21-1257469720-80147945-486867430-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 18.01 (x64) (HKLM\...\7-Zip) (Version: 18.01 - Igor Pavlov)
Anti-WebMiner version 1.1 (HKLM-x32\...\{F63D1DFD-E9A7-4B86-832E-C7935F218489}_is1) (Version: 1.1 - Greatis Software)
BhoScanner 2.2.4 (HKLM-x32\...\BhoScanner_is1) (Version: - Nsasoft LLC.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.4.4 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.7.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon MG3600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3600_series) (Version: 1.00 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Deluge 1.3.15 (HKLM-x32\...\Deluge) (Version: - )
EMSC (HKLM-x32\...\{FEF06E73-A519-4510-8CF3-B66041B91D8A}) (Version: 0.0.0.24C - Compal Electronics, Inc.) Hidden
Epic Games Launcher Prerequisites (x64) (HKLM\...\{66C5838F-B854-4A55-89E6-A6138747A4DF}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Google Chrome Beta (HKLM-x32\...\Google Chrome Beta) (Version: 66.0.3359.66 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Launcher Prerequisites (x64) (HKLM-x32\...\{c6c5a357-c7ca-4a5f-9789-3bb1af579253}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9029.2253 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Notezilla 8.0 (HKLM-x32\...\Notezilla_is1) (Version: 8.0 - Conceptworld Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9029.2253 - Microsoft Corporation) Hidden
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.213.243 - REALTEK Semiconductor Corp.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.59.0 - Samsung Electronics Co., Ltd.)
Trojan Remover (HKLM-x32\...\Trojan Remover_is1) (Version: 6.9.5.0 - Simply Super Software)
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 10.8.3.0 - Carifred)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1257469720-80147945-486867430-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} => -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers1-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Users\lopez\Glary Utilities 5\ContextHandler.dll -> No File
ContextMenuHandlers2-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Users\lopez\Glary Utilities 5\ContextHandler.dll -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-03] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-01-28] (Igor Pavlov)
ContextMenuHandlers6-x32: [Glary Utilities] -> {B3C418F8-922B-4faf-915E-59BC14448CF7} => C:\Users\lopez\Glary Utilities 5\ContextHandler.dll -> No File

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03FA6933-E4E4-42D0-B26A-0A3DB573486E} - System32\Tasks\Microsoft\Windows\WaaSMedic\PerformRemediation
Task: {0D807860-7401-405A-B3C9-9CC434C475F6} - System32\Tasks\Microsoft\Windows\Speech\HeadsetButtonPress => C:\WINDOWS\system32\speech_onecore\common\SpeechRuntime.exe [2018-03-24] (Microsoft Corporation)
Task: {18EC95D6-B35B-4BFB-9FD9-E900E8D21ECE} - System32\Tasks\Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback
Task: {3D67B6AB-79A5-4F3F-B78E-398E04D10A63} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-19] (Microsoft Corporation)
Task: {43DE5DC6-D1C2-42B6-99C4-31DBABFDC404} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-03-24] ()
Task: {65276EA0-D002-4AB2-9CD6-17EC0B4C63C9} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)
Task: {67FCF73F-39ED-436A-A6F1-0D56ED4BD53C} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [2018-02-18] (Simply Super Software)
Task: {74C6001F-ECA3-4E59-A9CB-DA4C10138B86} - System32\Tasks\Microsoft\Windows\DirectX\DXGIAdapterCache => C:\WINDOWS\system32\dxgiadaptercache.exe [2018-03-24] (Microsoft Corporation)
Task: {80C3A47A-DCDE-4789-B97C-CF05C4562F16} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdates
Task: {81212A13-F09E-4616-9BE3-38ACC59CB586} - System32\Tasks\Microsoft\Windows\InstallService\SmartRetry
Task: {8229E99B-DF1F-4228-BB61-218AC0FF6E83} - System32\Tasks\Microsoft\Windows\InstallService\ScanForUpdatesAsUser
Task: {8E64EFF0-D523-411A-BDA1-8516C2586C5C} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndScanForUpdates
Task: {8FE48F5D-D74B-450B-AC07-893EC1AB8CF3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-03-19] (Microsoft Corporation)
Task: {A4F17CB9-3786-4B10-ACA0-E6E49912EB4F} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe
Task: {B53519FF-2F63-4EF0-8F15-046721F51803} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources
Task: {BD187816-880D-4B9E-9749-59AB33BF800E} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [2018-03-04] (Simply Super Software)
Task: {C4566833-179E-40DC-88D4-DB5D9AB3AC7E} - System32\Tasks\TR_FastScan_Daily_lopez => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [2018-03-04] (Simply Super Software)
Task: {CA9BFA63-3A1C-49F6-A898-FC1DF261EE62} - System32\Tasks\Microsoft\Windows\InstallService\WakeUpAndContinueUpdates
Task: {F6F45F7C-7156-4C46-AE12-2E43B13543E8} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-03-19] (Microsoft Corporation)
Task: {F8E35F33-7EB7-4E14-BED7-592DCA6FA7EA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-03-12] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-03-24 14:17 - 2018-03-24 14:17 - 000491736 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-24 14:16 - 2018-03-24 14:16 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-03-24 14:17 - 2018-03-24 14:17 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-03-24 14:18 - 2018-03-25 06:22 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-03-28 13:42 - 2018-03-27 21:39 - 004443992 _____ () C:\Program Files (x86)\Google\Chrome Beta\Application\66.0.3359.66\libglesv2.dll
2018-03-28 13:42 - 2018-03-27 21:39 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome Beta\Application\66.0.3359.66\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Public\AppData:CSM [464]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AudioSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudAddService.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HdAudBus.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\usbaudio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioSrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudAddService.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\HdAudBus.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\usbaudio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Media"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => "SafeBootDrivers"="1"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-09-29 08:46 - 2018-03-29 17:49 - 000008962 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0x1f4b0.com
0.0.0.0 1q2w3.fun
0.0.0.0 1q2w3.website
0.0.0.0 2giga.link
0.0.0.0 8jd2lfsq.me
0.0.0.0 aalbbh84.info
0.0.0.0 adless.io
0.0.0.0 ad-miner.com
0.0.0.0 adrenali.gq
0.0.0.0 afflow.18-plus.net
0.0.0.0 afminer.com
0.0.0.0 ajcryptominer.com
0.0.0.0 ajplugins.com
0.0.0.0 akvideo.stream
0.0.0.0 altavista.ovh
0.0.0.0 analytics.blue
0.0.0.0 andlache.com
0.0.0.0 anime.reactor.cc
0.0.0.0 a-o.ninja
0.0.0.0 api.inwemo.com
0.0.0.0 appelamule.com
0.0.0.0 aservices.party
0.0.0.0 audioknigi.club
0.0.0.0 auroramine.com
0.0.0.0 authedmine.com
0.0.0.0 averoconnector.com
0.0.0.0 azvjudwr.info
0.0.0.0 bablace.com
0.0.0.0 baiduccdn1.com
0.0.0.0 bauersagtnein.myeffect.net

There are 305 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1257469720-80147945-486867430-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\lopez\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SecurityHealth"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{198C36CA-1C62-435A-B489-7EC2382571A2}C:\program files (x86)\google\chrome beta\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome beta\application\chrome.exe
FirewallRules: [UDP Query User{0C6BBC0C-2023-4441-B2CC-5DD2D0898963}C:\program files (x86)\google\chrome beta\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome beta\application\chrome.exe
FirewallRules: [TCP Query User{83B01485-4134-473C-BF57-5BE9263956BB}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [UDP Query User{C5AB456D-D871-4EA3-A316-161033A44F82}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe] => (Allow) C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
FirewallRules: [{8F126CCF-541E-4B37-9F4A-30818DDBE15A}] => (Allow) C:\Users\lopez\Downloads\nirsoft_package_enc_1.20.31\NirSoft\x64\networktrafficview.exe
FirewallRules: [{DED6D576-2885-4654-A3BB-F4AD3D76A072}] => (Allow) C:\Users\lopez\Downloads\nirsoft_package_enc_1.20.31\NirSoft\x64\networktrafficview.exe
FirewallRules: [{F35CBAD3-CF1F-40E0-976D-D7B17E53F036}] => (Allow) C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
FirewallRules: [TCP Query User{A569523A-9F2E-40E2-BC1A-6C79491F0FA2}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [UDP Query User{E1DB71EA-061A-416A-9740-363FB0955491}C:\program files (x86)\deluge\deluge.exe] => (Allow) C:\program files (x86)\deluge\deluge.exe
FirewallRules: [{5DF005A0-3B49-4582-9F46-E5CB10E7EBF7}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe
FirewallRules: [{D18A5C1C-134B-4262-9401-5C21B1B17A2B}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe
FirewallRules: [{6F7CFDBF-51E0-4014-B591-0D7117F8BA48}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en64.exe

==================== Restore Points =========================

30-03-2018 00:18:41 Ultra Adware Killer adware removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2018 05:25:30 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17133.1_none_e4d992df105abfa4.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17133.1_none_2c86c9b624d6e8aa.manifest.

Error: (03/31/2018 05:25:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17133.1_none_e4d992df105abfa4.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17133.1_none_2c86c9b624d6e8aa.manifest.

Error: (03/31/2018 05:14:32 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17133.1_none_e4d992df105abfa4.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17133.1_none_2c86c9b624d6e8aa.manifest.

Error: (03/31/2018 05:13:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17133.1_none_e4d992df105abfa4.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17133.1_none_2c86c9b624d6e8aa.manifest.

Error: (03/31/2018 05:13:16 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17133.1_none_e4d992df105abfa4.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17133.1_none_2c86c9b624d6e8aa.manifest.

Error: (03/31/2018 05:45:37 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW. hr = 0x80070006, The handle is invalid.
.


Operation:
Executing Asynchronous Operation

Context:
Current State: DoSnapshotSet

Error: (03/30/2018 10:12:24 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program LockApp.exe version 10.0.17133.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 12e0

Start Time: 01d3c89dfb3132ca

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe

Report Id: 9a2e2898-b16e-4210-a84c-15ac76404c53

Faulting package full name: Microsoft.LockApp_10.0.17133.1_neutral__cw5n1h2txyewy

Faulting package-relative application ID: WindowsDefaultLockScreen

Error: (03/30/2018 10:22:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wnetwatcher.exe, version: 2.1.7.0, time stamp: 0x5a8e6d85
Faulting module name: wnetwatcher.exe, version: 2.1.7.0, time stamp: 0x5a8e6d85
Exception code: 0xc0000005
Fault offset: 0x0000e237
Faulting process id: 0x1b44
Faulting application start time: 0x01d3c83a2b29a02b
Faulting application path: C:\Users\lopez\Downloads\nirsoft_package_enc_1.20.31\NirSoft\wnetwatcher.exe
Faulting module path: C:\Users\lopez\Downloads\nirsoft_package_enc_1.20.31\NirSoft\wnetwatcher.exe
Report Id: 471d164b-78bc-4f34-aa45-396f68a47dd9
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (03/31/2018 10:37:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7LCG84P)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-7LCG84P\lopez SID (S-1-5-21-1257469720-80147945-486867430-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/31/2018 10:37:26 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-7LCG84P)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user DESKTOP-7LCG84P\lopez SID (S-1-5-21-1257469720-80147945-486867430-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (03/31/2018 06:47:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7LCG84P)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (03/31/2018 06:45:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error:
%%2147943458 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/31/2018 06:45:27 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start. Error 2147943458.

Error: (03/31/2018 06:45:25 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-7LCG84P)
Description: The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM within the required timeout.

Error: (03/31/2018 06:43:27 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Background Intelligent Transfer Service service terminated with the following service-specific error:
%%2147943458 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (03/31/2018 06:43:27 PM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT AUTHORITY)
Description: The BITS service failed to start. Error 2147943458.


Windows Defender:
===================================
Date: 2018-03-31 07:18:29.171
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=HackTool:Win32/Gendows&threatid=2147646077&enterprise=0
Name: HackTool:Win32/Gendows
ID: 2147646077
Severity: Medium
Category: Tool
Path: file:_C:\Users\lopez\AppData\Local\Temp\avz_6796_1.tmp
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\lopez\Downloads\Tech tool store tools\KasperskyAVZTool\avz4\avz.exe
Signature Version: AV: 1.263.1819.0, AS: 1.263.1819.0, NIS: 1.263.1819.0
Engine Version: AM: 1.1.14600.4, NIS: 1.1.14600.4

Date: 2018-03-30 17:44:29.558
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {806736BE-0C6E-45B8-9BB5-5549B1318489}
Scan Type: Antimalware
Scan Parameters: Quick Scan

CodeIntegrity:
===================================

Date: 2018-03-31 18:32:48.778
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-31 18:15:59.587
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-31 13:11:22.200
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-30 23:31:25.692
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-30 22:31:36.396
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-30 22:20:36.599
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-30 22:09:05.320
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2018-03-30 13:37:50.196
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\GUBootStartup.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Pentium® CPU G2030 @ 3.00GHz
Percentage of memory in use: 71%
Total physical RAM: 3992.27 MB
Available physical RAM: 1130.23 MB
Total Virtual: 5400.27 MB
Available Virtual: 2609.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.45 GB) (Free:810.41 GB) NTFS

\\?\Volume{083385e2-cf73-466d-b257-bfb772348844}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.11 GB) NTFS
\\?\Volume{15ceec06-a03b-4875-ab9e-7ee0f58be92d}\ () (Fixed) (Total:0.46 GB) (Free:0.08 GB) NTFS
\\?\Volume{e972e9c6-146f-4a1a-9a54-445c74d2f924}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: E70DE16E)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 01 April 2018 - 08:45 AM.
Posted truncated reports


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:52 AM

Posted 01 April 2018 - 08:41 AM

Greetings astronautchick and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 astronautchick

astronautchick
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Texas
  • Local time:11:52 AM

Posted 01 April 2018 - 11:18 AM

My apologies, 

 

I  thought I was supposed to follow the instructions listed here:

https://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

 

Could you please tell me how to proceed?

 

Thank you



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:52 AM

Posted 01 April 2018 - 02:09 PM

Thank you for your patience.

You are doing great so far. Let's start with this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CreateRestorePoint:
CloseProcesses:
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [No File]
S3 BcastDVRUserService_3cd4d; C:\WINDOWS\system32\svchost.exe [51280 2018-03-24] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BcastDVRUserService_3cd4d; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-03-24] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BluetoothUserService_3cd4d; C:\WINDOWS\system32\svchost.exe [51280 2018-03-24] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 BluetoothUserService_3cd4d; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-03-24] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 CaptureService_3cd4d; C:\WINDOWS\system32\svchost.exe [51280 2018-03-24] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 CaptureService_3cd4d; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-03-24] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 ImControllerService; "%SystemDrive%\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe"
2018-03-30 22:19 - 2018-03-30 22:19 - 000003285 _____ C:\Users\lopez\AppData\Local\Temp12.html
2018-03-30 22:08 - 2018-03-30 22:18 - 000001293 _____ C:\Users\lopez\AppData\Local\Temp1.html
2018-03-14 20:28 - 2018-03-14 20:28 - 000000016 _____ C:\ProgramData\mntemp
AlternateDataStreams: C:\Users\Public\AppData:CSM [464]
cmd: msinfo32 /nfo SystemSummary.nfo /categories +systemsummary
cmd: gpresult /v
Folder: C:\ProgramData\Parmavex
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • A mysummary flie will be created on your Desktop. Attach that file to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Attached SystemSummary report
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:52 AM

Posted 06 April 2018 - 09:00 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,959 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:52 AM

Posted 08 April 2018 - 08:13 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users