Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Laptop is very slow and unresponsive


  • This topic is locked This topic is locked
44 replies to this topic

#1 ZeroSnake

ZeroSnake

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 09 April 2018 - 09:50 PM

Hello i been having this problem with my laptop where its unresponsive at times and its very slow. I used Malwarebytes and it did come up with some spyware and malware and it removed them but the problem still resides somehow. 

 

Im currently on a windows 10 and i installed updates on it like 3 days ago. So now i want my laptop to work at its optimal speed but to no avial its not working normally. I would really appreciate it if an expert here can help me out, thank you!



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:16 PM

Posted 10 April 2018 - 05:33 AM

ZeroSnake:

:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum. My name is Phil. May I address you by your first name?

I will be assisting you with your computer issues. I will endeavor to respond within a reasonable time. Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.

I would ask that you please copy and paste the contents of all requested log files directly into your replies. Please do not use "code" or "quote" boxes. Thank you for your anticipated cooperation.

Please follow the steps in this post, particularly Step :step6: in this post, and provide with a set of FRST scan logs.

Once I receive your FRST scan logs, I will need some time to review your the logs. That could take a day or two, but I do hope to respond later today with an initial FRST "fixlist" script, providing I receive them by noon my time.

PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues. It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#3 ZeroSnake

ZeroSnake
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 10 April 2018 - 09:24 AM

Hey my name is Antonio you can call me by that name.
 
Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14.03.2018
Ran by user_2 (administrator) on ASUS (10-04-2018 09:12:56)
Running from C:\Users\user_2\Desktop
Loaded Profiles: user_2 &  (Available Profiles: user_2 & user)
Platform: Microsoft Windows 10 Home Version 1709 16299.334 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe
(ASUS Cloud Corporation) C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe
(Intel Corporation) C:\Windows\System32\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(IObit) C:\Program Files\IObit\IObit Uninstaller\IUService.exe
(PACE Anti-Piracy, Inc.) C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.7\GoogleCrashHandler.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe
(Intel Corporation) C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe
(IObit) C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLoader.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
() C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPCenter.exe
(AsusTek) C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPHelper.exe
(IObit) C:\Program Files\IObit\Driver Booster\5.3.0\Scheduler.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files\IObit\Driver Booster\5.3.0\Pub\PubMonitor.exe
(Microsoft Corporation) C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [488344 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\WINDOWS\system32\DptfPolicyLpmServiceHelper.exe [81336 2014-12-30] (Intel Corporation)
HKLM\...\Run: [WebStorage] => C:\Program Files\ASUS\WebStorage\2.0.3.226\ASUSWSLoader.exe [63296 2013-08-16] ()
HKLM\...\Run: [RtkNGUI] => C:\Program Files\Realtek\Audio\AP\RtkNGUI.exe [2912256 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [IObit Malware Fighter] => C:\Program Files\IObit\IObit Malware Fighter\IMF.exe [5867280 2018-03-01] (IObit)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-05-25] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-07-26] (Apple Inc.)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-03-12] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-4159443819-3708154595-3523450213-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090039331\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]]
HKU\S-1-5-21-4159443819-3708154595-3523450213-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090039331\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.48.225.130 200.48.225.146
Tcpip\..\Interfaces\{499374a1-ba7f-47ed-a479-9988174d8d19}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{c5e63d77-6be8-4c06-a07b-b1208bf46cd9}: [DhcpNameServer] 13.6.0.99
Tcpip\..\Interfaces\{d60fed44-ffb3-4f6e-a273-cd4144d26cf0}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{d9cfc703-188a-4170-be34-351733d2b45e}: [DhcpNameServer] 200.48.225.130 200.48.225.146
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://safesearch.avira.com/#web/result?source=art&q=
HKU\S-1-5-21-4159443819-3708154595-3523450213-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4159443819-3708154595-3523450213-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-4159443819-3708154595-3523450213-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090036212\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-4159443819-3708154595-3523450213-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090036212\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-4159443819-3708154595-3523450213-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090039331\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-4159443819-3708154595-3523450213-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090039331\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-10-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-10-19] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2016-01-19] (DVDVideoSoft Ltd.)
 
FireFox:
========
FF DefaultProfile: 1q5of8wu.default
FF ProfilePath: C:\Users\user_2\AppData\Roaming\Mozilla\Firefox\Profiles\1q5of8wu.default [2018-04-04]
FF user.js: detected! => C:\Users\user_2\AppData\Roaming\Mozilla\Firefox\Profiles\1q5of8wu.default\user.js [2018-03-26]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_29_0_0_113.dll [2018-03-26] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2013-07-12] (Intel Corporation)
FF Plugin: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2013-07-12] (Intel Corporation)
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-10-19] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-26] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2017-11-26] (Google Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-03-09] (Adobe Systems)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\itms.js [2016-07-26]
 
Chrome: 
=======
CHR NewTab: Default ->  Not-active:"chrome-extension://khjilmcjipkeokomeekfnhkpbnhmgaje/html/newtab.html"
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default [2018-04-10]
CHR Extension: (Slides) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-01-18]
CHR Extension: (Docs) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-01-18]
CHR Extension: (Google Drive) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-25]
CHR Extension: (YouTube) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-25]
CHR Extension: (Google Search) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-25]
CHR Extension: (Sheets) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-01-18]
CHR Extension: (Avira Browser Safety) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-06-12]
CHR Extension: (Google Docs Offline) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-15]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\khjilmcjipkeokomeekfnhkpbnhmgaje [2018-03-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (vidIQ Vision for YouTube) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pachckjkecffpdphbpmfolblodfkgbhl [2018-04-06]
CHR Extension: (Data Saver) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmgfdlgomnbgkofeojodiodmgpgmkac [2017-04-09]
CHR Extension: (Gmail) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-25]
CHR Extension: (Chrome Media Router) - C:\Users\user_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-03-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [khjilmcjipkeokomeekfnhkpbnhmgaje] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1136744 2018-03-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [492560 2018-03-26] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [492560 2018-03-26] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1533608 2018-03-26] (Avira Operations GmbH & Co. KG)
R2 AsHidService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsHidSrv.exe [103224 2013-09-09] (ASUSTek Computer Inc.)
R2 ASLDRService; C:\Program Files\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe [115512 2014-02-18] (ASUSTek Computer Inc.)
R2 Asus WebStorage Windows Service; C:\Program Files\ASUS\WebStorage\2.0.3.226\AsusWSWinService.exe [71680 2013-08-16] (ASUS Cloud Corporation) [File not signed]
R2 ATKGFNEXSrv; C:\Program Files\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2011-11-21] (ASUS)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [443024 2018-03-12] (Avira Operations GmbH & Co. KG)
S2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [1677016 2015-04-08] (Broadcom Corporation.)
S3 cphs; C:\WINDOWS\system32\IntelCpHeciSvc.exe [280696 2016-05-12] (Intel Corporation)
S3 DigitalWave.Update.Service; C:\Program Files\Common Files\DVDVideoSoft\lib\app_updater.exe [388968 2016-03-28] (Digital Wave Ltd.) [File not signed]
S2 DptfParticipantProcessorService; C:\WINDOWS\system32\DptfParticipantProcessorService.exe [83384 2014-12-30] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\WINDOWS\system32\DptfPolicyCriticalService.exe [97208 2014-12-30] (Intel Corporation)
S2 DptfPolicyLpmService; C:\WINDOWS\system32\DptfPolicyLpmService.exe [90552 2014-12-30] (Intel Corporation)
R2 esifsvc; C:\WINDOWS\system32\esif_uf.exe [1230504 2015-08-12] (Intel Corporation)
R2 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [274040 2016-05-12] (Intel Corporation)
R2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [1770784 2018-01-08] (IObit)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [586752 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [637912 2013-07-01] (Intel® Corporation)
R2 IObitUnSvr; C:\Program Files\IObit\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
R2 jhi_service; C:\Program Files\Intel\TXE Components\DAL\jhi_service.exe [168216 2014-01-15] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4675872 2018-03-03] (Malwarebytes)
S3 PinnacleUpdateSvc; C:\Program Files\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC) [File not signed]
R2 SystemUsageReportSvc_WILLAMETTE; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [117400 2016-06-08] ()
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [11293936 2018-04-03] (TeamViewer GmbH)
S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [396952 2016-06-08] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [279408 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [86696 2017-09-29] (Microsoft Corporation)
R2 PaceLicenseDServices; "C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe" -u https://activation.paceap.com/InitiateActivation [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP; C:\Program Files\ASUS\ATK Package\ATKGFNEX\ASMMAP.sys [13880 2009-07-02] (ASUS)
R3 AsusSGDrv; C:\WINDOWS\System32\drivers\AsusSGDrv.sys [118264 2015-12-14] (ASUS Corporation)
R1 ATKWMIACPIIO; C:\Program Files\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi.sys [17720 2013-07-02] (ASUSTek Computer Inc.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [54088 2017-06-15] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [147576 2018-03-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [168776 2018-03-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [53256 2017-03-02] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [77560 2017-03-02] (Avira Operations GmbH & Co. KG)
R3 BCMSDH43XX; C:\WINDOWS\system32\DRIVERS\bcmdhd63.sys [302080 2017-09-29] (Broadcom Corp)
R3 bthl2cap; C:\WINDOWS\system32\DRIVERS\bthl2cap.sys [64000 2017-09-29] (Microsoft Corporation)
R3 BthLEEnum; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.Legacy.LEEnumerator.sys [60416 2017-09-29] (Microsoft Corporation)
R3 BthMini; C:\WINDOWS\System32\drivers\BTHMINI.sys [23040 2017-09-29] (Microsoft Corporation)
S3 btwampfl; C:\WINDOWS\System32\drivers\btwampfl.sys [162560 2015-04-08] (Broadcom Corporation.)
R3 BtwSerialBus; C:\WINDOWS\System32\drivers\BtwSerialBus.sys [139520 2015-04-08] (Broadcom Corporation.)
R3 camera; C:\WINDOWS\system32\DRIVERS\camera.sys [345088 2013-12-02] (Intel Corporation)
R3 CM3218x; C:\WINDOWS\System32\drivers\WUDFRd.sys [186880 2017-09-29] (Microsoft Corporation)
R3 CPLMACPI; C:\WINDOWS\System32\drivers\CPLMACPI.sys [25040 2015-07-07] (Capella Microsystems, Inc.)
S3 cpuz138; C:\Users\Jtgho\AppData\Local\Temp\cpuz138\cpuz138_x32.sys [27832 2016-11-14] (CPUID)
S3 DptfDevAmbient; C:\WINDOWS\System32\drivers\DptfDevAmbient.sys [44472 2014-12-30] (Intel Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [51704 2015-08-12] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [227848 2015-08-12] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae.sys [58664 2018-01-18] ()
S2 giveio; C:\WINDOWS\system32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 GPIO; C:\WINDOWS\System32\drivers\iaiogpioe.sys [23552 2013-12-30] (Intel Corporation)
R3 GpioVirtual; C:\WINDOWS\System32\drivers\iaiogpiovirtual.sys [16896 2013-12-30] (Intel Corporation)
R3 HIDSwitch; C:\WINDOWS\System32\drivers\AsHIDSwitch.sys [17416 2015-05-12] (ASUS)
R1 HWiNFO32; C:\WINDOWS\system32\drivers\HWiNFO32.SYS [23840 2016-07-23] (REALiX™)
R3 iaioi2c; C:\WINDOWS\System32\drivers\iaioi2ce.sys [58368 2013-11-14] (Intel Corporation)
R3 iaiouart; C:\WINDOWS\System32\drivers\iaiouart.sys [87552 2013-12-30] (Intel Corporation)
S3 iaStorA; C:\WINDOWS\System32\drivers\iaStorA.sys [505192 2013-08-08] (Intel Corporation)
R1 IMFCameraProtect; C:\WINDOWS\system32\drivers\IMFCameraProtect.sys [42944 2017-04-06] (IObit.com)
R3 IMFDownProtect; C:\Program Files\IObit\IObit Malware Fighter\drivers\win10_x86\IMFDownProtect.sys [38272 2017-03-08] (IObit.com)
S3 IMFFilter; C:\Program Files\IObit\IObit Malware Fighter\Drivers\win10_x86\IMFFilter.sys [39360 2017-02-17] (IObit)
R3 IMFForceDelete; C:\Program Files\IObit\IObit Malware Fighter\drivers\win10_x86\IMFForceDelete.sys [32032 2017-06-23] (IObit.com)
S3 intaud_WaveExtensible; C:\WINDOWS\system32\drivers\intelaud.sys [44016 2015-12-01] (Intel Corporation)
R3 IntelSST; C:\WINDOWS\system32\drivers\isstrtc.sys [254464 2013-12-30] (Intel® Corporation)
R3 INVN_MotionApps; C:\WINDOWS\System32\drivers\WUDFRd.sys [186880 2017-09-29] (Microsoft Corporation)
S3 iobit_monitor_server; C:\Program Files\IObit\Advanced SystemCare Ultimate\drivers\Monitor_x86.sys [15216 2016-11-23] (IObit)
R3 IUFileFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win10_x86\IUFileFilter.sys [38304 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files\IObit\IObit Uninstaller\drivers\win10_x86\IURegProcessFilter.sys [38216 2018-01-10] (IObit.com)
R3 iwdbus; C:\WINDOWS\System32\drivers\iwdbus.sys [35320 2015-12-01] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [167648 2018-04-06] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [90856 2018-04-09] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [41352 2018-04-09] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [220896 2018-03-30] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [81632 2018-04-10] (Malwarebytes)
R0 MBI; C:\WINDOWS\System32\drivers\MBI.sys [21456 2013-12-30] (Intel Corporation)
R3 MT9M114; C:\WINDOWS\System32\drivers\MT9M114.sys [38912 2013-12-02] (Intel Corporation)
R3 PMIC; C:\WINDOWS\System32\drivers\PMIC.sys [48128 2013-12-30] (Intel Corporation)
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [32192 2016-11-03] (IObit.com)
R3 rtii2sac; C:\WINDOWS\system32\DRIVERS\rtii2sac.sys [263936 2015-05-20] (Realtek Semiconductor Corp.)
R2 speedfan; C:\WINDOWS\system32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 tap0901; C:\WINDOWS\System32\drivers\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
R3 TXEI; C:\WINDOWS\System32\drivers\TXEI.sys [75792 2014-02-26] (Intel Corporation)
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [20944 2016-01-11] (IObit.com)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37440 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [253848 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [98200 2017-09-29] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [186880 2017-09-29] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-10 09:12 - 2018-04-10 09:13 - 000024592 _____ C:\Users\user_2\Desktop\FRST.txt
2018-04-10 09:12 - 2018-04-10 09:12 - 000000000 ____D C:\FRST
2018-04-10 09:04 - 2018-04-10 09:04 - 001764352 _____ (Farbar) C:\Users\user_2\Desktop\FRST.exe
2018-04-10 09:00 - 2018-04-10 09:00 - 000081632 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-04-09 20:27 - 2018-04-09 20:27 - 000041352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-04-09 20:25 - 2018-04-09 20:25 - 000090856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-04-09 18:58 - 2018-04-09 18:58 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-04-09 18:19 - 2018-04-09 18:19 - 000000000 ___HD C:\$SysReset
2018-04-09 16:29 - 2018-04-09 16:29 - 120003086 _____ C:\Users\user_2\Desktop\87 Keys.mp4
2018-04-09 11:31 - 2018-04-09 12:16 - 000000000 ____D C:\Users\user_2\Desktop\sg a
2018-04-09 11:14 - 2018-04-09 11:14 - 000000000 ____D C:\Users\user_2\AppData\Local\TeamViewer
2018-04-09 11:04 - 2018-04-09 11:04 - 000001080 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
2018-04-09 11:04 - 2018-04-09 11:04 - 000001068 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-04-09 11:04 - 2018-04-09 11:04 - 000000000 ____D C:\Users\user_2\AppData\Roaming\TeamViewer
2018-04-09 11:03 - 2018-04-09 20:24 - 000000000 ____D C:\Program Files\TeamViewer
2018-04-08 21:27 - 2018-04-08 21:29 - 000926076 _____ C:\WINDOWS\Minidump\040818-32171-01.dmp
2018-04-08 21:27 - 2018-04-08 21:27 - 000000000 ____D C:\WINDOWS\Minidump
2018-04-08 20:02 - 2018-04-08 20:03 - 040257104 _____ C:\Users\user_2\Desktop\Flying Machine.mp4
2018-04-07 14:21 - 2018-04-07 14:21 - 000002417 _____ C:\Users\user.asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-07 12:50 - 2018-04-07 12:50 - 000000000 ___HD C:\Users\user.asus\MicrosoftEdgeBackups
2018-04-07 12:50 - 2018-04-07 12:50 - 000000000 ____D C:\Users\user.asus\AppData\Local\MicrosoftEdge
2018-04-07 12:48 - 2018-04-07 12:48 - 000000000 ___RD C:\Users\user.asus\3D Objects
2018-04-07 12:47 - 2018-04-07 12:47 - 000000020 ___SH C:\Users\user.asus\ntuser.ini
2018-04-06 20:12 - 2018-04-06 20:12 - 000167648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-04-06 14:21 - 2018-04-06 14:21 - 000000000 ____D C:\Program Files\Waves Diamond
2018-04-06 14:02 - 2018-04-06 14:02 - 000000000 ____D C:\Program Files\Common Files\VST3
2018-04-06 13:44 - 2018-04-06 13:50 - 000000000 ____D C:\Program Files\VstPlugins
2018-04-06 12:37 - 2018-04-06 12:37 - 000000000 ____D C:\Users\user_2\AppData\Roaming\Xfer
2018-04-06 11:08 - 2018-04-06 11:30 - 000000000 ____D C:\Program Files\Image-Line
2018-04-05 15:54 - 2018-04-05 16:05 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-04-05 15:51 - 2018-04-05 15:54 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-04-05 15:50 - 2018-04-05 15:50 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-04-05 15:47 - 2018-04-05 15:47 - 002491112 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 002465848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 001663488 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 001474680 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 001454568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 001448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 001377080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 001015008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000769096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcrt.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000640512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswstr10.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000353848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msexcl40.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-04-05 15:47 - 2018-04-05 15:47 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-04-05 15:47 - 2018-04-05 15:47 - 000167832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2018-04-05 15:47 - 2018-04-05 15:47 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SIUF.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000108480 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\luafv.sys
2018-04-05 15:47 - 2018-04-05 15:47 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadjcsp.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdrleakdiag.exe
2018-04-05 15:47 - 2018-04-05 15:47 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2018-04-05 15:47 - 2018-04-05 15:47 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2018-04-05 15:47 - 2018-04-05 15:47 - 000008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msjint40.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 002864640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 002315776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 002062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 001990160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 001980928 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 001859584 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-04-05 15:46 - 2018-04-05 15:46 - 001506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 001490328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 001323840 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 001321472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 001280000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 001261864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 001124760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000823808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000817152 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000791960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-04-05 15:46 - 2018-04-05 15:46 - 000746904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Services.TargetedContent.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000660480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000590944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000566272 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9on12.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtrmgr.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000506256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Perception.Stub.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000481792 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000353688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2018-04-05 15:46 - 2018-04-05 15:46 - 000351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpatializerApo.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000213840 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-04-05 15:46 - 2018-04-05 15:46 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PushToInstall.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
2018-04-05 15:46 - 2018-04-05 15:46 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2018-04-05 15:46 - 2018-04-05 15:46 - 000136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcui.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ContentDeliveryManager.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-04-05 15:46 - 2018-04-05 15:46 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_CapabilityAccess.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscript.ocx
2018-04-05 15:46 - 2018-04-05 15:46 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hascsp.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2018-04-05 15:46 - 2018-04-05 15:46 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUpdateAgent.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acppage.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2018-04-05 15:46 - 2018-04-05 15:46 - 000043416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urscx01000.sys
2018-04-05 15:46 - 2018-04-05 15:46 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2018-04-05 15:41 - 2018-04-05 15:41 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-04-05 15:41 - 2018-04-05 15:41 - 000000000 ____D C:\Program Files\MSBuild
2018-04-05 15:40 - 2017-09-28 22:45 - 000360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0404.dll
2018-04-05 15:40 - 2017-09-28 22:44 - 009720320 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0404.dll
2018-04-05 15:40 - 2017-09-28 22:42 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70404.dll
2018-04-05 15:40 - 2017-09-28 22:36 - 002262528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0404.dll
2018-04-05 15:40 - 2017-09-22 22:19 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-04-05 15:40 - 2017-09-22 22:19 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-04-05 15:40 - 2017-09-22 22:19 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-04-05 15:40 - 2017-09-22 22:19 - 000001696 _____ C:\WINDOWS\system32\NOISE.CHT
2018-04-05 15:39 - 2018-04-05 15:39 - 009893376 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000a.dll
2018-04-05 15:39 - 2018-04-05 15:39 - 009559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000a.dll
2018-04-05 15:39 - 2017-09-28 22:45 - 007702016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Models0011.dll
2018-04-05 15:39 - 2017-09-28 22:45 - 002454528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Lexicons0011.dll
2018-04-05 15:39 - 2017-09-28 22:42 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSWB70011.dll
2018-04-05 15:39 - 2017-09-28 22:41 - 007246336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NL7Data0011.dll
2018-04-05 15:39 - 2017-09-22 22:19 - 000002060 _____ C:\WINDOWS\system32\noise.jpn
2018-04-05 15:10 - 2018-03-02 17:09 - 000834552 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2018-04-05 15:10 - 2018-03-02 17:09 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2018-04-05 13:46 - 2018-04-05 13:46 - 000000000 ____D C:\Users\user_2\AppData\Local\DBG
2018-04-05 13:24 - 2018-03-13 01:04 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-04-05 13:23 - 2018-03-13 00:39 - 019355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-04-05 13:23 - 2018-01-01 07:15 - 012687872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-04-05 13:22 - 2018-03-13 01:15 - 006412192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-05 13:22 - 2018-03-13 00:33 - 002652160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-04-05 13:22 - 2018-03-13 00:32 - 006030848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-04-05 13:22 - 2018-02-10 01:09 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-04-05 13:22 - 2018-02-10 01:05 - 004937224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-04-05 13:22 - 2018-02-10 01:05 - 001360992 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-04-05 13:22 - 2018-02-10 00:47 - 013704192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-04-05 13:21 - 2018-03-13 01:19 - 004145488 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-04-05 13:21 - 2018-03-13 00:41 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-04-05 13:21 - 2018-03-13 00:39 - 018923520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-04-05 13:21 - 2018-03-01 01:52 - 011923968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-04-05 13:21 - 2018-02-10 01:08 - 001852312 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-04-05 13:21 - 2018-01-01 07:14 - 002022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-04-05 13:21 - 2018-01-01 07:14 - 001959424 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-04-05 13:20 - 2018-03-13 01:23 - 001328024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-05 13:20 - 2018-03-13 01:20 - 000603552 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-05 13:20 - 2018-03-13 01:19 - 000542624 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-05 13:20 - 2018-03-13 01:18 - 000213408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-04-05 13:20 - 2018-03-13 00:44 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-04-05 13:20 - 2018-03-13 00:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-04-05 13:20 - 2018-03-13 00:38 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-04-05 13:20 - 2018-03-13 00:32 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-04-05 13:20 - 2018-03-01 02:30 - 005615968 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-04-05 13:20 - 2018-02-10 01:17 - 002255112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-04-05 13:20 - 2018-02-10 01:09 - 003485392 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-04-05 13:20 - 2018-02-10 01:08 - 003980720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-04-05 13:20 - 2018-02-10 01:07 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-04-05 13:20 - 2018-02-10 01:07 - 000527864 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-04-05 13:20 - 2018-02-10 01:06 - 006014688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-04-05 13:20 - 2018-02-10 01:06 - 004670728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-04-05 13:20 - 2018-02-10 00:39 - 002677760 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-04-05 13:20 - 2018-02-10 00:38 - 002184192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-04-05 13:20 - 2018-02-10 00:36 - 002341888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-04-05 13:20 - 2018-02-01 23:36 - 003903944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpltfm.dll
2018-04-05 13:20 - 2018-01-01 07:38 - 000677168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-04-05 13:20 - 2018-01-01 07:14 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-04-05 13:20 - 2018-01-01 07:14 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-04-05 13:20 - 2018-01-01 07:13 - 001409536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-04-05 13:20 - 2018-01-01 07:13 - 001034240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-04-05 13:20 - 2018-01-01 07:09 - 001983488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-04-05 13:19 - 2018-03-13 01:22 - 000322464 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-05 13:19 - 2018-03-13 01:22 - 000221600 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-05 13:19 - 2018-03-13 01:21 - 000062368 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-04-05 13:19 - 2018-03-13 01:20 - 000517024 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-05 13:19 - 2018-03-13 01:19 - 000350624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-04-05 13:19 - 2018-03-13 01:15 - 001932824 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-05 13:19 - 2018-03-13 01:15 - 001624488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-05 13:19 - 2018-03-13 01:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-04-05 13:19 - 2018-03-13 00:44 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-04-05 13:19 - 2018-03-13 00:37 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-04-05 13:19 - 2018-03-13 00:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-04-05 13:19 - 2018-03-13 00:33 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-04-05 13:19 - 2018-03-13 00:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-04-05 13:19 - 2018-03-13 00:32 - 001624576 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-04-05 13:19 - 2018-03-13 00:31 - 002247168 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-04-05 13:19 - 2018-03-13 00:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-04-05 13:19 - 2018-03-01 02:28 - 002193168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-04-05 13:19 - 2018-03-01 02:26 - 001524776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-04-05 13:19 - 2018-03-01 02:03 - 000307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-04-05 13:19 - 2018-03-01 01:58 - 004839424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-04-05 13:19 - 2018-03-01 01:54 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-04-05 13:19 - 2018-02-21 20:43 - 000534944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-04-05 13:19 - 2018-02-21 20:43 - 000336800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2018-04-05 13:19 - 2018-02-10 01:18 - 001384288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-04-05 13:19 - 2018-02-10 01:15 - 001145624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-04-05 13:19 - 2018-02-10 01:09 - 002338776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-04-05 13:19 - 2018-02-10 01:09 - 001123456 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-04-05 13:19 - 2018-02-10 01:09 - 000559976 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-04-05 13:19 - 2018-02-10 01:08 - 000718488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2018-04-05 13:19 - 2018-02-10 01:05 - 001246432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-04-05 13:19 - 2018-02-10 01:05 - 001149272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-04-05 13:19 - 2018-02-10 01:05 - 000718488 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-04-05 13:19 - 2018-02-10 00:40 - 000996864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SEMgrSvc.dll
2018-04-05 13:19 - 2018-02-10 00:38 - 000830976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-04-05 13:19 - 2018-02-10 00:37 - 003419136 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-04-05 13:19 - 2018-02-10 00:37 - 003227648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-04-05 13:19 - 2018-02-10 00:36 - 002177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-04-05 13:19 - 2018-02-10 00:36 - 001342464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2018-04-05 13:19 - 2018-02-10 00:35 - 004384768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2018-04-05 13:19 - 2018-02-10 00:35 - 000854016 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-04-05 13:19 - 2018-02-10 00:34 - 004249600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-04-05 13:19 - 2018-02-09 23:03 - 000804240 _____ C:\WINDOWS\system32\locale.nls
2018-04-05 13:19 - 2018-01-01 07:44 - 000480152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-04-05 13:19 - 2018-01-01 07:44 - 000353176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-04-05 13:19 - 2018-01-01 07:19 - 000409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-04-05 13:19 - 2018-01-01 07:19 - 000296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-04-05 13:19 - 2018-01-01 07:17 - 000787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-04-05 13:19 - 2018-01-01 07:16 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-04-05 13:19 - 2018-01-01 07:13 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-04-05 13:19 - 2018-01-01 07:13 - 000695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-04-05 13:19 - 2018-01-01 07:11 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-04-05 13:19 - 2018-01-01 07:09 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-04-05 13:18 - 2018-03-13 01:23 - 000119192 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-05 13:18 - 2018-03-13 01:21 - 000915328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-05 13:18 - 2018-03-13 01:21 - 000799592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-05 13:18 - 2018-03-13 01:19 - 001902496 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-05 13:18 - 2018-03-13 01:19 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-04-05 13:18 - 2018-03-13 01:19 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-04-05 13:18 - 2018-03-13 01:15 - 001116728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-04-05 13:18 - 2018-03-13 01:14 - 001995168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-04-05 13:18 - 2018-03-13 01:14 - 000975224 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-04-05 13:18 - 2018-03-13 01:11 - 000451488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-04-05 13:18 - 2018-03-13 01:08 - 002117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-05 13:18 - 2018-03-13 01:08 - 000607640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-04-05 13:18 - 2018-03-13 01:07 - 000538760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-04-05 13:18 - 2018-03-13 01:06 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-04-05 13:18 - 2018-03-13 01:02 - 002172312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-04-05 13:18 - 2018-03-13 00:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-04-05 13:18 - 2018-03-13 00:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-04-05 13:18 - 2018-03-13 00:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-04-05 13:18 - 2018-03-13 00:32 - 001771520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-04-05 13:18 - 2018-03-13 00:31 - 001629184 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-04-05 13:18 - 2018-03-13 00:31 - 001559552 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-04-05 13:18 - 2018-03-13 00:31 - 000975360 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-05 13:18 - 2018-03-13 00:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-05 13:18 - 2018-03-13 00:31 - 000535552 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-04-05 13:18 - 2018-03-13 00:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-04-05 13:18 - 2018-03-13 00:29 - 001004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-04-05 13:18 - 2018-03-13 00:27 - 001104384 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-04-05 13:18 - 2018-03-01 02:32 - 000414824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-04-05 13:18 - 2018-03-01 02:23 - 005105664 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWSnapin.dll
2018-04-05 13:18 - 2018-03-01 02:21 - 001558856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-04-05 13:18 - 2018-03-01 02:04 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-04-05 13:18 - 2018-03-01 02:03 - 000666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-04-05 13:18 - 2018-03-01 02:03 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcSpecfc.dll
2018-04-05 13:18 - 2018-03-01 02:03 - 000214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-04-05 13:18 - 2018-03-01 01:51 - 002329088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2018-04-05 13:18 - 2018-03-01 01:50 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-04-05 13:18 - 2018-03-01 01:48 - 001652224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-04-05 13:18 - 2018-03-01 01:46 - 004051968 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-04-05 13:18 - 2018-02-21 20:54 - 000233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2018-04-05 13:18 - 2018-02-21 20:46 - 000155552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2018-04-05 13:18 - 2018-02-21 20:45 - 000454048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-04-05 13:18 - 2018-02-21 20:43 - 000128408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2018-04-05 13:18 - 2018-02-21 20:42 - 000279448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-04-05 13:18 - 2018-02-10 01:16 - 000358808 _____ (Microsoft Corporation) C:\WINDOWS\system32\halmacpi.dll
2018-04-05 13:18 - 2018-02-10 01:16 - 000358808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-05 13:18 - 2018-02-10 01:12 - 004382032 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2018-04-05 13:18 - 2018-02-10 01:11 - 001250528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2018-04-05 13:18 - 2018-02-10 01:09 - 000354200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2018-04-05 13:18 - 2018-02-10 01:07 - 000434072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2018-04-05 13:18 - 2018-02-10 01:06 - 000982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-04-05 13:18 - 2018-02-10 01:05 - 001006192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2018-04-05 13:18 - 2018-02-10 01:05 - 000662208 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-04-05 13:18 - 2018-02-10 01:05 - 000456232 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-04-05 13:18 - 2018-02-10 00:46 - 002393600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-04-05 13:18 - 2018-02-10 00:46 - 001470976 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-04-05 13:18 - 2018-02-10 00:46 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-04-05 13:18 - 2018-02-10 00:46 - 000733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-04-05 13:18 - 2018-02-10 00:42 - 001130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-04-05 13:18 - 2018-02-10 00:39 - 003702784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2018-04-05 13:18 - 2018-02-10 00:38 - 000598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-04-05 13:18 - 2018-02-10 00:37 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-04-05 13:18 - 2018-02-10 00:37 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2018-04-05 13:18 - 2018-02-10 00:36 - 002859520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2018-04-05 13:18 - 2018-02-10 00:36 - 000915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-04-05 13:18 - 2018-02-10 00:36 - 000900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-04-05 13:18 - 2018-02-10 00:36 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2018-04-05 13:18 - 2018-02-10 00:35 - 000455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2018-04-05 13:18 - 2018-02-10 00:35 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-04-05 13:18 - 2018-02-10 00:35 - 000348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-04-05 13:18 - 2018-02-10 00:34 - 001352192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-04-05 13:18 - 2018-02-10 00:34 - 001288704 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-04-05 13:18 - 2018-02-10 00:34 - 000603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2018-04-05 13:18 - 2018-02-10 00:33 - 000620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-04-05 13:18 - 2018-02-10 00:32 - 002427904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2018-04-05 13:18 - 2018-02-10 00:31 - 001488896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2018-04-05 13:18 - 2018-02-01 23:36 - 000921032 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmpal.dll
2018-04-05 13:18 - 2018-01-01 07:48 - 000131992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-04-05 13:18 - 2018-01-01 07:42 - 001003152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-04-05 13:18 - 2018-01-01 07:25 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-04-05 13:18 - 2018-01-01 07:25 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboutSettingsHandlers.dll
2018-04-05 13:18 - 2018-01-01 07:24 - 000202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-04-05 13:18 - 2018-01-01 07:20 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-04-05 13:18 - 2018-01-01 07:19 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-04-05 13:18 - 2018-01-01 07:19 - 000237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-04-05 13:18 - 2018-01-01 07:19 - 000183296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2018-04-05 13:18 - 2018-01-01 07:18 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-04-05 13:18 - 2018-01-01 07:18 - 000380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2018-04-05 13:18 - 2018-01-01 07:18 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-04-05 13:17 - 2018-03-13 01:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-04-05 13:17 - 2018-03-13 01:11 - 000612736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-05 13:17 - 2018-03-13 01:08 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-04-05 13:17 - 2018-03-13 01:08 - 000203672 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-04-05 13:17 - 2018-03-13 01:06 - 000575392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-04-05 13:17 - 2018-03-13 00:37 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-04-05 13:17 - 2018-03-13 00:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-04-05 13:17 - 2018-03-13 00:33 - 001232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-04-05 13:17 - 2018-03-13 00:33 - 001132544 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-04-05 13:17 - 2018-03-13 00:32 - 001118720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-04-05 13:17 - 2018-03-13 00:31 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-04-05 13:17 - 2018-03-13 00:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-04-05 13:17 - 2018-03-13 00:28 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-04-05 13:17 - 2018-03-01 02:27 - 000284112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-04-05 13:17 - 2018-03-01 02:03 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-04-05 13:17 - 2018-03-01 02:00 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-04-05 13:17 - 2018-03-01 01:58 - 000405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2018-04-05 13:17 - 2018-03-01 01:58 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-04-05 13:17 - 2018-03-01 01:54 - 000463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-04-05 13:17 - 2018-03-01 01:49 - 001762304 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-04-05 13:17 - 2018-03-01 01:49 - 000748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2018-04-05 13:17 - 2018-03-01 01:48 - 000650240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-04-05 13:17 - 2018-02-21 20:48 - 000065432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-04-05 13:17 - 2018-02-21 20:43 - 000080800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-04-05 13:17 - 2018-02-21 20:42 - 000186784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-04-05 13:17 - 2018-02-21 20:42 - 000076192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2018-04-05 13:17 - 2018-02-21 20:16 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-04-05 13:17 - 2018-02-10 01:17 - 000542856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryPS.dll
2018-04-05 13:17 - 2018-02-10 01:10 - 000422592 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-04-05 13:17 - 2018-02-10 01:09 - 000806808 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2018-04-05 13:17 - 2018-02-10 01:08 - 000592792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-04-05 13:17 - 2018-02-10 01:07 - 000543920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-04-05 13:17 - 2018-02-10 01:05 - 000654456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-04-05 13:17 - 2018-02-10 01:05 - 000322968 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2018-04-05 13:17 - 2018-02-10 01:05 - 000225176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2018-04-05 13:17 - 2018-02-10 01:03 - 000758168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-04-05 13:17 - 2018-02-10 01:03 - 000505160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-04-05 13:17 - 2018-02-10 00:45 - 002890240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2018-04-05 13:17 - 2018-02-10 00:41 - 000451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-04-05 13:17 - 2018-02-10 00:41 - 000201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2018-04-05 13:17 - 2018-02-10 00:40 - 000223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2018-04-05 13:17 - 2018-02-10 00:37 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-04-05 13:17 - 2018-02-10 00:35 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-04-05 13:17 - 2018-02-10 00:33 - 001509888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2018-04-05 13:17 - 2018-02-10 00:31 - 001286144 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2018-04-05 13:17 - 2018-02-01 23:36 - 000854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmcodecs.dll
2018-04-05 13:17 - 2018-01-01 07:49 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-04-05 13:17 - 2018-01-01 07:31 - 000508848 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2018-04-05 13:17 - 2018-01-01 07:21 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-04-05 13:17 - 2018-01-01 07:20 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2018-04-05 13:17 - 2018-01-01 07:19 - 000377856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-04-05 13:17 - 2018-01-01 07:19 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-04-05 13:17 - 2018-01-01 07:17 - 000353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-04-05 13:16 - 2018-03-13 01:42 - 000239000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-04-05 13:16 - 2018-03-13 01:20 - 000030624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-04-05 13:16 - 2018-03-13 01:12 - 000376216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-04-05 13:16 - 2018-03-13 01:12 - 000142744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-04-05 13:16 - 2018-03-13 01:08 - 000339352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-04-05 13:16 - 2018-03-13 01:07 - 000434080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-04-05 13:16 - 2018-03-13 01:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-04-05 13:16 - 2018-03-13 01:07 - 000088992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-04-05 13:16 - 2018-03-13 01:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-04-05 13:16 - 2018-03-13 01:06 - 000074000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2018-04-05 13:16 - 2018-03-13 01:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2018-04-05 13:16 - 2018-03-13 01:01 - 000506272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-04-05 13:16 - 2018-03-13 00:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2018-04-05 13:16 - 2018-03-13 00:39 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-04-05 13:16 - 2018-03-13 00:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-04-05 13:16 - 2018-03-13 00:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-04-05 13:16 - 2018-03-13 00:36 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-04-05 13:16 - 2018-03-13 00:36 - 000438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-04-05 13:16 - 2018-03-13 00:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-05 13:16 - 2018-03-13 00:32 - 000794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-04-05 13:16 - 2018-03-13 00:30 - 000728064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-04-05 13:16 - 2018-03-13 00:28 - 000179200 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-04-05 13:16 - 2018-03-13 00:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-04-05 13:16 - 2018-03-13 00:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2018-04-05 13:16 - 2018-03-01 16:28 - 000661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-04-05 13:16 - 2018-03-01 02:44 - 000253144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-04-05 13:16 - 2018-03-01 02:41 - 000816632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-04-05 13:16 - 2018-03-01 02:37 - 000508312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2018-04-05 13:16 - 2018-03-01 02:35 - 000195488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-04-05 13:16 - 2018-03-01 02:27 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2018-04-05 13:16 - 2018-03-01 02:27 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-04-05 13:16 - 2018-03-01 02:26 - 000040856 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-04-05 13:16 - 2018-03-01 02:25 - 000116120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-04-05 13:16 - 2018-03-01 02:25 - 000048024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2018-04-05 13:16 - 2018-03-01 02:24 - 000078232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-04-05 13:16 - 2018-03-01 01:59 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountWAMExtension.dll
2018-04-05 13:16 - 2018-03-01 01:57 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-04-05 13:16 - 2018-02-21 20:50 - 000156056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ataport.sys
2018-04-05 13:16 - 2018-02-21 20:48 - 000081824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-04-05 13:16 - 2018-02-21 20:42 - 000038304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-04-05 13:16 - 2018-02-21 20:18 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-04-05 13:16 - 2018-02-10 01:13 - 000271768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-04-05 13:16 - 2018-02-10 01:12 - 000965016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-04-05 13:16 - 2018-02-10 01:10 - 000445336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-04-05 13:16 - 2018-02-10 01:09 - 000320312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2018-04-05 13:16 - 2018-02-10 01:07 - 000123808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2018-04-05 13:16 - 2018-02-10 01:07 - 000089504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2018-04-05 13:16 - 2018-02-10 01:07 - 000083216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2018-04-05 13:16 - 2018-02-10 01:07 - 000061024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-04-05 13:16 - 2018-02-10 01:07 - 000040840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2018-04-05 13:16 - 2018-02-10 01:05 - 000718232 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-04-05 13:16 - 2018-02-10 01:05 - 000386424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-04-05 13:16 - 2018-02-10 01:05 - 000295488 _____ (Microsoft Corporation) C:\WINDOWS\system32\vac.exe
2018-04-05 13:16 - 2018-02-10 01:05 - 000193248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-04-05 13:16 - 2018-02-10 01:05 - 000129184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-04-05 13:16 - 2018-02-10 01:05 - 000077552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudNotifications.exe
2018-04-05 13:16 - 2018-02-10 01:05 - 000074992 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2018-04-05 13:16 - 2018-02-10 00:46 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cldflt.sys
2018-04-05 13:16 - 2018-02-10 00:42 - 000731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2018-04-05 13:16 - 2018-02-10 00:41 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2018-04-05 13:16 - 2018-02-10 00:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-04-05 13:16 - 2018-02-10 00:41 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2018-04-05 13:16 - 2018-02-10 00:40 - 000642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-04-05 13:16 - 2018-02-10 00:39 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2018-04-05 13:16 - 2018-02-10 00:39 - 000447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2018-04-05 13:16 - 2018-02-10 00:38 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2018-04-05 13:16 - 2018-02-10 00:38 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2018-04-05 13:16 - 2018-02-10 00:36 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-04-05 13:16 - 2018-02-10 00:36 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2018-04-05 13:16 - 2018-02-10 00:35 - 002413568 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2018-04-05 13:16 - 2018-02-10 00:35 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2018-04-05 13:16 - 2018-02-10 00:34 - 000215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2018-04-05 13:16 - 2018-02-10 00:33 - 000604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-04-05 13:16 - 2018-02-10 00:32 - 000681472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2018-04-05 13:16 - 2018-02-10 00:32 - 000576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-04-05 13:16 - 2018-02-10 00:31 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-04-05 13:16 - 2018-02-01 23:36 - 000649672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ortcengine.dll
2018-04-05 13:16 - 2018-02-01 23:36 - 000054720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtmmvrortc.dll
2018-04-05 13:16 - 2018-01-01 08:08 - 000049560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-04-05 13:16 - 2018-01-01 07:48 - 000300952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-04-05 13:16 - 2018-01-01 07:48 - 000142640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-04-05 13:16 - 2018-01-01 07:47 - 000052632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-04-05 13:16 - 2018-01-01 07:42 - 000047512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-04-05 13:16 - 2018-01-01 07:40 - 000454072 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-04-05 13:16 - 2018-01-01 07:22 - 000073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspptp.sys
2018-04-05 13:16 - 2018-01-01 07:19 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\P2P.dll
2018-04-05 13:16 - 2018-01-01 07:19 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-04-05 13:16 - 2018-01-01 07:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-04-05 13:16 - 2018-01-01 07:18 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-04-05 13:16 - 2018-01-01 07:17 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-04-05 13:16 - 2018-01-01 07:17 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-04-05 13:16 - 2018-01-01 07:16 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-04-05 13:15 - 2018-03-13 01:08 - 000258464 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-04-05 13:15 - 2018-03-13 01:06 - 000097184 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-04-05 13:15 - 2018-03-13 00:41 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-04-05 13:15 - 2018-03-13 00:40 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-04-05 13:15 - 2018-03-13 00:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2018-04-05 13:15 - 2018-03-13 00:38 - 000170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-04-05 13:15 - 2018-03-13 00:37 - 000797696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-04-05 13:15 - 2018-03-13 00:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2018-04-05 13:15 - 2018-03-13 00:37 - 000390656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-04-05 13:15 - 2018-03-13 00:37 - 000281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-04-05 13:15 - 2018-03-13 00:37 - 000222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-04-05 13:15 - 2018-03-13 00:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-04-05 13:15 - 2018-03-13 00:33 - 000628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-05 13:15 - 2018-03-13 00:31 - 000733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-04-05 13:15 - 2018-03-13 00:29 - 000676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-04-05 13:15 - 2018-03-13 00:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-04-05 13:15 - 2018-03-13 00:26 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-04-05 13:15 - 2018-03-01 02:03 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-04-05 13:15 - 2018-03-01 02:03 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-04-05 13:15 - 2018-03-01 02:01 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-04-05 13:15 - 2018-03-01 01:58 - 000539648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-04-05 13:15 - 2018-03-01 01:58 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-04-05 13:15 - 2018-03-01 01:57 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-04-05 13:15 - 2018-03-01 01:55 - 000346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-04-05 13:15 - 2018-02-21 20:19 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2018-04-05 13:15 - 2018-02-21 20:18 - 000031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-04-05 13:15 - 2018-02-21 20:12 - 000076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2018-04-05 13:15 - 2018-02-10 01:05 - 000079256 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2018-04-05 13:15 - 2018-02-10 00:44 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-04-05 13:15 - 2018-02-10 00:43 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-04-05 13:15 - 2018-02-10 00:43 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-04-05 13:15 - 2018-02-10 00:43 - 000110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll
2018-04-05 13:15 - 2018-02-10 00:43 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-04-05 13:15 - 2018-02-10 00:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCShellCommonProxyStub.dll
2018-04-05 13:15 - 2018-02-10 00:42 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-04-05 13:15 - 2018-02-10 00:42 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppLockerCSP.dll
2018-04-05 13:15 - 2018-02-10 00:42 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-04-05 13:15 - 2018-02-10 00:42 - 000035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2018-04-05 13:15 - 2018-02-10 00:41 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-04-05 13:15 - 2018-02-10 00:41 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-04-05 13:15 - 2018-02-10 00:40 - 000886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2018-04-05 13:15 - 2018-02-10 00:40 - 000856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2018-04-05 13:15 - 2018-02-10 00:40 - 000602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-04-05 13:15 - 2018-02-10 00:40 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2018-04-05 13:15 - 2018-02-10 00:40 - 000195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreCommonProxyStub.dll
2018-04-05 13:15 - 2018-02-10 00:39 - 000721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-04-05 13:15 - 2018-02-10 00:39 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2018-04-05 13:15 - 2018-02-10 00:38 - 000653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2018-04-05 13:15 - 2018-02-10 00:38 - 000324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-04-05 13:15 - 2018-02-10 00:37 - 003287040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2018-04-05 13:15 - 2018-02-10 00:36 - 001230848 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2018-04-05 13:15 - 2018-02-10 00:35 - 002013184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-04-05 13:15 - 2018-02-10 00:35 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-04-05 13:15 - 2018-02-10 00:35 - 000434176 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.immersiveshell.serviceprovider.dll
2018-04-05 13:15 - 2018-02-10 00:35 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2018-04-05 13:15 - 2018-02-10 00:35 - 000329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2018-04-05 13:15 - 2018-02-10 00:34 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2018-04-05 13:15 - 2018-02-10 00:33 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-04-05 13:15 - 2018-02-10 00:33 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-04-05 13:15 - 2018-02-10 00:32 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2018-04-05 13:15 - 2018-02-10 00:31 - 001159680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2018-04-05 13:15 - 2018-01-01 07:49 - 000258808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-04-05 13:15 - 2018-01-01 07:49 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-04-05 13:15 - 2018-01-01 07:48 - 000081816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2018-04-05 13:15 - 2018-01-01 07:48 - 000027544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys
2018-04-05 13:15 - 2018-01-01 07:47 - 000096152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2018-04-05 13:15 - 2018-01-01 07:46 - 000289816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-04-05 13:15 - 2018-01-01 07:45 - 000450928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-04-05 13:15 - 2018-01-01 07:45 - 000073896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2018-04-05 13:15 - 2018-01-01 07:44 - 000221592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-04-05 13:15 - 2018-01-01 07:44 - 000186520 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2018-04-05 13:15 - 2018-01-01 07:44 - 000104344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2018-04-05 13:15 - 2018-01-01 07:44 - 000100248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-04-05 13:15 - 2018-01-01 07:44 - 000099240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-04-05 13:15 - 2018-01-01 07:44 - 000061336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-04-05 13:15 - 2018-01-01 07:44 - 000033176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Diskdump.sys
2018-04-05 13:15 - 2018-01-01 07:44 - 000026008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-04-05 13:15 - 2018-01-01 07:44 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2018-04-05 13:15 - 2018-01-01 07:40 - 000417360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2018-04-05 13:15 - 2018-01-01 07:39 - 000042392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys
2018-04-05 13:15 - 2018-01-01 07:34 - 000053336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-04-05 13:15 - 2018-01-01 07:23 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2018-04-05 13:15 - 2018-01-01 07:22 - 000061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-04-05 13:15 - 2018-01-01 07:19 - 000629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-04-05 13:15 - 2018-01-01 07:19 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-04-05 13:15 - 2018-01-01 07:19 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2018-04-05 13:14 - 2018-03-13 00:44 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-04-05 13:14 - 2018-03-13 00:43 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-04-05 13:14 - 2018-03-13 00:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-04-05 13:14 - 2018-03-13 00:41 - 000052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2018-04-05 13:14 - 2018-03-13 00:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-05 13:14 - 2018-03-13 00:40 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2018-04-05 13:14 - 2018-03-13 00:40 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-04-05 13:14 - 2018-03-13 00:40 - 000034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-04-05 13:14 - 2018-03-13 00:39 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-04-05 13:14 - 2018-03-13 00:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-04-05 13:14 - 2018-03-13 00:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2018-04-05 13:14 - 2018-03-13 00:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-04-05 13:14 - 2018-03-13 00:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2018-04-05 13:14 - 2018-03-13 00:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-04-05 13:14 - 2018-03-13 00:36 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-04-05 13:14 - 2018-03-13 00:36 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-04-05 13:14 - 2018-03-13 00:36 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2018-04-05 13:14 - 2018-03-13 00:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-05 13:14 - 2018-03-13 00:31 - 002153984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-04-05 13:14 - 2018-03-13 00:30 - 000572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-04-05 13:14 - 2018-03-13 00:28 - 001136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2018-04-05 13:14 - 2018-03-01 02:03 - 000065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-04-05 13:14 - 2018-03-01 02:02 - 000027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2018-04-05 13:14 - 2018-02-10 00:45 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2018-04-05 13:14 - 2018-02-10 00:44 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-04-05 13:14 - 2018-02-10 00:44 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-04-05 13:14 - 2018-02-10 00:44 - 000025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-04-05 13:14 - 2018-02-10 00:44 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2018-04-05 13:14 - 2018-02-10 00:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-04-05 13:14 - 2018-02-10 00:43 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-04-05 13:14 - 2018-02-10 00:43 - 000247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsku.dll
2018-04-05 13:14 - 2018-02-10 00:43 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-04-05 13:14 - 2018-02-10 00:43 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-04-05 13:14 - 2018-02-10 00:43 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2018-04-05 13:14 - 2018-02-10 00:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-04-05 13:14 - 2018-02-10 00:42 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\authz.dll
2018-04-05 13:14 - 2018-02-10 00:42 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-04-05 13:14 - 2018-02-10 00:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-04-05 13:14 - 2018-02-10 00:41 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2018-04-05 13:14 - 2018-02-10 00:41 - 000345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_User.dll
2018-04-05 13:14 - 2018-02-10 00:41 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-04-05 13:14 - 2018-02-10 00:41 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2018-04-05 13:14 - 2018-02-10 00:41 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-04-05 13:14 - 2018-02-10 00:41 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2018-04-05 13:14 - 2018-02-10 00:41 - 000063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2018-04-05 13:14 - 2018-02-10 00:40 - 001171456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-04-05 13:14 - 2018-02-10 00:40 - 000940544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-04-05 13:14 - 2018-02-10 00:40 - 000343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-04-05 13:14 - 2018-02-10 00:40 - 000297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-04-05 13:14 - 2018-02-10 00:39 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl
2018-04-05 13:14 - 2018-02-10 00:39 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\twext.dll
2018-04-05 13:14 - 2018-02-10 00:39 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\regsvr32.exe
2018-04-05 13:14 - 2018-02-10 00:38 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-04-05 13:14 - 2018-02-10 00:38 - 000174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-04-05 13:14 - 2018-02-10 00:37 - 000199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2018-04-05 13:14 - 2018-02-10 00:36 - 000576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2018-04-05 13:14 - 2018-02-10 00:36 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-04-05 13:14 - 2018-02-10 00:34 - 006532096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2018-04-05 13:14 - 2018-02-10 00:32 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.ProxyStub.dll
2018-04-05 13:14 - 2018-02-10 00:31 - 000301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcbase.dll
2018-04-05 13:14 - 2018-02-10 00:31 - 000101376 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2018-04-05 13:14 - 2018-02-10 00:30 - 000057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-04-05 13:14 - 2018-01-01 07:25 - 000075776 _____ C:\WINDOWS\system32\runexehelper.exe
2018-04-05 13:14 - 2018-01-01 07:24 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2018-04-05 13:14 - 2018-01-01 07:23 - 000014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-04-05 13:14 - 2018-01-01 07:22 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2018-04-05 13:14 - 2018-01-01 07:22 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2018-04-05 13:14 - 2018-01-01 07:22 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2018-04-05 13:14 - 2018-01-01 07:22 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-04-05 13:14 - 2018-01-01 07:22 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2018-04-05 13:14 - 2018-01-01 07:22 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dumpstorport.sys
2018-04-05 13:14 - 2018-01-01 07:21 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2018-04-05 13:14 - 2018-01-01 07:21 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2018-04-05 13:14 - 2018-01-01 07:21 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2018-04-05 13:14 - 2018-01-01 07:21 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2018-04-05 13:14 - 2018-01-01 07:21 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2018-04-05 13:14 - 2018-01-01 07:21 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2018-04-05 13:14 - 2018-01-01 07:21 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-04-05 13:14 - 2018-01-01 07:21 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-04-05 13:14 - 2018-01-01 07:21 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2018-04-05 13:14 - 2018-01-01 07:21 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2018-04-05 13:14 - 2018-01-01 07:20 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-04-05 13:14 - 2018-01-01 07:20 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-04-05 13:14 - 2018-01-01 07:19 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2018-04-05 13:14 - 2018-01-01 07:19 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-04-05 13:14 - 2018-01-01 07:19 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2018-04-05 13:14 - 2018-01-01 07:19 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\msoert2.dll
2018-04-05 13:14 - 2018-01-01 07:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2018-04-05 13:14 - 2018-01-01 07:17 - 000071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2018-04-05 13:14 - 2018-01-01 07:16 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-04-05 13:14 - 2018-01-01 07:16 - 000619008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-04-05 13:14 - 2018-01-01 07:10 - 000012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscproxystub.dll
2018-04-05 13:13 - 2018-03-13 00:43 - 000038912 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-04-05 13:13 - 2018-03-13 00:37 - 000274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2018-04-05 13:13 - 2018-03-13 00:36 - 000529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-04-05 13:13 - 2018-03-13 00:36 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-04-05 13:13 - 2018-03-13 00:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-04-05 13:13 - 2018-03-01 02:01 - 000019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-04-05 13:13 - 2018-03-01 01:46 - 000026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-04-05 13:13 - 2018-01-01 07:25 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-04-05 13:13 - 2018-01-01 07:24 - 000196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-04-05 13:13 - 2018-01-01 07:23 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-04-05 13:13 - 2018-01-01 07:23 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2018-04-05 13:13 - 2018-01-01 07:23 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2018-04-05 13:13 - 2018-01-01 07:23 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2018-04-05 13:13 - 2018-01-01 07:22 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2018-04-05 13:13 - 2018-01-01 07:22 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys
2018-04-05 13:13 - 2018-01-01 07:22 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2018-04-05 13:13 - 2018-01-01 07:22 - 000049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys
2018-04-05 13:13 - 2018-01-01 07:22 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lltdio.sys
2018-04-05 13:13 - 2018-01-01 07:22 - 000040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2018-04-05 13:13 - 2018-01-01 07:22 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2018-04-05 13:13 - 2018-01-01 07:22 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-04-05 13:13 - 2018-01-01 07:22 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2018-04-05 13:13 - 2018-01-01 07:21 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2018-04-05 13:13 - 2018-01-01 07:21 - 000108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2018-04-05 13:13 - 2018-01-01 07:21 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-04-05 13:13 - 2018-01-01 07:21 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-04-05 13:13 - 2018-01-01 07:21 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2018-04-05 13:13 - 2018-01-01 07:21 - 000037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-04-05 13:13 - 2018-01-01 07:21 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2018-04-05 13:13 - 2018-01-01 07:20 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-04-05 13:13 - 2018-01-01 07:20 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-04-05 13:13 - 2018-01-01 07:20 - 000244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-04-05 13:13 - 2018-01-01 07:20 - 000211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-04-05 13:13 - 2018-01-01 07:20 - 000161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-04-05 13:13 - 2018-01-01 07:20 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-04-05 13:13 - 2018-01-01 07:20 - 000131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2018-04-05 13:13 - 2018-01-01 07:20 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-04-05 13:13 - 2018-01-01 07:20 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-04-05 13:13 - 2018-01-01 07:20 - 000076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2018-04-05 13:13 - 2018-01-01 07:20 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2018-04-05 13:13 - 2018-01-01 07:19 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-04-05 13:13 - 2018-01-01 07:19 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2018-04-05 13:13 - 2018-01-01 07:19 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-04-05 13:13 - 2018-01-01 07:19 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-04-05 13:13 - 2018-01-01 07:19 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-04-05 13:13 - 2018-01-01 07:18 - 000640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-04-05 13:13 - 2018-01-01 07:18 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-04-05 13:13 - 2018-01-01 07:18 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-04-05 13:13 - 2018-01-01 07:18 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2018-04-05 13:13 - 2018-01-01 07:18 - 000189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2018-04-05 13:13 - 2018-01-01 07:18 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2018-04-05 13:13 - 2018-01-01 07:17 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-04-05 13:13 - 2018-01-01 07:17 - 000725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2018-04-05 13:13 - 2018-01-01 07:17 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2018-04-05 13:13 - 2018-01-01 07:15 - 000769536 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-04-05 13:13 - 2018-01-01 07:14 - 000315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2018-04-05 13:13 - 2018-01-01 07:14 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2018-04-05 13:13 - 2018-01-01 07:13 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-04-05 13:13 - 2018-01-01 07:13 - 000207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2018-04-05 13:13 - 2018-01-01 07:11 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-04-05 13:13 - 2018-01-01 07:11 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-04-05 13:13 - 2018-01-01 07:11 - 000207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2018-04-05 13:13 - 2018-01-01 07:11 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-04-05 13:13 - 2018-01-01 07:10 - 000707584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-04-05 13:13 - 2018-01-01 07:10 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys
2018-04-05 13:13 - 2018-01-01 07:09 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2018-04-05 13:13 - 2018-01-01 07:09 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-04-05 13:13 - 2018-01-01 07:09 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2018-04-05 13:13 - 2018-01-01 07:09 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2018-04-05 13:13 - 2018-01-01 07:09 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2018-04-05 13:13 - 2018-01-01 07:08 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2018-04-05 13:13 - 2018-01-01 07:08 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys
2018-04-05 13:12 - 2018-04-05 13:12 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2018-04-05 12:48 - 2018-04-05 12:48 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-04-05 12:47 - 2018-04-05 12:47 - 000000000 ___HD C:\Users\user_2\MicrosoftEdgeBackups
2018-04-05 12:45 - 2018-04-05 15:15 - 000000000 ___RD C:\Users\user_2\3D Objects
2018-04-05 12:44 - 2018-04-05 12:44 - 000000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2018-04-05 12:43 - 2018-04-05 12:43 - 000000020 ___SH C:\Users\user_2\ntuser.ini
2018-04-05 12:40 - 2018-04-09 20:23 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-04-05 12:38 - 2018-04-05 12:40 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2018-04-05 12:38 - 2018-04-05 12:40 - 000011433 _____ C:\WINDOWS\diagerr.xml
2018-04-05 12:27 - 2018-04-09 20:33 - 001373044 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-04-05 12:20 - 2018-04-05 12:20 - 000000000 ____D C:\ProgramData\USOShared
2018-04-05 12:16 - 2018-04-05 12:16 - 000001544 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-04-05 12:14 - 2018-04-05 14:51 - 000000000 ____D C:\Users\user_2\AppData\Local\Packages
2018-04-05 12:13 - 2018-04-07 14:38 - 000000000 ____D C:\Users\user.asus\AppData\Local\Packages
2018-04-05 12:12 - 2018-04-08 21:44 - 000000000 ____D C:\Users\user_2
2018-04-05 12:12 - 2018-04-07 12:50 - 000000000 ____D C:\Users\user.asus
2018-04-05 12:11 - 2016-05-12 16:38 - 000060416 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-04-05 12:09 - 2018-04-09 19:51 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-04-05 12:09 - 2018-04-09 12:44 - 012239864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-04 22:32 - 2018-04-04 22:46 - 000000036 _____ C:\WINDOWS\progress.ini
2018-04-04 21:21 - 2018-04-04 21:21 - 000002408 _____ C:\Users\user_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-02 10:04 - 2018-04-05 12:44 - 000000000 ___DC C:\WINDOWS\Panther
2018-03-30 16:26 - 2018-03-30 16:26 - 000000000 ____D C:\Users\user_2\AppData\Roaming\Sony Creative Software Inc
2018-03-30 09:50 - 2018-03-30 09:50 - 000220896 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-03-29 21:08 - 2018-03-29 21:08 - 000000000 ____D C:\Users\user_2\AppData\Roaming\Publish Providers
2018-03-29 17:16 - 2018-03-29 17:16 - 000000000 ____D C:\WINDOWS\UpdateAssistant
2018-03-29 12:37 - 2018-03-29 12:37 - 000000000 ____D C:\Users\user_2\AppData\LocalLow\Adobe
2018-03-29 10:04 - 2018-03-29 10:04 - 000002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2018-03-29 09:25 - 2018-04-05 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-03-29 09:25 - 2018-03-29 09:25 - 000002107 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-03-29 09:25 - 2018-03-29 09:25 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-03-29 09:25 - 2018-01-18 09:03 - 000058664 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2018-03-27 22:34 - 2017-04-06 10:23 - 000042944 _____ (IObit.com) C:\WINDOWS\system32\Drivers\IMFCameraProtect.sys
2018-03-27 19:34 - 2018-03-27 19:34 - 000000000 ____D C:\Program Files\Malwarebytes
2018-03-27 13:40 - 2018-04-05 16:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 5
2018-03-26 21:50 - 2018-04-04 22:47 - 000000000 ___HD C:\$GetCurrent
2018-03-26 20:41 - 2018-01-18 00:39 - 000082728 _____ (Microsoft Corporation) C:\WINDOWS\system32\osrss.dll
2018-03-26 10:26 - 2018-03-26 10:26 - 000000000 ____D C:\Users\user.asus\AppData\LocalLow\IObit
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-10 08:58 - 2015-08-26 11:37 - 000000000 __SHD C:\Users\user_2\IntelGraphicsProfiles
2018-04-09 23:30 - 2015-08-26 11:37 - 000000000 ____D C:\Users\user_2\AppData\Local\Comms
2018-04-09 23:24 - 2016-07-04 23:10 - 000000000 ___RD C:\Program Files\Skype
2018-04-09 23:24 - 2016-07-04 23:10 - 000000000 ____D C:\ProgramData\Skype
2018-04-09 23:18 - 2016-11-17 20:57 - 000000000 ____D C:\Users\user_2\AppData\Roaming\Skype
2018-04-09 20:23 - 2017-09-29 01:31 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-04-09 18:16 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-04-09 15:31 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-04-09 15:30 - 2017-09-29 07:55 - 000000000 ___HD C:\Program Files\WindowsApps
2018-04-09 15:23 - 2017-09-29 01:31 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-04-08 21:31 - 2017-09-29 07:52 - 000000000 ____D C:\WINDOWS\INF
2018-04-08 21:29 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-04-08 20:59 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\rescache
2018-04-07 14:21 - 2016-12-08 13:37 - 000000000 ___RD C:\Users\user.asus\OneDrive
2018-04-07 12:48 - 2016-12-08 13:18 - 000000000 ____D C:\Users\user.asus\AppData\Local\TileDataLayer
2018-04-07 12:48 - 2014-08-28 17:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-06 13:35 - 2017-03-25 16:09 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-06 12:41 - 2016-12-16 15:27 - 000000000 ____D C:\Users\user_2\AppData\Roaming\Waves Audio
2018-04-06 12:36 - 2017-01-06 18:14 - 000000000 ____D C:\Users\user_2\Documents\Native Instruments
2018-04-06 12:08 - 2016-12-08 11:56 - 000001626 _____ C:\Users\user_2\Desktop\FL Studio 12.lnk
2018-04-06 10:29 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\appcompat
2018-04-05 16:09 - 2017-09-29 07:55 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-04-05 16:06 - 2016-07-16 04:29 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-04-05 16:05 - 2017-09-29 07:58 - 000000000 ____D C:\WINDOWS\Setup
2018-04-05 16:05 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\system32\spool
2018-04-05 16:05 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-04-05 16:05 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-04-05 16:05 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\InputMethod
2018-04-05 16:05 - 2017-09-29 07:55 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-04-05 16:05 - 2017-07-07 09:53 - 000000000 ____D C:\Program Files\UNP
2018-04-05 16:05 - 2017-04-05 19:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2018-04-05 16:05 - 2017-02-17 10:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 4
2018-04-05 16:05 - 2017-01-05 20:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2018-04-05 16:05 - 2016-10-03 18:39 - 000000000 ____D C:\Program Files\Intel
2018-04-05 16:05 - 2016-09-04 17:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2018-04-05 16:05 - 2016-09-02 22:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Karen's Power Tools
2018-04-05 16:05 - 2016-08-16 18:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2018-04-05 16:05 - 2016-06-10 19:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-04-05 16:05 - 2016-04-19 05:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\SoundToys
2018-04-05 16:05 - 2016-04-07 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
2018-04-05 16:05 - 2016-04-04 12:10 - 000000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2018-04-05 16:05 - 2016-03-23 01:26 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2018-04-05 16:05 - 2016-03-23 00:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2018-04-05 16:05 - 2016-03-22 23:28 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\B1 Free Archiver
2018-04-05 16:05 - 2016-03-22 18:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2018-04-05 16:05 - 2016-03-15 12:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2018-04-05 16:05 - 2016-02-10 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2018-04-05 16:05 - 2016-01-12 20:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 64 2.2
2018-04-05 16:05 - 2015-12-28 19:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reveal Sound Spire Plug-In (x86)
2018-04-05 16:05 - 2015-12-20 21:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Charge
2018-04-05 16:05 - 2015-11-29 16:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2018-04-05 16:05 - 2015-11-16 20:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waves
2018-04-05 16:05 - 2015-11-16 15:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\reFX
2018-04-05 16:05 - 2015-11-13 18:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Game Profiler
2018-04-05 16:05 - 2015-11-11 17:29 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iMazing
2018-04-05 16:05 - 2015-10-30 02:58 - 000000000 ____D C:\WINDOWS\ShellNew
2018-04-05 16:05 - 2015-10-10 16:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2018-04-05 16:05 - 2015-10-10 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2018-04-05 16:05 - 2015-10-10 15:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-04-05 16:05 - 2015-02-22 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2018-04-05 16:05 - 2014-08-30 20:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-05 16:05 - 2014-08-29 20:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2018-04-05 16:05 - 2014-08-28 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2018-04-05 16:05 - 2013-12-16 18:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2018-04-05 16:05 - 2013-08-22 04:17 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2018-04-05 16:05 - 2013-08-22 04:17 - 000000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2018-04-05 16:04 - 2017-09-29 07:55 - 000000000 __RHD C:\Users\Public\Libraries
2018-04-05 15:55 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\OCR
2018-04-05 15:54 - 2016-10-03 18:39 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-04-05 15:54 - 2016-04-19 04:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PSPaudioware
2018-04-05 15:54 - 2016-04-10 20:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synapse Audio
2018-04-05 15:54 - 2016-04-09 17:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2018-04-05 15:54 - 2016-04-08 00:35 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iZotope
2018-04-05 15:54 - 2015-12-22 15:27 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camel Audio
2018-04-05 15:54 - 2015-12-02 16:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2018-04-05 15:54 - 2015-11-24 21:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GForce
2018-04-05 15:54 - 2015-11-23 17:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2018-04-05 15:54 - 2015-11-16 19:07 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LUXONIX
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ta-IN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\si-LK
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\am-ET
2018-04-05 15:48 - 2017-09-29 08:38 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-04-05 15:48 - 2017-09-29 07:55 - 000000000 ___RD C:\Program Files\Windows Defender
2018-04-05 15:48 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-04-05 15:48 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-04-05 15:48 - 2017-09-29 07:55 - 000000000 ____D C:\PerfLogs
2018-04-05 15:41 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\System
2018-04-05 15:41 - 2017-09-29 07:49 - 000522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm.exe
2018-04-05 15:41 - 2017-09-29 07:49 - 000256192 _____ (Microsoft Corporation) C:\WINDOWS\winhelp.exe
2018-04-05 15:41 - 2017-09-29 07:49 - 000221600 _____ (Microsoft Corporation) C:\WINDOWS\system32\lanman.drv
2018-04-05 15:41 - 2017-09-29 07:49 - 000177856 _____ (Microsoft Corporation) C:\WINDOWS\system32\typelib.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000169520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole2disp.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000153008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole2nls.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000127213 _____ C:\WINDOWS\system32\ega.cpi
2018-04-05 15:41 - 2017-09-29 07:49 - 000108464 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000092320 _____ (Microsoft Corporation) C:\WINDOWS\system32\krnl386.exe
2018-04-05 15:41 - 2017-09-29 07:49 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\olecli.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000082944 _____ (Microsoft Corporation) C:\WINDOWS\system\olecli.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000069886 _____ C:\WINDOWS\system32\edit.com
2018-04-05 15:41 - 2017-09-29 07:49 - 000068992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMSYSTEM.DLL
2018-04-05 15:41 - 2017-09-29 07:49 - 000068992 _____ (Microsoft Corporation) C:\WINDOWS\system\MMSYSTEM.DLL
2018-04-05 15:41 - 2017-09-29 07:49 - 000056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\graftabl.com
2018-04-05 15:41 - 2017-09-29 07:49 - 000053600 _____ C:\WINDOWS\system32\dosx.exe
2018-04-05 15:41 - 2017-09-29 07:49 - 000050648 _____ C:\WINDOWS\system32\COMMAND.COM
2018-04-05 15:41 - 2017-09-29 07:49 - 000047840 _____ (Microsoft Corporation) C:\WINDOWS\system32\USER.EXE
2018-04-05 15:41 - 2017-09-29 07:49 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmspl.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000042809 _____ C:\WINDOWS\system32\KEY01.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000042592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole2.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000042537 _____ C:\WINDOWS\system32\KEYBOARD.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDEML.DLL
2018-04-05 15:41 - 2017-09-29 07:49 - 000039274 _____ C:\WINDOWS\system32\mem.exe
2018-04-05 15:41 - 2017-09-29 07:49 - 000035776 _____ C:\WINDOWS\system32\NTIO411.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000035552 _____ C:\WINDOWS\system32\NTIO412.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000034688 _____ C:\WINDOWS\system32\NTIO804.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000034688 _____ C:\WINDOWS\system32\NTIO404.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000033968 _____ C:\WINDOWS\system32\NTIO.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system32\COMMDLG.DLL
2018-04-05 15:41 - 2017-09-29 07:49 - 000032816 _____ (Microsoft Corporation) C:\WINDOWS\system\COMMDLG.DLL
2018-04-05 15:41 - 2017-09-29 07:49 - 000029370 _____ C:\WINDOWS\system32\NTDOS411.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000029274 _____ C:\WINDOWS\system32\NTDOS412.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000029146 _____ C:\WINDOWS\system32\NTDOS804.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000029146 _____ C:\WINDOWS\system32\NTDOS404.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000028420 _____ C:\WINDOWS\system32\bios1.rom
2018-04-05 15:41 - 2017-09-29 07:49 - 000028112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DRWATSON.EXE
2018-04-05 15:41 - 2017-09-29 07:49 - 000027866 _____ C:\WINDOWS\system32\NTDOS.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000027792 _____ (Microsoft Corporation) C:\WINDOWS\system32\compobj.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000027200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ctl3dv2.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000027097 _____ C:\WINDOWS\system32\country.sys
2018-04-05 15:41 - 2017-09-29 07:49 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\GDI.EXE
2018-04-05 15:41 - 2017-09-29 07:49 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\OLESVR.DLL
2018-04-05 15:41 - 2017-09-29 07:49 - 000024064 _____ (Microsoft Corporation) C:\WINDOWS\system\OLESVR.DLL
2018-04-05 15:41 - 2017-09-29 07:49 - 000021232 _____ C:\WINDOWS\system32\graphics.pro
2018-04-05 15:41 - 2017-09-29 07:49 - 000020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdmredir.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000020634 _____ C:\WINDOWS\system32\debug.exe
2018-04-05 15:41 - 2017-09-29 07:49 - 000019694 _____ C:\WINDOWS\system32\GRAPHICS.COM
2018-04-05 15:41 - 2017-09-29 07:49 - 000018896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysedit.exe
2018-04-05 15:41 - 2017-09-29 07:49 - 000018832 _____ C:\WINDOWS\system32\v7vga.rom
2018-04-05 15:41 - 2017-09-29 07:49 - 000016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdmd.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000014710 _____ C:\WINDOWS\system32\KB16.COM
2018-04-05 15:41 - 2017-09-29 07:49 - 000013888 _____ (Microsoft Corporation) C:\WINDOWS\system32\TOOLHELP.DLL
2018-04-05 15:41 - 2017-09-29 07:49 - 000013312 _____ C:\WINDOWS\system32\win87em.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000012704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFWNET.DRV
2018-04-05 15:41 - 2017-09-29 07:49 - 000012704 _____ (Microsoft Corporation) C:\WINDOWS\system\WFWNET.DRV
2018-04-05 15:41 - 2017-09-29 07:49 - 000012642 _____ C:\WINDOWS\system32\edlin.exe
2018-04-05 15:41 - 2017-09-29 07:49 - 000012498 _____ C:\WINDOWS\system32\append.exe
2018-04-05 15:41 - 2017-09-29 07:49 - 000011753 _____ C:\WINDOWS\system32\setver.exe
2018-04-05 15:41 - 2017-09-29 07:49 - 000010790 _____ C:\WINDOWS\system32\EDIT.HLP
2018-04-05 15:41 - 2017-09-29 07:49 - 000010544 _____ (Microsoft Corporation) C:\WINDOWS\system32\COMM.drv
2018-04-05 15:41 - 2017-09-29 07:49 - 000009936 _____ (Microsoft Corporation) C:\WINDOWS\system32\lzexpand.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000009936 _____ (Microsoft Corporation) C:\WINDOWS\system\lzexpand.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WIFEMAN.DLL
2018-04-05 15:41 - 2017-09-29 07:49 - 000009029 _____ C:\WINDOWS\system32\ANSI.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000009008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ver.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000009008 _____ (Microsoft Corporation) C:\WINDOWS\system\ver.dll
2018-04-05 15:41 - 2017-09-29 07:49 - 000008424 _____ C:\WINDOWS\system32\exe2bin.exe
2018-04-05 15:41 - 2017-09-29 07:49 - 000008191 _____ C:\WINDOWS\system32\bios4.rom
2018-04-05 15:41 - 2017-09-29 07:49 - 000007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\win.com
2018-04-05 15:41 - 2017-09-29 07:49 - 000007052 _____ C:\WINDOWS\system32\nlsfunc.exe
2018-04-05 15:41 - 2017-09-29 07:49 - 000005532 _____ (Microsoft Corporation) C:\WINDOWS\system\stdole.tlb
2018-04-05 15:41 - 2017-09-29 07:49 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\WINNLS.DLL
2018-04-05 15:41 - 2017-09-29 07:49 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHELL.DLL
2018-04-05 15:41 - 2017-09-29 07:49 - 000005120 _____ (Microsoft Corporation) C:\WINDOWS\system\SHELL.DLL
2018-04-05 15:41 - 2017-09-29 07:49 - 000004768 _____ C:\WINDOWS\system32\HIMEM.SYS
2018-04-05 15:41 - 2017-09-29 07:49 - 000004208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storage.dll
2018-04-05 15:40 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-04-05 15:20 - 2017-06-15 18:58 - 000000000 ___SD C:\WINDOWS\UpdateAssistantV2
2018-04-05 14:59 - 2017-09-29 07:55 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-05 14:59 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\TextInput
2018-04-05 14:59 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-04-05 14:59 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-04-05 14:59 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-05 14:59 - 2017-09-29 01:31 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-04-05 14:58 - 2017-09-29 07:55 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-04-05 14:58 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-04-05 14:58 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\Provisioning
2018-04-05 14:58 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-04-05 14:36 - 2017-09-29 07:45 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-05 12:46 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\Registration
2018-04-05 12:46 - 2016-11-15 20:04 - 000000000 ____D C:\Users\user_2\AppData\Local\ConnectedDevicesPlatform
2018-04-05 12:45 - 2015-08-26 11:37 - 000000000 ____D C:\Users\user_2\AppData\Local\TileDataLayer
2018-04-05 12:41 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-04-05 12:36 - 2017-09-29 07:55 - 000000000 ____D C:\WINDOWS\media
2018-04-05 12:36 - 2015-08-26 04:07 - 000021412 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-04-05 12:25 - 2016-01-24 17:35 - 000002249 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-04-05 12:25 - 2016-01-24 17:35 - 000002208 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-05 12:20 - 2017-09-29 07:55 - 000000000 ____D C:\ProgramData\USOPrivate
2018-04-05 12:15 - 2017-03-02 15:57 - 000000000 ____D C:\Users\user_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FabFilter
2018-04-05 12:11 - 2017-09-29 01:31 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-04-04 23:11 - 2014-08-28 17:22 - 000000000 ____D C:\ProgramData\ProductData
2018-04-04 21:21 - 2015-08-26 11:40 - 000000000 ___RD C:\Users\user_2\OneDrive
2018-04-01 17:03 - 2014-10-12 18:38 - 000000000 ____D C:\Users\user_2\AppData\Roaming\Adobe
2018-03-31 12:44 - 2017-05-11 18:20 - 000000000 ____D C:\Users\user_2\AppData\LocalLow\Mozilla
2018-03-30 16:10 - 2016-12-08 13:35 - 000000000 ____D C:\Users\user.asus\AppData\Roaming\Apple Computer
2018-03-30 16:08 - 2016-12-08 13:18 - 000000000 ____D C:\Users\user.asus\AppData\Roaming\IObit
2018-03-29 21:28 - 2017-01-06 18:14 - 000000000 ____D C:\Users\user_2\AppData\Roaming\Sony
2018-03-29 21:17 - 2015-12-28 18:02 - 000000000 ____D C:\Program Files (x86)
2018-03-29 21:09 - 2015-10-12 09:48 - 000000000 ____D C:\Program Files\VMware
2018-03-29 13:02 - 2016-02-25 22:51 - 000000000 ____D C:\Users\user_2\AppData\Local\Adobe
2018-03-29 12:33 - 2016-07-03 20:22 - 000001071 _____ C:\Users\user_2\Documents\Keys.txt
2018-03-29 10:05 - 2014-08-28 17:18 - 000000000 ____D C:\Program Files\IObit
2018-03-28 21:28 - 2017-10-13 14:17 - 127391104 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-03-28 21:27 - 2014-08-30 20:05 - 127391104 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-03-28 11:23 - 2016-09-06 01:56 - 000000000 ____D C:\WINDOWS\pss
2018-03-28 11:23 - 2013-12-16 17:45 - 000000000 ____D C:\WINDOWS\Log
2018-03-27 20:03 - 2016-10-03 18:42 - 000000000 ____D C:\Users\Jtgho
2018-03-27 20:02 - 2016-04-07 18:35 - 000000000 ____D C:\Program Files\KuaiZip
2018-03-27 20:02 - 2016-03-22 23:24 - 000000000 ____D C:\Program Files\B1 Free Archiver
2018-03-27 13:40 - 2014-08-28 17:18 - 000000000 ____D C:\ProgramData\IObit
2018-03-26 21:09 - 2014-06-06 20:18 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-26 20:55 - 2015-10-10 16:01 - 000168776 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2018-03-26 20:55 - 2015-10-10 16:01 - 000147576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2018-03-26 20:41 - 2017-09-29 12:15 - 000000000 ____D C:\Program Files\rempl
 
==================== Files in the root of some directories =======
 
2015-05-29 03:49 - 2015-05-29 03:49 - 006420480 _____ () C:\Program Files\GUT2DF5.tmp
2014-10-15 20:31 - 2014-10-15 20:31 - 000000000 _____ () C:\Users\user_2\AppData\Local\{DCDB34ED-4EA5-4FBA-89FB-CCEA26AF634E}
2014-10-17 20:31 - 2014-10-17 20:31 - 000000000 _____ () C:\Users\user_2\AppData\Local\{EA8282B3-5AF9-43CF-B36C-FAF085118BC7}
 
Some files in TEMP:
====================
2016-10-03 19:28 - 2016-10-11 13:34 - 000000000 ____D () C:\Users\Jtgho\AppData\Local\Temp\avgnt.exe
2016-10-06 22:26 - 2016-10-06 22:26 - 001118360 _____ (© 2015 Microsoft Corporation) C:\Users\Jtgho\AppData\Local\Temp\BSvcProcessor.exe
2016-10-06 22:25 - 2016-10-06 22:25 - 000170128 _____ (© 2015 Microsoft Corporation) C:\Users\Jtgho\AppData\Local\Temp\BSvcUpdater.exe
2016-10-19 14:24 - 2016-10-19 14:24 - 000737856 _____ (Oracle Corporation) C:\Users\Jtgho\AppData\Local\Temp\jre-8u111-windows-au.exe
2016-10-12 15:43 - 2016-10-12 15:43 - 011876048 _____ () C:\Users\Jtgho\AppData\Local\Temp\psiphon-tunnel-core.exe
2016-10-12 15:45 - 2016-10-12 15:45 - 011876048 _____ () C:\Users\Jtgho\AppData\Local\Temp\psiphon-url-proxy.exe
2016-10-26 13:46 - 2016-10-26 13:46 - 000192512 _____ () C:\Users\Jtgho\AppData\Local\Temp\sfamcc00001.dll
2016-10-06 00:36 - 2016-11-05 14:47 - 043768960 _____ (Skype Technologies S.A.) C:\Users\Jtgho\AppData\Local\Temp\SkypeSetup.exe
2018-04-09 10:34 - 2018-04-09 10:36 - 058834376 _____ (Skype Technologies S.A.) C:\Users\user_2\AppData\Local\Temp\SkypeSetup.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-04-05 12:09
 
==================== End of FRST.txt ============================


#4 ZeroSnake

ZeroSnake
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 10 April 2018 - 09:26 AM

Here is the addition log:

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by user_2 (10-04-2018 09:14:45)
Running from C:\Users\user_2\Desktop
Microsoft Windows 10 Home Version 1709 16299.334 (X86) (2018-04-05 16:42:59)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4159443819-3708154595-3523450213-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4159443819-3708154595-3523450213-503 - Limited - Disabled)
Guest (S-1-5-21-4159443819-3708154595-3523450213-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4159443819-3708154595-3523450213-1003 - Limited - Enabled)
user (S-1-5-21-4159443819-3708154595-3523450213-1006 - Limited - Enabled) => C:\Users\user.asus
user_2 (S-1-5-21-4159443819-3708154595-3523450213-1004 - Administrator - Enabled) => C:\Users\user_2
WDAGUtilityAccount (S-1-5-21-4159443819-3708154595-3523450213-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . . (HKLM\...\{06DA421D-EE23-487D-878F-F0AF97EF69AD}) (Version: 2.6.1.4 - Intel) Hidden
. . . (HKLM\...\{679012E8-DFAC-4484-AD14-D08C6FD7FB4B}) (Version: 2.1.28.3 - Intel) Hidden
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.113 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Advanced SystemCare 11 (HKLM\...\Advanced SystemCare_is1) (Version: 11.1.0 - IObit)
Apple Application Support (32-bit) (HKLM\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASIO4ALL (HKLM\...\ASIO4ALL) (Version: 2.12 - Michael Tippach)
ASUS Live Update (HKLM\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.8 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.3 - ASUS)
ASUS Smart Gesture (HKLM\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
ATK Package (HKLM\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0033 - ASUS)
AutoIt v3.3.14.2 (HKLM\...\AutoItv3) (Version: 3.3.14.2 - AutoIt Team)
Avira (HKLM\...\{5269e51a-b619-4c55-8a5c-8c7eaf27e6cf}) (Version: 1.2.108.24268 - Avira Operations GmbH & Co. KG)
Avira (HKLM\...\{DBA89A98-6FF1-4FE3-8147-69DD2C5DE889}) (Version: 1.2.108.24268 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.34.27 - Avira Operations GmbH & Co. KG)
BeatPack (0.9) (HKLM\...\BeatPack) (Version:  - )
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.93.99.187.1 - Broadcom Corporation)
Camel Audio Alchemy (HKLM\...\Camel Audio Alchemy) (Version: 1.25.0 - Camel Audio)
Camel Audio CamelCrusher (HKLM\...\Camel Audio CamelCrusher) (Version: 1.01.0 - Camel Audio)
Camel Audio CamelPhat (HKLM\...\Camel Audio CamelPhat) (Version: 3.50.0 - Camel Audio)
CloudDominator (HKLM\...\{B56A9681-D185-4C86-8CCE-CD0103651977}) (Version: 1.0.1 - SMC Ltd)
Decimort 2 (32bit) (HKLM\...\{13FFD819-E40F-45D7-AC65-A1A14CE67AD0}) (Version: 2.0.0.0 - D16 Group Audio Software)
Driver Booster 5 (HKLM\...\Driver Booster_is1) (Version: 5.3.0 - IObit)
FabFilter Total Bundle (HKLM\...\FabFilter Total Bundle) (Version:  - )
Fallout 3 (HKLM\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
FL Studio 12 (HKLM\...\FL Studio 12) (Version:  - Image-Line)
FL Studio ASIO (HKLM\...\FL Studio ASIO) (Version:  - Image-Line)
GForce - Minimonsta (HKLM\...\Minimonsta) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 65.0.3325.181 - Google Inc.)
Google Drive (HKLM\...\{9BC95947-92FD-438B-A168-C01F9A5B7292}) (Version: 2.34.7529.6838 - Google, Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
hkSFV (remove only) (HKLM\...\hkSFV) (Version: 1.0 - Big-O Software)
IL Download Manager (HKLM\...\IL Download Manager) (Version:  - Image-Line)
IL Harmless (HKLM\...\IL Harmless) (Version:  - Image-Line)
IL MiniHost (HKLM\...\IL MiniHost) (Version:  - Image-Line)
IL Minihost Modular (HKLM\...\IL Minihost Modular) (Version:  - Image-Line)
IL Shared Libraries (HKLM\...\IL Shared Libraries) (Version:  - Image-Line)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4425 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® Driver Update Utility (HKLM\...\{fe2eebd3-ee15-4538-bb19-b627e3f2a911}) (Version: 2.6.1.4 - Intel)
IObit Malware Fighter 5 (HKLM\...\IObit Malware Fighter_is1) (Version: 5.6 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 7.3.0.13 - IObit)
iTunes (HKLM\...\{558C7B3E-84D0-4215-96EA-29282037F69D}) (Version: 12.4.3.1 - Apple Inc.)
iZotope Ozone 7 Advanced (HKLM\...\iZotope Ozone 7 Advanced 7.00) (Version: 7.00 - iZotope, Inc.)
Java 8 Update 111 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Karen's Directory Printer (HKLM\...\Karen's Directory Printer) (Version: 5.3.0.2 - Karen Kenworthy)
LuSH-101 1.1.2 (32bit) (HKLM\...\{E4B149F0-A677-41D6-9A8E-79E805FA193A}) (Version: 1.1.2.0 - D16 Group Audio Software)
Malwarebytes version 3.4.4.2398 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.4.2398 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-4159443819-3708154595-3523450213-1004\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4159443819-3708154595-3523450213-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090036212\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4159443819-3708154595-3523450213-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090039331\...\OneDriveSetup.exe) (Version: 18.044.0301.0006 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.4053 False (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.50727.42 False (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.51011 False (HKLM\...\{a0fe116e-9a8a-466f-aee0-625cb7c207e3}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.56336 False (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.57103 False (HKLM\...\{d8fea624-4f2c-432d-9a54-6eee9cd1a77e}) (Version: 8.0.57103 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.58299 False (HKLM\...\{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}) (Version: 8.0.58299 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.59193 False (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable - x86 8.0.61001 (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 False (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.0 False (HKLM\...\{DCB46B42-723F-350E-B18A-449BC6C21636}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 False (HKLM\...\{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}) (Version: 9.0.21022.218 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 False (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 False (HKLM\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.0 False (HKLM\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 False (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 False (HKLM\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 False (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148.0 False (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.5570 False (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.30319 False (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 False Eng (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{b55f7208-e02b-4828-ac78-59c73ddf5bc7}) (Version: 12.0.30501.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 False Eng (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft 1.8.5 1.00 (HKLM\...\Minecraft 1.8.5 1.00) (Version:  - )
Miroslav Philharmonik Instruments (HKLM\...\{9FCCC8D1-3152-4699-8793-6CB0B9E26EBB}) (Version: 1.0 - IK Multimedia)
Morphine (HKLM\...\Morphine) (Version:  - Image-Line)
Mp3tag v2.75 (HKLM\...\Mp3tag) (Version: v2.75 - Florian Heidenreich)
Native Instruments Absynth 5 (HKLM\...\Native Instruments Absynth 5) (Version:  - Native Instruments)
Native Instruments FM8 (HKLM\...\Native Instruments FM8) (Version:  - )
Native Instruments Kontakt 5 (HKLM\...\Native Instruments Kontakt 5) (Version:  - Native Instruments)
Native Instruments Massive (HKLM\...\Native Instruments Massive) (Version:  - Native Instruments)
Native Instruments Monark (HKLM\...\Native Instruments Monark) (Version:  - Native Instruments)
Native Instruments Pro-53 (HKLM\...\Native Instruments Pro-53) (Version:  - )
Native Instruments Reaktor 6 (HKLM\...\Native Instruments Reaktor 6) (Version: 6.0.0.1501 - Native Instruments)
Native Instruments Reaktor 6 Bundle (HKLM\...\Native Instruments Reaktor 6 Bundle) (Version: 6.0.0.0 - Native Instruments)
Native Instruments Reaktor Blocks (HKLM\...\Native Instruments Reaktor Blocks) (Version: 1.0.0.12 - Native Instruments)
Native Instruments Reaktor Factory Library (HKLM\...\Native Instruments Reaktor Factory Library) (Version: 1.0.0.5 - Native Instruments)
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Notepad++ (32-bit x86) (HKLM\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
OpenGL Extensions Viewer 4.4 (HKLM\...\GLVIEW3) (Version: 444 - )
osrss (HKLM\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
PACE License Support Win32 (HKLM\...\{7A1DC3CC-E499-4971-8744-F40D279B8579}) (Version: 3.0.1.1373 - PACE Anti-Piracy, Inc.) Hidden
PACE License Support Win32 (HKLM\...\InstallShield_{7A1DC3CC-E499-4971-8744-F40D279B8579}) (Version: 3.0.1.1373 - PACE Anti-Piracy, Inc.)
PDF Settings CS6 (HKLM\...\{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Pinnacle Game Profiler (HKLM\...\{49BF48CC-ABB6-4795-9B35-B5DE005D8612}) (Version: 7.1.1 - PowerUp Software)
PSP VintageWarmer2 32bit (HKLM\...\PSP VintageWarmer2 32bit) (Version: 2.5.2 32bit - PSPaudioware.com)
Python 2.7.11 (HKLM\...\{16E52445-1392-469F-9ADB-FC03AF00CD61}) (Version: 2.7.11150 - Python Software Foundation)
Python 3.5.1 Launcher (32-bit) (HKLM\...\{17778F7B-FB5A-4A93-9719-D75BAF673498}) (Version: 3.5.150.0 - Python Software Foundation)
Realtek I2S Audio (HKLM\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.2.9600.4087 - Realtek Semiconductor Corp.)
RGC.Audio.z3ta+_Access.Virus.VSTi.v1.2.Retail-Elite. (HKLM\...\RGC.Audio.z3ta+_Access.Virus.VSTi.v1.2.Retail-Elite.) (Version:  - )
Sawer (HKLM\...\Sawer) (Version:  - Image-Line)
Sonic Charge Synplant (HKLM\...\Sonic Charge Synplant) (Version: 1.2.2 - NuEdge Development)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Spire Plug-In (x86) (HKLM\...\{7E22E1BC-2B2A-4D70-BC5C-6E2285F3FC33}) (Version: 1.0.17.0 - Reveal Sound Ltd.)
TeamViewer 13 (HKLM\...\TeamViewer) (Version: 13.1.3629 - TeamViewer)
Tone2 Firebird VSTi v1.2.1 (HKLM\...\Tone2 Firebird VSTi v1.2.1) (Version:  - )
Toxic Biohazard (HKLM\...\Toxic Biohazard) (Version:  - Image-Line)
TPS_module (remove only) (HKLM\...\TPS_module) (Version:  - )
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
u-he ACE (HKLM\...\u-he ACE) (Version: 1.4.0.3898 - u-he)
u-he Bazille (HKLM\...\u-he Bazille) (Version: 1.1.0.3898 - u-he)
u-he Hive (HKLM\...\u-he Hive) (Version: 1.1.0.3898 - u-he)
u-he ZebraHZ (HKLM\...\u-he ZebraHZ) (Version: 2.7.2.3898 - u-he)
UpdateAssistant (HKLM\...\{0C09E803-0BA0-4438-B526-10195082D884}) (Version: 1.15.0.0 - Microsoft Corporation) Hidden
Vegas Pro 11.0 (HKLM\...\{E6F012B0-E930-11E0-A67A-F04DA23A5C58}) (Version: 11.0.370 - Sony)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VMware VIX (HKLM\...\{F99FC179-EA67-4BBC-8955-BDDA0CB94B88}) (Version: 1.13.7.62285 - VMware, Inc.)
Waves Complete V9r15 (HKLM\...\{91000001-C561-4E32-99EB-3C5AD3683A70}) (Version: 9.1.15 - Waves)
Waves Diamond Bundle v5.2 (HKLM\...\Waves Diamond Bundle v5.2) (Version:  - )
WebStorage (HKLM\...\WebStorage) (Version: 2.0.3.226 - ASUS Cloud Corporation)
Windows 10 Update and Privacy Settings (HKLM\...\{542CC2C2-ABAF-4604-8723-DA296AF74540}) (Version: 1.0.14.0 - Microsoft Corporation)
Windows Driver Package - ASUS (AsusSGDrv) Mouse  (10/21/2015 8.0.0.19) (HKLM\...\DE393C6A9AB085F9E19765D003555C3D360497DB) (Version: 10/21/2015 8.0.0.19 - ASUS)
Windows Setup Remediations (x86) (KB4023057) (HKLM\...\{49cd2afd-8679-48a5-90ab-e7044bee2465}.sdb) (Version:  - )
WinFlash (HKLM\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.30 beta 5 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.5 - win.rar GmbH)
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4159443819-3708154595-3523450213-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090036212_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-4159443819-3708154595-3523450213-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2017-11-10] (Google)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_BN] -> {CC5FC992-B0AA-47CD-9DC2-83445083CBB9} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_ON] -> {618A47A2-528B-4D9A-AFC8-97D3233511E3} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_UN] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files\Common Files\AWS\2.0.3.226\ASUSWSShellExt.dll [2013-06-25] (ASUS Cloud Corporation.)
ContextMenuHandlers1: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll [2017-09-26] (IObit)
ContextMenuHandlers1: [ANotepad++] -> {00F3C2EC-A6EE-11DE-A03A-EF8F55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2016-02-21] ()
ContextMenuHandlers1: [B1ShellEx] -> {76CF52AF-2B2D-4999-8CE8-495187BB11CD} => C:\Program Files\B1 Free Archiver\B1Shellext32.dll [2015-09-16] (b1.org)
ContextMenuHandlers1: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2017-11-10] (Google)
ContextMenuHandlers1: [hkshlex] -> {A1A07B07-F70D-482e-B0E8-B6178E73B094} => C:\Program Files\hkSFV\hkshlex.dll [2002-10-30] (Big-O Software)
ContextMenuHandlers1: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers1: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell32.dll [2016-02-20] (Florian Heidenreich)
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2018-03-26] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} =>  -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-10-11] (Alexander Roshal)
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll [2017-09-26] (IObit)
ContextMenuHandlers2: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell32.dll [2016-02-20] (Florian Heidenreich)
ContextMenuHandlers3: [BackupContextMenuExtension] -> {b1b96b20-da1d-4a3c-92c1-7229b32f2326} => C:\WINDOWS\system32\mscoree.dll [2017-09-29] (Microsoft Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files\IObit\Advanced SystemCare\ASCExtMenu.dll [2017-09-26] (IObit)
ContextMenuHandlers4: [GDContextMenu] -> {BB02B294-8425-42E5-983F-41A1FA970CD6} => C:\Program Files\Google\Drive\contextmenu32.dll [2017-11-10] (Google)
ContextMenuHandlers4: [hkshlex] -> {A1A07B07-F70D-482e-B0E8-B6178E73B094} => C:\Program Files\hkSFV\hkshlex.dll [2002-10-30] (Big-O Software)
ContextMenuHandlers4: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers4: [Mp3tagShell] -> {6351E20C-35FA-4BE3-98FB-4CABF1363E12} => C:\Program Files\Mp3tag\Mp3tagShell32.dll [2016-02-20] (Florian Heidenreich)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2016-05-12] (Intel Corporation)
ContextMenuHandlers6: [B1ShellEx] -> {76CF52AF-2B2D-4999-8CE8-495187BB11CD} => C:\Program Files\B1 Free Archiver\B1Shellext32.dll [2015-09-16] (b1.org)
ContextMenuHandlers6: [IObit Malware Fighter] -> {0BB81440-5F42-4480-A5F7-770A6F439FC8} => C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll [2017-03-31] (IObit)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-03-03] (Malwarebytes)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files\Avira\Antivirus\shlext.dll [2018-03-26] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-10-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {02E0597D-AA47-40BD-892B-2B49477CCF22} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {0A6F2072-64F2-43C9-8A83-B0821CE0AB37} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443819-3708154595-3523450213-1005UA => C:\Users\Jtgho\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {0C41F9DE-44E1-4F85-9B8F-D380D129E469} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2018-01-29] (IObit)
Task: {0D58EBD2-2A98-4EE8-9A5B-E4C02C540876} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {13C8ECED-B0A1-4F1C-B9ED-6CF9CF6EF7BB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {13FEF2AC-EBCC-448C-8553-156C1BA588A0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {19099CB2-188A-4401-AD80-2026216F78FA} - System32\Tasks\Driver Booster SkipUAC (user_2) => C:\Program Files\IObit\Driver Booster\5.3.0\DriverBooster.exe [2018-03-22] (IObit)
Task: {247BD142-0549-4E91-84B0-172C25563718} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {289F20B4-AE59-4DB7-8611-C3DD1BA3D460} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {3B5BB3FF-A141-4FF8-837D-89E5B4EFD980} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3EFCF32E-F576-4A23-91A7-BA2591577C76} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {3FED38F5-D10D-4392-A279-A98AED24D13C} - System32\Tasks\Update Checker => C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe [2014-03-11] ()
Task: {4201F4CD-232C-4064-82BF-68867011BDF2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {52308F85-6B43-429E-8800-B4C0491D8C66} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443819-3708154595-3523450213-1005Core => C:\Users\Jtgho\AppData\Local\Google\Update\GoogleUpdate.exe [2016-04-06] (Google Inc.)
Task: {526A5756-E27C-42E2-A043-24B01E10924F} - System32\Tasks\USER_ESRV_SVC_WILLAMETTE => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\task.vbs"
Task: {533425CA-8712-47D2-96DE-6B2DDB09B6F1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {64267D69-0F4E-4347-B6E0-3DFBE59FDA97} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {65D7E4CF-614F-4FA7-B98F-FD19B958C1F9} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel.exe [2013-01-09] (ASUSTek Computer INC.)
Task: {68FDEA97-AAAF-47CC-B4AC-7F30AAFD1EAB} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\WINDOWS\system32\EOSNotify.exe
Task: {6B677833-3A8C-44D9-A7A2-27768F2912F2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6FE9316C-78D9-4CBB-8BD7-D7192A683216} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-jtghost05@gmail.com => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-05-25] (Adobe Systems Incorporated)
Task: {72356949-C0ED-4E55-B644-2146508BC3B6} - System32\Tasks\{727FC6AB-8326-4480-BFE8-D1B65565FCC4} => "c:\program files\mozilla firefox\firefox.exe" hxxp://ui.skype.com/ui/0/7.28.64.101/en/go/help.faq.installer?LastError=1603
Task: {80210ADD-F706-4BED-8595-57A3353395FB} - \WPD\SqmUpload_S-1-5-21-4159443819-3708154595-3523450213-1001 -> No File <==== ATTENTION
Task: {8161E318-4079-4DC5-872A-C91FFB7C5D0A} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files\Avira\Antivirus\avgnt.exe [2018-03-26] (Avira Operations GmbH & Co. KG)
Task: {8747DBA0-C90C-4F08-99EF-BAFD364E4197} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-03-26] (Adobe Systems Incorporated)
Task: {9A99B946-36E3-47A3-8855-754B4739D98F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {9BB87B4B-1057-4A93-A7BB-D3B91DB35DDA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9CF29A33-76AB-4041-B675-7B41B02F906A} - \StartMenuAutoupdate -> No File <==== ATTENTION
Task: {A26A497B-033D-4BE3-9251-172450783E5A} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files\ASUS\ASUS Smart Gesture\AsTPCenter\x86\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {A76E3D71-3228-43EA-9A59-40A37BF4BCFD} - System32\Tasks\Driver Booster Scheduler => C:\Program Files\IObit\Driver Booster\5.3.0\Scheduler.exe [2018-01-26] (IObit)
Task: {A8C89ABD-7A55-41FB-A00F-C0E7A08EFFA8} - \WPD\SqmUpload_S-1-5-21-4159443819-3708154595-3523450213-1004 -> No File <==== ATTENTION
Task: {B6C93691-6E53-49ED-9EBB-55A27C33C2A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BF785398-789D-40B1-B04B-335A592ADB08} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C0C332EB-E35D-4CAB-A5C6-E487554E53F0} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C21D11A0-A3DA-40EA-B250-F6C5ECBFCF21} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-01-14] (ASUSTek Computer Inc.)
Task: {DF7A2BED-5104-4FAA-BB25-67751A46727B} - System32\Tasks\Uninstaller_SkipUac_Jtgho => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe [2018-01-29] (IObit)
Task: {E4530A80-C251-4F60-9279-85170FD6E325} - System32\Tasks\Driver Booster SkipUAC (Jtgho) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe [2018-01-26] (IObit)
Task: {E725F629-6461-46BB-B0EC-FD125331F4B9} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe [2015-01-23] (IObit)
Task: {E8D2FBEE-CF5F-48C4-BF4E-707571CF7ADA} - System32\Tasks\GoogleUpdateTaskMachineCore1d099e3f9260f24 => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\ASC7_SkipUac_user.job => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\WINDOWS\Tasks\ASC7_SkipUac_user_2.job => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Jtgho.job => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\ASC8_SkipUac_user_2.job => C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443819-3708154595-3523450213-1005Core.job => C:\Users\Jtgho\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4159443819-3708154595-3523450213-1005UA.job => C:\Users\Jtgho\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Jtgho.job => C:\Program Files\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-18 21:56 - 2016-03-18 21:56 - 000080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 001041208 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-03-29 10:03 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files\IObit\IObit Uninstaller\madExcept_.bpl
2018-03-29 10:03 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files\IObit\IObit Uninstaller\madBasic_.bpl
2018-03-29 10:03 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-06-08 18:04 - 2016-06-08 18:04 - 000117400 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2018-03-29 09:25 - 2018-02-05 15:44 - 001935136 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-03-29 09:25 - 2018-03-01 11:31 - 001908512 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-09-04 17:46 - 2016-06-08 18:13 - 000396952 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
2016-09-04 17:46 - 2016-06-08 18:18 - 000660632 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_modeler.dll
2016-09-04 17:46 - 2016-06-08 18:16 - 000108696 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_process_input.dll
2016-09-04 17:46 - 2016-06-08 18:16 - 000024728 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_system_power_state_input.dll
2016-09-04 17:46 - 2016-06-08 18:16 - 000194200 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\acpi_battery_input.dll
2016-09-04 17:46 - 2016-06-08 18:17 - 000151192 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\wifi_input.dll
2016-09-04 17:46 - 2016-06-08 18:17 - 000051864 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\devices_use_input.dll
2016-09-04 17:46 - 2016-06-08 18:15 - 000031896 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\intel_disktrace_input.dll
2017-09-29 07:49 - 2017-09-29 07:49 - 000149840 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-03-15 12:59 - 2013-01-15 17:48 - 000183616 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madBasic_.bpl
2016-03-15 12:59 - 2013-01-15 17:48 - 000348992 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madExcept_.bpl
2016-03-15 12:59 - 2013-01-15 17:48 - 000051008 _____ () C:\Program Files\IObit\Advanced SystemCare 8\madDisAsm_.bpl
2018-04-05 13:23 - 2018-02-21 20:12 - 007817728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-04-05 13:20 - 2018-02-21 20:09 - 001518592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-04 17:46 - 2016-06-08 18:08 - 000431256 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv.exe
2016-09-04 17:46 - 2016-06-08 18:17 - 000184472 _____ () C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\foreground_window_input.dll
2018-03-27 13:40 - 2017-10-16 10:14 - 000442144 _____ () C:\Program Files\IObit\Driver Booster\5.3.0\madExcept_.bpl
2018-03-27 13:40 - 2017-10-16 10:14 - 000210720 _____ () C:\Program Files\IObit\Driver Booster\5.3.0\madBasic_.bpl
2018-03-27 13:40 - 2017-10-16 10:14 - 000059680 _____ () C:\Program Files\IObit\Driver Booster\5.3.0\madDisAsm_.bpl
2018-03-27 12:44 - 2018-03-20 02:07 - 003737944 _____ () C:\Program Files\Google\Chrome\Application\65.0.3325.181\libglesv2.dll
2018-03-27 12:44 - 2018-03-20 02:07 - 000085848 _____ () C:\Program Files\Google\Chrome\Application\65.0.3325.181\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData:51D5E4CEC174E2CD [217]
AlternateDataStreams: C:\WINDOWS\system32\zlib.dll:DocumentSummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\system32\zlib.dll:SummaryInformation [63]
AlternateDataStreams: C:\WINDOWS\system32\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\All Users:51D5E4CEC174E2CD [217]
AlternateDataStreams: C:\ProgramData\Application Data:51D5E4CEC174E2CD [217]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-04-04 12:40 - 2016-04-04 16:14 - 000001418 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1                   anchorfree.net
127.0.0.1                   rss2search.com
127.0.0.1                   techbrowsing.com
127.0.0.1                   box.anchorfree.net
127.0.0.1                   www.mefeedia.com
127.0.0.3                   www.anchorfree.net
127.0.0.2                   mefeedia.com
127.0.0.1                   anchorfree.us
127.0.0.1                   a433.com
127.0.0.1                   rpt.anchorfree.net
127.0.0.1                   delivery.anchorfree.us/land.php
127.0.0.1                   hsselite.com
127.0.0.1                   www.hsselite.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090035696\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090035821\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-4159443819-3708154595-3523450213-1004\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-4159443819-3708154595-3523450213-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090036212\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img13.jpg
HKU\S-1-5-21-4159443819-3708154595-3523450213-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090039331\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 200.48.225.130 - 200.48.225.146
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "ASUSPRP"
HKLM\...\StartupApproved\Run: => "WebStorage"
HKLM\...\StartupApproved\Run: => "ApnTBMon"
HKLM\...\StartupApproved\Run: => "IObit Malware Fighter"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{DE5348A8-7879-4019-A361-49AF983167EF}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{1741C98E-D81C-4812-994A-F902828DECEF}] => (Allow) C:\Program Files\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{0AD15263-6738-4A17-B489-99DAD59FE20A}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\AutoUpdate.exe
FirewallRules: [{F40E700C-2983-4927-AE15-E57C1170929F}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\AutoUpdate.exe
FirewallRules: [{2A4CC5E6-491F-41EF-96A4-B08141C51C27}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\DBDownloader.exe
FirewallRules: [{595B8329-41D0-4102-85C3-95717141C315}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\DBDownloader.exe
FirewallRules: [{6CBFEC6A-731D-47B2-99D8-2617EC8D7D26}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\DriverBooster.exe
FirewallRules: [{70034F18-58D6-40A1-B48F-C7B2980A9BF3}] => (Allow) C:\Program Files\IObit\Driver Booster\5.3.0\DriverBooster.exe
FirewallRules: [{953D269C-E937-4432-A6C6-3B708DFD383B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [UDP Query User{D158E7C5-303F-45FF-A71F-4EE0F92700F5}C:\program files\windowsapps\xbmcfoundation.kodi_17.1.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.1.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [TCP Query User{0F118042-B300-40B7-BAA5-4696503D5AEC}C:\program files\windowsapps\xbmcfoundation.kodi_17.1.0.0_x86__4n2hpmxwrvr6p\kodi.exe] => (Allow) C:\program files\windowsapps\xbmcfoundation.kodi_17.1.0.0_x86__4n2hpmxwrvr6p\kodi.exe
FirewallRules: [{ABB3890B-EB53-4913-93D3-4F31D0473253}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{0F729C20-C472-4CF9-B161-119BA4929676}] => (Allow) C:\Program Files\IObit\Advanced SystemCare\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{B67D3EA6-0025-4690-A274-C1A55FDC7B2E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{28CF6B81-3277-458E-AB15-37759F0C14E2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{CB909269-7D9F-45DE-B111-D6F77D140CB9}D:\games\maxpayne3\maxpayne3.exe] => (Allow) D:\games\maxpayne3\maxpayne3.exe
FirewallRules: [TCP Query User{1452EA12-D8BD-43AE-9B67-BF7D6184F20A}D:\games\maxpayne3\maxpayne3.exe] => (Allow) D:\games\maxpayne3\maxpayne3.exe
FirewallRules: [UDP Query User{5E21D0F1-2D49-4504-B22D-FF482C5A0161}D:\games\assassin's creed 3\ac3sp.exe] => (Allow) D:\games\assassin's creed 3\ac3sp.exe
FirewallRules: [TCP Query User{C4C679DF-5238-457C-8BDF-C147551B1B8C}D:\games\assassin's creed 3\ac3sp.exe] => (Allow) D:\games\assassin's creed 3\ac3sp.exe
FirewallRules: [UDP Query User{E9D3AC35-FF80-4C1A-8E23-ADD6066463F1}D:\games\call of duty black ops 2\mp.exe] => (Allow) D:\games\call of duty black ops 2\mp.exe
FirewallRules: [TCP Query User{54895DE1-B86C-4FDD-A99E-20351AE487C8}D:\games\call of duty black ops 2\mp.exe] => (Allow) D:\games\call of duty black ops 2\mp.exe
FirewallRules: [UDP Query User{71753197-FA71-4F03-A110-B3727325FED1}D:\games\call of duty black ops 2\zm.exe] => (Allow) D:\games\call of duty black ops 2\zm.exe
FirewallRules: [TCP Query User{E830CA04-F204-4563-9BBF-62E0B554F293}D:\games\call of duty black ops 2\zm.exe] => (Allow) D:\games\call of duty black ops 2\zm.exe
FirewallRules: [UDP Query User{1B0D6A23-BEBB-4198-9EEA-D25104344B19}C:\windows\system32\wuapihost.exe] => (Block) C:\windows\system32\wuapihost.exe
FirewallRules: [TCP Query User{E0C8BBAB-214E-40AA-828E-2CDF13C55396}C:\windows\system32\wuapihost.exe] => (Block) C:\windows\system32\wuapihost.exe
FirewallRules: [UDP Query User{2FE7F1C1-7E37-4C3B-9CB5-7185A67F4662}D:\games\call of duty black ops 2\sp.exe] => (Allow) D:\games\call of duty black ops 2\sp.exe
FirewallRules: [TCP Query User{12A791FF-C68C-4491-B8BB-32D0F74993C0}D:\games\call of duty black ops 2\sp.exe] => (Allow) D:\games\call of duty black ops 2\sp.exe
FirewallRules: [{9AA8F91A-039E-4A82-B4B9-8D2D51BB066F}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6C4CF207-F884-46A1-ABAA-7F5D9EDB492E}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2E2FFDC1-C14D-4CAE-9D00-1AD3B6850697}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{635DD1FC-7B26-4FB1-A8E5-1763563D6F68}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3DCB8735-BF26-4D14-8366-E029F6B811AC}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2B231DEE-3471-4014-8585-E83C1049B33E}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{AA607981-C1E8-4DC7-B120-A55B0CC11B16}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{2259D19A-D74B-449A-B9A5-D01FC027C602}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{4DAB9FB1-77D7-430C-99CE-E3B6FBA2E603}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{5CAEB660-7D6F-48D9-B79F-BEE15BB900D5}C:\program files\internet explorer\iexplore.exe] => (Block) C:\program files\internet explorer\iexplore.exe
FirewallRules: [{F2938235-E4B4-4D4F-8505-F7520EC98E07}] => (Allow) C:\Program Files\AndyOfflineInstaller45\Setup.exe
FirewallRules: [{D1A15769-285D-4748-855B-53B8B1FA8756}] => (Allow) C:\Program Files\AndyOfflineInstaller45\Setup.exe
FirewallRules: [TCP Query User{FFB42BE7-D8C4-471F-8431-D3935140EE5D}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [UDP Query User{21640146-6A51-476D-BDB1-708A91E31AA9}C:\program files\skype\phone\skype.exe] => (Allow) C:\program files\skype\phone\skype.exe
FirewallRules: [{5D1B6BAD-C451-4286-92E2-BD9E7E9B4F66}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{0D16F93F-3EF1-42CB-AFF0-7790E60C10F7}] => (Allow) C:\Program Files\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{C357865B-8A1D-43A7-883F-850C68A2B651}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{AA725C10-37D2-4B4E-82C5-1EEBDB366047}C:\program files\skype\phone\skype.exe] => (Block) C:\program files\skype\phone\skype.exe
FirewallRules: [{12D36231-450C-46CF-9E73-DB5DD8B5C58D}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{238B5C70-0AF4-42F9-AB78-3C96C4254C23}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{A78C0482-F7F0-426E-A9A9-DE709D942CA9}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{4983E9AB-8764-4E2D-9819-3EFA1326892F}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
 
==================== Restore Points =========================
 
09-04-2018 23:21:44 Removed Skype™ 7.41
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/10/2018 09:04:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateChecker.exe, version: 0.0.0.0, time stamp: 0x531ebb57
Faulting module name: alvupdt.dll, version: 1.0.0.10, time stamp: 0x53202e45
Exception code: 0xc0000005
Fault offset: 0x00015c06
Faulting process id: 0x2474
Faulting application start time: 0x01d3d0cc42c120ac
Faulting application path: C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe
Faulting module path: C:\Program Files\ASUS\ASUS Live Update\alvupdt.dll
Report Id: fc268bda-c119-40e4-adf9-641df2cd0dec
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/10/2018 08:58:36 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (04/10/2018 08:58:36 AM) (Source: DptfPolicyLpmServiceHelper) (EventID: 1) (User: )
Description: Event-ID 1
 
Error: (04/09/2018 11:21:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (04/09/2018 11:19:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Skype.exe version 7.41.0.101 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1c3c
 
Start Time: 01d3d07a1ef23e72
 
Termination Time: 4294967295
 
Application Path: C:\Program Files\Skype\Phone\Skype.exe
 
Report Id: 7523aa22-e7fe-4a63-b7f3-2419389ded6d
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/09/2018 08:32:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UpdateChecker.exe, version: 0.0.0.0, time stamp: 0x531ebb57
Faulting module name: OLEAUT32.dll, version: 10.0.16299.15, time stamp: 0xa2f491b8
Exception code: 0xc0000005
Fault offset: 0x0001a884
Faulting process id: 0x2464
Faulting application start time: 0x01d3d063025eec14
Faulting application path: C:\Program Files\ASUS\ASUS Live Update\UpdateChecker.exe
Faulting module path: C:\WINDOWS\System32\OLEAUT32.dll
Report Id: 593fe031-8911-474b-af50-7c89952790e9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (04/09/2018 08:28:23 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.16299.334 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 1c00
 
Start Time: 01d3d06286f2f560
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
 
Report Id: a5b11c1a-5544-4322-b395-75916d5c4a67
 
Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.16299.334_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: App
 
Error: (04/09/2018 08:27:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ASUS)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.16299.334_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.
 
 
System errors:
=============
Error: (04/10/2018 09:13:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/10/2018 09:01:30 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/10/2018 09:00:39 AM) (Source: DCOM) (EventID: 10016) (User: ASUS)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user asus\user_2 SID (S-1-5-21-4159443819-3708154595-3523450213-1004) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/10/2018 09:00:00 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.
 
Error: (04/10/2018 08:58:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/10/2018 08:58:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 11:15:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (04/09/2018 10:37:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
 
Date: 2018-04-10 09:13:17.706
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-10 09:13:17.698
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-10 09:02:38.212
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-10 09:02:38.190
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-10 09:01:34.906
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-10 09:01:34.899
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-10 09:01:24.309
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
Date: 2018-04-10 09:01:24.298
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Atom™ CPU Z3775 @ 1.46GHz
Percentage of memory in use: 81%
Total physical RAM: 1933.15 MB
Available physical RAM: 355.33 MB
Total Virtual: 3439.21 MB
Available Virtual: 792.7 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:49.15 GB) (Free:5.14 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Data1) (Fixed) (Total:465.76 GB) (Free:203.11 GB) NTFS
 
\\?\Volume{fe935853-7d18-48dd-86be-54b963fbdc1e}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
\\?\Volume{07299799-af48-4e57-ad05-dd30c902c8d9}\ (Recovery) (Fixed) (Total:0.88 GB) (Free:0.5 GB) NTFS
\\?\Volume{4c83854c-2d5f-4e2c-8602-9e4e556553ab}\ (Restore) (Fixed) (Total:8 GB) (Free:1.69 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 58.3 GB) (Disk ID: 8B37B5B1)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 0D1DA013)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#5 ZeroSnake

ZeroSnake
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 10 April 2018 - 09:29 AM

Ill reply as fast as possible since i'm on the computer all day and as well as saving time for the both of us.



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:16 PM

Posted 10 April 2018 - 12:08 PM

Antonio:

 

Thank you for your FRST scan logs.  There are some 2,000 plus lines to get through, so it might be tomorrow before I get an initial response to you.  I have other clients that I am working with in this Forum, and I also have two trainees taking the Junior Exercise that I teach here.  I will do my best to respond to you today, but I have a "real life" too! :)

 

Thank you for permission to address you by your first name. :thumbup2:

 

Have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 ZeroSnake

ZeroSnake
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 10 April 2018 - 01:01 PM

Its all good take your time, i'll be here when ready. Have a great day!



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:16 PM

Posted 10 April 2018 - 03:39 PM

Antonio:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: You have a driver updater and a driver booster program installed in the computer. Bleeping Computer does not recommend the use of such programs. Please see this link for more information. If it were my computer, I would uninstall both programs, but it is YOUR computer, so it is your choice.

.

:step2: The computer has both an IOBIT and a Malwarebytes anti-malware product installed, offering real-time protection. This is a recipe for slow computer performance and other issues. You should uninstall one of those two programs. I would recommend that you keep Malwarebytes, but the choice is yours, because it is your computer. These two programs will compete for scarce resources on your computer.

.

:step3: Your computer only has a slow Atom processor and a total of 2 GB of RAM, running on a 32-bit system, combined with a very small hard disk, with only 5 GB for free space. I am surprised that it can run Windows 10, at all.
 

Processor: Intel® Atom™ CPU Z3775 @ 1.46GHz
Percentage of memory in use: 81%
Total physical RAM: 1933.15 MB
Available physical RAM: 355.33 MB
Drive c: (OS) (Fixed) (Total:49.15 GB) (Free:5.14 GB) NTFS ==>[system with boot components (obtained from drive)]

 

If you check the number of services that you have running in the "FRST.txt" scan log, you will see that your computer is being overwhelmed, and a lot of that is due to the IOBIT products that you have installed. I am sure that you are aware that Malwarebytes flags IOBIT products like "Advanced System Care" as PUPs.

.

:step4: Please run a FRST fix for me. I did not find any really serious malware, but I did find some orphans and possible malware entries.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4159443819-3708154595-3523450213-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090039331\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]]
HKU\S-1-5-21-4159443819-3708154595-3523450213-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090039331\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
2015-05-29 03:49 - 2015-05-29 03:49 - 006420480 _____ () C:\Program Files\GUT2DF5.tmp
2014-10-15 20:31 - 2014-10-15 20:31 - 000000000 _____ () C:\Users\user_2\AppData\Local\{DCDB34ED-4EA5-4FBA-89FB-CCEA26AF634E}
2014-10-17 20:31 - 2014-10-17 20:31 - 000000000 _____ () C:\Users\user_2\AppData\Local\{EA8282B3-5AF9-43CF-B36C-FAF085118BC7}
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0D58EBD2-2A98-4EE8-9A5B-E4C02C540876} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {13FEF2AC-EBCC-448C-8553-156C1BA588A0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3B5BB3FF-A141-4FF8-837D-89E5B4EFD980} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3EFCF32E-F576-4A23-91A7-BA2591577C76} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4201F4CD-232C-4064-82BF-68867011BDF2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {533425CA-8712-47D2-96DE-6B2DDB09B6F1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {64267D69-0F4E-4347-B6E0-3DFBE59FDA97} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6B677833-3A8C-44D9-A7A2-27768F2912F2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {80210ADD-F706-4BED-8595-57A3353395FB} - \WPD\SqmUpload_S-1-5-21-4159443819-3708154595-3523450213-1001 -> No File <==== ATTENTION
Task: {9BB87B4B-1057-4A93-A7BB-D3B91DB35DDA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9CF29A33-76AB-4041-B675-7B41B02F906A} - \StartMenuAutoupdate -> No File <==== ATTENTION
Task: {A8C89ABD-7A55-41FB-A00F-C0E7A08EFFA8} - \WPD\SqmUpload_S-1-5-21-4159443819-3708154595-3523450213-1004 -> No File <==== ATTENTION
Task: {B6C93691-6E53-49ED-9EBB-55A27C33C2A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BF785398-789D-40B1-B04B-335A592ADB08} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
FirewallRules: [{9AA8F91A-039E-4A82-B4B9-8D2D51BB066F}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6C4CF207-F884-46A1-ABAA-7F5D9EDB492E}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2E2FFDC1-C14D-4CAE-9D00-1AD3B6850697}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{635DD1FC-7B26-4FB1-A8E5-1763563D6F68}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3DCB8735-BF26-4D14-8366-E029F6B811AC}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2B231DEE-3471-4014-8585-E83C1049B33E}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#9 ZeroSnake

ZeroSnake
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 10 April 2018 - 04:08 PM

Hey, i would delete the Oibit products but i actually need them for work as i use this laptop to make money, sorry if i cant remove the but i had these files before an had no problems at the time, i actually started using this laptop again after a long while lets say like 6 months. 



#10 ZeroSnake

ZeroSnake
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 10 April 2018 - 04:18 PM

Fix result of Farbar Recovery Scan Tool (x86) Version: 14.03.2018
Ran by user_2 (10-04-2018 16:14:42) Run:1
Running from C:\Users\user_2\Desktop
Loaded Profiles: user_2 &  (Available Profiles: user_2 & user)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4159443819-3708154595-3523450213-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090039331\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]]
HKU\S-1-5-21-4159443819-3708154595-3523450213-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090039331\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION
CHR HKLM\...\Chrome\Extension: [npdicihegicnhaangkdmcgbjceoemeoo] - hxxps://clients2.google.com/service/update2/crx
2015-05-29 03:49 - 2015-05-29 03:49 - 006420480 _____ () C:\Program Files\GUT2DF5.tmp
2014-10-15 20:31 - 2014-10-15 20:31 - 000000000 _____ () C:\Users\user_2\AppData\Local\{DCDB34ED-4EA5-4FBA-89FB-CCEA26AF634E}
2014-10-17 20:31 - 2014-10-17 20:31 - 000000000 _____ () C:\Users\user_2\AppData\Local\{EA8282B3-5AF9-43CF-B36C-FAF085118BC7}
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Task: {0D58EBD2-2A98-4EE8-9A5B-E4C02C540876} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {13FEF2AC-EBCC-448C-8553-156C1BA588A0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {3B5BB3FF-A141-4FF8-837D-89E5B4EFD980} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3EFCF32E-F576-4A23-91A7-BA2591577C76} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4201F4CD-232C-4064-82BF-68867011BDF2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {533425CA-8712-47D2-96DE-6B2DDB09B6F1} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {64267D69-0F4E-4347-B6E0-3DFBE59FDA97} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6B677833-3A8C-44D9-A7A2-27768F2912F2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {80210ADD-F706-4BED-8595-57A3353395FB} - \WPD\SqmUpload_S-1-5-21-4159443819-3708154595-3523450213-1001 -> No File <==== ATTENTION
Task: {9BB87B4B-1057-4A93-A7BB-D3B91DB35DDA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9CF29A33-76AB-4041-B675-7B41B02F906A} - \StartMenuAutoupdate -> No File <==== ATTENTION
Task: {A8C89ABD-7A55-41FB-A00F-C0E7A08EFFA8} - \WPD\SqmUpload_S-1-5-21-4159443819-3708154595-3523450213-1004 -> No File <==== ATTENTION
Task: {B6C93691-6E53-49ED-9EBB-55A27C33C2A2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {BF785398-789D-40B1-B04B-335A592ADB08} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
FirewallRules: [{9AA8F91A-039E-4A82-B4B9-8D2D51BB066F}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{6C4CF207-F884-46A1-ABAA-7F5D9EDB492E}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2E2FFDC1-C14D-4CAE-9D00-1AD3B6850697}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{635DD1FC-7B26-4FB1-A8E5-1763563D6F68}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{3DCB8735-BF26-4D14-8366-E029F6B811AC}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2B231DEE-3471-4014-8585-E83C1049B33E}] => (Allow) C:\Users\Jtgho\AppData\Roaming\uTorrent\uTorrent.exe
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-4159443819-3708154595-3523450213-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090039331\...\Winlogon: [Userinit] [[%%INSTALLTIME%%]] => Error: No automatic fix found for this entry.
HKU\S-1-5-21-4159443819-3708154595-3523450213-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04102018090039331\...\Winlogon: [Shell] [[%%INSTALLTIME%%]] <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo" => removed successfully.
C:\Program Files\GUT2DF5.tmp => moved successfully
C:\Users\user_2\AppData\Local\{DCDB34ED-4EA5-4FBA-89FB-CCEA26AF634E} => moved successfully
C:\Users\user_2\AppData\Local\{EA8282B3-5AF9-43CF-B36C-FAF085118BC7} => moved successfully
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\UnLockerMenu" => removed successfully.
HKLM\Software\Classes\CLSID\{A6FF0E3A-8437-482C-8E04-4F9E15C57538} => not found
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully.
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0D58EBD2-2A98-4EE8-9A5B-E4C02C540876}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D58EBD2-2A98-4EE8-9A5B-E4C02C540876}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{13FEF2AC-EBCC-448C-8553-156C1BA588A0}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13FEF2AC-EBCC-448C-8553-156C1BA588A0}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B5BB3FF-A141-4FF8-837D-89E5B4EFD980}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B5BB3FF-A141-4FF8-837D-89E5B4EFD980}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3EFCF32E-F576-4A23-91A7-BA2591577C76}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EFCF32E-F576-4A23-91A7-BA2591577C76}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4201F4CD-232C-4064-82BF-68867011BDF2}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4201F4CD-232C-4064-82BF-68867011BDF2}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{533425CA-8712-47D2-96DE-6B2DDB09B6F1}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{533425CA-8712-47D2-96DE-6B2DDB09B6F1}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64267D69-0F4E-4347-B6E0-3DFBE59FDA97}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64267D69-0F4E-4347-B6E0-3DFBE59FDA97}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6B677833-3A8C-44D9-A7A2-27768F2912F2}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6B677833-3A8C-44D9-A7A2-27768F2912F2}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80210ADD-F706-4BED-8595-57A3353395FB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80210ADD-F706-4BED-8595-57A3353395FB}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4159443819-3708154595-3523450213-1001" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9BB87B4B-1057-4A93-A7BB-D3B91DB35DDA}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9BB87B4B-1057-4A93-A7BB-D3B91DB35DDA}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9CF29A33-76AB-4041-B675-7B41B02F906A}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CF29A33-76AB-4041-B675-7B41B02F906A}" => removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartMenuAutoupdate => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8C89ABD-7A55-41FB-A00F-C0E7A08EFFA8}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8C89ABD-7A55-41FB-A00F-C0E7A08EFFA8}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-4159443819-3708154595-3523450213-1004" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6C93691-6E53-49ED-9EBB-55A27C33C2A2}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6C93691-6E53-49ED-9EBB-55A27C33C2A2}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF785398-789D-40B1-B04B-335A592ADB08}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF785398-789D-40B1-B04B-335A592ADB08}" => removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9AA8F91A-039E-4A82-B4B9-8D2D51BB066F}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6C4CF207-F884-46A1-ABAA-7F5D9EDB492E}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2E2FFDC1-C14D-4CAE-9D00-1AD3B6850697}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{635DD1FC-7B26-4FB1-A8E5-1763563D6F68}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3DCB8735-BF26-4D14-8366-E029F6B811AC}" => removed successfully.
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2B231DEE-3471-4014-8585-E83C1049B33E}" => removed successfully.
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 10-04-2018 16:18:09)
 
 
Result of scheduled keys to remove after reboot:
 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\StartMenuAutoupdate => could not remove. Access Denied.
 
==== End of Fixlog 16:18:09 ====


#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:16 PM

Posted 10 April 2018 - 04:24 PM

Antonio:

 

Thank you for your post.  Thank you for running the FRST "fixlist" script.  It looks good. :thumbup2:

 

It is YOUR computer, so you do what you want to do.  You requested assistance here at Bleeping Computer, and also at Geeks-to-Go, and I spent several hours reviewing your logs, which I was happy to do as a volunteer.  You can take advantage of my extensive training and experience, or not, just as you prefer.

 

If you decide you would rather not follow the advice that I have given to you, then that is, again, YOUR decision.

 

Please let me know if that is your decision, and I will conclude your topic.  Some of the standard anti-malware tools which we would run subsequently to detect and remove malware, will flag some of the software you have installed, for good reason.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:16 PM

Posted 10 April 2018 - 04:25 PM

Antonio:

 

Thank you for your post.  Thank you for running the FRST "fixlist" script.  It looks good. :thumbup2:

 

It is YOUR computer, so you do what you want to do.  You requested assistance here at Bleeping Computer, and also at Geeks-to-Go, and I spent several hours reviewing your logs, which I was happy to do as a volunteer.  You can take advantage of my extensive training and experience, or not, just as you prefer.

 

If you decide you would rather not follow the advice that I have given to you, then that is, again, YOUR decision.

 

Please let me know if that is your decision, and I will conclude your topic.  Some of the standard anti-malware tools which we would run subsequently to detect and remove malware, will flag some of the software you have installed, for good reason.

 

I am offline for the rest of today, but I will be back tomorrow afternoon.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#13 ZeroSnake

ZeroSnake
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 10 April 2018 - 04:44 PM

So that's it? Well ok, thanks alot, i really appreciate you taking your time to help me, it means alot. I guess i got some cleaning to do. Laters!



#14 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,890 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:11:16 PM

Posted 10 April 2018 - 05:28 PM

Antonio:

 

No, that's not "it."  I tried to explain to you the issues that are causing your slow computer performance, which is why you posted in the first place, requesting assistance, at two different websites that I know of.

 

Your computer performance issues are not malware-related.  They are caused by conflicting programs and a marginal computer.  As it happens, I don't make much money with my computer, but its reliability, peak performance, and security, are my concern.

 

I am sorry, really, if my conclusions have caused you any offence.  I have been at this "computer game" since 1988, and I was just trying to share the expertise that I have gained since then with you, to help you.

 

If you don't want to follow my advice, that is YOUR prerogative.  I regret that you have taken the position that you have, since my only purpose in undertaking almost two years of malware removal training, plus my experience since then, was wholly dedicated to helping people just like you.

 

Just as an experiment, you could remove those IOBIT programs and see whether your computer works better.  Save the licence keys, of course.

 

The problem is that multiple programs, trying to provide the same real-time protection, at the same time, are going to conflict with each other.

 

I am only trying to help you.  That is why Bleeping Computer is here, and why the volunteers work here, at NO pay.

 

In any event, Antonio, at the end of the day, it is YOUR decision.

 

I would follow up the initial FRST "fixlist" script with standard anti-malware scans to remove what FRST might not detect and flag.  Those subsequent scans will flag your IOBIT products, and as I said before, for good reason.

 

Do your own research to see how well-regarded those products are.

 

I had planned on being offline, but I had to come back for another topic and saw your post.

 

Once again, I am sorry that you have been offended by my conclusions.

 

Let me know if you want to continue, or you want me to conclude this topic.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#15 ZeroSnake

ZeroSnake
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:11:16 PM

Posted 10 April 2018 - 06:08 PM

Oh im not offended by any means, im actually glad that i got help so fast, so no worries.

 

Well i uninstalled all of the IObit programs and followed your advice, i still have the same problems, the cpu is at 100% when i boot up after a restart. I don't know what to do regarding this, but im trying my best to cope with it as its really frustrating. 

 

So i want to continue, if its not malware, then ts my laptop speed like you said. What else can be done?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users