Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

QuickFlirt.com Popups


  • This topic is locked This topic is locked
9 replies to this topic

#1 jsmith967

jsmith967

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 19 May 2018 - 09:16 AM

Hello Forum, 

 

I'm having a problem with unwanted pornographic/sexual popups from quickflirt.com and flirt.com . I do not view or download porn and I do not download cracked software. The computer that is infected is rarely used and remains off most of the time and I rarely navigate to anywhere on the web except hd-trailers.com and imdb.com. In Past two weeks, I've received at least 3 popups from quickflirt.com while in Microsoft Edge. For the time being, I'm using Chrome. I've run virus scans and all my software is up to date yet it continues to happen. I've posted the logs as requested. Any help would be much appreciated! 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by joshu (administrator) on HTPC (19-05-2018 09:03:45)
Running from C:\Users\joshu\Downloads
Loaded Profiles: defaultuser0 & joshu (Available Profiles: defaultuser0 & joshu)
Platform: Windows 10 Pro Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASRock Incorporation) C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\ATuning.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21595.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
(ASRock Incorporation) C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(EverAccountable.com) C:\Program Files (x86)\EverAccountable\everaccountable.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\JRWeb.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\JRWeb.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\JRWeb.exe
() C:\Program Files (x86)\EverAccountable\zeasystemhelper.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\JRService.exe
(ASRock) C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [EverAccountable] => C:\Program Files (x86)\EverAccountable\everaccountable.exe [1596240 2017-10-03] (EverAccountable.com)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-12-05] (Intel)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3216183752-1559940622-270169434-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Run: [EverAccountable] => C:\Program Files (x86)\EverAccountable\everaccountable.exe [1596240 2017-10-03] (EverAccountable.com)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Run: [Media Center 21] => C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe [16332800 2016-06-17] (JRiver, Inc.)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334016 2018-05-10] (Piriform Ltd)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Run: [Spotify Web Helper] => C:\Users\joshu\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-02] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2017-11-24]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe ()
Startup: C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HD-Trailers.Net Downloader - Shortcut.lnk [2018-05-19]
ShortcutTarget: HD-Trailers.Net Downloader - Shortcut.lnk -> C:\Program Files (x86)\HD-Trailers.NET Downloader\HD-Trailers.Net Downloader.exe ()
Startup: C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan - Shortcut.lnk [2018-05-19]
ShortcutTarget: speedfan - Shortcut.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.67.222.123 208.67.220.123
Tcpip\..\Interfaces\{b1e44903-3294-4d90-ab4a-35ae3135a27a}: [DhcpNameServer] 208.67.222.123 208.67.220.123
 
Internet Explorer:
==================
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-05-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\ssv.dll [2018-05-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-19] (Oracle Corporation)
 
Edge: 
======
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2018-05-19]
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.10.0.0_neutral__qq0fmhteeht3j [2018-05-18]
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-19] (Oracle Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-19] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default [2018-05-19]
CHR Extension: (Slides) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-25]
CHR Extension: (Docs) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-25]
CHR Extension: (Google Drive) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-25]
CHR Extension: (YouTube) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-25]
CHR Extension: (Sheets) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-25]
CHR Extension: (Google Docs Offline) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-18]
CHR Extension: (Gmail) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-25]
CHR Extension: (Chrome Media Router) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-18]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
HKLM\SYSTEM\CurrentControlSet\Services\aswSP <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswMonFlt <==== ATTENTION (Rootkit!)
HKLM\SYSTEM\CurrentControlSet\Services\aswSnx <==== ATTENTION (Rootkit!)
 
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [1809096 2017-11-24] ()
R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [463112 2014-07-31] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-05-14] (Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2017-12-05] (Intel)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2018-04-17] (Foxit Software Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R3 Media Center 21 Service; C:\Program Files (x86)\J River\Media Center 21\JRService.exe [397048 2016-06-17] (JRiver, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-05-04] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-05-04] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArdDrv; C:\WINDOWS\SysWOW64\Drivers\ArdDrv.sys [21288 2018-05-19] (RW-Everything)
R3 AsrDrv101; C:\WINDOWS\SysWOW64\Drivers\AsrDrv101.sys [22280 2018-03-13] (ASRock Incorporation)
R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
R3 dvdfab; C:\WINDOWS\system32\drivers\dvdfab.sys [91992 2016-12-13] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2016-07-26] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-05-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-19] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-19] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-05-19] (Malwarebytes)
S3 NZFSD; C:\WINDOWS\System32\drivers\NZFSD.sys [280136 2014-03-18] (FlexRAID)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2018-04-11] (Realtek Semiconductor Corporation )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-05-04] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313888 2018-05-04] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-05-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-19 09:03 - 2018-05-19 09:04 - 000015655 _____ C:\Users\joshu\Downloads\FRST.txt
2018-05-19 09:03 - 2018-05-19 09:03 - 000004238 _____ C:\WINDOWS\system32\default_error_stack-000130-000000.txt
2018-05-19 09:00 - 2018-05-19 09:00 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000128-000000.txt
2018-05-19 09:00 - 2018-05-19 09:00 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000129-000000.txt
2018-05-19 08:56 - 2018-05-19 08:56 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000127-000000.txt
2018-05-19 08:56 - 2018-05-19 08:56 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000126-000000.txt
2018-05-19 08:55 - 2018-05-19 08:56 - 002413056 _____ (Farbar) C:\Users\joshu\Downloads\FRST64.exe
2018-05-19 08:52 - 2018-05-19 08:52 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000124-000000.txt
2018-05-19 08:52 - 2018-05-19 08:52 - 000004236 _____ C:\WINDOWS\system32\default_error_stack-000125-000000.txt
2018-05-19 08:49 - 2018-05-19 08:49 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000123-000000.txt
2018-05-19 08:48 - 2018-05-19 08:48 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000122-000000.txt
2018-05-19 08:45 - 2018-05-19 08:45 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000121-000000.txt
2018-05-19 08:44 - 2018-05-19 08:44 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000120-000000.txt
2018-05-19 08:42 - 2018-05-19 08:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-05-19 08:42 - 2018-05-19 08:42 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2018-05-19 08:41 - 2018-05-19 08:41 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000119-000000.txt
2018-05-19 08:41 - 2018-05-19 08:41 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000118-000000.txt
2018-05-19 08:37 - 2018-05-19 08:37 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000117-000000.txt
2018-05-19 08:36 - 2018-05-19 08:36 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000116-000000.txt
2018-05-19 08:36 - 2018-05-19 08:36 - 000000000 ____D C:\Users\joshu\AppData\Roaming\AVAST Software
2018-05-19 08:35 - 2018-05-19 08:36 - 000000000 ____D C:\Users\joshu\AppData\Local\PlaceholderTileLogoFolder
2018-05-19 08:35 - 2018-05-19 08:35 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswb94efb5b2d16d299.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa455ad48dd01dfee.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000381552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw7cd4dc8dfea3b312.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw37585746d056b216.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000234560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw5624c58d602f763e.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswb51e6d0906a4adb8.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw26c108842447486a.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw73ffa2e86c1f0a72.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswa52482814634969f.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000159120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswd05cc52ff41a905c.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000111360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswb740b5bcface8c7b.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswec5a2d7bf2ffb7f4.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswfcfd83f446f48058.tmp
2018-05-19 08:35 - 2018-05-19 08:35 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\asw6331923c012bc454.tmp
2018-05-19 08:34 - 2018-05-19 08:34 - 000000000 ____D C:\Program Files\AVAST Software
2018-05-19 08:33 - 2018-05-19 08:33 - 000178320 _____ (AVAST Software) C:\Users\joshu\Downloads\avast_free_antivirus_setup_online_cnet_2 (1).exe
2018-05-19 08:32 - 2018-05-19 08:32 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000114-000000.txt
2018-05-19 08:32 - 2018-05-19 08:32 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000115-000000.txt
2018-05-19 08:31 - 2018-05-19 08:31 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000113-000000.txt
2018-05-19 08:30 - 2018-05-19 08:30 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000112-000000.txt
2018-05-19 08:27 - 2018-05-19 08:27 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000111-000000.txt
2018-05-19 08:26 - 2018-05-19 08:26 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000110-000000.txt
2018-05-19 08:24 - 2018-05-19 08:32 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-19 08:24 - 2018-05-19 08:32 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-19 08:24 - 2018-05-19 08:32 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-19 08:24 - 2018-05-19 08:32 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-19 08:24 - 2018-05-19 08:24 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-19 08:24 - 2018-05-19 08:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-19 08:24 - 2018-05-19 08:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-19 08:24 - 2018-05-19 08:24 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-19 08:24 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-19 08:23 - 2018-05-19 08:23 - 007325024 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2018-05-19 08:23 - 2018-05-19 08:23 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000109-000000.txt
2018-05-19 08:22 - 2018-05-19 08:22 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000108-000000.txt
2018-05-19 08:19 - 2018-05-19 08:19 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000107-000000.txt
2018-05-19 08:18 - 2018-05-19 08:18 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000106-000000.txt
2018-05-19 08:18 - 2018-05-19 08:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-05-19 08:18 - 2018-05-19 08:18 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-05-19 08:17 - 2018-05-19 08:34 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-19 08:17 - 2018-05-19 08:17 - 000178320 _____ (AVAST Software) C:\Users\joshu\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2018-05-19 08:15 - 2018-05-19 08:15 - 075524392 _____ (Malwarebytes ) C:\Users\joshu\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5158.exe
2018-05-19 08:15 - 2018-05-19 08:15 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000104-000000.txt
2018-05-19 08:15 - 2018-05-19 08:15 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000105-000000.txt
2018-05-19 00:08 - 2018-05-19 00:08 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000103-000000.txt
2018-05-19 00:07 - 2018-05-19 00:07 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000102-000000.txt
2018-05-19 00:04 - 2018-05-19 00:04 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000101-000000.txt
2018-05-19 00:04 - 2018-05-19 00:04 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000100-000000.txt
2018-05-19 00:01 - 2018-05-19 00:01 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000099-000000.txt
2018-05-19 00:00 - 2018-05-19 00:00 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000098-000000.txt
2018-05-18 23:57 - 2018-05-18 23:57 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000097-000000.txt
2018-05-18 23:57 - 2018-05-18 21:03 - 000000000 ____D C:\Windows.old
2018-05-18 23:56 - 2018-05-18 23:57 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-18 23:56 - 2018-05-18 23:56 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-18 23:56 - 2018-05-18 23:56 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000096-000000.txt
2018-05-18 23:56 - 2018-05-18 23:56 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-18 23:55 - 2018-05-18 23:55 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-18 23:55 - 2018-05-18 23:55 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-18 23:54 - 2018-05-18 23:54 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-18 23:54 - 2018-05-18 23:54 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000826776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-18 23:54 - 2018-05-18 23:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000652184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-18 23:54 - 2018-05-18 23:54 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000399768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-18 23:53 - 2018-05-18 23:53 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-18 23:53 - 2018-05-18 23:53 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-18 23:53 - 2018-05-18 23:53 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-18 23:53 - 2018-05-18 23:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-18 23:53 - 2018-05-18 23:53 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-18 23:53 - 2018-05-18 23:53 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-18 23:53 - 2018-05-18 23:53 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000095-000000.txt
2018-05-18 23:53 - 2018-05-18 23:53 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000094-000000.txt
2018-05-18 23:53 - 2018-05-18 23:53 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-18 23:53 - 2018-05-18 23:53 - 000000000 ____D C:\Program Files\MSBuild
2018-05-18 23:53 - 2018-05-18 23:53 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-18 23:53 - 2018-05-18 23:53 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-18 23:49 - 2018-05-18 23:49 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000093-000000.txt
2018-05-18 23:49 - 2018-05-18 23:49 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000092-000000.txt
2018-05-18 23:46 - 2018-05-18 23:46 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000091-000000.txt
2018-05-18 23:45 - 2018-05-18 23:45 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000090-000000.txt
2018-05-18 23:42 - 2018-05-18 23:42 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000089-000000.txt
2018-05-18 23:41 - 2018-05-18 23:41 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000088-000000.txt
2018-05-18 23:38 - 2018-05-18 23:38 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000087-000000.txt
2018-05-18 23:38 - 2018-05-18 23:38 - 000004234 _____ C:\WINDOWS\system32\default_error_stack-000086-000000.txt
2018-05-18 23:35 - 2018-05-18 23:35 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000085-000000.txt
2018-05-18 23:34 - 2018-05-18 23:34 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000084-000000.txt
2018-05-18 23:31 - 2018-05-18 23:31 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000083-000000.txt
2018-05-18 23:30 - 2018-05-18 23:30 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000082-000000.txt
2018-05-18 23:27 - 2018-05-18 23:27 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000081-000000.txt
2018-05-18 23:27 - 2018-05-18 23:27 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000080-000000.txt
2018-05-18 23:23 - 2018-05-18 23:23 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000079-000000.txt
2018-05-18 23:23 - 2018-05-18 23:23 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000078-000000.txt
2018-05-18 23:20 - 2018-05-18 23:20 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000077-000000.txt
2018-05-18 23:19 - 2018-05-18 23:19 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000076-000000.txt
2018-05-18 23:16 - 2018-05-18 23:16 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000075-000000.txt
2018-05-18 23:15 - 2018-05-18 23:15 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000074-000000.txt
2018-05-18 23:12 - 2018-05-18 23:12 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000073-000000.txt
2018-05-18 23:12 - 2018-05-18 23:12 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000072-000000.txt
2018-05-18 23:09 - 2018-05-18 23:09 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000071-000000.txt
2018-05-18 23:08 - 2018-05-18 23:08 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000070-000000.txt
2018-05-18 23:05 - 2018-05-18 23:05 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000069-000000.txt
2018-05-18 23:04 - 2018-05-18 23:04 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000068-000000.txt
2018-05-18 23:01 - 2018-05-18 23:01 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000066-000000.txt
2018-05-18 23:01 - 2018-05-18 23:01 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000067-000000.txt
2018-05-18 22:57 - 2018-05-18 22:57 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000064-000000.txt
2018-05-18 22:57 - 2018-05-18 22:57 - 000004238 _____ C:\WINDOWS\system32\default_error_stack-000065-000000.txt
2018-05-18 22:54 - 2018-05-18 22:54 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000063-000000.txt
2018-05-18 22:53 - 2018-05-18 22:53 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000062-000000.txt
2018-05-18 22:50 - 2018-05-18 22:50 - 000004238 _____ C:\WINDOWS\system32\default_error_stack-000061-000000.txt
2018-05-18 22:49 - 2018-05-18 22:49 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000060-000000.txt
2018-05-18 22:46 - 2018-05-18 22:46 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000059-000000.txt
2018-05-18 22:46 - 2018-05-18 22:46 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000058-000000.txt
2018-05-18 22:42 - 2018-05-18 22:42 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000057-000000.txt
2018-05-18 22:42 - 2018-05-18 22:42 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000056-000000.txt
2018-05-18 22:39 - 2018-05-18 22:39 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000055-000000.txt
2018-05-18 22:38 - 2018-05-18 22:38 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000054-000000.txt
2018-05-18 22:35 - 2018-05-18 22:35 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000052-000000.txt
2018-05-18 22:35 - 2018-05-18 22:35 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000053-000000.txt
2018-05-18 22:31 - 2018-05-18 22:31 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000051-000000.txt
2018-05-18 22:31 - 2018-05-18 22:31 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000050-000000.txt
2018-05-18 22:28 - 2018-05-18 22:28 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000049-000000.txt
2018-05-18 22:27 - 2018-05-18 22:27 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000048-000000.txt
2018-05-18 22:24 - 2018-05-18 22:24 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000047-000000.txt
2018-05-18 22:23 - 2018-05-18 22:23 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000046-000000.txt
2018-05-18 22:20 - 2018-05-18 22:20 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000045-000000.txt
2018-05-18 22:20 - 2018-05-18 22:20 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000044-000000.txt
2018-05-18 22:16 - 2018-05-18 22:16 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000043-000000.txt
2018-05-18 22:16 - 2018-05-18 22:16 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000042-000000.txt
2018-05-18 22:13 - 2018-05-18 22:13 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000041-000000.txt
2018-05-18 22:12 - 2018-05-18 22:12 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000040-000000.txt
2018-05-18 22:09 - 2018-05-18 22:09 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000039-000000.txt
2018-05-18 22:09 - 2018-05-18 22:09 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000038-000000.txt
2018-05-18 22:05 - 2018-05-18 22:05 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000037-000000.txt
2018-05-18 22:05 - 2018-05-18 22:05 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000036-000000.txt
2018-05-18 22:02 - 2018-05-18 22:02 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000035-000000.txt
2018-05-18 22:01 - 2018-05-18 22:01 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000034-000000.txt
2018-05-18 21:58 - 2018-05-18 21:58 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000033-000000.txt
2018-05-18 21:57 - 2018-05-18 21:57 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000032-000000.txt
2018-05-18 21:54 - 2018-05-18 21:54 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000031-000000.txt
2018-05-18 21:54 - 2018-05-18 21:54 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000030-000000.txt
2018-05-18 21:50 - 2018-05-18 21:50 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000029-000000.txt
2018-05-18 21:50 - 2018-05-18 21:50 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000028-000000.txt
2018-05-18 21:47 - 2018-05-18 21:47 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000027-000000.txt
2018-05-18 21:46 - 2018-05-18 21:46 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000026-000000.txt
2018-05-18 21:43 - 2018-05-18 21:43 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2018-05-18 21:42 - 2018-05-18 21:42 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2018-05-18 21:39 - 2018-05-18 21:39 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2018-05-18 21:39 - 2018-05-18 21:39 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2018-05-18 21:36 - 2018-05-18 21:36 - 000004238 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2018-05-18 21:35 - 2018-05-18 21:35 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000020-000000.txt
2018-05-18 21:32 - 2018-05-18 21:32 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000019-000000.txt
2018-05-18 21:31 - 2018-05-18 21:31 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000018-000000.txt
2018-05-18 21:28 - 2018-05-18 21:28 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000017-000000.txt
2018-05-18 21:28 - 2018-05-18 21:28 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000016-000000.txt
2018-05-18 21:24 - 2018-05-18 21:24 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000015-000000.txt
2018-05-18 21:24 - 2018-05-18 21:24 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000014-000000.txt
2018-05-18 21:21 - 2018-05-18 21:21 - 000004238 _____ C:\WINDOWS\system32\default_error_stack-000013-000000.txt
2018-05-18 21:20 - 2018-05-18 21:20 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000012-000000.txt
2018-05-18 21:17 - 2018-05-18 21:17 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000010-000000.txt
2018-05-18 21:17 - 2018-05-18 21:17 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000011-000000.txt
2018-05-18 21:16 - 2018-05-18 21:16 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000009-000000.txt
2018-05-18 21:15 - 2018-05-18 21:15 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt
2018-05-18 21:12 - 2018-05-18 21:12 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000007-000000.txt
2018-05-18 21:11 - 2018-05-18 21:11 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000006-000000.txt
2018-05-18 21:11 - 2018-05-18 21:11 - 000000000 ____D C:\Users\joshu\AppData\Local\D3DSCache
2018-05-18 21:08 - 2018-05-18 21:08 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2018-05-18 21:08 - 2018-05-18 21:08 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000004-000000.txt
2018-05-18 21:07 - 2018-05-19 08:39 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-18 21:05 - 2018-05-18 21:05 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-18 21:04 - 2018-05-18 21:04 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000003-000000.txt
2018-05-18 21:04 - 2018-05-18 21:04 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2018-05-18 21:03 - 2018-05-19 08:40 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-05-18 21:03 - 2018-05-19 08:33 - 000003012 _____ C:\WINDOWS\System32\Tasks\AsrSP.exe
2018-05-18 21:03 - 2018-05-19 08:32 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-18 21:03 - 2018-05-19 08:16 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B6899689-BE91-426D-A40F-B4A8DA37F65E}
2018-05-18 21:03 - 2018-05-19 08:12 - 000003998 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-18 21:03 - 2018-05-19 08:12 - 000003766 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-18 21:03 - 2018-05-18 21:03 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2018-05-18 21:03 - 2018-05-18 21:03 - 000011433 _____ C:\WINDOWS\diagerr.xml
2018-05-18 21:03 - 2018-05-18 21:03 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-18 21:03 - 2018-05-18 21:03 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-18 21:03 - 2018-05-18 21:03 - 000002924 _____ C:\WINDOWS\System32\Tasks\Trailer download
2018-05-18 21:03 - 2018-05-18 21:03 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3216183752-1559940622-270169434-1001
2018-05-18 21:03 - 2018-05-18 21:03 - 000002524 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2018-05-18 21:03 - 2018-05-18 21:03 - 000002324 _____ C:\WINDOWS\System32\Tasks\ATuning
2018-05-18 21:03 - 2018-05-18 21:03 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-05-18 21:03 - 2018-05-18 21:03 - 000000020 ___SH C:\Users\joshu\ntuser.ini
2018-05-18 21:03 - 2018-05-18 21:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2018-05-18 21:03 - 2018-05-18 21:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\2BrightSparks
2018-05-18 21:03 - 2018-05-18 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-18 21:02 - 2018-05-18 21:02 - 000000000 ____D C:\ProgramData\USOShared
2018-05-18 21:00 - 2018-05-18 21:00 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2018-05-18 21:00 - 2018-05-18 21:00 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2018-05-18 21:00 - 2018-05-18 21:00 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-18 20:59 - 2018-05-18 21:03 - 000000000 ____D C:\Users\joshu
2018-05-18 20:59 - 2018-05-18 21:01 - 000000000 ____D C:\Users\defaultuser0
2018-05-18 20:59 - 2018-04-11 18:34 - 000001105 _____ C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-18 20:59 - 2018-04-11 18:34 - 000001105 _____ C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-18 20:59 - 2018-04-11 18:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-18 20:59 - 2017-11-24 12:19 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Macromedia
2018-05-18 20:59 - 2017-11-24 12:19 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\Macromedia
2018-05-18 20:59 - 2017-10-20 17:43 - 000091120 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-05-18 20:58 - 2018-05-19 00:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-18 20:58 - 2018-05-18 21:00 - 000233880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-14 06:45 - 2018-05-14 06:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-05-14 06:45 - 2018-05-14 06:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-05-14 06:45 - 2018-05-14 06:45 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-05-12 20:49 - 2018-05-19 09:03 - 000000000 ___DC C:\WINDOWS\Panther
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-19 09:03 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-19 09:03 - 2015-03-12 16:49 - 000000000 ____D C:\FRST
2018-05-19 08:47 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-19 08:43 - 2017-11-24 12:20 - 000111048 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-05-19 08:43 - 2017-11-24 12:20 - 000000000 ____D C:\Program Files\Java
2018-05-19 08:43 - 2017-11-24 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-19 08:42 - 2017-11-24 12:21 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Foxit Software
2018-05-19 08:42 - 2017-11-24 12:21 - 000000000 ____D C:\ProgramData\Foxit Software
2018-05-19 08:41 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-19 08:41 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-19 08:41 - 2018-03-28 18:07 - 000000000 ____D C:\Users\joshu\Documents\theRenamer
2018-05-19 08:41 - 2018-02-24 09:56 - 000000000 ____D C:\ProgramData\r2 Studios
2018-05-19 08:41 - 2017-12-08 00:03 - 000000000 ____D C:\Users\joshu\AppData\Local\Packages
2018-05-19 08:41 - 2017-11-24 12:19 - 000098760 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-05-19 08:40 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-19 08:40 - 2017-11-24 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-19 08:40 - 2017-11-24 12:20 - 000000000 ____D C:\Program Files\7-Zip
2018-05-19 08:40 - 2017-11-24 12:19 - 000000000 ____D C:\Program Files (x86)\Java
2018-05-19 08:33 - 2018-03-13 15:09 - 000021288 _____ (RW-Everything) C:\WINDOWS\SysWOW64\Drivers\ArdDrv.sys
2018-05-19 08:32 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-19 08:32 - 2017-11-24 12:21 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-19 08:32 - 2017-11-24 12:21 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-19 08:32 - 2017-11-24 12:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-05-19 08:32 - 2017-11-24 12:16 - 000000000 __SHD C:\Users\joshu\IntelGraphicsProfiles
2018-05-19 08:23 - 2017-11-24 12:22 - 000000000 ____D C:\Users\joshu\AppData\Local\Google
2018-05-19 08:15 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-18 23:58 - 2018-04-11 18:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-18 23:58 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-18 23:58 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-18 23:58 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-18 23:58 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-18 23:57 - 2018-04-11 18:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-18 23:57 - 2018-04-11 18:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-18 23:57 - 2018-02-27 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-05-18 23:57 - 2018-02-24 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-18 23:57 - 2017-12-16 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD-Trailers.NET Downloader
2018-05-18 23:57 - 2017-12-08 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-05-18 23:57 - 2017-11-25 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-18 23:57 - 2017-11-24 19:51 - 000000000 ____D C:\Program Files\UNP
2018-05-18 23:57 - 2017-11-24 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EverAccountable
2018-05-18 23:57 - 2017-11-24 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab Passkey
2018-05-18 23:57 - 2017-11-24 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JRiver Media Center 21
2018-05-18 23:57 - 2017-11-24 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2018-05-18 23:57 - 2017-11-24 12:16 - 000000000 ____D C:\Program Files\Intel
2018-05-18 23:56 - 2018-04-06 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2018-05-18 23:56 - 2018-03-13 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
2018-05-18 23:56 - 2018-02-23 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks
2018-05-18 23:56 - 2017-11-24 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2018-05-18 23:55 - 2018-04-12 04:37 - 000000000 ____D C:\WINDOWS\Containers
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-18 21:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-18 21:09 - 2017-11-24 12:19 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-18 21:03 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-18 21:03 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-18 21:03 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-18 21:03 - 2017-12-08 00:07 - 000000000 ___RD C:\Users\joshu\3D Objects
2018-05-18 21:03 - 2017-11-24 12:21 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-18 21:03 - 2016-11-20 13:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-18 21:02 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-18 21:01 - 2018-04-11 18:38 - 000000000 __RSD C:\WINDOWS\media
2018-05-18 21:01 - 2018-04-11 18:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-18 21:01 - 2017-12-08 00:06 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-18 21:00 - 2018-03-31 23:21 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TV Rename
2018-05-18 21:00 - 2018-03-31 22:39 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2018-05-18 21:00 - 2018-02-03 17:58 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2018-05-18 21:00 - 2017-11-24 13:16 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2018-05-18 20:59 - 2017-12-08 00:03 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2018-05-18 20:59 - 2017-11-24 12:16 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-05-14 06:45 - 2018-03-28 09:31 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-05-12 21:20 - 2017-11-26 00:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-12 21:19 - 2017-11-26 00:51 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-12 21:19 - 2017-11-26 00:51 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-12 21:17 - 2015-11-25 12:48 - 000008192 __RSH C:\BOOTSECT.BAK
2018-05-12 20:32 - 2017-12-08 19:13 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-05-04 21:56 - 2017-11-24 12:15 - 000000000 ___RD C:\Users\joshu\OneDrive
2018-05-04 21:50 - 2018-02-28 19:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-01 16:22 - 2018-04-11 18:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 16:22 - 2018-04-11 18:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-04-20 22:39 - 2017-11-24 12:21 - 000000000 ____D C:\Users\joshu\AppData\Local\Spotify
2018-04-20 20:04 - 2017-11-24 12:21 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Spotify
 
Some files in TEMP:
====================
2018-05-19 08:41 - 2017-10-18 20:55 - 003729984 _____ (Foxit Corporation) C:\Users\joshu\AppData\Local\Temp\FoxitUpdater.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-18 20:58
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by joshu (19-05-2018 09:04:42)
Running from C:\Users\joshu\Downloads
Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-19 02:03:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3216183752-1559940622-270169434-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3216183752-1559940622-270169434-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3216183752-1559940622-270169434-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3216183752-1559940622-270169434-501 - Limited - Disabled)
joshu (S-1-5-21-3216183752-1559940622-270169434-1001 - Administrator - Enabled) => C:\Users\joshu
WDAGUtilityAccount (S-1-5-21-3216183752-1559940622-270169434-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{9C40698F-A953-4658-AFF2-F7BB385A3910}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{870E5275-5457-4BBC-98C9-BFF4B70AA5D3}) (Version: 3.1.0.12 - Intel) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 3.6.3 - philandro Software GmbH)
ASRock XFast RAM v3.0.3 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
A-Tuning v2.0.271 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.271 - ASRock Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
CPUID CPU-Z 1.81.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.81.1 - ) <==== ATTENTION
CrystalDiskInfo 7.5.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.2 - Crystal Dew World)
Dropbox (HKLM-x32\...\Dropbox) (Version: 49.4.69 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DVDFab Passkey 9.2.1.9 (24/11/2017) (HKLM-x32\...\DVDFab Passkey 9_is1) (Version: 9.2.1.9 - Fengtao Software Inc.)
EverAccountable (HKLM-x32\...\{344B067D-4154-404D-88EC-28D11A9D3B92}_is1) (Version: 5.1.30.0 - Ever Accountable)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.1.0.5096 - Foxit Software Inc.)
Google Chrome (HKLM\...\{E093BF8F-9D6D-342E-ADAC-7BD6F40C3BDE}) (Version: 66.0.3359.181 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
HD-Trailers.NET Downloader version 2.0 (HKLM-x32\...\{86F6284C-D650-40C4-A46D-6FE653C7514D}_is1) (Version: 2.0 - HD-Trailers.NET Downloader CodePlex Project)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{2550a40e-aac6-4d21-9361-744d33bec573}) (Version: 3.1.0.12 - Intel)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
JRiver Media Center 21 (HKLM-x32\...\Media Center 21) (Version: 21 - JRiver, Inc.)
MakeMKV v1.12.0 (HKLM-x32\...\MakeMKV) (Version: v1.12.0 - GuinpinSoft inc)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 8.5.26.0 - 2BrightSparks)
SyncBackLite (HKLM-x32\...\SyncBackLite_is1) (Version: 8.5.26.0 - 2BrightSparks)
TV Rename (HKLM-x32\...\TVRename) (Version: 2.4 - TV Rename)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.2 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FD4BA4C-6C38-4E38-85BA-5E5A14D376BA} - System32\Tasks\2BrightSparks\SyncBackFree\HTPC-joshu\SyncBackFree Media Storage Backup => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2018-02-01] (2BrightSparks Pte. Ltd.)
Task: {389D9620-0E1B-4944-9DF6-1E5036F25791} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-24] (Dropbox, Inc.)
Task: {60136830-7109-4071-9646-F33A6D131875} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-10] (Piriform Ltd)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {94FEE7D2-7F3A-4B80-AA93-E6ABA9161B09} - System32\Tasks\ATuning => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\ATuning.exe [2015-11-04] (ASRock Incorporation)
Task: {A97A5363-DC5D-4383-A32D-472C92FAF6BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-24] (Google Inc.)
Task: {C141ED23-3A99-4FF1-B217-A0EB62FCBCC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-10] (Piriform Ltd)
Task: {CD542BCD-B5E3-45F9-803B-DDA07EF4A1B5} - System32\Tasks\AsrSP.exe => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2014-12-02] ()
Task: {D1C3E92D-134B-4AEA-8ECB-1C6D6BD9FFB5} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {EB32B183-0B48-4352-A9E8-5FD49796FBC7} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {EC7AD1E4-F379-407D-A7A7-A9F50AE901B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-24] (Google Inc.)
Task: {F5BB277C-8569-435E-A5D6-7868F1FD1C4F} - System32\Tasks\Trailer download => C:\Program Files (x86)\HD-Trailers.NET Downloader\HD-Trailers.Net Downloader.exe [2016-04-23] ()
Task: {F8FAFE93-5C33-4300-8482-5BF87C96719D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-24] (Dropbox, Inc.)
Task: {F9FC2236-5D31-4113-9974-0F5C90A79B60} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-19] (AVAST Software)
Task: {FC28C6B3-0787-4BD7-BE64-980F4605EEE1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-03-13 15:09 - 2014-07-31 16:17 - 000463112 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
2017-11-24 12:45 - 2017-11-24 12:45 - 001809096 _____ () C:\Program Files (x86)\AnyDesk\AnyDesk.exe
2018-05-19 08:24 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-05-19 08:24 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-03-07 20:04 - 2017-03-07 20:04 - 000157456 _____ () C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-10-20 17:42 - 2017-10-20 17:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-11 18:35 - 2018-04-12 04:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-04 21:56 - 2018-05-04 21:56 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-04 21:56 - 2018-05-04 21:56 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-04 21:56 - 2018-05-04 21:56 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-04 21:56 - 2018-05-04 21:56 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-04 21:56 - 2018-05-04 21:56 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-02-22 23:01 - 2018-02-22 23:01 - 027139072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
2018-02-22 23:01 - 2018-02-22 23:01 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\SharedUI.dll
2018-02-22 23:01 - 2018-02-22 23:01 - 006687744 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntCommon.dll
2017-11-24 12:46 - 2017-11-24 12:46 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-22 23:01 - 2018-02-22 23:01 - 009283072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntPlat.dll
2017-11-24 13:33 - 2017-08-31 01:14 - 000015184 _____ () C:\Program Files (x86)\EverAccountable\zeasystemhelper.exe
2017-11-24 12:53 - 2016-06-17 08:07 - 001591296 ____N () C:\Program Files (x86)\J River\Media Center 21\JRDisc.dll
2016-03-16 18:35 - 2016-03-16 18:35 - 050262016 _____ () C:\Users\joshu\AppData\Roaming\J River\Media Center 21\Plugins\chromium\libcef.dll
2016-03-16 18:35 - 2016-03-16 18:35 - 001673728 _____ () C:\Users\joshu\AppData\Roaming\J River\Media Center 21\Plugins\chromium\libglesv2.dll
2016-03-16 18:35 - 2016-03-16 18:35 - 000075264 _____ () C:\Users\joshu\AppData\Roaming\J River\Media Center 21\Plugins\chromium\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3216183752-1559940622-270169434-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\joshu\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{1b2ed3f4-df99-4b2e-b66c-491225dbcef2}.jpg
DNS Servers: 208.67.222.123 - 208.67.220.123
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\StartupApproved\Run: => "StartupDelayer"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{BB4DFEA3-4446-4A64-9967-4476ED34D64A}] => (Allow) C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe
FirewallRules: [{A8DB4684-03F8-4A63-904E-A932611EEC4A}] => (Allow) C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe
FirewallRules: [TCP Query User{7AD14D38-C265-4EC2-9769-06B0C9C0C305}C:\users\joshu\downloads\anydesk (1).exe] => (Allow) C:\users\joshu\downloads\anydesk (1).exe
FirewallRules: [UDP Query User{0CAA51CC-C1B9-400F-BD4A-18758F211762}C:\users\joshu\downloads\anydesk (1).exe] => (Allow) C:\users\joshu\downloads\anydesk (1).exe
FirewallRules: [TCP Query User{F6B55894-720A-4D12-9475-C1A7B88B868A}C:\users\joshu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshu\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5B50E537-D558-47E8-ADA2-F6D6C1C35982}C:\users\joshu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshu\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DDADFEE1-C493-43F8-BC26-669ECE5B77A9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{0BCBAD9B-C01E-4003-9A64-D43D62228913}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{51D64FBE-A12E-4BA1-AB05-75E4993C4816}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{C9550C9D-DE68-4309-9EDF-36470D97E360}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{8297ED4E-E8E2-4014-B333-69B5BD5D9910}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{52EA4C98-DCAA-4260-AA50-0ED72AC01C36}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{EE417CA2-EB07-4880-906B-FC84F35BFCAA}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{C2A0591E-D28C-4025-AF0C-B538C312A003}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/19/2018 08:12:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 10.0.17134.1, time stamp: 0x5d557fa4
Faulting module name: USBKeyCredentialProvider.dll_unloaded, version: 0.0.0.0, time stamp: 0x53d9fa55
Exception code: 0xc0000005
Fault offset: 0x000000000002b3c6
Faulting process id: 0x2b6c
Faulting application start time: 0x01d3ef2f80280fa8
Faulting application path: C:\WINDOWS\System32\LogonUI.exe
Faulting module path: USBKeyCredentialProvider.dll
Report Id: 7675da98-ee92-4ba5-8287-1650ac6618bd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:24:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.48, time stamp: 0x5ae3f17b
Faulting module name: edgehtml.dll, version: 11.0.17134.48, time stamp: 0xf3c5bd61
Exception code: 0xc0000602
Fault offset: 0x0000000000755a1c
Faulting process id: 0x1f54
Faulting application start time: 0x01d3ef178e0d04a1
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report Id: ef516185-2ff7-4767-8bda-567beacb1f0a
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (05/18/2018 09:17:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 10.0.17134.1, time stamp: 0x5d557fa4
Faulting module name: USBKeyCredentialProvider.dll_unloaded, version: 0.0.0.0, time stamp: 0x53d9fa55
Exception code: 0xc0000005
Fault offset: 0x000000000002b4a8
Faulting process id: 0x334
Faulting application start time: 0x01d3ef1786800919
Faulting application path: C:\WINDOWS\system32\LogonUI.exe
Faulting module path: USBKeyCredentialProvider.dll
Report Id: e5103202-df80-4037-849d-cd9f070922c3
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x21ec
Faulting application start time: 0x01d3ef166ac4e888
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: d75fc97b-b6b6-4d66-b306-9831cb7b62c6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x2988
Faulting application start time: 0x01d3ef1669f365aa
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: 3c2c99b7-c755-4781-9074-a18993f94f0b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x231c
Faulting application start time: 0x01d3ef16691e8193
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: c537007a-cf26-4520-895f-d00083ac4eb9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x2448
Faulting application start time: 0x01d3ef166855760f
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: ef601b42-41fb-4a84-b29b-9682741a46e9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0xe58
Faulting application start time: 0x01d3ef166785d546
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: ee84779b-7dd4-4840-8fe0-1b3c402a3373
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (05/19/2018 09:04:29 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error: 
The stream is not a tiny stream.
 
Error: (05/19/2018 09:03:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error: 
The stream is not a tiny stream.
 
Error: (05/19/2018 09:00:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error: 
The stream is not a tiny stream.
 
Error: (05/19/2018 09:00:13 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error: 
The stream is not a tiny stream.
 
Error: (05/19/2018 08:56:59 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error: 
The stream is not a tiny stream.
 
Error: (05/19/2018 08:56:26 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error: 
The stream is not a tiny stream.
 
Error: (05/19/2018 08:54:45 AM) (Source: DCOM) (EventID: 10016) (User: HTPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user HTPC\joshu SID (S-1-5-21-3216183752-1559940622-270169434-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/19/2018 08:52:52 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error: 
The stream is not a tiny stream.
 
 
CodeIntegrity:
===================================
 
Date: 2018-05-19 08:36:23.441
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-19 08:36:23.391
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-19 08:35:43.704
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-19 08:35:16.552
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-19 08:35:15.915
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-19 08:33:02.064
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-19 08:33:02.062
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-19 08:33:02.060
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G3220 @ 3.00GHz
Percentage of memory in use: 34%
Total physical RAM: 7891.93 MB
Available physical RAM: 5150.07 MB
Total Virtual: 9171.93 MB
Available Virtual: 6408.13 MB
 
==================== Drives ================================
 
Drive c: (Win 10 ) (Fixed) (Total:59.19 GB) (Free:20.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Media Storage) (Fixed) (Total:5589.03 GB) (Free:990.55 GB) NTFS
Drive f: (Backup) (Fixed) (Total:7451.91 GB) (Free:2714.29 GB) NTFS
 
\\?\Volume{52702e5f-0000-0000-0000-f0cb0e000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 5589 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 7452 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 59.6 GB) (Disk ID: 52702E5F)
Partition 1: (Active) - (Size=59.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:42 AM

Posted 19 May 2018 - 10:05 PM

Greetings jsmith967 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool Fix - Windows 10 with Recovery Environment

--------------------

For this step you will need a USB drive inserted into the computer. If at all possible complete the following on a clean computer.
  • Press the Windows Key + R at the same time
  • Type notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the USB drive as fixlist.txt
HKLM\SYSTEM\ControlSet001\Services\aswSP
HKLM\SYSTEM\ControlSet001\Services\aswMonFlt
HKLM\SYSTEM\ControlSet001\Services\aswSnx
C:\WINDOWS\system32\default_error_stack*.*
C:\WINDOWS\system32\Drivers\aswb*.*
emptytemp:
  • Please download Farbar Recovery Scan Tool for 64 bit systems and save it to a USB drive
  • Remove the USB drive from the clean computer
  • If your computer boots - Boot to Advanced Startup Options from Settings in Windows 10
  • If your computer does not boot - Boot to Advanced Startup Options from a Hard Reboot
  • Click Troubleshoot
  • Click Advanced options
  • Click Command Prompt
  • Select your Account and if necessary type the Password and hit Continue
  • Plug the USB drive into the infected computer
  • In the command window type in Notepad and press Enter.
  • Under File menu select Open
  • Select This PC and double click on your USB drive letter
  • Next to Files of type: select All Files
  • Right click on the FRST icon and select Run as adminstrator
  • Click Yes to disclaimer that may appear
  • Press Fix button
  • A fixlog.txt file will be saved on the USB drive. Please copy and paste it to your reply.
  • Reboot your computer into Normal Mode and check the performance
===================================================

RogueKiller Anti-Malware

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the setup.exe icon and select Run as Administrator
  • Click OK on English
  • Select Install 32 and 64 bits versions (Recommended for Technicians), then continually click Next until you click Install
  • Click Finish
  • Click Accept
  • Under # Software Version if it does not indicate up to date click Check for updates >>
  • Click Start Scan twice
  • When completed click Open Report
  • Click Export Text and save the file on your Desktop as RK.txt
  • Close all open RogueKiller windows
  • Copy and paste the contents of the report in your reply
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RogueKiller log
  • AdwCleaner log
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 jsmith967

jsmith967
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 20 May 2018 - 09:47 AM

Hello Oh My!

 

Thank you for your response. My name is Joshua. I have read the ground rules and your instructions. I will follow them closely. 

 

The computer seems to be operating normally. The popups are only periodic and I do not get on this computer very often. There have been no unwanted popups on either Chrome or Microsoft Edge when I was downloading the suggested scanners. The "Everaccountable" program that RoughKiller found is a program that I installed and have been using for years. It is not malware.

 

Again, your help is much appreciated! Thank you!

 

-Joshua

 

FRST Log

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01

Ran by SYSTEM (20-05-2018 08:57:00) Run:1

Running from F:\

Boot Mode: Recovery

==============================================

 

fixlist content:

*****************

HKLM\SYSTEM\ControlSet001\Services\aswSP

HKLM\SYSTEM\ControlSet001\Services\aswMonFlt

HKLM\SYSTEM\ControlSet001\Services\aswSnx

C:\WINDOWS\system32\default_error_stack*.*

C:\WINDOWS\system32\Drivers\aswb*.*

emptytemp:

*****************

 

HKLM\SYSTEM\ControlSet001\Services\aswSP => Error: No automatic fix found for this entry.

HKLM\SYSTEM\ControlSet001\Services\aswMonFlt => Error: No automatic fix found for this entry.

HKLM\SYSTEM\ControlSet001\Services\aswSnx => Error: No automatic fix found for this entry.

 

=========== "C:\WINDOWS\system32\default_error_stack*.*" ==========

 

C:\WINDOWS\system32\default_error_stack-000000-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000001-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000002-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000003-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000004-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000005-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000006-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000007-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000008-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000009-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000010-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000011-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000012-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000013-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000014-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000015-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000016-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000017-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000018-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000019-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000020-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000021-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000022-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000023-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000024-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000025-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000026-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000027-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000028-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000029-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000030-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000031-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000032-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000033-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000034-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000035-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000036-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000037-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000038-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000039-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000040-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000041-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000042-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000043-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000044-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000045-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000046-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000047-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000048-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000049-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000050-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000051-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000052-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000053-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000054-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000055-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000056-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000057-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000058-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000059-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000060-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000061-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000062-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000063-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000064-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000065-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000066-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000067-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000068-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000069-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000070-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000071-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000072-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000073-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000074-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000075-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000076-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000077-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000078-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000079-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000080-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000081-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000082-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000083-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000084-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000085-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000086-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000087-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000088-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000089-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000090-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000091-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000092-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000093-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000094-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000095-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000096-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000097-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000098-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000099-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000100-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000101-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000102-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000103-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000104-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000105-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000106-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000107-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000108-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000109-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000110-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000111-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000112-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000113-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000114-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000115-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000116-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000117-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000118-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000119-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000120-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000121-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000122-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000123-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000124-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000125-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000126-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000127-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000128-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000129-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000130-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000131-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000132-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000133-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000134-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000135-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000136-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000137-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000138-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000139-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000140-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000141-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000142-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000143-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000144-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000145-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000146-000000.txt => moved successfully

C:\WINDOWS\system32\default_error_stack-000147-000000.txt => moved successfully

 

========= End -> "C:\WINDOWS\system32\default_error_stack*.*" ========

 

 

=========== "C:\WINDOWS\system32\Drivers\aswb*.*" ==========

 

not found

 

========= End -> "C:\WINDOWS\system32\Drivers\aswb*.*" ========

 

emptytemp: => Error: This directive works only outside recovery mode.

 

==== End of Fixlog 08:57:01 ====

 

ROUGEKILLER

 

RogueKiller V12.12.17.0 (x64) [May 14 2018] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : https://forum.adlice.com

Website : http://www.adlice.com/download/roguekiller/

Blog : http://www.adlice.com

 

Operating System : Windows 10 (10.0.17134) 64 bits version

Started in : Normal mode

User : joshu [Administrator]

Started from : C:\Program Files\RogueKiller\RogueKiller64.exe

Mode : Scan -- Date : 05/20/2018 09:03:52 (Duration : 00:27:21)

Switches : -refid

 

¤¤¤ Processes : 1 ¤¤¤

[VT.Unknown] everaccountable.exe(9036) -- C:\Program Files (x86)\EverAccountable\everaccountable.exe[7] -> Found

 

¤¤¤ Registry : 2 ¤¤¤

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0  -> Found

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ WMI : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: WDC WD60EZRZ-00GZ5B1 +++++

--- User ---

[MBR] b749ca3279980e04af4acfc8f6e210f5

[BSP] 7fd284fb52c67c795cf1eb3c56d573d7 : Empty MBR Code

Partition table:

0 - Basic data partition | Offset (sectors): 2048 | Size: 5723165 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: WDC WD80EFZX-68UW8N0 +++++

--- User ---

[MBR] 0086f36f0b7bc8b257f89fc226376c3d

[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code

Partition table:

0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB

1 - Basic data partition | Offset (sectors): 264192 | Size: 7630756 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive2: OCZ-VERTEX4 +++++

--- User ---

[MBR] 5fef2486507f7c9f652e0819dcd4b3b8

[BSP] b3cc173a57faf729b5ac870307ad43e6 : Windows Vista/7/8|VT.Unknown MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 8 | Size: 60606 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]

1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 124123136 | Size: 449 MB

User = LL1 ... OK

User = LL2 ... OK

 

ADW CLEANER

 

# -------------------------------

# Malwarebytes AdwCleaner 7.1.1.0

# -------------------------------

# Build:    04-27-2018

# Database: 2018-05-18.2

# Support:  https://www.malwarebytes.com/support

#

# -------------------------------

# Mode: Clean

# -------------------------------

# Start:    05-20-2018

# Duration: 00:00:01

# OS:       Windows 10 Pro

# Cleaned:  2

# Failed:   0

 

 

***** [ Services ] *****

 

No malicious services cleaned.

 

***** [ Folders ] *****

 

No malicious folders cleaned.

 

***** [ Files ] *****

 

No malicious files cleaned.

 

***** [ DLL ] *****

 

No malicious DLLs cleaned.

 

***** [ WMI ] *****

 

No malicious WMI cleaned.

 

***** [ Shortcuts ] *****

 

No malicious shortcuts cleaned.

 

***** [ Tasks ] *****

 

No malicious tasks cleaned.

 

***** [ Registry ] *****

 

No malicious registry entries cleaned.

 

***** [ Chromium (and derivatives) ] *****

 

No malicious Chromium entries cleaned.

 

***** [ Chromium URLs ] *****

 

Deleted       Ask

Deleted       AOL

 

***** [ Firefox (and derivatives) ] *****

 

No malicious Firefox entries cleaned.

 

***** [ Firefox URLs ] *****

 

No malicious Firefox URLs cleaned.

 

 

*************************

 

[+] Delete Tracing Keys

[+] Reset Winsock

 

*************************

 

 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:42 AM

Posted 20 May 2018 - 04:56 PM

Greetings Joshua.

 

Please run another FRST scan and copy/paste both reports in your reply.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 jsmith967

jsmith967
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 21 May 2018 - 06:36 AM

Hello Again! 

 

Thank you for your reply! I appreciate it! Please see below .

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by joshu (administrator) on HTPC (21-05-2018 06:20:55)
Running from C:\Users\joshu\Downloads
Loaded Profiles: joshu &  (Available Profiles: defaultuser0 & joshu)
Platform: Windows 10 Pro Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\JRService.exe
() C:\Program Files (x86)\HD-Trailers.NET Downloader\HD-Trailers.Net Downloader.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(ASRock Incorporation) C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\ATuning.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(ASRock Incorporation) C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSvc.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21595.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(EverAccountable.com) C:\Program Files (x86)\EverAccountable\everaccountable.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\JRWeb.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\JRWeb.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\EverAccountable\zeasystemhelper.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\JRWeb.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ASRock) C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [EverAccountable] => C:\Program Files (x86)\EverAccountable\everaccountable.exe [1596240 2017-10-03] (EverAccountable.com)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [131360 2017-12-05] (Intel)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738494\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738525\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3216183752-1559940622-270169434-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738541\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Run: [EverAccountable] => C:\Program Files (x86)\EverAccountable\everaccountable.exe [1596240 2017-10-03] (EverAccountable.com)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Run: [Media Center 21] => C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe [16332800 2016-06-17] (JRiver, Inc.)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334016 2018-05-10] (Piriform Ltd)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Run: [Spotify Web Helper] => C:\Users\joshu\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-02] (Spotify Ltd)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738594\...\Run: [EverAccountable] => C:\Program Files (x86)\EverAccountable\everaccountable.exe [1596240 2017-10-03] (EverAccountable.com)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738594\...\Run: [Media Center 21] => C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe [16332800 2016-06-17] (JRiver, Inc.)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738594\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334016 2018-05-10] (Piriform Ltd)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738594\...\Run: [Spotify Web Helper] => C:\Users\joshu\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-02] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2017-11-24]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe ()
Startup: C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HD-Trailers.Net Downloader - Shortcut.lnk [2018-05-19]
ShortcutTarget: HD-Trailers.Net Downloader - Shortcut.lnk -> C:\Program Files (x86)\HD-Trailers.NET Downloader\HD-Trailers.Net Downloader.exe ()
Startup: C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan - Shortcut.lnk [2018-05-19]
ShortcutTarget: speedfan - Shortcut.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.67.222.123 208.67.220.123
Tcpip\..\Interfaces\{b1e44903-3294-4d90-ab4a-35ae3135a27a}: [DhcpNameServer] 208.67.222.123 208.67.220.123
 
Internet Explorer:
==================
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-3216183752-1559940622-270169434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738594\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-05-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\ssv.dll [2018-05-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-19] (Oracle Corporation)
 
Edge: 
======
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2018-05-19]
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.10.0.0_neutral__qq0fmhteeht3j [2018-05-18]
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-19] (Oracle Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-19] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default [2018-05-20]
CHR Extension: (Slides) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-25]
CHR Extension: (Docs) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-25]
CHR Extension: (Google Drive) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-25]
CHR Extension: (YouTube) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-25]
CHR Extension: (uBlock Origin) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-19]
CHR Extension: (Sheets) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-25]
CHR Extension: (Google Docs Offline) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-18]
CHR Extension: (Gmail) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-25]
CHR Extension: (Chrome Media Router) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-18]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [1809096 2017-11-24] ()
R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [463112 2014-07-31] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-05-14] (Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22304 2017-12-05] (Intel)
S2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2018-04-17] (Foxit Software Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R3 Media Center 21 Service; C:\Program Files (x86)\J River\Media Center 21\JRService.exe [397048 2016-06-17] (JRiver, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe [157456 2017-03-07] ()
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [824592 2017-03-07] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-05-04] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-05-04] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArdDrv; C:\WINDOWS\SysWOW64\Drivers\ArdDrv.sys [21288 2018-05-21] (RW-Everything)
R3 AsrDrv101; C:\WINDOWS\SysWOW64\Drivers\AsrDrv101.sys [22280 2018-03-13] (ASRock Incorporation)
R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
R3 dvdfab; C:\WINDOWS\system32\drivers\dvdfab.sys [91992 2016-12-13] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2016-07-26] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-05-20] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-20] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-20] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-20] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-05-21] (Malwarebytes)
S3 NZFSD; C:\WINDOWS\System32\drivers\NZFSD.sys [280136 2014-03-18] (FlexRAID)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2018-04-11] (Realtek Semiconductor Corporation )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-04] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313888 2018-05-04] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-05-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-21 06:21 - 2018-05-21 06:21 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000052-000000.txt
2018-05-21 06:17 - 2018-05-21 06:17 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000050-000000.txt
2018-05-21 06:17 - 2018-05-21 06:17 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000051-000000.txt
2018-05-20 10:25 - 2018-05-20 10:25 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000049-000000.txt
2018-05-20 10:25 - 2018-05-20 10:25 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000048-000000.txt
2018-05-20 10:22 - 2018-05-20 10:22 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000047-000000.txt
2018-05-20 10:21 - 2018-05-20 10:21 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000046-000000.txt
2018-05-20 10:18 - 2018-05-20 10:18 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000045-000000.txt
2018-05-20 10:17 - 2018-05-20 10:17 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000044-000000.txt
2018-05-20 10:14 - 2018-05-20 10:14 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000042-000000.txt
2018-05-20 10:14 - 2018-05-20 10:14 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000043-000000.txt
2018-05-20 10:10 - 2018-05-20 10:10 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000041-000000.txt
2018-05-20 10:10 - 2018-05-20 10:10 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000040-000000.txt
2018-05-20 10:07 - 2018-05-20 10:07 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000039-000000.txt
2018-05-20 10:06 - 2018-05-20 10:06 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000038-000000.txt
2018-05-20 10:03 - 2018-05-20 10:03 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000037-000000.txt
2018-05-20 10:02 - 2018-05-20 10:02 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000036-000000.txt
2018-05-20 09:59 - 2018-05-20 09:59 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000035-000000.txt
2018-05-20 09:59 - 2018-05-20 09:59 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000034-000000.txt
2018-05-20 09:55 - 2018-05-20 09:55 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000033-000000.txt
2018-05-20 09:55 - 2018-05-20 09:55 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000032-000000.txt
2018-05-20 09:52 - 2018-05-20 09:52 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000031-000000.txt
2018-05-20 09:52 - 2018-05-20 09:52 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000030-000000.txt
2018-05-20 09:49 - 2018-05-20 09:49 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000029-000000.txt
2018-05-20 09:48 - 2018-05-20 09:48 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000028-000000.txt
2018-05-20 09:45 - 2018-05-20 09:45 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000027-000000.txt
2018-05-20 09:45 - 2018-05-20 09:45 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000026-000000.txt
2018-05-20 09:41 - 2018-05-21 06:17 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-20 09:41 - 2018-05-20 09:41 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-20 09:41 - 2018-05-20 09:41 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-20 09:41 - 2018-05-20 09:41 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-20 09:41 - 2018-05-20 09:41 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-20 09:41 - 2018-05-20 09:41 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000024-000000.txt
2018-05-20 09:41 - 2018-05-20 09:41 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000025-000000.txt
2018-05-20 09:39 - 2018-05-20 09:41 - 000000000 ____D C:\AdwCleaner
2018-05-20 09:39 - 2018-05-20 09:39 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000023-000000.txt
2018-05-20 09:38 - 2018-05-20 09:38 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000022-000000.txt
2018-05-20 09:35 - 2018-05-20 09:35 - 000004470 _____ C:\Users\joshu\Desktop\RK.txt
2018-05-20 09:35 - 2018-05-20 09:35 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000021-000000.txt
2018-05-20 09:35 - 2018-05-20 09:35 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000020-000000.txt
2018-05-20 09:31 - 2018-05-20 09:31 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000019-000000.txt
2018-05-20 09:31 - 2018-05-20 09:31 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000018-000000.txt
2018-05-20 09:28 - 2018-05-20 09:28 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000017-000000.txt
2018-05-20 09:27 - 2018-05-20 09:27 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000016-000000.txt
2018-05-20 09:24 - 2018-05-20 09:24 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000015-000000.txt
2018-05-20 09:23 - 2018-05-20 09:23 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000014-000000.txt
2018-05-20 09:20 - 2018-05-20 09:20 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000013-000000.txt
2018-05-20 09:20 - 2018-05-20 09:20 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000012-000000.txt
2018-05-20 09:16 - 2018-05-20 09:16 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000011-000000.txt
2018-05-20 09:16 - 2018-05-20 09:16 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000010-000000.txt
2018-05-20 09:13 - 2018-05-20 09:13 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000009-000000.txt
2018-05-20 09:12 - 2018-05-20 09:12 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000008-000000.txt
2018-05-20 09:09 - 2018-05-20 09:09 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000007-000000.txt
2018-05-20 09:08 - 2018-05-20 09:08 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000006-000000.txt
2018-05-20 09:05 - 2018-05-20 09:05 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000004-000000.txt
2018-05-20 09:05 - 2018-05-20 09:05 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000005-000000.txt
2018-05-20 09:03 - 2018-05-20 09:35 - 000000000 ____D C:\ProgramData\RogueKiller
2018-05-20 09:03 - 2018-05-20 09:03 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-05-20 09:03 - 2018-05-20 09:03 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-05-20 09:03 - 2018-05-20 09:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-20 09:03 - 2018-05-20 09:03 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-20 09:01 - 2018-05-20 09:01 - 036678264 _____ (Adlice Software ) C:\Users\joshu\Desktop\RogueKiller_setup_ref3.exe
2018-05-20 09:01 - 2018-05-20 09:01 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000003-000000.txt
2018-05-20 09:01 - 2018-05-20 09:01 - 000004242 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2018-05-20 08:58 - 2018-05-20 08:58 - 000004240 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2018-05-20 08:58 - 2018-05-20 08:58 - 000002426 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2018-05-19 09:03 - 2018-05-21 06:21 - 000018006 _____ C:\Users\joshu\Downloads\FRST.txt
2018-05-19 08:55 - 2018-05-19 08:56 - 002413056 _____ (Farbar) C:\Users\joshu\Downloads\FRST64.exe
2018-05-19 08:42 - 2018-05-19 08:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-05-19 08:42 - 2018-05-19 08:42 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2018-05-19 08:35 - 2018-05-19 08:36 - 000000000 ____D C:\Users\joshu\AppData\Local\PlaceholderTileLogoFolder
2018-05-19 08:33 - 2018-05-19 08:33 - 000178320 _____ (AVAST Software) C:\Users\joshu\Downloads\avast_free_antivirus_setup_online_cnet_2 (1).exe
2018-05-19 08:24 - 2018-05-19 08:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-19 08:24 - 2018-05-19 08:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-19 08:24 - 2018-05-19 08:24 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-19 08:24 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-19 08:18 - 2018-05-19 08:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-05-19 08:18 - 2018-05-19 08:18 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-05-19 08:17 - 2018-05-19 08:34 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-19 08:17 - 2018-05-19 08:17 - 000178320 _____ (AVAST Software) C:\Users\joshu\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2018-05-19 08:15 - 2018-05-19 08:15 - 075524392 _____ (Malwarebytes ) C:\Users\joshu\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5158.exe
2018-05-18 23:57 - 2018-05-18 21:03 - 000000000 ____D C:\Windows.old
2018-05-18 23:56 - 2018-05-18 23:57 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-18 23:56 - 2018-05-18 23:56 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-18 23:56 - 2018-05-18 23:56 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-18 23:55 - 2018-05-18 23:55 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-18 23:55 - 2018-05-18 23:55 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-18 23:54 - 2018-05-18 23:54 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-18 23:54 - 2018-05-18 23:54 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000826776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-18 23:54 - 2018-05-18 23:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000652184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-18 23:54 - 2018-05-18 23:54 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000399768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-18 23:53 - 2018-05-18 23:53 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-18 23:53 - 2018-05-18 23:53 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-18 23:53 - 2018-05-18 23:53 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-18 23:53 - 2018-05-18 23:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-18 23:53 - 2018-05-18 23:53 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-18 23:53 - 2018-05-18 23:53 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-18 23:53 - 2018-05-18 23:53 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-18 23:53 - 2018-05-18 23:53 - 000000000 ____D C:\Program Files\MSBuild
2018-05-18 23:53 - 2018-05-18 23:53 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-18 23:53 - 2018-05-18 23:53 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-18 21:11 - 2018-05-18 21:11 - 000000000 ____D C:\Users\joshu\AppData\Local\D3DSCache
2018-05-18 21:07 - 2018-05-20 09:47 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-18 21:05 - 2018-05-18 21:05 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-18 21:03 - 2018-05-21 06:19 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B6899689-BE91-426D-A40F-B4A8DA37F65E}
2018-05-18 21:03 - 2018-05-21 06:16 - 000003012 _____ C:\WINDOWS\System32\Tasks\AsrSP.exe
2018-05-18 21:03 - 2018-05-20 09:41 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-18 21:03 - 2018-05-19 08:40 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-05-18 21:03 - 2018-05-19 08:12 - 000003998 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-18 21:03 - 2018-05-19 08:12 - 000003766 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-18 21:03 - 2018-05-18 21:03 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2018-05-18 21:03 - 2018-05-18 21:03 - 000011433 _____ C:\WINDOWS\diagerr.xml
2018-05-18 21:03 - 2018-05-18 21:03 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-18 21:03 - 2018-05-18 21:03 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-18 21:03 - 2018-05-18 21:03 - 000002924 _____ C:\WINDOWS\System32\Tasks\Trailer download
2018-05-18 21:03 - 2018-05-18 21:03 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3216183752-1559940622-270169434-1001
2018-05-18 21:03 - 2018-05-18 21:03 - 000002524 _____ C:\WINDOWS\System32\Tasks\USER_ESRV_SVC_QUEENCREEK
2018-05-18 21:03 - 2018-05-18 21:03 - 000002324 _____ C:\WINDOWS\System32\Tasks\ATuning
2018-05-18 21:03 - 2018-05-18 21:03 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-05-18 21:03 - 2018-05-18 21:03 - 000000020 ___SH C:\Users\joshu\ntuser.ini
2018-05-18 21:03 - 2018-05-18 21:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
2018-05-18 21:03 - 2018-05-18 21:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\2BrightSparks
2018-05-18 21:03 - 2018-05-18 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-18 21:02 - 2018-05-18 21:02 - 000000000 ____D C:\ProgramData\USOShared
2018-05-18 21:00 - 2018-05-18 21:00 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-18 20:59 - 2018-05-18 21:03 - 000000000 ____D C:\Users\joshu
2018-05-18 20:59 - 2018-05-18 21:01 - 000000000 ____D C:\Users\defaultuser0
2018-05-18 20:59 - 2018-04-11 18:34 - 000001105 _____ C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-18 20:59 - 2018-04-11 18:34 - 000001105 _____ C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-18 20:59 - 2018-04-11 18:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-18 20:59 - 2017-11-24 12:19 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Macromedia
2018-05-18 20:59 - 2017-11-24 12:19 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\Macromedia
2018-05-18 20:59 - 2017-10-20 17:43 - 000091120 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-05-18 20:58 - 2018-05-20 10:27 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-18 20:58 - 2018-05-18 21:00 - 000233880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-14 06:45 - 2018-05-14 06:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-05-14 06:45 - 2018-05-14 06:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-05-14 06:45 - 2018-05-14 06:45 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-05-12 20:49 - 2018-05-19 09:03 - 000000000 ___DC C:\WINDOWS\Panther
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-21 06:20 - 2015-03-12 16:49 - 000000000 ____D C:\FRST
2018-05-21 06:16 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-21 06:16 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-21 06:16 - 2018-03-13 15:09 - 000021288 _____ (RW-Everything) C:\WINDOWS\SysWOW64\Drivers\ArdDrv.sys
2018-05-21 06:16 - 2017-11-24 12:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-05-21 06:16 - 2017-11-24 12:16 - 000000000 __SHD C:\Users\joshu\IntelGraphicsProfiles
2018-05-20 09:53 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-20 09:41 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-20 09:29 - 2016-07-16 06:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-05-20 08:39 - 2017-12-08 19:13 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-05-19 08:43 - 2017-11-24 12:20 - 000111048 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-05-19 08:43 - 2017-11-24 12:20 - 000000000 ____D C:\Program Files\Java
2018-05-19 08:43 - 2017-11-24 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-19 08:42 - 2017-11-24 12:21 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Foxit Software
2018-05-19 08:42 - 2017-11-24 12:21 - 000000000 ____D C:\ProgramData\Foxit Software
2018-05-19 08:41 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-19 08:41 - 2018-03-28 18:07 - 000000000 ____D C:\Users\joshu\Documents\theRenamer
2018-05-19 08:41 - 2018-02-24 09:56 - 000000000 ____D C:\ProgramData\r2 Studios
2018-05-19 08:41 - 2017-12-08 00:03 - 000000000 ____D C:\Users\joshu\AppData\Local\Packages
2018-05-19 08:41 - 2017-11-24 12:19 - 000098760 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-05-19 08:40 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-19 08:40 - 2017-11-24 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-19 08:40 - 2017-11-24 12:20 - 000000000 ____D C:\Program Files\7-Zip
2018-05-19 08:40 - 2017-11-24 12:19 - 000000000 ____D C:\Program Files (x86)\Java
2018-05-19 08:32 - 2017-11-24 12:21 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-19 08:32 - 2017-11-24 12:21 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-19 08:23 - 2017-11-24 12:22 - 000000000 ____D C:\Users\joshu\AppData\Local\Google
2018-05-19 08:15 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-18 23:58 - 2018-04-11 18:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-18 23:58 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-18 23:58 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-18 23:58 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-18 23:58 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-18 23:57 - 2018-04-11 18:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-18 23:57 - 2018-04-11 18:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-18 23:57 - 2018-02-27 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-05-18 23:57 - 2018-02-24 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-18 23:57 - 2017-12-16 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD-Trailers.NET Downloader
2018-05-18 23:57 - 2017-12-08 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-05-18 23:57 - 2017-11-25 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-18 23:57 - 2017-11-24 19:51 - 000000000 ____D C:\Program Files\UNP
2018-05-18 23:57 - 2017-11-24 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EverAccountable
2018-05-18 23:57 - 2017-11-24 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab Passkey
2018-05-18 23:57 - 2017-11-24 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JRiver Media Center 21
2018-05-18 23:57 - 2017-11-24 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2018-05-18 23:57 - 2017-11-24 12:16 - 000000000 ____D C:\Program Files\Intel
2018-05-18 23:56 - 2018-04-06 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2018-05-18 23:56 - 2018-03-13 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
2018-05-18 23:56 - 2018-02-23 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks
2018-05-18 23:56 - 2017-11-24 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2018-05-18 23:55 - 2018-04-12 04:37 - 000000000 ____D C:\WINDOWS\Containers
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-18 21:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-18 21:09 - 2017-11-24 12:19 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-18 21:03 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-18 21:03 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-18 21:03 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-18 21:03 - 2017-12-08 00:07 - 000000000 ___RD C:\Users\joshu\3D Objects
2018-05-18 21:03 - 2017-11-24 12:21 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-18 21:03 - 2016-11-20 13:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-18 21:02 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-18 21:01 - 2018-04-11 18:38 - 000000000 __RSD C:\WINDOWS\media
2018-05-18 21:01 - 2018-04-11 18:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-18 21:01 - 2017-12-08 00:06 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-18 21:00 - 2018-03-31 23:21 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TV Rename
2018-05-18 21:00 - 2018-03-31 22:39 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2018-05-18 21:00 - 2018-02-03 17:58 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2018-05-18 21:00 - 2017-11-24 13:16 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2018-05-18 20:59 - 2017-12-08 00:03 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2018-05-18 20:59 - 2017-11-24 12:16 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-05-14 06:45 - 2018-03-28 09:31 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-05-12 21:20 - 2017-11-26 00:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-12 21:19 - 2017-11-26 00:51 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-12 21:19 - 2017-11-26 00:51 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-12 21:17 - 2015-11-25 12:48 - 000008192 __RSH C:\BOOTSECT.BAK
2018-05-04 21:56 - 2017-11-24 12:15 - 000000000 ___RD C:\Users\joshu\OneDrive
2018-05-04 21:50 - 2018-02-28 19:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-01 16:22 - 2018-04-11 18:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 16:22 - 2018-04-11 18:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
Some files in TEMP:
====================
2018-05-20 09:03 - 2018-04-11 18:34 - 001946304 _____ (Microsoft Corporation) C:\Users\joshu\AppData\Local\Temp\dllnt_dump.dll
2018-05-19 08:41 - 2017-10-18 20:55 - 003729984 _____ (Foxit Corporation) C:\Users\joshu\AppData\Local\Temp\FoxitUpdater.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-18 20:58
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by joshu (21-05-2018 06:21:39)
Running from C:\Users\joshu\Downloads
Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-19 02:03:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3216183752-1559940622-270169434-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3216183752-1559940622-270169434-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3216183752-1559940622-270169434-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3216183752-1559940622-270169434-501 - Limited - Disabled)
joshu (S-1-5-21-3216183752-1559940622-270169434-1001 - Administrator - Enabled) => C:\Users\joshu
WDAGUtilityAccount (S-1-5-21-3216183752-1559940622-270169434-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{9C40698F-A953-4658-AFF2-F7BB385A3910}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{870E5275-5457-4BBC-98C9-BFF4B70AA5D3}) (Version: 3.1.0.12 - Intel) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 3.6.3 - philandro Software GmbH)
ASRock XFast RAM v3.0.3 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
A-Tuning v2.0.271 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.271 - ASRock Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
CPUID CPU-Z 1.81.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.81.1 - ) <==== ATTENTION
CrystalDiskInfo 7.5.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.2 - Crystal Dew World)
Dropbox (HKLM-x32\...\Dropbox) (Version: 49.4.69 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DVDFab Passkey 9.2.1.9 (24/11/2017) (HKLM-x32\...\DVDFab Passkey 9_is1) (Version: 9.2.1.9 - Fengtao Software Inc.)
EverAccountable (HKLM-x32\...\{344B067D-4154-404D-88EC-28D11A9D3B92}_is1) (Version: 5.1.30.0 - Ever Accountable)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.1.0.5096 - Foxit Software Inc.)
Google Chrome (HKLM\...\{E093BF8F-9D6D-342E-ADAC-7BD6F40C3BDE}) (Version: 66.0.3359.181 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
HD-Trailers.NET Downloader version 2.0 (HKLM-x32\...\{86F6284C-D650-40C4-A46D-6FE653C7514D}_is1) (Version: 2.0 - HD-Trailers.NET Downloader CodePlex Project)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{2550a40e-aac6-4d21-9361-744d33bec573}) (Version: 3.1.0.12 - Intel)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
JRiver Media Center 21 (HKLM-x32\...\Media Center 21) (Version: 21 - JRiver, Inc.)
MakeMKV v1.12.0 (HKLM-x32\...\MakeMKV) (Version: v1.12.0 - GuinpinSoft inc)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3216183752-1559940622-270169434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738594\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
RogueKiller version 12.12.17.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.17.0 - Adlice Software)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
Spotify (HKU\S-1-5-21-3216183752-1559940622-270169434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738594\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 8.5.26.0 - 2BrightSparks)
SyncBackLite (HKLM-x32\...\SyncBackLite_is1) (Version: 8.5.26.0 - 2BrightSparks)
TV Rename (HKLM-x32\...\TVRename) (Version: 2.4 - TV Rename)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.2 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FD4BA4C-6C38-4E38-85BA-5E5A14D376BA} - System32\Tasks\2BrightSparks\SyncBackFree\HTPC-joshu\SyncBackFree Media Storage Backup => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2018-02-01] (2BrightSparks Pte. Ltd.)
Task: {33C604BE-C4E1-4FF0-84B2-9A4CF257723C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-04] (Microsoft Corporation)
Task: {389D9620-0E1B-4944-9DF6-1E5036F25791} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-24] (Dropbox, Inc.)
Task: {4D6E3F65-FE02-49F6-BA0B-B27DEEFA0AE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-04] (Microsoft Corporation)
Task: {504946DF-9749-401D-874E-2538456E3CA1} - System32\Tasks\AsrSP.exe => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2014-12-02] ()
Task: {60136830-7109-4071-9646-F33A6D131875} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-10] (Piriform Ltd)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {8FB537F1-09ED-4636-B96C-5787B7283E6E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-04] (Microsoft Corporation)
Task: {94FEE7D2-7F3A-4B80-AA93-E6ABA9161B09} - System32\Tasks\ATuning => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\ATuning.exe [2015-11-04] (ASRock Incorporation)
Task: {A97A5363-DC5D-4383-A32D-472C92FAF6BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-24] (Google Inc.)
Task: {C141ED23-3A99-4FF1-B217-A0EB62FCBCC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-10] (Piriform Ltd)
Task: {D1C3E92D-134B-4AEA-8ECB-1C6D6BD9FFB5} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {E0567D09-F561-4D6A-8865-77600A2F79E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-04] (Microsoft Corporation)
Task: {EB32B183-0B48-4352-A9E8-5FD49796FBC7} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => "C:\WINDOWS\System32\Wscript.exe" //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {EC7AD1E4-F379-407D-A7A7-A9F50AE901B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-24] (Google Inc.)
Task: {F5BB277C-8569-435E-A5D6-7868F1FD1C4F} - System32\Tasks\Trailer download => C:\Program Files (x86)\HD-Trailers.NET Downloader\HD-Trailers.Net Downloader.exe [2016-04-23] ()
Task: {F8FAFE93-5C33-4300-8482-5BF87C96719D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-24] (Dropbox, Inc.)
Task: {F9FC2236-5D31-4113-9974-0F5C90A79B60} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-19] (AVAST Software)
Task: {FC28C6B3-0787-4BD7-BE64-980F4605EEE1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-11-24 12:45 - 2017-11-24 12:45 - 001809096 _____ () C:\Program Files (x86)\AnyDesk\AnyDesk.exe
2018-03-13 15:09 - 2014-07-31 16:17 - 000463112 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
2018-05-19 08:24 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-19 08:24 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-07 20:04 - 2017-03-07 20:04 - 000157456 _____ () C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-12-16 19:41 - 2016-04-23 07:53 - 000351744 _____ () C:\Program Files (x86)\HD-Trailers.NET Downloader\HD-Trailers.Net Downloader.exe
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-10-20 17:42 - 2017-10-20 17:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-04-11 18:35 - 2018-04-12 04:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-04 21:56 - 2018-05-04 21:56 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-04 21:56 - 2018-05-04 21:56 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-04 21:56 - 2018-05-04 21:56 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-04 21:56 - 2018-05-04 21:56 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-04 21:56 - 2018-05-04 21:56 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-02-22 23:01 - 2018-02-22 23:01 - 027139072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
2018-02-22 23:01 - 2018-02-22 23:01 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\SharedUI.dll
2018-02-22 23:01 - 2018-02-22 23:01 - 006687744 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntCommon.dll
2017-11-24 12:46 - 2017-11-24 12:46 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-22 23:01 - 2018-02-22 23:01 - 009283072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntPlat.dll
2017-11-24 13:33 - 2017-08-31 01:14 - 000015184 _____ () C:\Program Files (x86)\EverAccountable\zeasystemhelper.exe
2017-11-24 12:53 - 2016-06-17 08:07 - 001591296 ____N () C:\Program Files (x86)\J River\Media Center 21\JRDisc.dll
2016-03-16 18:35 - 2016-03-16 18:35 - 050262016 _____ () C:\Users\joshu\AppData\Roaming\J River\Media Center 21\Plugins\chromium\libcef.dll
2016-03-16 18:35 - 2016-03-16 18:35 - 001673728 _____ () C:\Users\joshu\AppData\Roaming\J River\Media Center 21\Plugins\chromium\libglesv2.dll
2016-03-16 18:35 - 2016-03-16 18:35 - 000075264 _____ () C:\Users\joshu\AppData\Roaming\J River\Media Center 21\Plugins\chromium\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738494\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738525\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3216183752-1559940622-270169434-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738541\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\joshu\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{1b2ed3f4-df99-4b2e-b66c-491225dbcef2}.jpg
HKU\S-1-5-21-3216183752-1559940622-270169434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738594\Control Panel\Desktop\\Wallpaper -> C:\Users\joshu\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{1b2ed3f4-df99-4b2e-b66c-491225dbcef2}.jpg
DNS Servers: 208.67.222.123 - 208.67.220.123
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\StartupApproved\Run: => "StartupDelayer"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738594\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738594\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738594\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05212018061738594\...\StartupApproved\Run: => "StartupDelayer"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{BB4DFEA3-4446-4A64-9967-4476ED34D64A}] => (Allow) C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe
FirewallRules: [{A8DB4684-03F8-4A63-904E-A932611EEC4A}] => (Allow) C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe
FirewallRules: [TCP Query User{7AD14D38-C265-4EC2-9769-06B0C9C0C305}C:\users\joshu\downloads\anydesk (1).exe] => (Allow) C:\users\joshu\downloads\anydesk (1).exe
FirewallRules: [UDP Query User{0CAA51CC-C1B9-400F-BD4A-18758F211762}C:\users\joshu\downloads\anydesk (1).exe] => (Allow) C:\users\joshu\downloads\anydesk (1).exe
FirewallRules: [TCP Query User{F6B55894-720A-4D12-9475-C1A7B88B868A}C:\users\joshu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshu\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5B50E537-D558-47E8-ADA2-F6D6C1C35982}C:\users\joshu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshu\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DDADFEE1-C493-43F8-BC26-669ECE5B77A9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{0BCBAD9B-C01E-4003-9A64-D43D62228913}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D0DBE30F-9584-40E7-935A-044CBF19F37B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{858C4128-BBEC-478B-8388-F9F2E0E3063E}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{4CC2F239-8A36-42C2-8266-1A2207F53DD7}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{6A226A16-7DDD-4C3C-AE96-7792F7AA4AC3}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{2349513A-3088-4362-97BF-8638C0418CCE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{CB5BBE31-9B28-45A8-9FB3-E287806815E2}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/19/2018 08:12:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 10.0.17134.1, time stamp: 0x5d557fa4
Faulting module name: USBKeyCredentialProvider.dll_unloaded, version: 0.0.0.0, time stamp: 0x53d9fa55
Exception code: 0xc0000005
Fault offset: 0x000000000002b3c6
Faulting process id: 0x2b6c
Faulting application start time: 0x01d3ef2f80280fa8
Faulting application path: C:\WINDOWS\System32\LogonUI.exe
Faulting module path: USBKeyCredentialProvider.dll
Report Id: 7675da98-ee92-4ba5-8287-1650ac6618bd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:24:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.48, time stamp: 0x5ae3f17b
Faulting module name: edgehtml.dll, version: 11.0.17134.48, time stamp: 0xf3c5bd61
Exception code: 0xc0000602
Fault offset: 0x0000000000755a1c
Faulting process id: 0x1f54
Faulting application start time: 0x01d3ef178e0d04a1
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report Id: ef516185-2ff7-4767-8bda-567beacb1f0a
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (05/18/2018 09:17:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 10.0.17134.1, time stamp: 0x5d557fa4
Faulting module name: USBKeyCredentialProvider.dll_unloaded, version: 0.0.0.0, time stamp: 0x53d9fa55
Exception code: 0xc0000005
Fault offset: 0x000000000002b4a8
Faulting process id: 0x334
Faulting application start time: 0x01d3ef1786800919
Faulting application path: C:\WINDOWS\system32\LogonUI.exe
Faulting module path: USBKeyCredentialProvider.dll
Report Id: e5103202-df80-4037-849d-cd9f070922c3
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x21ec
Faulting application start time: 0x01d3ef166ac4e888
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: d75fc97b-b6b6-4d66-b306-9831cb7b62c6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x2988
Faulting application start time: 0x01d3ef1669f365aa
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: 3c2c99b7-c755-4781-9074-a18993f94f0b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x231c
Faulting application start time: 0x01d3ef16691e8193
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: c537007a-cf26-4520-895f-d00083ac4eb9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x2448
Faulting application start time: 0x01d3ef166855760f
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: ef601b42-41fb-4a84-b29b-9682741a46e9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0xe58
Faulting application start time: 0x01d3ef166785d546
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: ee84779b-7dd4-4840-8fe0-1b3c402a3373
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (05/21/2018 06:21:43 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error: 
The stream is not a tiny stream.
 
Error: (05/21/2018 06:21:12 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error: 
The stream is not a tiny stream.
 
Error: (05/21/2018 06:17:58 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error: 
The stream is not a tiny stream.
 
Error: (05/21/2018 06:17:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error: 
The stream is not a tiny stream.
 
Error: (05/21/2018 06:16:43 AM) (Source: DCOM) (EventID: 10016) (User: HTPC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID 
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user HTPC\joshu SID (S-1-5-21-3216183752-1559940622-270169434-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/21/2018 06:16:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/21/2018 06:16:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/20/2018 10:25:51 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Energy Server Service queencreek service terminated with the following error: 
The stream is not a tiny stream.
 
 
CodeIntegrity:
===================================
 
Date: 2018-05-20 09:58:07.452
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-20 09:58:07.433
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-20 09:58:07.419
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-20 09:58:07.410
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-20 09:32:18.556
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-20 09:32:18.538
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-20 09:32:18.536
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-20 09:32:18.513
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G3220 @ 3.00GHz
Percentage of memory in use: 32%
Total physical RAM: 7891.93 MB
Available physical RAM: 5295.83 MB
Total Virtual: 9171.93 MB
Available Virtual: 6508.61 MB
 
==================== Drives ================================
 
Drive c: (Win 10 ) (Fixed) (Total:59.19 GB) (Free:20.81 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Media Storage) (Fixed) (Total:5589.03 GB) (Free:990.57 GB) NTFS
Drive f: (Backup) (Fixed) (Total:7451.91 GB) (Free:2711.34 GB) NTFS
 
\\?\Volume{52702e5f-0000-0000-0000-f0cb0e000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 5589 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 7452 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 59.6 GB) (Disk ID: 52702E5F)
Partition 1: (Active) - (Size=59.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:42 AM

Posted 21 May 2018 - 12:49 PM

Thank you for the reports.

Looking better. Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------
  • Press Windows Key + R on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Intel® Driver & Support Assistant

  • Reboot your computer
===================================================

Download and install Intel® Driver & Support Assistant following the steps under Instructions for launching.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time (there is no need to paste the information anywhere)
Start::
CloseProcesses:
C:\WINDOWS\system32\default_error_stack-000*.txt
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Rerun a FRST scan and post both logs
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Intel Support Assistant uninstall/reinstall?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 jsmith967

jsmith967
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 21 May 2018 - 08:50 PM

Hello again. Thank you for your service. I cannot thank you enough for help me. Thank you! Please see below. When I clicked "Fix" the computer eventually restarted. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by joshu (21-05-2018 20:44:13) Run:2
Running from C:\Users\joshu\Downloads
Loaded Profiles: joshu (Available Profiles: defaultuser0 & joshu)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
C:\WINDOWS\system32\default_error_stack-000*.txt
 
*****************
 
Processes closed successfully.
 
=========== "C:\WINDOWS\system32\default_error_stack-000*.txt" ==========
 
C:\WINDOWS\system32\default_error_stack-000000-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000001-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000002-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000003-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000004-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000005-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000006-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000007-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000008-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000009-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000010-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000011-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000012-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000013-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000014-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000015-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000016-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000017-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000018-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000019-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000020-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000021-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000022-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000023-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000024-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000025-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000026-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000027-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000028-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000029-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000030-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000031-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000032-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000033-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000034-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000035-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000036-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000037-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000038-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000039-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000040-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000041-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000042-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000043-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000044-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000045-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000046-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000047-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000048-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000049-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000050-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000051-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000052-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000053-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000054-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000055-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000056-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000057-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000058-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000059-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000060-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000061-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000062-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000063-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000064-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000065-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000066-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000067-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000068-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000069-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000070-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000071-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000072-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000073-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000074-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000075-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000076-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000077-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000078-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000079-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000080-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000081-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000082-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000083-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000084-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000085-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000086-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000087-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000088-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000089-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000090-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000091-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000092-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000093-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000094-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000095-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000096-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000097-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000098-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000099-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000100-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000101-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000102-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000103-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000104-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000105-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000106-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000107-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000108-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000109-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000110-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000111-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000112-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000113-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000114-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000115-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000116-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000117-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000118-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000119-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000120-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000121-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000122-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000123-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000124-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000125-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000126-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000127-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000128-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000129-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000130-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000131-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000132-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000133-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000134-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000135-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000136-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000137-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000138-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000139-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000140-000000.txt => moved successfully
C:\WINDOWS\system32\default_error_stack-000141-000000.txt => moved successfully
 
========= End -> "C:\WINDOWS\system32\default_error_stack-000*.txt" ========
 
 
 
The system needed a reboot.
 
==== End of Fixlog 20:44:17 ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by joshu (administrator) on HTPC (21-05-2018 20:47:39)
Running from C:\Users\joshu\Downloads
Loaded Profiles: joshu (Available Profiles: defaultuser0 & joshu)
Platform: Windows 10 Pro Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel) C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
() C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(ASRock Incorporation) C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\ATuning.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(ASRock Incorporation) C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21595.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(EverAccountable.com) C:\Program Files (x86)\EverAccountable\everaccountable.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\JRWeb.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
() C:\Program Files (x86)\EverAccountable\zeasystemhelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\JRWeb.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\JRWeb.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(JRiver, Inc.) C:\Program Files (x86)\J River\Media Center 21\JRService.exe
(ASRock) C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe
() C:\Program Files (x86)\AnyDesk\AnyDesk.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3643712 2018-05-14] (Dropbox, Inc.)
HKLM-x32\...\Run: [EverAccountable] => C:\Program Files (x86)\EverAccountable\everaccountable.exe [1596240 2017-10-03] (EverAccountable.com)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKLM-x32\...\Run: [DSATray] => C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe [135928 2018-05-03] (Intel)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Run: [EverAccountable] => C:\Program Files (x86)\EverAccountable\everaccountable.exe [1596240 2017-10-03] (EverAccountable.com)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Run: [Media Center 21] => C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe [16332800 2016-06-17] (JRiver, Inc.)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334016 2018-05-10] (Piriform Ltd)
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Run: [Spotify Web Helper] => C:\Users\joshu\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-03-02] (Spotify Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2017-11-24]
ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe ()
Startup: C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HD-Trailers.Net Downloader - Shortcut.lnk [2018-05-19]
ShortcutTarget: HD-Trailers.Net Downloader - Shortcut.lnk -> C:\Program Files (x86)\HD-Trailers.NET Downloader\HD-Trailers.Net Downloader.exe ()
Startup: C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\speedfan - Shortcut.lnk [2018-05-19]
ShortcutTarget: speedfan - Shortcut.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.67.222.123 208.67.220.123
Tcpip\..\Interfaces\{b1e44903-3294-4d90-ab4a-35ae3135a27a}: [DhcpNameServer] 208.67.222.123 208.67.220.123
 
Internet Explorer:
==================
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-05-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\ssv.dll [2018-05-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-19] (Oracle Corporation)
 
Edge: 
======
Edge Extension: (uBlock Origin) -> EdgeExtension_37833NikRollsuBlockOrigin_f8jsg5mm64m62 => C:\Program Files\WindowsApps\37833NikRolls.uBlockOrigin_1.15.24.0_neutral__f8jsg5mm64m62 [2018-05-19]
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.10.0.0_neutral__qq0fmhteeht3j [2018-05-18]
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-19] (Oracle Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2018-04-08] (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files (x86)\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-19] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-04-19] (VideoLAN)
 
Chrome: 
=======
CHR DefaultSearchKeyword: Default -> lp
CHR Profile: C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default [2018-05-20]
CHR Extension: (Slides) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-11-25]
CHR Extension: (Docs) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-11-25]
CHR Extension: (Google Drive) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-11-25]
CHR Extension: (YouTube) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-11-25]
CHR Extension: (uBlock Origin) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2018-05-19]
CHR Extension: (Sheets) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-11-25]
CHR Extension: (Google Docs Offline) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-05-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2018-05-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-05-18]
CHR Extension: (Gmail) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-11-25]
CHR Extension: (Chrome Media Router) - C:\Users\joshu\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-18]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [1809096 2017-11-24] ()
R2 ASRockIOMon; C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe [463112 2014-07-31] ()
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-11-24] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [51024 2018-05-14] (Dropbox, Inc.)
R2 DSAService; C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe [22776 2018-05-03] (Intel)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1659456 2018-04-17] (Foxit Software Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S3 Intel® SUR QC SAM; C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [18168 2017-07-13] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
R3 Media Center 21 Service; C:\Program Files (x86)\J River\Media Center 21\JRService.exe [397048 2016-06-17] (JRiver, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-05-04] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-05-04] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ArdDrv; C:\WINDOWS\SysWOW64\Drivers\ArdDrv.sys [21288 2018-05-21] (RW-Everything)
R3 AsrDrv101; C:\WINDOWS\SysWOW64\Drivers\AsrDrv101.sys [22280 2018-03-13] (ASRock Incorporation)
R0 AsrRamDisk; C:\WINDOWS\System32\drivers\AsrRamDisk.sys [40200 2013-08-02] (ASRock Inc.)
R3 dvdfab; C:\WINDOWS\system32\drivers\dvdfab.sys [91992 2016-12-13] (Windows ® Win 7 DDK provider)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2016-07-26] ()
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-05-20] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-05-21] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-05-21] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-05-21] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-05-21] (Malwarebytes)
S3 NZFSD; C:\WINDOWS\System32\drivers\NZFSD.sys [280136 2014-03-18] (FlexRAID)
R3 RtkBtFilter; C:\WINDOWS\system32\DRIVERS\RtkBtfilter.sys [593624 2015-03-11] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\WINDOWS\System32\drivers\rtwlane.sys [6320640 2018-04-11] (Realtek Semiconductor Corporation )
S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-04] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313888 2018-05-04] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-05-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-21 20:44 - 2018-05-21 20:44 - 000012176 _____ C:\Users\joshu\Downloads\Fixlog.txt
2018-05-21 20:43 - 2018-05-21 20:43 - 000003762 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132
2018-05-21 20:43 - 2018-05-21 20:43 - 000003528 _____ C:\WINDOWS\System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon
2018-05-21 20:43 - 2018-05-21 20:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
2018-05-21 20:43 - 2018-05-21 20:43 - 000000000 ____D C:\Program Files (x86)\Intel Driver and Support Assistant
2018-05-21 20:40 - 2018-05-21 20:40 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-21 06:21 - 2018-05-21 06:21 - 000038332 _____ C:\Users\joshu\Downloads\Addition.txt
2018-05-20 09:41 - 2018-05-21 20:45 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-05-20 09:41 - 2018-05-21 20:45 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-05-20 09:41 - 2018-05-21 20:45 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-05-20 09:41 - 2018-05-21 20:45 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-05-20 09:41 - 2018-05-20 09:41 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-05-20 09:39 - 2018-05-20 09:41 - 000000000 ____D C:\AdwCleaner
2018-05-20 09:35 - 2018-05-20 09:35 - 000004470 _____ C:\Users\joshu\Desktop\RK.txt
2018-05-20 09:03 - 2018-05-20 09:35 - 000000000 ____D C:\ProgramData\RogueKiller
2018-05-20 09:03 - 2018-05-20 09:03 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-05-20 09:03 - 2018-05-20 09:03 - 000000906 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2018-05-20 09:03 - 2018-05-20 09:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2018-05-20 09:03 - 2018-05-20 09:03 - 000000000 ____D C:\Program Files\RogueKiller
2018-05-20 09:01 - 2018-05-20 09:01 - 036678264 _____ (Adlice Software ) C:\Users\joshu\Desktop\RogueKiller_setup_ref3.exe
2018-05-19 09:03 - 2018-05-21 20:47 - 000015928 _____ C:\Users\joshu\Downloads\FRST.txt
2018-05-19 08:55 - 2018-05-19 08:56 - 002413056 _____ (Farbar) C:\Users\joshu\Downloads\FRST64.exe
2018-05-19 08:42 - 2018-05-19 08:42 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2018-05-19 08:42 - 2018-05-19 08:42 - 000000000 ____D C:\Program Files (x86)\Foxit Software
2018-05-19 08:35 - 2018-05-19 08:36 - 000000000 ____D C:\Users\joshu\AppData\Local\PlaceholderTileLogoFolder
2018-05-19 08:33 - 2018-05-19 08:33 - 000178320 _____ (AVAST Software) C:\Users\joshu\Downloads\avast_free_antivirus_setup_online_cnet_2 (1).exe
2018-05-19 08:24 - 2018-05-19 08:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-19 08:24 - 2018-05-19 08:24 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-05-19 08:24 - 2018-05-19 08:24 - 000000000 ____D C:\Program Files\Malwarebytes
2018-05-19 08:24 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-05-19 08:18 - 2018-05-19 08:18 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-05-19 08:18 - 2018-05-19 08:18 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-05-19 08:17 - 2018-05-19 08:34 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-19 08:17 - 2018-05-19 08:17 - 000178320 _____ (AVAST Software) C:\Users\joshu\Downloads\avast_free_antivirus_setup_online_cnet_2.exe
2018-05-19 08:15 - 2018-05-19 08:15 - 075524392 _____ (Malwarebytes ) C:\Users\joshu\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5158.exe
2018-05-18 23:57 - 2018-05-18 21:03 - 000000000 ____D C:\Windows.old
2018-05-18 23:56 - 2018-05-18 23:57 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-18 23:56 - 2018-05-18 23:56 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-05-18 23:56 - 2018-05-18 23:56 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-18 23:55 - 2018-05-18 23:55 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-18 23:55 - 2018-05-18 23:55 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 025848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 023862272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 022707712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 022002688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 007583232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 007436624 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 006569952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003732800 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 003015168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002897408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002835864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002700800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002486976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001664512 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001634800 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-18 23:54 - 2018-05-18 23:54 - 001454016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-18 23:54 - 2018-05-18 23:54 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000826776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000733992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000709816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-18 23:54 - 2018-05-18 23:54 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000652184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-18 23:54 - 2018-05-18 23:54 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000567136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000559968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-18 23:54 - 2018-05-18 23:54 - 000399768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000269216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-18 23:54 - 2018-05-18 23:54 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-18 23:54 - 2018-05-18 23:54 - 000001312 _____ C:\WINDOWS\system32\tcbres.wim
2018-05-18 23:53 - 2018-05-18 23:53 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-18 23:53 - 2018-05-18 23:53 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-18 23:53 - 2018-05-18 23:53 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-18 23:53 - 2018-05-18 23:53 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-18 23:53 - 2018-05-18 23:53 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-18 23:53 - 2018-05-18 23:53 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-18 23:53 - 2018-05-18 23:53 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-18 23:53 - 2018-05-18 23:53 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-18 23:53 - 2018-05-18 23:53 - 000000000 ____D C:\Program Files\MSBuild
2018-05-18 23:53 - 2018-05-18 23:53 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-18 23:53 - 2018-05-18 23:53 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-18 21:11 - 2018-05-18 21:11 - 000000000 ____D C:\Users\joshu\AppData\Local\D3DSCache
2018-05-18 21:07 - 2018-05-21 20:40 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-18 21:05 - 2018-05-18 21:05 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-18 21:03 - 2018-05-21 20:45 - 000003012 _____ C:\WINDOWS\System32\Tasks\AsrSP.exe
2018-05-18 21:03 - 2018-05-21 20:44 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-18 21:03 - 2018-05-21 19:25 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B6899689-BE91-426D-A40F-B4A8DA37F65E}
2018-05-18 21:03 - 2018-05-19 08:40 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-05-18 21:03 - 2018-05-19 08:12 - 000003998 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2018-05-18 21:03 - 2018-05-19 08:12 - 000003766 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2018-05-18 21:03 - 2018-05-18 21:03 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2018-05-18 21:03 - 2018-05-18 21:03 - 000011433 _____ C:\WINDOWS\diagerr.xml
2018-05-18 21:03 - 2018-05-18 21:03 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-18 21:03 - 2018-05-18 21:03 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-18 21:03 - 2018-05-18 21:03 - 000002924 _____ C:\WINDOWS\System32\Tasks\Trailer download
2018-05-18 21:03 - 2018-05-18 21:03 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3216183752-1559940622-270169434-1001
2018-05-18 21:03 - 2018-05-18 21:03 - 000002324 _____ C:\WINDOWS\System32\Tasks\ATuning
2018-05-18 21:03 - 2018-05-18 21:03 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-05-18 21:03 - 2018-05-18 21:03 - 000000020 ___SH C:\Users\joshu\ntuser.ini
2018-05-18 21:03 - 2018-05-18 21:03 - 000000000 ____D C:\WINDOWS\System32\Tasks\2BrightSparks
2018-05-18 21:03 - 2018-05-18 21:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-05-18 21:02 - 2018-05-18 21:02 - 000000000 ____D C:\ProgramData\USOShared
2018-05-18 21:00 - 2018-05-18 21:00 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-18 20:59 - 2018-05-18 21:03 - 000000000 ____D C:\Users\joshu
2018-05-18 20:59 - 2018-05-18 21:01 - 000000000 ____D C:\Users\defaultuser0
2018-05-18 20:59 - 2018-04-11 18:34 - 000001105 _____ C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-18 20:59 - 2018-04-11 18:34 - 000001105 _____ C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-18 20:59 - 2018-04-11 18:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-18 20:59 - 2017-11-24 12:19 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Macromedia
2018-05-18 20:59 - 2017-11-24 12:19 - 000000000 ____D C:\Users\defaultuser0\AppData\Roaming\Macromedia
2018-05-18 20:59 - 2017-10-20 17:43 - 000091120 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-05-18 20:58 - 2018-05-21 20:31 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-18 20:58 - 2018-05-18 21:00 - 000233880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-14 06:45 - 2018-05-14 06:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2018-05-14 06:45 - 2018-05-14 06:45 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2018-05-14 06:45 - 2018-05-14 06:45 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2018-05-12 20:49 - 2018-05-19 09:03 - 000000000 ___DC C:\WINDOWS\Panther
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-05-21 20:47 - 2015-03-12 16:49 - 000000000 ____D C:\FRST
2018-05-21 20:45 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-21 20:45 - 2018-03-13 15:09 - 000021288 _____ (RW-Everything) C:\WINDOWS\SysWOW64\Drivers\ArdDrv.sys
2018-05-21 20:45 - 2017-11-24 12:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-05-21 20:45 - 2017-11-24 12:16 - 000000000 __SHD C:\Users\joshu\IntelGraphicsProfiles
2018-05-21 20:44 - 2018-04-11 16:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-05-21 20:40 - 2018-04-11 18:36 - 000000000 ____D C:\WINDOWS\INF
2018-05-21 20:34 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-21 20:33 - 2017-12-08 19:13 - 000000000 ____D C:\Program Files\Intel Driver and Support Assistant
2018-05-21 19:36 - 2018-04-11 18:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-20 09:29 - 2016-07-16 06:47 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-05-19 08:43 - 2017-11-24 12:20 - 000111048 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-05-19 08:43 - 2017-11-24 12:20 - 000000000 ____D C:\Program Files\Java
2018-05-19 08:43 - 2017-11-24 12:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-19 08:42 - 2017-11-24 12:21 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Foxit Software
2018-05-19 08:42 - 2017-11-24 12:21 - 000000000 ____D C:\ProgramData\Foxit Software
2018-05-19 08:41 - 2018-03-28 18:07 - 000000000 ____D C:\Users\joshu\Documents\theRenamer
2018-05-19 08:41 - 2018-02-24 09:56 - 000000000 ____D C:\ProgramData\r2 Studios
2018-05-19 08:41 - 2017-12-08 00:03 - 000000000 ____D C:\Users\joshu\AppData\Local\Packages
2018-05-19 08:41 - 2017-11-24 12:19 - 000098760 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2018-05-19 08:40 - 2018-04-11 18:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-05-19 08:40 - 2017-11-24 12:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-19 08:40 - 2017-11-24 12:20 - 000000000 ____D C:\Program Files\7-Zip
2018-05-19 08:40 - 2017-11-24 12:19 - 000000000 ____D C:\Program Files (x86)\Java
2018-05-19 08:32 - 2017-11-24 12:21 - 000000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2018-05-19 08:32 - 2017-11-24 12:21 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2018-05-19 08:23 - 2017-11-24 12:22 - 000000000 ____D C:\Users\joshu\AppData\Local\Google
2018-05-19 08:15 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-18 23:58 - 2018-04-11 18:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-18 23:58 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-18 23:58 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-18 23:58 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-18 23:58 - 2017-09-29 08:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-18 23:57 - 2018-04-11 18:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-18 23:57 - 2018-04-11 18:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-18 23:57 - 2018-02-27 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2018-05-18 23:57 - 2018-02-24 09:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-18 23:57 - 2017-12-16 19:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD-Trailers.NET Downloader
2018-05-18 23:57 - 2017-11-25 00:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-18 23:57 - 2017-11-24 19:51 - 000000000 ____D C:\Program Files\UNP
2018-05-18 23:57 - 2017-11-24 13:33 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EverAccountable
2018-05-18 23:57 - 2017-11-24 13:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab Passkey
2018-05-18 23:57 - 2017-11-24 12:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JRiver Media Center 21
2018-05-18 23:57 - 2017-11-24 12:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk
2018-05-18 23:57 - 2017-11-24 12:16 - 000000000 ____D C:\Program Files\Intel
2018-05-18 23:56 - 2018-04-06 06:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2018-05-18 23:56 - 2018-03-13 15:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
2018-05-18 23:56 - 2018-02-23 16:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\2BrightSparks
2018-05-18 23:56 - 2017-11-24 12:49 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2018-05-18 23:55 - 2018-04-12 04:37 - 000000000 ____D C:\WINDOWS\Containers
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-18 23:55 - 2018-04-12 04:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-18 23:55 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-05-18 23:53 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-05-18 21:09 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-18 21:09 - 2017-11-24 12:19 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-18 21:03 - 2018-04-11 18:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-18 21:03 - 2018-04-11 18:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-18 21:03 - 2018-04-11 16:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-18 21:03 - 2017-12-08 00:07 - 000000000 ___RD C:\Users\joshu\3D Objects
2018-05-18 21:03 - 2017-11-24 12:21 - 000000000 ____D C:\Program Files (x86)\Dropbox
2018-05-18 21:03 - 2016-11-20 13:54 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-18 21:02 - 2018-04-11 18:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-18 21:01 - 2018-04-11 18:38 - 000000000 __RSD C:\WINDOWS\media
2018-05-18 21:01 - 2018-04-11 18:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-18 21:01 - 2017-12-08 00:06 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-18 21:00 - 2018-03-31 23:21 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TV Rename
2018-05-18 21:00 - 2018-03-31 22:39 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MakeMKV
2018-05-18 21:00 - 2018-02-03 17:58 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HandBrake
2018-05-18 21:00 - 2017-11-24 13:16 - 000000000 ____D C:\Users\joshu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2018-05-18 20:59 - 2017-12-08 00:03 - 000000000 ____D C:\Users\defaultuser0\AppData\Local\Packages
2018-05-18 20:59 - 2017-11-24 12:16 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-05-14 06:45 - 2018-03-28 09:31 - 000051024 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2018-05-12 21:20 - 2017-11-26 00:51 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-12 21:19 - 2017-11-26 00:51 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-12 21:19 - 2017-11-26 00:51 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-12 21:17 - 2015-11-25 12:48 - 000008192 __RSH C:\BOOTSECT.BAK
2018-05-04 21:56 - 2017-11-24 12:15 - 000000000 ___RD C:\Users\joshu\OneDrive
2018-05-04 21:50 - 2018-02-28 19:01 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-01 16:22 - 2018-04-11 18:41 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-05-01 16:22 - 2018-04-11 18:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
Some files in TEMP:
====================
2018-05-20 09:03 - 2018-04-11 18:34 - 001946304 _____ (Microsoft Corporation) C:\Users\joshu\AppData\Local\Temp\dllnt_dump.dll
2018-05-19 08:41 - 2017-10-18 20:55 - 003729984 _____ (Foxit Corporation) C:\Users\joshu\AppData\Local\Temp\FoxitUpdater.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-18 20:58
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by joshu (21-05-2018 20:48:17)
Running from C:\Users\joshu\Downloads
Windows 10 Pro Version 1803 17134.48 (X64) (2018-05-19 02:03:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3216183752-1559940622-270169434-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3216183752-1559940622-270169434-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3216183752-1559940622-270169434-1000 - Limited - Disabled) => C:\Users\defaultuser0
Guest (S-1-5-21-3216183752-1559940622-270169434-501 - Limited - Disabled)
joshu (S-1-5-21-3216183752-1559940622-270169434-1001 - Administrator - Enabled) => C:\Users\joshu
WDAGUtilityAccount (S-1-5-21-3216183752-1559940622-270169434-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
. . (HKLM\...\{E5B0E5D9-9D25-4B2B-A7D9-8CA0F9E0DD89}) (Version: 7.1 - Intel) Hidden
. . . (HKLM-x32\...\{CE33BF2E-5D59-44DF-8610-59BB289396C6}) (Version: 3.3.1.3 - Intel) Hidden
7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 29.0.0.112 - Adobe Systems Incorporated)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 3.6.3 - philandro Software GmbH)
ASRock XFast RAM v3.0.3 (HKLM\...\ASRock XFast RAM_is1) (Version:  - ASRock Inc.)
A-Tuning v2.0.271 (HKLM-x32\...\A-Tuning_is1) (Version: 2.0.271 - ASRock Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
CPUID CPU-Z 1.81.1 (HKLM\...\CPUID CPU-Z_is1) (Version: 1.81.1 - ) <==== ATTENTION
CrystalDiskInfo 7.5.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 7.5.2 - Crystal Dew World)
Dropbox (HKLM-x32\...\Dropbox) (Version: 49.4.69 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.75.1 - Dropbox, Inc.) Hidden
DVDFab Passkey 9.2.1.9 (24/11/2017) (HKLM-x32\...\DVDFab Passkey 9_is1) (Version: 9.2.1.9 - Fengtao Software Inc.)
EverAccountable (HKLM-x32\...\{344B067D-4154-404D-88EC-28D11A9D3B92}_is1) (Version: 5.1.30.0 - Ever Accountable)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 9.1.0.5096 - Foxit Software Inc.)
Google Chrome (HKLM\...\{E093BF8F-9D6D-342E-ADAC-7BD6F40C3BDE}) (Version: 66.0.3359.181 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HandBrake 1.0.7 (HKLM-x32\...\HandBrake) (Version: 1.0.7 - )
HD-Trailers.NET Downloader version 2.0 (HKLM-x32\...\{86F6284C-D650-40C4-A46D-6FE653C7514D}_is1) (Version: 2.0 - HD-Trailers.NET Downloader CodePlex Project)
Intel® Computing Improvement Program (HKLM\...\{F6B5BD59-21F0-47F8-A6C6-63BAEB1A6569}) (Version: 2.1.03720 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
Intel® Driver & Support Assistant (HKLM-x32\...\{4ef0c07c-1ede-4d1c-a593-83184455832b}) (Version: 3.3.1.3 - Intel)
Java 8 Update 151 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 151 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180151F0}) (Version: 8.0.1510.12 - Oracle Corporation)
Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
Java 8 Update 172 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
JRiver Media Center 21 (HKLM-x32\...\Media Center 21) (Version: 21 - JRiver, Inc.)
MakeMKV v1.12.0 (HKLM-x32\...\MakeMKV) (Version: v1.12.0 - GuinpinSoft inc)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
RogueKiller version 12.12.17.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.17.0 - Adlice Software)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\Spotify) (Version: 1.0.75.483.g7ff4a0dc - Spotify AB)
SyncBackFree (HKLM-x32\...\SyncBackFree_is1) (Version: 8.5.26.0 - 2BrightSparks)
SyncBackLite (HKLM-x32\...\SyncBackLite_is1) (Version: 8.5.26.0 - 2BrightSparks)
TV Rename (HKLM-x32\...\TVRename) (Version: 2.4 - TV Rename)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{DE083343-D24D-4495-919E-18C65EC0F289}) (Version: 2.8.0.0 - Microsoft Corporation)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.2 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers1: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)
ContextMenuHandlers1: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers2: [VirtualCloneDrive] -> {B7056B8E-4F99-44f8-8CBD-282390FE5428} => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\ElbyVCDShell.dll [2009-12-14] (Elaborate Bytes AG)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.21.0.dll [2018-05-14] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [Foxit_ConvertToPDF_Reader] -> {A94757A0-0226-426F-B4F1-4DF381C630D3} => C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\ConvertToPDFShellExtension_x64.dll [2018-04-16] (Foxit Software Inc.)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0FD4BA4C-6C38-4E38-85BA-5E5A14D376BA} - System32\Tasks\2BrightSparks\SyncBackFree\HTPC-joshu\SyncBackFree Media Storage Backup => C:\Program Files (x86)\2BrightSparks\SyncBackFree\SyncBackFree.exe [2018-02-01] (2BrightSparks Pte. Ltd.)
Task: {33C604BE-C4E1-4FF0-84B2-9A4CF257723C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-04] (Microsoft Corporation)
Task: {389D9620-0E1B-4944-9DF6-1E5036F25791} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-24] (Dropbox, Inc.)
Task: {48378D47-02F6-4185-BA9C-3159CFE05726} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {4D6E3F65-FE02-49F6-BA0B-B27DEEFA0AE1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-04] (Microsoft Corporation)
Task: {60136830-7109-4071-9646-F33A6D131875} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-10] (Piriform Ltd)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {73CC8C47-D3B0-4309-82C9-346EB4BAFD4E} - System32\Tasks\IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon => C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe [2017-07-13] (Intel Corporation)
Task: {7B0FA188-1571-4E2A-9DE8-83C77D79B88D} - System32\Tasks\AsrSP.exe => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\AsrSP.exe [2014-12-02] ()
Task: {8FB537F1-09ED-4636-B96C-5787B7283E6E} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-04] (Microsoft Corporation)
Task: {94FEE7D2-7F3A-4B80-AA93-E6ABA9161B09} - System32\Tasks\ATuning => C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\ATuning.exe [2015-11-04] (ASRock Incorporation)
Task: {A97A5363-DC5D-4383-A32D-472C92FAF6BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-24] (Google Inc.)
Task: {C141ED23-3A99-4FF1-B217-A0EB62FCBCC1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-10] (Piriform Ltd)
Task: {E0567D09-F561-4D6A-8865-77600A2F79E1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-04] (Microsoft Corporation)
Task: {EC7AD1E4-F379-407D-A7A7-A9F50AE901B0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-11-24] (Google Inc.)
Task: {F5BB277C-8569-435E-A5D6-7868F1FD1C4F} - System32\Tasks\Trailer download => C:\Program Files (x86)\HD-Trailers.NET Downloader\HD-Trailers.Net Downloader.exe [2016-04-23] ()
Task: {F8FAFE93-5C33-4300-8482-5BF87C96719D} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-11-24] (Dropbox, Inc.)
Task: {F9FC2236-5D31-4113-9974-0F5C90A79B60} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-19] (AVAST Software)
Task: {FC28C6B3-0787-4BD7-BE64-980F4605EEE1} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-05-19 08:24 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-05-19 08:24 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2017-11-24 12:45 - 2017-11-24 12:45 - 001809096 _____ () C:\Program Files (x86)\AnyDesk\AnyDesk.exe
2018-03-13 15:09 - 2014-07-31 16:17 - 000463112 _____ () C:\Program Files (x86)\ASRock Utility\A-Tuning\Bin\IOMonitorSrv.exe
2018-04-11 18:34 - 2018-04-11 18:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-10-20 17:42 - 2017-10-20 17:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-04-11 18:34 - 2018-04-11 18:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 18:34 - 2018-04-11 18:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-11 18:35 - 2018-04-12 04:20 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-04 21:56 - 2018-05-04 21:56 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-04 21:56 - 2018-05-04 21:56 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-04 21:56 - 2018-05-04 21:56 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-04 21:56 - 2018-05-04 21:56 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-04 21:56 - 2018-05-04 21:56 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-02-22 23:01 - 2018-02-22 23:01 - 027139072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
2018-02-22 23:01 - 2018-02-22 23:01 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\SharedUI.dll
2018-02-22 23:01 - 2018-02-22 23:01 - 006687744 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntCommon.dll
2017-11-24 12:46 - 2017-11-24 12:46 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-22 23:01 - 2018-02-22 23:01 - 009283072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntPlat.dll
2017-11-24 13:33 - 2017-08-31 01:14 - 000015184 _____ () C:\Program Files (x86)\EverAccountable\zeasystemhelper.exe
2017-11-24 12:53 - 2016-06-17 08:07 - 001591296 ____N () C:\Program Files (x86)\J River\Media Center 21\JRDisc.dll
2016-03-16 18:35 - 2016-03-16 18:35 - 050262016 _____ () C:\Users\joshu\AppData\Roaming\J River\Media Center 21\Plugins\chromium\libcef.dll
2016-03-16 18:35 - 2016-03-16 18:35 - 001673728 _____ () C:\Users\joshu\AppData\Roaming\J River\Media Center 21\Plugins\chromium\libglesv2.dll
2016-03-16 18:35 - 2016-03-16 18:35 - 000075264 _____ () C:\Users\joshu\AppData\Roaming\J River\Media Center 21\Plugins\chromium\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 06:47 - 2016-07-16 06:45 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\joshu\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{1b2ed3f4-df99-4b2e-b66c-491225dbcef2}.jpg
DNS Servers: 208.67.222.123 - 208.67.220.123
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "DSATray"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3216183752-1559940622-270169434-1001\...\StartupApproved\Run: => "StartupDelayer"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{BB4DFEA3-4446-4A64-9967-4476ED34D64A}] => (Allow) C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe
FirewallRules: [{A8DB4684-03F8-4A63-904E-A932611EEC4A}] => (Allow) C:\Program Files (x86)\J River\Media Center 21\Media Center 21.exe
FirewallRules: [TCP Query User{7AD14D38-C265-4EC2-9769-06B0C9C0C305}C:\users\joshu\downloads\anydesk (1).exe] => (Allow) C:\users\joshu\downloads\anydesk (1).exe
FirewallRules: [UDP Query User{0CAA51CC-C1B9-400F-BD4A-18758F211762}C:\users\joshu\downloads\anydesk (1).exe] => (Allow) C:\users\joshu\downloads\anydesk (1).exe
FirewallRules: [TCP Query User{F6B55894-720A-4D12-9475-C1A7B88B868A}C:\users\joshu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshu\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{5B50E537-D558-47E8-ADA2-F6D6C1C35982}C:\users\joshu\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\joshu\appdata\roaming\spotify\spotify.exe
FirewallRules: [{DDADFEE1-C493-43F8-BC26-669ECE5B77A9}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{0BCBAD9B-C01E-4003-9A64-D43D62228913}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5E56E290-E945-4D5B-AEB2-E1E0F77D3FCA}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{B7EB55B5-20B4-49D1-9827-D4AD39EDA382}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{70CFE068-B596-4457-AB64-C25989E428CC}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{741F5D43-D5C3-49DC-9F02-8F59FFAFE422}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{AB6BDADC-DE48-4F82-8CE0-30547323E65B}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
FirewallRules: [{50F0822D-D84A-4485-A3B3-6E9939ECE96D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (05/21/2018 07:22:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 10.0.17134.1, time stamp: 0x5d557fa4
Faulting module name: USBKeyCredentialProvider.dll_unloaded, version: 0.0.0.0, time stamp: 0x53d9fa55
Exception code: 0xc0000005
Fault offset: 0x000000000002f53f
Faulting process id: 0x6494
Faulting application start time: 0x01d3f103077784e7
Faulting application path: C:\WINDOWS\System32\LogonUI.exe
Faulting module path: USBKeyCredentialProvider.dll
Report Id: 9720bc4b-8cec-4ea3-ac36-2609097a1dbc
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/19/2018 08:12:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 10.0.17134.1, time stamp: 0x5d557fa4
Faulting module name: USBKeyCredentialProvider.dll_unloaded, version: 0.0.0.0, time stamp: 0x53d9fa55
Exception code: 0xc0000005
Fault offset: 0x000000000002b3c6
Faulting process id: 0x2b6c
Faulting application start time: 0x01d3ef2f80280fa8
Faulting application path: C:\WINDOWS\System32\LogonUI.exe
Faulting module path: USBKeyCredentialProvider.dll
Report Id: 7675da98-ee92-4ba5-8287-1650ac6618bd
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:24:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.48, time stamp: 0x5ae3f17b
Faulting module name: edgehtml.dll, version: 11.0.17134.48, time stamp: 0xf3c5bd61
Exception code: 0xc0000602
Fault offset: 0x0000000000755a1c
Faulting process id: 0x1f54
Faulting application start time: 0x01d3ef178e0d04a1
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report Id: ef516185-2ff7-4767-8bda-567beacb1f0a
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
 
Error: (05/18/2018 09:17:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LogonUI.exe, version: 10.0.17134.1, time stamp: 0x5d557fa4
Faulting module name: USBKeyCredentialProvider.dll_unloaded, version: 0.0.0.0, time stamp: 0x53d9fa55
Exception code: 0xc0000005
Fault offset: 0x000000000002b4a8
Faulting process id: 0x334
Faulting application start time: 0x01d3ef1786800919
Faulting application path: C:\WINDOWS\system32\LogonUI.exe
Faulting module path: USBKeyCredentialProvider.dll
Report Id: e5103202-df80-4037-849d-cd9f070922c3
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x21ec
Faulting application start time: 0x01d3ef166ac4e888
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: d75fc97b-b6b6-4d66-b306-9831cb7b62c6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x2988
Faulting application start time: 0x01d3ef1669f365aa
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: 3c2c99b7-c755-4781-9074-a18993f94f0b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x231c
Faulting application start time: 0x01d3ef16691e8193
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: c537007a-cf26-4520-895f-d00083ac4eb9
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/18/2018 09:09:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: dwm.exe, version: 10.0.17134.1, time stamp: 0xf5178e97
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xe0464645
Fault offset: 0x0000000000000000
Faulting process id: 0x2448
Faulting application start time: 0x01d3ef166855760f
Faulting application path: C:\WINDOWS\system32\dwm.exe
Faulting module path: unknown
Report Id: ef601b42-41fb-4a84-b29b-9682741a46e9
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (05/21/2018 08:47:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/21/2018 08:47:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscDataProtection
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/21/2018 08:45:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/21/2018 08:45:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (05/21/2018 08:44:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (05/21/2018 08:44:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (05/21/2018 08:44:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Driver & Support Assistant service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (05/21/2018 08:44:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
 
Date: 2018-05-21 20:40:28.334
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-21 20:40:07.223
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-21 20:40:06.744
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-21 20:40:04.967
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-21 20:40:03.800
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-21 20:39:58.301
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-21 20:39:54.185
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-05-21 20:39:51.903
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G3220 @ 3.00GHz
Percentage of memory in use: 28%
Total physical RAM: 7891.93 MB
Available physical RAM: 5622.5 MB
Total Virtual: 9171.93 MB
Available Virtual: 6859.72 MB
 
==================== Drives ================================
 
Drive c: (Win 10 ) (Fixed) (Total:59.19 GB) (Free:20.6 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Media Storage) (Fixed) (Total:5589.03 GB) (Free:990.31 GB) NTFS
Drive f: (Backup) (Fixed) (Total:7451.91 GB) (Free:2711.34 GB) NTFS
 
\\?\Volume{52702e5f-0000-0000-0000-f0cb0e000000}\ () (Fixed) (Total:0.44 GB) (Free:0.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 5589 GB) (Disk ID: 16F2A91F)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 7452 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 59.6 GB) (Disk ID: 52702E5F)
Partition 1: (Active) - (Size=59.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=449 MB) - (Type=27)
 
==================== End of Addition.txt ============================


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:42 AM

Posted 21 May 2018 - 08:56 PM

Excellent Joshua. My pleasure to help.

The fix was designed to restart your computer to see if more of the lines we removed returned. That issue was not malware related but rather a system corruption. Looks like we resolved it.

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

Security Analysis by Rocket Grannie

--------------------
  • Please download Security Analysis by Rocket Grannie and save it to your Desktop
  • Right click on the icon and select Run as admnistrator
  • Click OK on the disclaimer and ignore any security warnings that may appear
  • In your reply, please copy and paste the contents of the Notepad document that will appear on your desktop
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Analysis log
  • How is your computer running?

Edited by Oh My!, 21 May 2018 - 08:57 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:42 AM

Posted 24 May 2018 - 05:57 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:42 AM

Posted 26 May 2018 - 08:15 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users