Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Rootkit, hidden backdoors


  • This topic is locked This topic is locked
4 replies to this topic

#1 CrushDummy

CrushDummy

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 23 May 2018 - 11:59 AM

Hi,

 

I've recently noticed when I log out of the admin account of my computer, it shows a message that "someone else is still using this computer, if you shut down now they might lose unsaved work."

 

I also noticed the Lock Screen or Sign In screen keeps changing back to default.

 

Lastly, WIndows Defender "Device performance & health" often don't have a green check mark on it

 

Because I've just recently reformatted and reinstalled my system hoping it would get rid of the problem, but clearly it hasn't gone away.

 

I'd really appreciate your help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 16.05.2018 01
Ran by Steven (administrator) on DESKTOP-L2H5RLQ (24-05-2018 00:57:36)
Running from C:\Users\Steven_Guest\Downloads
Loaded Profiles: Steven & Steven_Guest (Available Profiles: Steven & Steven_Guest)
Platform: Windows 10 Home Version 1803 17134.48 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
(Microsoft Corporation) C:\Windows\System32\LsaIso.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.14.17639.18041-0\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9226.21705.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-4178549734-1169402076-2291529160-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2018-03-09] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4178549734-1169402076-2291529160-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [3682968 2018-03-09] (Sandboxie Holdings, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{e09dd4a7-db48-4a77-a80b-ccc75083b500}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================

FireFox:
========
FF DefaultProfile: oawhjbgb.default
FF ProfilePath: C:\Users\Steven\AppData\Roaming\Mozilla\Firefox\Profiles\oawhjbgb.default [2018-05-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1394360 2015-08-13] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373728 2016-12-01] (Intel Corporation)
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-05-08] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [522688 2018-05-08] (NVIDIA Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [328344 2018-03-10] (Sandboxie Holdings, LLC)
S3 ssh-agent; C:\Windows\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-05-23] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-05-23] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
R2 NvTelemetryContainer; "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe" -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-12-15] (ASUS Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-13] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-13] (Intel Corporation)
R3 HIDSwitch; C:\Windows\System32\drivers\AsRadioControl.sys [31144 2017-11-24] (ASUS)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [88256 2015-06-10] (Intel Corporation)
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_bab342ed51c72a38\nvlddmkm.sys [17168744 2018-05-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [31168 2018-05-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [59240 2018-05-08] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [58816 2018-05-08] (NVIDIA Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [604160 2018-04-12] (Realtek )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [428032 2017-02-16] (Realsil Semiconductor Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [228208 2018-03-09] (Sandboxie Holdings, LLC)
S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [46072 2018-05-23] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [313888 2018-05-23] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [61472 2018-05-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-24 05:18 - 2018-05-24 04:23 - 000000000 ____D C:\Windows\Panther
2018-05-24 04:33 - 2018-05-23 21:43 - 000000000 ___RD C:\Users\Steven\OneDrive
2018-05-24 04:32 - 2018-05-24 04:32 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-05-24 04:32 - 2018-05-23 21:41 - 000000000 ____D C:\Users\Steven\AppData\Local\MicrosoftEdge
2018-05-24 04:31 - 2018-05-24 04:31 - 000000000 ____D C:\Users\Steven\AppData\Roaming\Adobe
2018-05-24 04:31 - 2018-05-24 04:31 - 000000000 ____D C:\Users\Steven\AppData\Local\VirtualStore
2018-05-24 04:31 - 2018-05-24 04:31 - 000000000 ____D C:\Users\Steven\AppData\Local\Publishers
2018-05-24 04:31 - 2018-05-23 23:14 - 000000000 ____D C:\Users\Steven\AppData\Local\Packages
2018-05-24 04:31 - 2018-05-23 22:57 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-05-24 04:31 - 2018-05-23 22:57 - 000000000 ___RD C:\Users\Steven\3D Objects
2018-05-24 04:30 - 2018-05-24 04:30 - 000000020 ___SH C:\Users\Steven\ntuser.ini
2018-05-24 04:30 - 2018-05-24 00:35 - 000793700 _____ C:\Windows\system32\PerfStringBackup.INI
2018-05-24 04:30 - 2018-05-23 23:13 - 000000000 ____D C:\Users\Steven\AppData\Local\ConnectedDevicesPlatform
2018-05-24 04:30 - 2018-05-23 22:57 - 000000000 ____D C:\Users\Steven
2018-05-24 04:27 - 2018-04-12 07:33 - 002752000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2018-05-24 04:24 - 2018-05-24 04:24 - 000000000 _SHDL C:\Documents and Settings
2018-05-24 04:21 - 2018-05-24 04:21 - 000000000 ____D C:\ProgramData\USOShared
2018-05-24 04:19 - 2018-05-24 04:19 - 000000000 ____D C:\Windows\system32\SleepStudy
2018-05-24 04:19 - 2018-05-24 04:19 - 000000000 ____D C:\Windows\ServiceProfiles
2018-05-24 04:19 - 2018-05-24 00:30 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-05-24 04:19 - 2018-05-23 22:17 - 000000000 ____D C:\Windows\system32\Drivers\wd
2018-05-24 04:18 - 2018-05-23 22:53 - 000250584 _____ C:\Windows\system32\FNTCACHE.DAT
2018-05-24 00:45 - 2018-05-24 00:46 - 000013348 _____ C:\Users\Steven_Guest\Downloads\Addition.txt
2018-05-24 00:44 - 2018-05-24 00:57 - 000008428 _____ C:\Users\Steven_Guest\Downloads\FRST.txt
2018-05-24 00:44 - 2018-05-24 00:57 - 000000000 ____D C:\FRST
2018-05-24 00:44 - 2018-05-24 00:44 - 002413056 _____ (Farbar) C:\Users\Steven_Guest\Downloads\FRST64.exe
2018-05-24 00:30 - 2018-05-24 00:32 - 000000000 ____D C:\Users\Steven\AppData\Local\NVIDIA Corporation
2018-05-24 00:28 - 2018-05-24 00:29 - 000000000 ____D C:\Users\Steven_Guest\AppData\Local\NVIDIA Corporation
2018-05-24 00:20 - 2018-05-23 22:43 - 000000937 _____ C:\Users\Steven\Desktop\Sandboxed Web Browser.lnk
2018-05-24 00:19 - 2018-05-24 00:19 - 000004308 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-24 00:19 - 2018-05-24 00:19 - 000004088 _____ C:\Windows\System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-24 00:19 - 2018-05-24 00:19 - 000004000 _____ C:\Windows\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-24 00:19 - 2018-05-24 00:19 - 000003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-24 00:19 - 2018-05-24 00:19 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-05-24 00:19 - 2018-05-08 05:04 - 002480064 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2018-05-24 00:19 - 2018-05-08 05:04 - 002137024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2018-05-24 00:19 - 2018-05-08 05:04 - 001310144 _____ (NVIDIA Corporation) C:\Windows\system32\NvRtmpStreamer64.dll
2018-05-24 00:18 - 2018-05-24 00:18 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-24 00:18 - 2018-05-08 05:04 - 000001951 _____ C:\Windows\NvContainerRecovery.bat
2018-05-24 00:18 - 2018-03-02 10:04 - 000828216 _____ C:\Windows\SysWOW64\vulkan-1.dll
2018-05-24 00:18 - 2018-03-02 10:03 - 000960312 _____ C:\Windows\system32\vulkan-1.dll
2018-05-24 00:18 - 2018-03-02 10:03 - 000683832 _____ C:\Windows\system32\vulkaninfo.exe
2018-05-24 00:18 - 2018-03-02 10:03 - 000575800 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2018-05-24 00:17 - 2018-05-24 00:17 - 000000000 ____D C:\Windows\system32\Drivers\NVIDIA Corporation
2018-05-24 00:15 - 2018-05-09 05:22 - 001990688 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6439764.dll
2018-05-24 00:15 - 2018-05-09 05:22 - 001561504 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2018-05-24 00:15 - 2018-05-09 05:22 - 001467992 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6439764.dll
2018-05-24 00:15 - 2018-05-09 05:22 - 001417816 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2018-05-24 00:15 - 2018-05-09 05:22 - 001215576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2018-05-24 00:15 - 2018-05-09 05:22 - 001091432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2018-05-24 00:15 - 2018-05-09 05:22 - 000626776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2018-05-24 00:15 - 2018-05-09 05:22 - 000517888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 040346984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 035250776 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 031273728 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 025987296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 013725744 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 011271400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 004347832 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 003758496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 001349712 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 001157392 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 001064424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 000904720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 000813912 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2018-05-24 00:15 - 2018-05-09 05:21 - 000652344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2018-05-24 00:15 - 2018-05-09 05:20 - 017779440 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2018-05-24 00:15 - 2018-05-09 05:20 - 015191088 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2018-05-24 00:15 - 2018-05-09 05:20 - 004089240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2018-05-24 00:15 - 2018-05-08 05:04 - 000059240 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2018-05-24 00:15 - 2018-05-08 05:04 - 000058816 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvhci.sys
2018-05-24 00:05 - 2018-05-24 00:10 - 496475672 _____ (NVIDIA Corporation) C:\Users\Steven_Guest\Downloads\397.64-notebook-win10-64bit-international-whql.exe
2018-05-24 00:01 - 2010-05-27 02:41 - 002401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2018-05-24 00:01 - 2010-05-27 02:41 - 001998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2018-05-24 00:01 - 2010-05-27 02:41 - 000511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2018-05-24 00:01 - 2010-05-27 02:41 - 000470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2018-05-24 00:01 - 2010-05-27 02:41 - 000276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2018-05-24 00:01 - 2010-05-27 02:41 - 000248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2018-05-24 00:00 - 2018-05-24 00:19 - 000003894 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-24 00:00 - 2018-05-24 00:19 - 000003866 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-24 00:00 - 2018-05-24 00:19 - 000003858 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-24 00:00 - 2018-05-24 00:19 - 000003654 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2018-05-24 00:00 - 2018-05-08 05:04 - 000001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2018-05-23 23:59 - 2018-05-24 00:18 - 000000000 ____D C:\Windows\LastGood.Tmp
2018-05-23 23:58 - 2018-05-23 23:58 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-23 23:57 - 2018-05-08 05:04 - 000189784 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2018-05-23 23:57 - 2018-05-08 05:04 - 000152408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2018-05-23 23:57 - 2017-04-01 11:27 - 001988032 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6438165.dll
2018-05-23 23:57 - 2017-04-01 11:27 - 001591352 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6438165.dll
2018-05-23 23:55 - 2018-05-23 23:55 - 000000000 ____D C:\NVIDIA
2018-05-23 23:53 - 2018-05-23 23:53 - 000000000 ___HD C:\Users\Steven_Guest\MicrosoftEdgeBackups
2018-05-23 23:52 - 2018-05-23 23:52 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-05-23 23:52 - 2018-05-23 23:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-05-23 23:52 - 2018-05-23 23:52 - 000000000 ____D C:\Program Files\VS Revo Group
2018-05-23 22:57 - 2018-05-24 00:30 - 000000000 __SHD C:\Users\Steven\IntelGraphicsProfiles
2018-05-23 22:44 - 2018-05-23 22:44 - 000000000 ___RD C:\Sandbox
2018-05-23 22:43 - 2018-05-24 00:25 - 000002900 _____ C:\Windows\Sandboxie.ini
2018-05-23 22:43 - 2018-05-23 22:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2018-05-23 22:43 - 2018-05-23 22:43 - 000000000 ____D C:\Program Files\Sandboxie
2018-05-23 22:42 - 2018-05-23 22:49 - 435407592 _____ (NVIDIA Corporation) C:\Users\Steven_Guest\Downloads\381.65-notebook-win10-64bit-international-whql.exe
2018-05-23 22:41 - 2018-05-23 22:41 - 007197480 _____ (VS Revo Group ) C:\Users\Steven_Guest\Downloads\revosetup.exe
2018-05-23 22:39 - 2018-05-23 22:40 - 005637784 _____ (Sandboxie Holdings, LLC) C:\Users\Steven_Guest\Downloads\SandboxieInstall.exe
2018-05-23 22:38 - 2018-04-11 12:20 - 002262528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NL7Data0404.dll
2018-05-23 22:38 - 2018-04-11 12:19 - 002348032 _____ (Microsoft Corporation) C:\Windows\system32\NL7Data0404.dll
2018-05-23 22:38 - 2018-04-11 12:10 - 000516096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSWB70404.dll
2018-05-23 22:38 - 2018-04-11 12:10 - 000360960 _____ (Microsoft Corporation) C:\Windows\system32\NL7Lexicons0404.dll
2018-05-23 22:38 - 2018-04-11 12:09 - 009720320 _____ (Microsoft Corporation) C:\Windows\system32\NL7Models0404.dll
2018-05-23 22:38 - 2018-04-11 12:05 - 000712704 _____ (Microsoft Corporation) C:\Windows\system32\MSWB70404.dll
2018-05-23 22:38 - 2017-10-30 09:18 - 000001696 _____ C:\Windows\system32\NOISE.CHT
2018-05-23 22:36 - 2018-05-24 00:38 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-05-23 22:36 - 2018-05-24 00:38 - 000000000 __SHD C:\Users\Steven_Guest\IntelGraphicsProfiles
2018-05-23 22:36 - 2018-05-23 22:36 - 000000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-05-23 22:36 - 2018-05-23 22:36 - 000000000 ____D C:\Program Files\Intel
2018-05-23 22:36 - 2018-05-23 22:36 - 000000000 ____D C:\Intel
2018-05-23 22:36 - 2018-05-23 22:36 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin
2018-05-23 22:35 - 2018-05-24 00:02 - 000000000 ____D C:\Users\Steven_Guest\AppData\LocalLow\Mozilla
2018-05-23 22:35 - 2018-05-23 22:44 - 000000000 ____D C:\Users\Steven_Guest\AppData\Local\Mozilla
2018-05-23 22:35 - 2018-05-23 22:35 - 000000000 ____D C:\Users\Steven_Guest\AppData\Roaming\Mozilla
2018-05-23 22:17 - 2018-05-23 22:17 - 000000000 ____D C:\Users\Steven_Guest\AppData\Local\Comms
2018-05-23 22:14 - 2018-04-28 22:19 - 021389360 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2018-05-23 22:14 - 2018-04-28 19:20 - 023862272 _____ (Microsoft Corporation) C:\Windows\system32\Hydrogen.dll
2018-05-23 22:14 - 2018-04-28 19:17 - 019525120 _____ (Microsoft Corporation) C:\Windows\system32\HologramCompositor.dll
2018-05-23 22:14 - 2018-04-28 12:27 - 007519992 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2018-05-23 22:14 - 2018-04-28 12:13 - 006569952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-23 22:14 - 2018-04-28 12:11 - 025848832 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2018-05-23 22:14 - 2018-04-28 12:04 - 022707712 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2018-05-23 22:14 - 2018-04-28 12:04 - 008188928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2018-05-23 22:13 - 2018-04-28 22:17 - 001634800 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2018-05-23 22:13 - 2018-04-28 22:04 - 012712960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2018-05-23 22:13 - 2018-04-28 22:03 - 013570560 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2018-05-23 22:13 - 2018-04-28 22:03 - 000171520 _____ (Microsoft Corporation) C:\Windows\system32\itss.dll
2018-05-23 22:13 - 2018-04-28 22:03 - 000150528 _____ (Microsoft Corporation) C:\Windows\system32\SharedPCCSP.dll
2018-05-23 22:13 - 2018-04-28 22:02 - 008623104 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2018-05-23 22:13 - 2018-04-28 22:02 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2018-05-23 22:13 - 2018-04-28 22:01 - 000256000 _____ (Microsoft Corporation) C:\Windows\system32\MixedReality.Broker.dll
2018-05-23 22:13 - 2018-04-28 22:00 - 000695296 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2018-05-23 22:13 - 2018-04-28 21:59 - 003655168 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2018-05-23 22:13 - 2018-04-28 21:59 - 000392192 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2018-05-23 22:13 - 2018-04-28 21:58 - 004070400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2018-05-23 22:13 - 2018-04-28 21:58 - 001855488 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2018-05-23 22:13 - 2018-04-28 21:58 - 001664512 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2018-05-23 22:13 - 2018-04-28 21:58 - 000758272 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2018-05-23 22:13 - 2018-04-28 21:31 - 001454016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-05-23 22:13 - 2018-04-28 21:28 - 020383720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-05-23 22:13 - 2018-04-28 21:18 - 000150016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\itss.dll
2018-05-23 22:13 - 2018-04-28 21:17 - 012500992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2018-05-23 22:13 - 2018-04-28 21:16 - 011903488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-05-23 22:13 - 2018-04-28 21:16 - 007987712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-05-23 22:13 - 2018-04-28 21:14 - 000668672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-05-23 22:13 - 2018-04-28 21:14 - 000581120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2018-05-23 22:13 - 2018-04-28 21:14 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-05-23 22:13 - 2018-04-28 21:13 - 002897408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-05-23 22:13 - 2018-04-28 21:13 - 001585664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2018-05-23 22:13 - 2018-04-28 21:12 - 001380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2018-05-23 22:13 - 2018-04-28 19:04 - 000944640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Mirage.Internal.dll
2018-05-23 22:13 - 2018-04-28 19:02 - 003732800 _____ C:\Windows\system32\Windows.Mirage.dll
2018-05-23 22:13 - 2018-04-28 18:58 - 000976384 _____ (Microsoft Corporation) C:\Windows\system32\Spectrum.exe
2018-05-23 22:13 - 2018-04-28 18:58 - 000159744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Analog.dll
2018-05-23 22:13 - 2018-04-28 17:33 - 000658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2018-05-23 22:13 - 2018-04-28 17:30 - 002841312 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
2018-05-23 22:13 - 2018-04-28 14:18 - 000705944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2018-05-23 22:13 - 2018-04-28 12:37 - 001034624 _____ (Microsoft Corporation) C:\Windows\system32\ApplyTrustOffline.exe
2018-05-23 22:13 - 2018-04-28 12:35 - 000272288 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave.dll
2018-05-23 22:13 - 2018-04-28 12:35 - 000269216 _____ (Microsoft Corporation) C:\Windows\system32\SgrmEnclave_secure.dll
2018-05-23 22:13 - 2018-04-28 12:31 - 001063320 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2018-05-23 22:13 - 2018-04-28 12:31 - 000473496 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2018-05-23 22:13 - 2018-04-28 12:30 - 001456616 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2018-05-23 22:13 - 2018-04-28 12:29 - 009159064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2018-05-23 22:13 - 2018-04-28 12:29 - 001565592 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2018-05-23 22:13 - 2018-04-28 12:29 - 001174424 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2018-05-23 22:13 - 2018-04-28 12:29 - 001012120 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2018-05-23 22:13 - 2018-04-28 12:29 - 000885848 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2018-05-23 22:13 - 2018-04-28 12:29 - 000788216 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2018-05-23 22:13 - 2018-04-28 12:29 - 000776880 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2018-05-23 22:13 - 2018-04-28 12:29 - 000494488 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2018-05-23 22:13 - 2018-04-28 12:29 - 000382872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2018-05-23 22:13 - 2018-04-28 12:29 - 000134552 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.dll
2018-05-23 22:13 - 2018-04-28 12:28 - 007436624 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2018-05-23 22:13 - 2018-04-28 12:28 - 002753040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2018-05-23 22:13 - 2018-04-28 12:28 - 000709816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2018-05-23 22:13 - 2018-04-28 12:28 - 000170904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2018-05-23 22:13 - 2018-04-28 12:27 - 003283400 _____ (Microsoft Corporation) C:\Windows\system32\CoreUIComponents.dll
2018-05-23 22:13 - 2018-04-28 12:27 - 002835864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2018-05-23 22:13 - 2018-04-28 12:27 - 002422168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2018-05-23 22:13 - 2018-04-28 12:27 - 001258280 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2018-05-23 22:13 - 2018-04-28 12:27 - 001191168 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2018-05-23 22:13 - 2018-04-28 12:27 - 000733992 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2018-05-23 22:13 - 2018-04-28 12:27 - 000604568 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2018-05-23 22:13 - 2018-04-28 12:14 - 002486976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreUIComponents.dll
2018-05-23 22:13 - 2018-04-28 12:14 - 000434584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2018-05-23 22:13 - 2018-04-28 12:13 - 006044104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-05-23 22:13 - 2018-04-28 12:13 - 001426328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2018-05-23 22:13 - 2018-04-28 12:13 - 000786168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-05-23 22:13 - 2018-04-28 12:13 - 000665320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2018-05-23 22:13 - 2018-04-28 12:13 - 000559968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2018-05-23 22:13 - 2018-04-28 12:12 - 002242208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-05-23 22:13 - 2018-04-28 12:12 - 000606448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2018-05-23 22:13 - 2018-04-28 12:12 - 000567136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2018-05-23 22:13 - 2018-04-28 12:05 - 022002688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-05-23 22:13 - 2018-04-28 12:04 - 004372992 _____ (Microsoft Corporation) C:\Windows\system32\EdgeContent.dll
2018-05-23 22:13 - 2018-04-28 12:03 - 000585728 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-23 22:13 - 2018-04-28 12:03 - 000444416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-23 22:13 - 2018-04-28 12:03 - 000288256 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-23 22:13 - 2018-04-28 12:03 - 000241664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-23 22:13 - 2018-04-28 12:02 - 000613376 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-23 22:13 - 2018-04-28 12:02 - 000474624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-23 22:13 - 2018-04-28 12:02 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2018-05-23 22:13 - 2018-04-28 12:02 - 000142336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-23 22:13 - 2018-04-28 12:02 - 000046592 _____ (Microsoft Corporation) C:\Windows\system32\wcimage.dll
2018-05-23 22:13 - 2018-04-28 12:01 - 004706816 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2018-05-23 22:13 - 2018-04-28 12:01 - 000023552 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2018-05-23 22:13 - 2018-04-28 12:01 - 000002560 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2018-05-23 22:13 - 2018-04-28 12:00 - 007583232 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2018-05-23 22:13 - 2018-04-28 12:00 - 004867072 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2018-05-23 22:13 - 2018-04-28 12:00 - 003389952 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2018-05-23 22:13 - 2018-04-28 12:00 - 000143360 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2018-05-23 22:13 - 2018-04-28 11:59 - 019399168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-05-23 22:13 - 2018-04-28 11:59 - 003392512 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2018-05-23 22:13 - 2018-04-28 11:59 - 003320320 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2018-05-23 22:13 - 2018-04-28 11:59 - 000898560 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2018-05-23 22:13 - 2018-04-28 11:59 - 000894464 _____ (Microsoft Corporation) C:\Windows\system32\webplatstorageserver.dll
2018-05-23 22:13 - 2018-04-28 11:59 - 000726528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2018-05-23 22:13 - 2018-04-28 11:59 - 000553984 _____ (Microsoft Corporation) C:\Windows\system32\PerceptionSimulationExtensions.dll
2018-05-23 22:13 - 2018-04-28 11:59 - 000154112 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2018-05-23 22:13 - 2018-04-28 11:58 - 006661632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2018-05-23 22:13 - 2018-04-28 11:58 - 003086336 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2018-05-23 22:13 - 2018-04-28 11:58 - 002366976 _____ (Microsoft Corporation) C:\Windows\system32\WebRuntimeManager.dll
2018-05-23 22:13 - 2018-04-28 11:58 - 000814592 _____ (Microsoft Corporation) C:\Windows\system32\EdgeManager.dll
2018-05-23 22:13 - 2018-04-28 11:58 - 000624128 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2018-05-23 22:13 - 2018-04-28 11:57 - 005951488 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2018-05-23 22:13 - 2018-04-28 11:57 - 002170368 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2018-05-23 22:13 - 2018-04-28 11:57 - 001534976 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2018-05-23 22:13 - 2018-04-28 11:57 - 000019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-05-23 22:13 - 2018-04-28 11:56 - 003440640 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2018-05-23 22:13 - 2018-04-28 11:56 - 002961408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-05-23 22:13 - 2018-04-28 11:56 - 002902528 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2018-05-23 22:13 - 2018-04-28 11:56 - 002700800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2018-05-23 22:13 - 2018-04-28 11:56 - 002236928 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2018-05-23 22:13 - 2018-04-28 11:56 - 001817088 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2018-05-23 22:13 - 2018-04-28 11:56 - 001550848 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2018-05-23 22:13 - 2018-04-28 11:56 - 000933376 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2018-05-23 22:13 - 2018-04-28 11:56 - 000917504 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2018-05-23 22:13 - 2018-04-28 11:56 - 000775680 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2018-05-23 22:13 - 2018-04-28 11:56 - 000002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2018-05-23 22:13 - 2018-04-28 11:55 - 003712000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-05-23 22:13 - 2018-04-28 11:55 - 002900992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2018-05-23 22:13 - 2018-04-28 11:55 - 001586176 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2018-05-23 22:13 - 2018-04-28 11:55 - 001421312 _____ (Microsoft Corporation) C:\Windows\system32\rdpbase.dll
2018-05-23 22:13 - 2018-04-28 11:55 - 001160192 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2018-05-23 22:13 - 2018-04-28 11:55 - 000960512 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2018-05-23 22:13 - 2018-04-28 11:55 - 000596480 _____ (Microsoft Corporation) C:\Windows\system32\updatehandlers.dll
2018-05-23 22:13 - 2018-04-28 11:55 - 000543744 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2018-05-23 22:13 - 2018-04-28 11:54 - 005782528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-05-23 22:13 - 2018-04-28 11:54 - 000561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-05-23 22:13 - 2018-04-28 11:53 - 004929024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-05-23 22:13 - 2018-04-28 11:53 - 001235968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpbase.dll
2018-05-23 22:13 - 2018-04-28 11:53 - 000615424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-05-23 22:13 - 2018-04-28 11:53 - 000578560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-05-23 22:13 - 2018-04-28 11:53 - 000117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-05-23 22:13 - 2018-04-28 11:52 - 003015168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-05-23 22:13 - 2018-04-28 11:52 - 001636352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-05-23 22:13 - 2018-04-28 11:52 - 000860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2018-05-23 22:13 - 2018-04-28 11:52 - 000836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2018-05-23 22:13 - 2018-04-28 11:52 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2018-05-23 22:13 - 2018-04-28 11:51 - 001466368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-05-23 22:13 - 2018-04-28 11:51 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-05-23 22:13 - 2018-04-28 11:51 - 000524800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2018-05-23 22:13 - 2018-04-28 10:43 - 001953280 _____ C:\Windows\system32\rdpnano.dll
2018-05-23 22:13 - 2018-04-28 10:42 - 000001312 _____ C:\Windows\system32\tcbres.wim
2018-05-23 22:09 - 2018-05-24 00:27 - 000000000 ____D C:\Users\Steven_Guest\AppData\Local\PlaceholderTileLogoFolder
2018-05-23 22:09 - 2018-05-23 23:54 - 000000000 ___RD C:\Users\Steven_Guest\OneDrive
2018-05-23 22:09 - 2018-05-23 22:09 - 000003260 _____ C:\Windows\System32\Tasks\RtHDVBg_ListenToDevice
2018-05-23 22:09 - 2018-05-23 22:09 - 000003194 _____ C:\Windows\System32\Tasks\RTKCPL
2018-05-23 22:09 - 2018-05-23 22:09 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2018-05-23 22:09 - 2018-05-23 22:09 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2018-05-23 22:09 - 2018-05-23 22:09 - 000000000 ____D C:\Windows\system32\DAX2
2018-05-23 22:09 - 2018-05-23 22:09 - 000000000 ____D C:\Program Files\Realtek
2018-05-23 22:06 - 2018-05-24 00:24 - 000000000 ____D C:\Users\Steven_Guest\AppData\Local\Packages
2018-05-23 22:06 - 2018-05-23 23:53 - 000000000 ____D C:\Users\Steven_Guest
2018-05-23 22:06 - 2018-05-23 22:47 - 000000000 ____D C:\Users\Steven_Guest\AppData\Local\ConnectedDevicesPlatform
2018-05-23 22:06 - 2018-05-23 22:30 - 000000000 ___RD C:\Users\Steven_Guest\3D Objects
2018-05-23 22:06 - 2018-05-23 22:06 - 000000020 ___SH C:\Users\Steven_Guest\ntuser.ini
2018-05-23 22:06 - 2018-05-23 22:06 - 000000000 ____D C:\Users\Steven_Guest\AppData\Roaming\Adobe
2018-05-23 22:06 - 2018-05-23 22:06 - 000000000 ____D C:\Users\Steven_Guest\AppData\Local\VirtualStore
2018-05-23 22:06 - 2018-05-23 22:06 - 000000000 ____D C:\Users\Steven_Guest\AppData\Local\Publishers
2018-05-23 22:06 - 2018-05-23 22:06 - 000000000 ____D C:\Users\Steven_Guest\AppData\Local\NVIDIA
2018-05-23 22:06 - 2018-05-23 22:06 - 000000000 ____D C:\Users\Steven_Guest\AppData\Local\MicrosoftEdge
2018-05-23 22:01 - 2018-05-24 00:30 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-05-23 21:58 - 2018-05-23 21:37 - 000548000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2018-05-23 21:57 - 2018-05-23 22:37 - 000000000 ____D C:\Program Files (x86)\Intel
2018-05-23 21:57 - 2018-05-23 21:58 - 000000000 ____D C:\Windows\system32\MRT
2018-05-23 21:57 - 2018-05-23 21:57 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT-KB890830.exe
2018-05-23 21:57 - 2018-05-23 21:57 - 141696960 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2018-05-23 21:57 - 2018-05-23 21:57 - 000003628 _____ C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2018-05-23 21:57 - 2018-05-23 21:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2018-05-23 21:57 - 2018-05-23 21:57 - 000000000 ____D C:\Windows\SysWOW64\sda
2018-05-23 21:57 - 2018-05-23 21:57 - 000000000 ____D C:\ProgramData\SetupTPDriver
2018-05-23 21:57 - 2018-05-23 21:57 - 000000000 ____D C:\Program Files\DIFX
2018-05-23 21:57 - 2018-05-23 21:57 - 000000000 ____D C:\Program Files\Common Files\Atheros
2018-05-23 21:57 - 2018-05-23 21:57 - 000000000 ____D C:\Program Files (x86)\ASUS
2018-05-23 21:56 - 2018-05-24 00:38 - 000000000 ____D C:\ProgramData\NVIDIA
2018-05-23 21:56 - 2018-05-24 00:28 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-05-23 21:56 - 2018-05-24 00:19 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-05-23 21:56 - 2018-05-24 00:19 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-05-23 21:56 - 2018-05-09 05:23 - 000552024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2018-05-23 21:56 - 2018-05-09 05:23 - 000456792 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-05-23 21:56 - 2018-05-08 03:15 - 005947976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2018-05-23 21:56 - 2018-05-08 03:15 - 002612520 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2018-05-23 21:56 - 2018-05-08 03:15 - 001767552 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2018-05-23 21:56 - 2018-05-08 03:15 - 000634952 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2018-05-23 21:56 - 2018-05-08 03:15 - 000450856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2018-05-23 21:56 - 2018-05-08 03:15 - 000124384 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2018-05-23 21:56 - 2018-05-08 03:15 - 000083240 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2018-05-23 21:56 - 2018-04-25 14:18 - 008173402 _____ C:\Windows\system32\nvcoproc.bin
2018-05-23 21:55 - 2018-05-23 21:55 - 000000000 ____D C:\Users\Steven\AppData\Local\D3DSCache
2018-05-23 21:49 - 2018-05-23 21:57 - 000000000 ____D C:\Users\Steven\AppData\LocalLow\Mozilla
2018-05-23 21:49 - 2018-05-23 21:54 - 000000000 ____D C:\Users\Steven\AppData\Local\Mozilla
2018-05-23 21:49 - 2018-05-23 21:49 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-23 21:49 - 2018-05-23 21:49 - 000000000 ____D C:\Users\Steven\AppData\Roaming\Mozilla
2018-05-23 21:49 - 2018-05-23 21:49 - 000000000 ____D C:\Users\Steven\AppData\Local\Comms
2018-05-23 21:49 - 2018-05-23 21:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-23 21:49 - 2018-05-23 21:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-05-23 21:40 - 2018-05-23 21:40 - 000000000 ___HD C:\Users\Steven\MicrosoftEdgeBackups

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-24 05:18 - 2018-04-12 07:38 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2018-05-24 04:28 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\system32\WinBioDatabase
2018-05-24 04:27 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\system32\spool
2018-05-24 04:27 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\system32\FxsTmp
2018-05-24 04:21 - 2018-04-12 07:38 - 000000000 ___RD C:\Windows\PrintDialog
2018-05-24 04:21 - 2018-04-12 07:38 - 000000000 ___RD C:\Windows\ImmersiveControlPanel
2018-05-24 04:21 - 2018-04-12 07:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-24 04:20 - 2018-04-12 05:04 - 000032768 _____ C:\Windows\system32\config\ELAM
2018-05-24 00:52 - 2018-04-12 07:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-05-24 00:35 - 2018-04-12 07:36 - 000000000 ____D C:\Windows\INF
2018-05-24 00:29 - 2018-04-12 05:04 - 000786432 _____ C:\Windows\system32\config\BBI
2018-05-24 00:24 - 2018-04-12 07:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-24 00:24 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\AppReadiness
2018-05-23 23:02 - 2018-04-12 07:30 - 000000000 ____D C:\Windows\CbsTemp
2018-05-23 22:39 - 2018-04-12 17:18 - 000000000 ____D C:\Windows\OCR
2018-05-23 22:39 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\Globalization
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\zu-ZA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\yo-NG
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\xh-ZA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\wo-SN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\vi-VN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\uz-Latn-UZ
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ur-PK
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ug-CN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\tt-RU
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\tn-ZA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\tk-TM
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ti-ET
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\tg-Cyrl-TJ
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\te-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ta-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\sw-KE
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-RS
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\sr-Cyrl-BA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\sq-AL
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\si-LK
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\sd-Arab-PK
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\rw-RW
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\quz-PE
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\quc-Latn-GT
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\prs-AF
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\pa-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\pa-Arab-PK
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\or-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\nso-ZA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\nn-NO
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ne-NP
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\mt-MT
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\mr-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\mn-MN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ml-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\mk-MK
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\mi-NZ
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\lo-LA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\lb-LU
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ky-KG
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ku-Arab-IQ
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\kok-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\kn-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\km-KH
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\kk-KZ
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ka-GE
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\is-IS
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ig-NG
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\id-ID
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\hy-AM
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ha-Latn-NG
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\gu-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\gd-GB
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ga-IE
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\fil-PH
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\fa-IR
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\cy-GB
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\chr-CHER-US
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\ca-ES-valencia
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\bs-Latn-BA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\bn-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\bn-BD
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\be-BY
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\az-Latn-AZ
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\as-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\am-ET
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\SysWOW64\af-ZA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\zu-ZA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\yo-NG
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\xh-ZA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\wo-SN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\vi-VN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\uz-Latn-UZ
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\ur-PK
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\ug-CN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\tt-RU
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\tn-ZA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\tk-TM
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\ti-ET
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\tg-Cyrl-TJ
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\te-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\sw-KE
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-RS
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\sr-Cyrl-BA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\sq-AL
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\sd-Arab-PK
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\rw-RW
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\quz-PE
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\quc-Latn-GT
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\prs-AF
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\pa-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\pa-Arab-PK
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\or-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\nso-ZA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\nn-NO
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\ne-NP
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\mt-MT
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\mr-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\mn-MN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\ml-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\mk-MK
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\mi-NZ
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\lo-LA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\lb-LU
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\ky-KG
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\ku-Arab-IQ
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\kok-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\kn-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\km-KH
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\kk-KZ
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\ka-GE
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\is-IS
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\ig-NG
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\id-ID
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\hy-AM
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\ha-Latn-NG
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\gu-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\gd-GB
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\ga-IE
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\fil-PH
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\fa-IR
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\cy-GB
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\chr-CHER-US
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\ca-ES-valencia
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\bs-Latn-BA
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\bn-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\bn-BD
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\be-BY
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\az-Latn-AZ
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\as-IN
2018-05-23 22:27 - 2018-04-12 17:19 - 000000000 ____D C:\Windows\system32\af-ZA
2018-05-23 22:27 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\TextInput
2018-05-23 22:27 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\SysWOW64\setup
2018-05-23 22:27 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\system32\ta-in
2018-05-23 22:27 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\system32\si-lk
2018-05-23 22:27 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\system32\setup
2018-05-23 22:27 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\system32\oobe
2018-05-23 22:27 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\system32\appraiser
2018-05-23 22:27 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\system32\am-et
2018-05-23 22:27 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\Provisioning
2018-05-23 22:27 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\bcastdvr
2018-05-23 22:27 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-05-23 22:27 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-05-23 22:17 - 2018-04-12 07:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-23 21:56 - 2018-04-12 07:38 - 000000000 ____D C:\Windows\Help
2018-05-09 05:20 - 2016-03-22 21:52 - 004814040 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2018-05-08 05:04 - 2016-03-22 20:19 - 000044277 _____ C:\Windows\system32\nvinfo.pb
2018-05-02 05:22 - 2018-04-12 07:41 - 000835064 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2018-05-02 05:22 - 2018-04-12 07:41 - 000179704 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-24 04:18

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 16.05.2018 01
Ran by Steven (24-05-2018 00:58:25)
Running from C:\Users\Steven_Guest\Downloads
Windows 10 Home Version 1803 17134.48 (X64) (2018-05-23 20:25:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4178549734-1169402076-2291529160-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4178549734-1169402076-2291529160-503 - Limited - Disabled)
Guest (S-1-5-21-4178549734-1169402076-2291529160-501 - Limited - Disabled)
Steven (S-1-5-21-4178549734-1169402076-2291529160-1001 - Administrator - Enabled) => C:\Users\Steven
Steven_Guest (S-1-5-21-4178549734-1169402076-2291529160-1002 - Limited - Enabled) => C:\Users\Steven_Guest
WDAGUtilityAccount (S-1-5-21-4178549734-1169402076-2291529160-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.9 - ASUS)
DisplayDriverAnalyzer (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_DisplayDriverAnalyzer) (Version: 397.64 - NVIDIA Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4549 - Intel Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.1 - Mozilla)
NVIDIA GeForce Experience 3.13.1.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.13.1.30 - NVIDIA Corporation)
NVIDIA Graphics Driver 397.64 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 397.64 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.17.0524 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0524 - NVIDIA Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31233 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Sandboxie 5.24 (64-bit) (HKLM\...\Sandboxie) (Version: 5.24 - Sandboxie Holdings, LLC)
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
Windows Driver Package - ASUS (ATP) Mouse  (10/21/2015 1.0.0.262) (HKLM\...\F84E8769D448654402782673214DE63760BE04A7) (Version: 10/21/2015 1.0.0.262 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4178549734-1169402076-2291529160-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4178549734-1169402076-2291529160-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4178549734-1169402076-2291529160-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Steven\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4178549734-1169402076-2291529160-1002_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Steven_Guest\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4178549734-1169402076-2291529160-1002_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Steven_Guest\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-4178549734-1169402076-2291529160-1002_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Steven_Guest\AppData\Local\Microsoft\OneDrive\17.3.6816.0313\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-12-01] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2018-05-08] (NVIDIA Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {021BB801-0F31-4ACD-A257-D758FC3FFFDA} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2018-05-08] (NVIDIA Corporation)
Task: {1165AC95-69DC-46F4-83A0-593653B80599} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-08] (NVIDIA Corporation)
Task: {486961E3-348D-4DF4-A176-24053291F552} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2018-05-08] (NVIDIA Corporation)
Task: {4A2944FF-57CE-4AA7-B0E0-7C25BCAA3531} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2018-05-08] (NVIDIA Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\Windows\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {86A90B05-20F7-4969-90FF-E333F14662F0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-23] (Microsoft Corporation)
Task: {87802A3E-75BA-4A10-9FDA-9D8AB11D6DE9} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-11-10] (Realtek Semiconductor)
Task: {981F066E-407B-44F8-B518-818B3F48209F} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-11-10] (Realtek Semiconductor)
Task: {A925F791-3362-4D96-B069-F8A90A4EEDC5} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-15] (AsusTek)
Task: {B0BD9170-3950-407A-80BE-1EE43B075387} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-23] (Microsoft Corporation)
Task: {CAD78FB2-84E4-42A8-AA3C-DE1C41087A41} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-23] (Microsoft Corporation)
Task: {D56F2B74-8CE6-4927-9C32-333F289C61E0} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2018-05-08] (NVIDIA Corporation)
Task: {E3857CEF-565B-4FD2-A976-9C97071E8110} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MpCmdRun.exe [2018-05-23] (Microsoft Corporation)
Task: {EA45C6A4-92F6-4C4E-B2AA-2BBEEAD0879B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-08] (NVIDIA Corporation)
Task: {F883ABC4-FC0A-423B-AAAA-671E22D21CF4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2018-05-08] (NVIDIA Corporation)
Task: {FAB94621-3F1C-4D3A-B869-E5F14ECFB253} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe [2018-05-08] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 07:34 - 2018-04-12 07:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2016-12-01 12:57 - 2016-12-01 12:57 - 000401888 _____ () C:\Windows\system32\igfxTray.exe
2018-04-12 07:35 - 2018-04-12 17:19 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 005471232 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 000047616 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-04-12 07:34 - 2018-04-12 07:34 - 005082112 _____ () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2018-04-12 07:38 - 2018-04-12 07:36 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4178549734-1169402076-2291529160-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Steven\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-4178549734-1169402076-2291529160-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Steven_Guest\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{39078BBE-C26F-4F82-8324-80BE3958BD6E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6D2E3662-DCE3-4627-9128-58214925C6F1}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0B1A59D9-B762-4454-A930-F46CC1805B0F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{E31490E7-A3F5-4D63-9B91-140A3EB1F9B7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{96DE4A44-CB73-4494-A574-F3B4B1766638}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{3E99313B-90E9-4E32-9EC4-D0A024F303DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{109419AF-3617-43AF-AC33-0D848837956B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{E685AAEC-59BF-4FF8-8E47-BE875CE4040C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

==================== Restore Points =========================

23-05-2018 21:38:28 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/23/2018 11:13:19 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-L2H5RLQ)
Description: Microsoft.VCLibs.140.00_8wekyb3d8bbwe-2147024893

Error: (05/23/2018 11:13:19 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-L2H5RLQ)
Description: Microsoft.Services.Store.Engagement_8wekyb3d8bbwe-2147024893

Error: (05/23/2018 11:13:18 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-L2H5RLQ)
Description: Microsoft.NET.Native.Runtime.1.7_8wekyb3d8bbwe-2147024893

Error: (05/23/2018 11:13:18 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-L2H5RLQ)
Description: Microsoft.NET.Native.Runtime.1.6_8wekyb3d8bbwe-2147024893

Error: (05/23/2018 11:13:18 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-L2H5RLQ)
Description: Microsoft.NET.Native.Framework.1.7_8wekyb3d8bbwe-2147024893

Error: (05/23/2018 11:13:18 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-L2H5RLQ)
Description: Microsoft.NET.Native.Framework.1.6_8wekyb3d8bbwe-2147024893

Error: (05/23/2018 11:13:18 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-L2H5RLQ)
Description: Microsoft.Advertising.Xaml_8wekyb3d8bbwe-2147024893

Error: (05/23/2018 11:13:13 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: DESKTOP-L2H5RLQ)
Description: Microsoft.VCLibs.140.00_8wekyb3d8bbwe-2147024893


System errors:
=============
Error: (05/24/2018 12:52:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/24/2018 12:39:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/24/2018 12:39:03 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-L2H5RLQ)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.

Error: (05/24/2018 12:34:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/24/2018 12:32:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


==================== Memory info ===========================

Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 22%
Total physical RAM: 12190.39 MB
Available physical RAM: 9506.51 MB
Total Virtual: 14622.39 MB
Available Virtual: 11771.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:244.14 GB) (Free:214.69 GB) NTFS

\\?\Volume{1d693f2d-3c47-48cd-b10d-ad6ca9b857dc}\ (Recovery) (Fixed) (Total:0.49 GB) (Free:0.13 GB) NTFS
\\?\Volume{c7e2de72-0e9e-4324-a797-c62a40ad6f75}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================



BC AdBot (Login to Remove)

 


#2 CrushDummy

CrushDummy
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:50 AM

Posted 26 May 2018 - 08:29 AM

So I have finally figured out what the problem is...

 

when I connect to my mobile via WiFi Tethering (personal hotspot), my phone replaces and installs a driver for my network adapter "Realtek PCIe GBE Family Controller". This new driver creates a "backdoor" to my system when I initiate wifi tethering. I suspect that's why there was no green check mark on Windows Defender "Device Performance & Health".

 

Anyway, my Wifi connection settings then shows multiple (Rogue) Access Points with strong signal strength like mine when I connect to my own AP. That's how I begin to find it suspicious - that whenever I turn on wifi tethering, there are so many APs with strong signals. I reset my android phone and wipe system cache, etc, but I think it's almost impossible to rid of all the files on my unrooted android phone.

 

Anyway, when I go update my network adapter driver, everything was resolved.  The malware driver got written over and no Rogue APs show up anymore. 

 

I also restored my Sign In screen by deleting roaming.lock and settigns.dat in

C:\Users\<username>\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_<characters>\Settings

I suspect the original driver on my phone was replaced with malware when I first connected via USB to my then infected computer


Edited by CrushDummy, 26 May 2018 - 08:44 AM.


#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:50 PM

Posted 27 May 2018 - 05:53 PM

Thank you for the update.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:50 PM

Posted 27 May 2018 - 05:53 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,496 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:50 PM

Posted 27 May 2018 - 05:53 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users