Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

URGENT please help :( seem to be under attack


  • This topic is locked This topic is locked
24 replies to this topic

#1 ld1234556

ld1234556

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 05 June 2018 - 02:11 PM

hello ive heard this is the best site for help. im hoping somebody can help me. a few days ago i woke up to find somebody had hacked into one of my accounts and stole money from it. i changed all my passwords, details everything.
i did a factory reset on my laptop, a day later i noticed there was a virus still. so again i reset my laptop to factory settings.

again it all reset fine, then malwarebytes stated crashing Bsod. restarted my laptop and my pin had been stopped....
windows defender has now found win32 powerssere

my laptop has only been restored to factory settings for an hour, how can this be here? all ive installed is 10bit uninstaller, malwarebytes, roguekiller, vlc and chrome

im starting to panic about my personal details as i changed them and worried those details are now compromised

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.06.2018
Ran by suff2 (administrator) on LAPTOP-I2D8U483 (05-06-2018 21:27:24)
Running from C:\Users\suff2\Desktop
Loaded Profiles: suff2 (Available Profiles: suff2)
Platform: Windows 10 Home Version 1803 17134.48 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxCUIService.exe
(HP) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHDCPSvc.exe
(HP Inc.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHeciSvc.exe
(HP Inc.) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(HP Inc.) C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(HP Development Company, L.P.) C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxEM.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8900104 2016-09-09] (Realtek Semiconductor)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{09cae380-7b7e-46c5-8275-a617a9ddeeac}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131726972696903788&GUID=D5422B88-CEDD-44C2-A5D1-22CFC38963F9
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131726972697084106&GUID=D5422B88-CEDD-44C2-A5D1-22CFC38963F9
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2131389051-3585489687-4280800276-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-2131389051-3585489687-4280800276-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> {5AA42492-44F0-4D1F-B329-5C0E21C18FE7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {5AA42492-44F0-4D1F-B329-5C0E21C18FE7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001 -> {5AA42492-44F0-4D1F-B329-5C0E21C18FE7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-09-21] (HP Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-09-21] (HP Inc.)
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\suff2\AppData\Local\Google\Chrome\User Data\Default [2018-06-05]
CHR Extension: (Slides) - C:\Users\suff2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-06-05]
CHR Extension: (Docs) - C:\Users\suff2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-05]
CHR Extension: (Adblock Plus) - C:\Users\suff2\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2018-06-05]
CHR Extension: (Sheets) - C:\Users\suff2\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-06-05]
CHR Extension: (Google Docs Offline) - C:\Users\suff2\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-06-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\suff2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-05]
CHR Extension: (Gmail) - C:\Users\suff2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-06-05]
CHR Extension: (Chrome Media Router) - C:\Users\suff2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-05]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-19] (Intel Corporation)
S2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [897536 2016-09-09] (HP Inc.) [File not signed]
R2 HP Orbit Service; C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe [3316576 2016-08-09] (HP Inc.)
R2 HPJumpStartBridge; c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe [461848 2016-08-05] (HP Inc.)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 hpsrv; C:\windows\system32\Hpservice.exe [38752 2016-09-26] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-09-22] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [631800 2016-06-20] (HP Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [177440 2016-09-14] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317952 2016-09-09] (Realtek Semiconductor)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360456 2018-03-05] (Synaptics Incorporated)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [53760 2017-12-18] (HP)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-09-19] (Intel Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-10-29] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-10-29] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-09-19] (Intel Corporation)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [39936 2017-12-18] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [40328 2018-01-10] (IObit.com)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-05] (Malwarebytes)
R1 MpKsl7d4b31ac; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21AAF4A7-3271-484C-A62B-8670CEF180D1}\MpKsl7d4b31ac.sys [58120 2018-06-05] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623040 2018-02-05] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-05] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [787968 2016-12-30] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [53768 2018-03-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [55304 2018-03-05] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34960 2018-02-02] (HP)
U3 aspnet_state; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-05 21:27 - 2018-06-05 21:27 - 000014047 _____ C:\Users\suff2\Desktop\FRST.txt
2018-06-05 21:14 - 2018-06-05 21:16 - 000000000 ____D C:\AdwCleaner
2018-06-05 21:14 - 2018-06-05 20:32 - 007271632 _____ (Malwarebytes) C:\Users\suff2\Desktop\AdwCleaner.exe
2018-06-05 21:12 - 2018-06-05 21:12 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-05 21:12 - 2018-06-05 21:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-05 21:12 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-05 21:11 - 2018-06-05 20:30 - 077239112 _____ (Malwarebytes ) C:\Users\suff2\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5354.exe
2018-06-05 21:11 - 2018-06-05 20:29 - 002413056 _____ (Farbar) C:\Users\suff2\Desktop\FRST64.exe
2018-06-05 21:04 - 2018-06-05 21:17 - 001388448 _____ C:\Users\Public\ASR.dat
2018-06-05 20:45 - 2018-06-05 20:45 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-05 20:44 - 2018-06-05 20:44 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-05 20:38 - 2018-06-05 20:38 - 000000000 ____D C:\Program Files\HitmanPro
2018-06-05 20:34 - 2018-06-05 21:27 - 000000000 ____D C:\FRST
2018-06-05 20:05 - 2018-06-05 20:05 - 000000000 ____D C:\Users\suff2\AppData\Roaming\hpqLog
2018-06-05 19:44 - 2018-06-05 19:45 - 077239112 _____ (Malwarebytes ) C:\Users\suff2\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5354.exe
2018-06-05 19:34 - 2018-06-05 19:55 - 000001258 _____ C:\Users\suff2\Desktop\Google Chrome.lnk
2018-06-05 19:17 - 2018-06-05 20:14 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-06-05 18:55 - 2018-06-05 19:00 - 001575948 _____ C:\WINDOWS\Minidump\060518-57390-01.dmp
2018-06-05 18:55 - 2018-06-05 18:55 - 882191185 _____ C:\WINDOWS\MEMORY.DMP
2018-06-05 18:55 - 2018-06-05 18:55 - 000000000 ____D C:\WINDOWS\Minidump
2018-06-05 18:51 - 2018-06-05 18:06 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-06-05 18:50 - 2018-06-05 19:13 - 000000000 ____D C:\Users\suff2\AppData\Local\CrashDumps
2018-06-05 18:49 - 2018-06-05 18:49 - 000001110 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-06-05 18:49 - 2018-06-05 18:49 - 000000000 ____D C:\Users\suff2\AppData\Local\DBG
2018-06-05 18:48 - 2018-06-05 18:48 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-06-05 18:40 - 2018-06-05 18:40 - 000002303 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-05 18:39 - 2018-06-05 19:16 - 000000000 ____D C:\Users\suff2\AppData\Local\Google
2018-06-05 18:39 - 2018-06-05 18:45 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-05 18:39 - 2018-06-05 18:45 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-05 18:39 - 2018-06-05 18:39 - 000000000 ____D C:\Program Files\RogueKiller
2018-06-05 18:39 - 2018-06-05 18:39 - 000000000 ____D C:\Program Files (x86)\Google
2018-06-05 18:32 - 2018-06-05 21:06 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-06-05 18:32 - 2018-06-05 18:32 - 000000000 ____D C:\Users\suff2\Desktop\Malwarebytes Anti-Malware Premium 2.2.1.1043 + License Key [SadeemPC]
2018-06-05 18:20 - 2018-06-05 18:20 - 000000000 ____D C:\Users\suff2\AppData\Local\PackageStaging
2018-06-05 18:19 - 2018-06-05 18:19 - 000000000 ____D C:\Users\suff2\AppData\Local\Comms
2018-06-05 18:18 - 2018-06-05 18:18 - 000004098 _____ C:\WINDOWS\System32\Tasks\HPGenoobeReminder
2018-06-05 18:17 - 2018-06-05 18:17 - 000000000 ____D C:\Users\suff2\AppData\Local\Cyberlink
2018-06-05 18:15 - 2018-06-05 18:15 - 000000000 ____D C:\Users\suff2\AppData\Roaming\WildTangent
2018-06-05 18:13 - 2018-06-05 18:13 - 000000000 ____D C:\Users\suff2\AppData\LocalLow\IObit
2018-06-05 18:12 - 2018-06-05 18:12 - 000001438 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2018-06-05 18:11 - 2018-06-05 19:59 - 000000000 ____D C:\Users\suff2\AppData\Local\D3DSCache
2018-06-05 18:11 - 2018-06-05 18:11 - 000000000 ____D C:\Program Files (x86)\IObit
2018-06-05 18:09 - 2018-06-05 18:47 - 000000000 ____D C:\Users\suff2\AppData\Roaming\IObit
2018-06-05 18:08 - 2018-06-05 18:08 - 000000000 ____D C:\Users\suff2\AppData\Roaming\Macromedia
2018-06-05 18:07 - 2018-06-05 18:14 - 000000000 ____D C:\Users\suff2\Desktop\films
2018-06-05 18:06 - 2018-06-05 18:31 - 000000000 ____D C:\Users\suff2\Desktop\Essentials
2018-06-05 18:06 - 2018-06-05 18:06 - 000000000 ____D C:\Users\suff2\AppData\Roaming\Hewlett-Packard
2018-06-05 18:06 - 2018-06-01 09:28 - 036617024 _____ (Adlice Software ) C:\Users\suff2\Desktop\RogueKiller_setup.exe
2018-06-05 18:05 - 2018-06-05 18:32 - 000000000 ___RD C:\Users\suff2\OneDrive
2018-06-05 18:05 - 2018-06-05 18:17 - 000000000 ____D C:\Users\suff2\AppData\Roaming\HP
2018-06-05 18:04 - 2018-06-05 20:05 - 000000000 ____D C:\Users\suff2\AppData\Local\Hewlett-Packard
2018-06-05 18:04 - 2018-06-05 18:46 - 000000000 ____D C:\Users\suff2\AppData\Local\PlaceholderTileLogoFolder
2018-06-05 18:03 - 2018-06-05 18:03 - 000001417 _____ C:\Users\suff2\Desktop\Microsoft Edge.lnk
2018-06-05 18:02 - 2018-06-05 18:30 - 000000000 ____D C:\Users\suff2\AppData\Local\Publishers
2018-06-05 18:02 - 2018-06-05 18:02 - 000000000 ___HD C:\Users\suff2\MicrosoftEdgeBackups
2018-06-05 18:02 - 2018-06-05 18:02 - 000000000 ____D C:\Users\suff2\AppData\Local\MicrosoftEdge
2018-06-05 18:01 - 2018-06-05 21:19 - 000000000 __SHD C:\Users\suff2\IntelGraphicsProfiles
2018-06-05 18:01 - 2018-06-05 19:00 - 000000000 ____D C:\Users\suff2\AppData\Local\Packages
2018-06-05 18:01 - 2018-06-05 18:03 - 000000000 ____D C:\Users\suff2\AppData\Local\ConnectedDevicesPlatform
2018-06-05 18:01 - 2018-06-05 18:01 - 000000000 ___RD C:\Users\suff2\3D Objects
2018-06-05 18:01 - 2018-06-05 18:01 - 000000000 ____D C:\Users\suff2\AppData\Roaming\Synaptics
2018-06-05 18:01 - 2018-06-05 18:01 - 000000000 ____D C:\Users\suff2\AppData\Roaming\Intel
2018-06-05 18:01 - 2018-06-05 18:01 - 000000000 ____D C:\Users\suff2\AppData\Roaming\Adobe
2018-06-05 18:01 - 2018-06-05 18:01 - 000000000 ____D C:\Users\suff2\AppData\Local\VirtualStore
2018-06-05 17:58 - 2018-06-05 18:58 - 000000000 ____D C:\Users\suff2
2018-06-05 17:58 - 2018-06-05 17:58 - 000000020 ___SH C:\Users\suff2\ntuser.ini
2018-06-05 17:58 - 2018-06-05 17:41 - 000000000 ___HD C:\Users\suff2\Documents\hp.system.package.metadata
2018-06-05 17:58 - 2016-10-17 03:20 - 000000000 ___HD C:\Users\suff2\Documents\hp.applications.package.appdata
2018-06-05 17:54 - 2018-06-05 21:24 - 000907826 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-05 17:51 - 2018-06-05 21:17 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-05 17:51 - 2018-06-05 18:07 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2018-06-05 17:51 - 2018-06-05 17:51 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-06-05 17:51 - 2018-06-05 17:51 - 000002500 _____ C:\WINDOWS\System32\Tasks\HPEA3JOBS
2018-06-05 17:51 - 2018-06-05 17:51 - 000002488 _____ C:\WINDOWS\System32\Tasks\HPAudioSwitch
2018-06-05 17:51 - 2018-06-05 17:51 - 000002252 _____ C:\WINDOWS\System32\Tasks\HPJumpStartProvider
2018-06-05 17:51 - 2018-06-05 17:51 - 000000000 ____D C:\WINDOWS\System32\Tasks\HP
2018-06-05 17:50 - 2018-06-05 17:50 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-06-05 17:50 - 2018-06-05 17:50 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-05 17:49 - 2018-04-12 00:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-06-05 17:30 - 2018-06-05 17:30 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-06-05 17:22 - 2018-06-05 17:22 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2018-06-05 17:22 - 2018-06-05 17:22 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-06-05 17:21 - 2018-06-05 17:34 - 000000000 ____D C:\Program Files\Intel
2018-06-05 17:21 - 2018-06-05 17:31 - 000000000 ____D C:\Intel
2018-06-05 17:21 - 2018-06-05 17:21 - 000146463 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-06-05 17:21 - 2018-06-05 17:21 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-06-05 17:21 - 2018-06-05 17:21 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-06-05 17:21 - 2018-06-05 17:21 - 000000000 ____D C:\Program Files\Realtek
2018-06-05 17:21 - 2018-06-05 17:21 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-06-05 17:21 - 2018-06-05 17:21 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-06-05 17:21 - 2017-09-01 15:28 - 000140288 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-06-05 17:21 - 2017-09-01 15:28 - 000116744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-06-05 17:21 - 2017-02-25 00:23 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-06-05 17:21 - 2017-02-25 00:23 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-06-05 17:21 - 2017-02-25 00:23 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-06-05 17:21 - 2017-02-25 00:23 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-06-05 17:20 - 2018-06-05 17:20 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2018-06-05 17:20 - 2018-06-05 17:20 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2018-06-05 17:20 - 2018-06-05 17:20 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2018-06-05 17:20 - 2018-06-05 17:20 - 000000000 ____D C:\WINDOWS\system32\Intel
2018-06-05 17:17 - 2018-06-05 19:02 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-05 17:17 - 2018-06-05 17:46 - 000313512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-05 17:17 - 2018-06-05 17:17 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-06-05 14:55 - 2018-06-05 17:41 - 000000000 ___HD C:\system.sav
2018-06-05 14:55 - 2016-12-14 03:40 - 000000000 __RSH C:\WINDOWS\system32\Drivers\103C_HP_cNB_Pavilion Notebook_Y5335KV_0U_Q5CD6501PVJ_E5CD61976BL27 DPS_4A_I8215_SHP_V83.14_BF.23_T161013_W1101-0_L809_M8078_J1000_7Intel_86E9_92.40_#161214_N808624FB;10EC8136_(Z9F54EA#ABU)_XMOBILE_CN10_Z.MRK
2018-06-05 14:54 - 2018-06-05 14:58 - 000000000 ____D C:\Windows.old
2018-06-05 14:54 - 2018-06-05 14:54 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-06-05 14:52 - 2018-06-05 14:52 - 000000000 ____D C:\Program Files\Synaptics
2018-06-05 14:50 - 2018-06-05 14:50 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-06-05 14:50 - 2018-06-05 14:50 - 000000000 ____D C:\WINDOWS\Setup
2018-06-05 14:48 - 2018-06-05 17:41 - 000000000 ____D C:\WINDOWS\OCR
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\Program Files\MSBuild
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\0409
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-06-05 14:43 - 2018-05-01 22:22 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 14:43 - 2018-05-01 22:22 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-05 14:40 - 2018-06-05 21:19 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-05 14:40 - 2018-06-05 20:35 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-06-05 14:40 - 2018-06-05 18:56 - 000000000 ____D C:\Program Files (x86)
2018-06-05 14:40 - 2018-06-05 18:53 - 000000000 ____D C:\Program Files\Windows Defender
2018-06-05 14:40 - 2018-06-05 18:50 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-05 14:40 - 2018-06-05 17:55 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-06-05 14:40 - 2018-06-05 17:51 - 000000000 ____D C:\WINDOWS\Registration
2018-06-05 14:40 - 2018-06-05 17:49 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-06-05 14:40 - 2018-06-05 17:42 - 000000000 ____D C:\WINDOWS\system32\spool
2018-06-05 14:40 - 2018-06-05 17:41 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-06-05 14:40 - 2018-06-05 17:31 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-05 14:40 - 2018-06-05 17:30 - 000000000 ____D C:\WINDOWS\appcompat
2018-06-05 14:40 - 2018-06-05 17:25 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-06-05 14:40 - 2018-06-05 17:25 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-05 14:40 - 2018-06-05 14:55 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-05 14:40 - 2018-06-05 14:54 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\Provisioning
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-05 14:40 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-05 14:40 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\com
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\IME
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\Help
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 __RSD C:\WINDOWS\media
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 __RHD C:\Users\Public\Libraries
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Web
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\WaaS
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Vss
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\tracing
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\TAPI
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SystemResources
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SystemApps
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\ras
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\my-mm
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\IME
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\ias
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\DriverState
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\System
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SKB
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\ServiceState
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\security
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\schemas
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SchCache
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Resources
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\rescache
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\PLA
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Performance
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\InputMethod
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\IdentityCRL
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Globalization
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Cursors
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Branding
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\addins
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files\Windows Security
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files\windows nt
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files\Common Files\Services
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-06-05 14:40 - 2018-06-05 14:36 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-06-05 14:40 - 2018-06-05 14:36 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-06-05 14:40 - 2018-06-05 14:36 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-06-05 14:40 - 2018-06-05 14:36 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-06-05 14:40 - 2018-06-05 14:36 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-06-05 14:40 - 2018-06-05 14:36 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-06-05 14:40 - 2018-06-05 14:36 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-06-05 14:40 - 2018-06-05 14:36 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-06-05 14:40 - 2018-06-05 14:36 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-06-05 14:37 - 2018-06-05 21:24 - 000000000 ____D C:\WINDOWS\INF
2018-06-05 14:29 - 2018-06-05 17:57 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-05 14:21 - 2018-06-05 21:16 - 090701824 _____ C:\WINDOWS\system32\config\SYSTEM
2018-06-05 14:21 - 2018-06-05 21:16 - 090439680 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-06-05 14:21 - 2018-06-05 21:16 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2018-06-05 14:21 - 2018-06-05 21:16 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-05 14:21 - 2018-06-05 21:16 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2018-06-05 14:21 - 2018-06-05 21:16 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2018-06-05 14:21 - 2018-06-05 18:52 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-06-05 14:21 - 2018-06-05 17:53 - 000000000 ____D C:\WINDOWS\Panther
2018-06-05 14:21 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\servicing
2018-06-05 14:21 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-06-05 13:17 - 2018-06-05 14:56 - 000000000 ___HD C:\$SysReset
2018-05-21 22:00 - 2018-05-21 22:00 - 013570560 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-21 22:00 - 2018-05-21 22:00 - 012500992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 025848832 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 023862272 ____N (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 022707712 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 022002688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 021389360 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 020383720 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 019525120 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 019399168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 012712960 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 011903488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 009159064 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 008623104 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 008188928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 007987712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 007583232 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 007519992 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 007436624 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 006661632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 006569952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 006044104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 005951488 ____N (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 005782528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 004929024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 004867072 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 004706816 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 004372992 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 004070400 ____N (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003732800 ____N C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003712000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003655168 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 003440640 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003392512 ____N (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003389952 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003320320 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003283400 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003086336 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003015168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002961408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002902528 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002900992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002897408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 002841312 ____N C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002835864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 002753040 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002700800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002486976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002422168 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 002366976 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002242208 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002236928 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 002170368 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001953280 ____N C:\WINDOWS\system32\rdpnano.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001855488 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001817088 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001664512 ____N (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001636352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001634800 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001586176 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001585664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001565592 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001550848 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001534976 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001466368 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001456616 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-21 21:59 - 2018-05-21 21:59 - 001454016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001426328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001421312 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001380864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001258280 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 001235968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001191168 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001174424 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 001160192 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001063320 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-21 21:59 - 2018-05-21 21:59 - 001034624 ____N (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 001012120 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 000976384 ____N (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 000960512 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000944640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000933376 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000917504 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000898560 ____N (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000894464 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000885848 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000860160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000836608 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000814592 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000788216 ____N (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000786168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000776880 ____N (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000775680 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000758272 ____N (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000733992 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000726528 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000709816 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 000695296 ____N (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-21 21:59 - 2018-05-21 21:59 - 000669184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000668672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000665320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000658432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000624128 ____N (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000619520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000615424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000613376 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000606448 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000604568 ____N (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 000596480 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000585728 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000584192 ____N (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000581120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-21 21:59 - 2018-05-21 21:59 - 000578560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000567136 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000561664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000559968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000553984 ____N (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000543744 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000524800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000494488 ____N (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 000474624 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000473496 ____N (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000444416 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000434584 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 000392192 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000382872 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 000344064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000288256 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000272288 ____N (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000269216 ____N (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000256000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000241664 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000171520 ____N (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000170904 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 000159744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000154112 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000150528 ____N (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000150016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000144384 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000143360 ____N (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000142336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000134552 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000117760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000046592 ____N (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000023552 ____N (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000019968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000001312 ____N C:\WINDOWS\system32\tcbres.wim
2018-05-21 21:54 - 2018-05-21 21:54 - 004492288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-21 21:54 - 2018-05-21 21:54 - 003398144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-21 21:54 - 2018-05-21 21:54 - 000925696 ____N (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-21 21:54 - 2018-05-21 21:54 - 000575488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-21 21:54 - 2018-05-21 21:54 - 000100352 ____N (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-21 21:54 - 2018-05-21 21:54 - 000082432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-21 21:54 - 2018-05-21 21:54 - 000076060 ____N C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-21 21:54 - 2018-05-21 21:54 - 000076060 ____N C:\WINDOWS\system32\xpsrchvw.xml
2018-05-21 21:53 - 2018-05-21 21:53 - 001166520 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-21 21:53 - 2018-05-21 21:53 - 000778936 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-21 21:53 - 2018-05-21 21:53 - 000124624 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-21 21:53 - 2018-05-21 21:53 - 000103120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-21 21:53 - 2018-05-21 21:53 - 000035456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-21 21:53 - 2018-05-21 21:53 - 000035456 ____N (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-05 18:34 - 2016-12-14 03:46 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2018-06-05 18:23 - 2016-10-17 03:21 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-06-05 18:04 - 2016-07-29 13:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-05 17:49 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-06-05 17:42 - 2016-12-14 03:33 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-06-05 17:41 - 2016-12-14 03:41 - 000000000 ____D C:\WINDOWS\HP
2018-06-05 17:41 - 2016-12-14 03:28 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-06-05 17:41 - 2016-10-17 03:20 - 000000000 ___HD C:\Users\Default\Documents\hp.system.package.metadata
2018-06-05 17:41 - 2016-08-23 20:10 - 000000000 ____D C:\SWSETUP
2018-06-05 17:37 - 2016-12-14 03:43 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2018-06-05 17:37 - 2016-12-14 03:26 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-06-05 17:37 - 2016-10-17 03:21 - 000000000 ___RD C:\Program Files (x86)\Online Services
2018-06-05 17:36 - 2016-12-14 03:27 - 000000000 ____D C:\Program Files (x86)\Intel
2018-06-05 17:36 - 2016-10-17 03:22 - 000000000 ____D C:\Program Files (x86)\HP Inc
2018-06-05 17:36 - 2016-10-17 03:20 - 000000000 ____D C:\Program Files (x86)\HP
2018-06-05 17:36 - 2016-10-17 03:20 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2018-06-05 17:35 - 2016-10-17 03:22 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-06-05 17:35 - 2016-10-17 03:21 - 000000000 ___RD C:\Program Files\Online Services
2018-06-05 17:34 - 2016-10-17 03:22 - 000000000 ____D C:\Program Files\HPCommRecovery
2018-06-05 17:34 - 2016-10-17 03:20 - 000000000 ____D C:\Program Files\HP
2018-06-05 17:31 - 2016-12-14 03:32 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-06-05 17:31 - 2016-10-17 03:22 - 000000000 ____D C:\Program Files\Bonjour
2018-06-05 17:31 - 2016-10-14 20:36 - 000000000 ___HD C:\hp
2018-06-05 14:36 - 2018-04-12 00:34 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhsetup.dll
2018-06-05 14:36 - 2018-04-12 00:34 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\hh.exe
2018-06-05 14:35 - 2018-04-12 00:34 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-05 14:35 - 2018-04-12 00:34 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-05 14:35 - 2018-04-12 00:34 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-05 14:35 - 2018-04-12 00:34 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 000439088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-05 14:35 - 2018-04-12 00:34 - 000248976 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 000209312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2018-06-05 14:35 - 2018-04-12 00:34 - 000159752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2018-06-05 14:35 - 2018-04-12 00:34 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-06-05 14:35 - 2018-04-12 00:34 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2018-06-05 14:35 - 2018-04-12 00:33 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-06-05 14:35 - 2018-04-12 00:33 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000130976 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000008192 _____ C:\WINDOWS\system32\settings.dat
2018-06-05 14:34 - 2018-04-12 00:33 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2018-06-05 14:34 - 2018-04-12 00:33 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-05 14:34 - 2018-04-12 00:33 - 000073632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-06-05 14:34 - 2018-04-12 00:33 - 000020896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
 
==================== Files in the root of some directories =======
 
2018-06-05 21:04 - 2018-06-05 21:17 - 001388448 _____ () C:\Users\Public\ASR.dat
 
Some files in TEMP:
====================
2018-06-05 19:15 - 2018-04-12 00:34 - 001946304 _____ (Microsoft Corporation) C:\Users\suff2\AppData\Local\Temp\dllnt_dump.dll
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-05 17:16
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by suff2 (05-06-2018 21:27:53)
Running from C:\Users\suff2\Desktop
Windows 10 Home Version 1803 17134.48 (X64) (2018-06-05 16:53:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2131389051-3585489687-4280800276-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2131389051-3585489687-4280800276-503 - Limited - Disabled)
Guest (S-1-5-21-2131389051-3585489687-4280800276-501 - Limited - Disabled)
suff2 (S-1-5-21-2131389051-3585489687-4280800276-1001 - Administrator - Enabled) => C:\Users\suff2
WDAGUtilityAccount (S-1-5-21-2131389051-3585489687-4280800276-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Energy Star (HKLM\...\{5CB22648-35F8-41BC-9C35-1E41FE6E12A5}) (Version: 1.1.1 - HP Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.62 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.294 - SurfRight B.V.)
HP 3D DriveGuard (HKLM-x32\...\{8F183B2E-D21D-4070-8132-DD39C3CBFA5C}) (Version: 6.0.41.1 - HP)
HP Audio Switch (HKLM-x32\...\{0C5D69BD-B518-46DB-8471-506CD27F9478}) (Version: 1.0.138.0 - HP Inc.)
HP CoolSense (HKLM-x32\...\{0C723C74-62DF-4B35-9490-A207546D866D}) (Version: 2.21.4 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP JumpStart Bridge (HKLM-x32\...\{9B252E0D-7B31-48A6-B01E-B5CCBA286E8E}) (Version: 1.1.0.168 - HP Inc.)
HP JumpStart Launch (HKLM-x32\...\{B90CB0DE-2E60-41C4-9857-466EB98192BF}) (Version: 1.1.158.0 - HP Inc.)
HP Orbit (HKLM-x32\...\{94fe0719-8e44-4833-a106-b54ad117949f}) (Version: 1.0.0.191 - HP Inc.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8357.5639 - HP Inc.)
HP Support Assistant (HKLM-x32\...\{30514137-FB26-4E1A-A3B4-5B48680F3ECE}) (Version: 8.3.39.21 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{D566DA31-9325-400E-B309-4BBA18B367E3}) (Version: 12.5.32.53 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.28 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{29E20347-C62F-4657-938E-876A182B67F1}) (Version: 1.4.14 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.6.0.1030 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{edcc2d98-dba0-4914-ba46-6dae7352cea9}) (Version: 19.20.0000.5007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.4.0.8 - IObit)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.19.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.19.0 - Adlice Software)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.66 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxDTCM.dll [2017-09-01] (Intel Corporation)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {132DC7FC-8F60-44FB-9C68-6BEF8780B571} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe [2016-09-22] (HP Inc.)
Task: {26B609BF-6F96-4DEC-888A-D44D5498BF5E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-09-21] (HP Inc.)
Task: {4084731A-5FAD-4D23-AFB0-64DE2C27AAA7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-09-22] (HP Inc.)
Task: {42A2BF09-C50E-40A9-A0E3-8F22F4E56000} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-09-21] (HP Inc.)
Task: {4E481E6E-E6E4-4140-A8A1-2E634DCE7501} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {50F61C8F-3487-4D7E-A365-FC633E8D00F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-09-21] (HP Inc.)
Task: {5B8B8ACE-F57B-47E9-B66B-DA5E0A1B8559} - System32\Tasks\HPEA3JOBS => C:\Program [Argument = Files\HP\HP ePrint\hpeprint.exe /CheckJobs]
Task: {761148EC-7DD0-4A15-9DFF-4D40C52AA9E1} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe [2016-08-05] ()
Task: {77460D0C-395D-47A9-A725-8B0F542CD2C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-05] (Google Inc.)
Task: {7760F53A-FFA3-4416-9F2B-C6911C51A6F1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-09-21] (HP Inc.)
Task: {82DEC2A8-1852-4BE7-BFF5-D57D13F42031} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\HP\HP Registration Service\HP GenOOBE\HPGenOOBE.exe [2016-07-12] (HP Inc.)
Task: {9855ABDA-4574-48C9-864B-0DC0B995EDCF} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [2016-10-04] (HP Inc.)
Task: {9DB1C983-C847-4553-9D74-6DF61994388B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-09-22] (HP Inc.)
Task: {A40F1C4E-CF4F-46E1-9412-8A914CB9822D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-05] (Google Inc.)
Task: {A85240F5-0A22-40B8-A88D-E14A899E4D1F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [2018-06-05] (Microsoft Corporation)
Task: {B4B6C54C-B23E-483F-BCB2-ABDEF7A58AF9} - System32\Tasks\HP\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\HP\HP CoolSense\CoolSense.exe [2016-01-21] (HP Development Company, L.P.)
Task: {CCAA5D07-4B7E-4B0E-9ACB-A9EEA1030CA7} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {E4D7F409-B7B2-408B-B9F5-493A9E182743} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-09-21] (HP Inc.)
Task: {FCF107A1-2CDB-4628-B784-C1020339F9EA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-09-22] (HP Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 ____N () C:\Windows\System32\InputHost.dll
2018-06-05 21:12 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2016-08-05 15:42 - 2016-08-05 15:42 - 000843800 _____ () C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 ____N () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 ____N () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 00:35 - 2018-06-05 14:35 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-06-05 18:12 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2018-06-05 18:12 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2018-06-05 18:12 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-06-05 18:12 - 2018-01-25 17:02 - 000899856 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2018-06-05 18:12 - 2018-01-25 17:01 - 000631568 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2018-06-05 18:12 - 2017-05-22 11:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 12:47 - 2018-06-05 20:42 - 000000826 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2131389051-3585489687-4280800276-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E62A7581-4442-4930-B749-86E39B6E008A}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{0A46D21A-C1CA-4FD3-A6F0-295B8D41A059}] => (Allow) LPort=13148
FirewallRules: [{0850C5FB-F85D-49AB-941D-517142E16610}] => (Allow) C:\Program Files\HP\HP Orbit Service\HPOrbitService.exe
FirewallRules: [{DEA2E6E2-0B3A-4213-B717-3E8A7141EE43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FB0CB153-CD50-4EA9-91E1-3917759AF7EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{05B5A633-FCDF-4C23-99F9-4C3A0B8BC60B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1B03D57F-2440-4767-8491-BB7E8667EFD4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{25E2D36C-14BF-4705-AC6D-4D0F770042FF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/05/2018 09:21:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPCommRecovery.exe, version: 1.0.0.28, time stamp: 0x57d25ae2
Faulting module name: KERNELBASE.dll, version: 10.0.17134.1, time stamp: 0x701ca188
Exception code: 0xe0434352
Fault offset: 0x000000000003f218
Faulting process ID: 0x7f8
Faulting application start time: 0x01d3fd0a875aae6a
Faulting application path: C:\Program Files\HPCommRecovery\HPCommRecovery.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: d01b5dbd-eda3-43a0-95bd-a6d0108dfc88
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/05/2018 09:21:38 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HPCommRecovery.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
   at NativeWifi.WlanClient+WlanInterface.GetAvailableNetworkList(WlanGetAvailableNetworkFlags)
   at NativeWifi.WlanClient.FindNetwork(System.String)
   at _HPCommRecovery.HPCommRecovery.NotificationCodeAcmOccur(WlanNotificationData)
   at _HPCommRecovery.HPCommRecovery.OnNotificationData(WlanNotificationData)
   at NativeWifi.NotificationDataOccur.Invoke(WlanNotificationData)
   at NativeWifi.WlanClient.OnWlanNotification(WlanNotificationData ByRef, IntPtr)
 
Error: (06/05/2018 08:49:54 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "aspnet_state" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (06/05/2018 08:49:54 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET_4.0.30319" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (06/05/2018 08:49:54 PM) (Source: Perflib) (EventID: 1017) (User: )
Description: Disabled performance counter data collection from the "ASP.NET_2.0.50727" service because the performance counter library for that service has generated one or more errors. The errors that forced this action have been written to the application event log. Correct the errors before enabling the performance counters for this service.
 
Error: (06/05/2018 08:49:54 PM) (Source: Perflib) (EventID: 1021) (User: )
Description: Windows cannot open the 32-bit extensible counter DLL ASP.NET_2.0.50727 in a 64-bit environment. Contact the file vendor to obtain a 64-bit version. Alternatively, you can open the 32-bit extensible counter DLL by using the 32-bit version of Performance Monitor. To use this tool, open the Windows folder, open the Syswow64 folder, and then start Perfmon.exe.
 
Error: (06/05/2018 08:49:54 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "ASP.NET" in DLL "C:\Windows\System32\aspnet_counters.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
 
Error: (06/05/2018 07:14:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Faulting module name: mbamservice.exe, version: 3.2.21.0, time stamp: 0x56bd3616
Exception code: 0x40000015
Fault offset: 0x000ad2a6
Faulting process ID: 0x1d80
Faulting application start time: 0x01d3fcf8fbc43eb3
Faulting application path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
Faulting module path: C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
Report ID: afc1fa9b-9e2d-4746-b02e-1a27b088f4b5
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (06/05/2018 09:21:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Comm Recovery service terminated unexpectedly. It has done this 1 time(s).
 
Error: (06/05/2018 09:21:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/05/2018 09:21:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/05/2018 09:21:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/05/2018 09:21:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/05/2018 09:21:17 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-I2D8U483)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-I2D8U483\suff2 SID (S-1-5-21-2131389051-3585489687-4280800276-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/05/2018 09:20:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/05/2018 09:18:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
Windows Defender:
===================================
Date: 2018-06-05 21:26:57.272
Description: 
C:\Windows\System32\notepad.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2018-06-05T20:26:57.272Z
Path: %desktopdirectory%\
Process Name: C:\Windows\System32\notepad.exe
Signature Version: 1.269.708.0
Engine Version: 1.1.14901.4
Product Version: 4.13.17134.1
 
Date: 2018-06-05 21:26:57.272
Description: 
C:\Windows\System32\notepad.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2018-06-05T20:26:57.272Z
Path: %desktopdirectory%\
Process Name: C:\Windows\System32\notepad.exe
Signature Version: 1.269.708.0
Engine Version: 1.1.14901.4
Product Version: 4.13.17134.1
 
Date: 2018-06-05 21:26:09.864
Description: 
C:\Users\suff2\Desktop\FRST64.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2018-06-05T20:26:09.864Z
Path: %desktopdirectory%\
Process Name: C:\Users\suff2\Desktop\FRST64.exe
Signature Version: 1.269.708.0
Engine Version: 1.1.14901.4
Product Version: 4.13.17134.1
 
Date: 2018-06-05 21:25:39.486
Description: 
C:\Windows\System32\notepad.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2018-06-05T20:25:39.485Z
Path: %desktopdirectory%\
Process Name: C:\Windows\System32\notepad.exe
Signature Version: 1.269.708.0
Engine Version: 1.1.14901.4
Product Version: 4.13.17134.1
 
Date: 2018-06-05 21:25:39.486
Description: 
C:\Windows\System32\notepad.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2018-06-05T20:25:39.485Z
Path: %desktopdirectory%\
Process Name: C:\Windows\System32\notepad.exe
Signature Version: 1.269.708.0
Engine Version: 1.1.14901.4
Product Version: 4.13.17134.1
 
Date: 2018-06-05 21:27:56.368
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.708.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 26%
Total physical RAM: 8077.22 MB
Available physical RAM: 5950.55 MB
Total Virtual: 9997.22 MB
Available Virtual: 8009.35 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:916.85 GB) (Free:874.41 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.43 GB) (Free:1.41 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (UDISK 2.0) (Removable) (Total:1.86 GB) (Free:1.71 GB) FAT
 
\\?\Volume{712da13d-626a-4359-864f-55c046778255}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.42 GB) NTFS
\\?\Volume{1567e49d-5ea2-463d-917f-59f9e6d8236b}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A24C06A2)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 56F40E63)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=0E)
 
==================== End of Addition.txt ============================

Edited by ld1234556, 05 June 2018 - 03:50 PM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:26 PM

Posted 06 June 2018 - 09:54 AM

ld1234556:

 
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Assistance Forum.  My name is Phil.  May I address you by your first name?
 
I will be assisting you with your computer issues.  I will endeavor to respond within a reasonable time.   Forum policy requires that I post within 48 hours after your last post, but I do endeavor to post within 24 hours of your last post.
 
I would ask that you please continue to copy and paste the contents of all requested log files directly into your replies.   Please do not use "code" or "quote" boxes.  Thank you for your anticipated cooperation.
 
I will need some time to review your FRST logs.  That could take a day or two, but I do hope to respond later today with an initial FRST "fixlist" script.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:26 PM

Posted 06 June 2018 - 11:48 AM

ld1234556:

Thank you for your patience while I analyzed your FRST logs.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I can only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools. Malware removal can cause unpredictable and unintended issues. Also you should be aware that some of the tools and scripts that will be used, will remove malware detected, without notice.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only the tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post(s), unless otherwise instructed. Please do not use code or quote boxes.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: Please run a FRST fix for me. This fix will also turn on your System Restore Points, which are turned off by default in Windows 10. This enables us to have a "fallback", just in case. You can turn off the System Restore Points, if you want, after we are done with your topic. While you are working with me, I would appreciate you keeping the System Restore Points turned on. Thank you for your anticipated cooperation.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.
 

Start::
StartPowershell:
enable-computerrestore -drive "c:\"
vssadmin resize shadowstorage /on=c: /for=c: /maxsize=15GB
checkpoint-computer -description "FRST"
EndPowershell:
CreateRestorePoint:
CloseProcesses:
U3 aspnet_state; no ImagePath
File: C:\WINDOWS\system32\Drivers\103C_HP_cNB_Pavilion Notebook_Y5335KV_0U_Q5CD6501PVJ_E5CD61976BL27 DPS_4A_I8215_SHP_V83.14_BF.23_T161013_W1101-0_L809_M8078_J1000_7Intel_86E9_92.40_#161214_N808624FB;10EC8136_(Z9F54EA#ABU)_XMOBILE_CN10_Z.MRK
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Once I receive your next post with the FRST "fixlog.txt" results, then we will move on to run some standard anti-malware scans.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 ld1234556

ld1234556
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 06 June 2018 - 05:27 PM

Hi Phil thankyou so much. since i started the topic ive done several other scans. so here is another frst64 scan. Since doing other scans, malwarebytes premium doesnt find anything, so im hoping the problem is resolved. Ill post my new 1st Frst64 log, ill await your instruction

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 06.06.2018 01
Ran by suff2 (administrator) on LAPTOP-I2D8U483 (06-06-2018 23:21:29)
Running from C:\Users\suff2\Desktop
Loaded Profiles: suff2 &  (Available Profiles: suff2)
Platform: Windows 10 Home Version 1803 17134.48 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxCUIService.exe
(HP) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHDCPSvc.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.20915.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.1_none_eedfeda03074e04e\TiWorker.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8900104 2016-09-09] (Realtek Semiconductor)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 185.13.191.62 182.13.190.232
Tcpip\..\Interfaces\{09cae380-7b7e-46c5-8275-a617a9ddeeac}: [DhcpNameServer] 185.13.191.62 182.13.190.232
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131726972696903788&GUID=D5422B88-CEDD-44C2-A5D1-22CFC38963F9
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131726972697084106&GUID=D5422B88-CEDD-44C2-A5D1-22CFC38963F9
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2131389051-3585489687-4280800276-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-2131389051-3585489687-4280800276-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=620947&OCID=AVRES000&pc=UE00
HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
SearchScopes: HKLM -> {5AA42492-44F0-4D1F-B329-5C0E21C18FE7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {5AA42492-44F0-4D1F-B329-5C0E21C18FE7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001 -> {5AA42492-44F0-4D1F-B329-5C0E21C18FE7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485 -> {5AA42492-44F0-4D1F-B329-5C0E21C18FE7} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2018-01-25] (IObit)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-06-06] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
 
Chrome: 
=======
CHR Profile: C:\Users\suff2\AppData\Local\Google\Chrome\User Data\Default [2018-06-06]
CHR Extension: (Docs) - C:\Users\suff2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-06-06]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 esifsvc; C:\WINDOWS\system32\Intel\DPTF\esif_uf.exe [2208888 2016-09-19] (Intel Corporation)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [897536 2016-09-09] (HP Inc.) [File not signed]
R2 hpsrv; C:\windows\system32\Hpservice.exe [38752 2016-09-26] (HP)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [17976 2016-09-20] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2017-12-06] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-07-26] (Intel® Corporation)
R2 IObitUnSvr; C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe [206096 2018-01-25] (IObit)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-08-04] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [317952 2016-09-09] (Realtek Semiconductor)
S3 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [360456 2018-03-05] (Synaptics Incorporated)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-06-06] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-06-06] (Microsoft Corporation)
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-08-04] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Accelerometer; C:\WINDOWS\System32\drivers\Accelerometer.sys [53760 2017-12-18] (HP)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [66624 2016-09-19] (Intel Corporation)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2017-10-29] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2017-10-29] (Disc Soft Ltd)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [350272 2016-09-19] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152184 2018-04-26] (Malwarebytes)
R0 hpdskflt; C:\WINDOWS\System32\drivers\hpdskflt.sys [39936 2017-12-18] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2017-12-06] (Intel Corporation)
R3 IUFileFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys [39904 2017-06-06] (IObit.com)
R3 IURegProcessFilter; C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegProcessFilter.sys [40328 2018-01-10] (IObit.com)
R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [190696 2018-06-06] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [112864 2018-06-06] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [44768 2018-06-06] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-05] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [103648 2018-06-06] (Malwarebytes)
R1 MpKslaf34d925; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1EF1E7F4-C514-483D-A91C-336F5D02E523}\MpKslaf34d925.sys [58120 2018-06-06] (Microsoft Corporation)
R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623040 2018-02-05] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [943112 2016-08-05] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [787968 2016-12-30] (Realsil Semiconductor Corporation)
S3 SIVDriver; C:\WINDOWS\system32\Drivers\SIVX64.sys [181904 2018-02-14] (Ray Hinchliffe)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [53768 2018-03-05] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [55304 2018-03-05] (Synaptics Incorporated)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-06-06] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-06-06] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-06-06] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34960 2018-02-02] (HP)
U3 aspnet_state; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-06 23:21 - 2018-06-06 23:21 - 000000000 ____D C:\Users\suff2\Desktop\FRST-OlderVersion
2018-06-06 23:17 - 2018-06-06 23:17 - 001388448 _____ C:\Users\Public\VOIP.dat
2018-06-06 23:17 - 2018-06-06 23:17 - 001388448 _____ C:\Users\Public\ASR.dat
2018-06-06 15:26 - 2018-06-06 15:26 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-06-06 15:26 - 2018-06-06 15:26 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-06-06 15:26 - 2018-06-06 15:20 - 001130840 _____ (Google Inc.) C:\Users\suff2\Desktop\ChromeSetup.exe
2018-06-06 11:42 - 2018-06-06 11:42 - 073924608 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-06-06 11:11 - 2018-06-06 11:42 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2018-06-06 10:55 - 2018-06-06 10:56 - 000103648 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2018-06-06 10:55 - 2018-06-06 10:55 - 000190696 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
2018-06-06 10:55 - 2018-06-06 10:55 - 000112864 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2018-06-06 10:55 - 2018-06-06 10:55 - 000044768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2018-06-06 01:01 - 2018-06-06 10:10 - 000000000 ____D C:\Users\suff2\AppData\Roaming\vlc
2018-06-06 00:02 - 2018-06-06 00:02 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2411F6E8.sys
2018-06-06 00:01 - 2018-06-06 00:48 - 000000000 ____D C:\Users\suff2\Desktop\mbar
2018-06-06 00:00 - 2018-06-06 00:00 - 014178840 _____ (Malwarebytes Corp.) C:\Users\suff2\Downloads\mbar-1.10.3.1001.exe
2018-06-05 22:02 - 2018-02-14 08:43 - 000181904 _____ (Ray Hinchliffe) C:\WINDOWS\system32\Drivers\SIVX64.sys
2018-06-05 21:57 - 2018-04-05 20:07 - 000039235 _____ C:\Users\suff2\Desktop\tron.bat
2018-06-05 21:56 - 2018-06-05 22:00 - 000000000 ____D C:\Users\suff2\Desktop\tron
2018-06-05 21:56 - 2018-05-21 20:37 - 000000000 ____D C:\Users\suff2\Desktop\integrity_verification
2018-06-05 21:56 - 2018-04-04 18:44 - 000000000 ____D C:\Users\suff2\Desktop\resources
2018-06-05 21:38 - 2018-06-05 21:40 - 000001872 _____ C:\Users\suff2\Desktop\Rkill.txt
2018-06-05 21:38 - 2018-06-05 21:38 - 000988112 _____ (Bleeping Computer, LLC) C:\Users\suff2\Downloads\rkill64.exe
2018-06-05 21:36 - 2018-06-05 21:36 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\suff2\Downloads\rkill.exe
2018-06-05 21:27 - 2018-06-06 23:22 - 000014385 _____ C:\Users\suff2\Desktop\FRST.txt
2018-06-05 21:27 - 2018-06-05 21:28 - 000029305 _____ C:\Users\suff2\Desktop\Addition.txt
2018-06-05 21:14 - 2018-06-05 21:16 - 000000000 ____D C:\AdwCleaner
2018-06-05 21:14 - 2018-06-05 20:32 - 007271632 _____ (Malwarebytes) C:\Users\suff2\Desktop\AdwCleaner.exe
2018-06-05 21:12 - 2018-06-05 21:12 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-05 21:12 - 2018-06-05 21:12 - 000000000 ____D C:\Program Files\Malwarebytes
2018-06-05 21:12 - 2018-04-26 05:36 - 000152184 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
2018-06-05 21:11 - 2018-06-06 23:21 - 002413056 _____ (Farbar) C:\Users\suff2\Desktop\FRST64.exe
2018-06-05 21:11 - 2018-06-05 20:30 - 077239112 _____ (Malwarebytes ) C:\Users\suff2\Desktop\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5354.exe
2018-06-05 20:45 - 2018-06-05 20:45 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-05 20:44 - 2018-06-05 20:44 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-05 20:38 - 2018-06-05 20:38 - 000000000 ____D C:\Program Files\HitmanPro
2018-06-05 20:34 - 2018-06-06 23:21 - 000000000 ____D C:\FRST
2018-06-05 20:05 - 2018-06-05 22:34 - 000000000 ____D C:\Users\suff2\AppData\Roaming\hpqLog
2018-06-05 19:44 - 2018-06-05 19:45 - 077239112 _____ (Malwarebytes ) C:\Users\suff2\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.365-1.0.5354.exe
2018-06-05 19:34 - 2018-06-05 19:55 - 000001258 _____ C:\Users\suff2\Desktop\Google Chrome.lnk
2018-06-05 19:17 - 2018-06-05 20:14 - 000028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2018-06-05 18:55 - 2018-06-05 19:00 - 001575948 _____ C:\WINDOWS\Minidump\060518-57390-01.dmp
2018-06-05 18:55 - 2018-06-05 18:55 - 882191185 _____ C:\WINDOWS\MEMORY.DMP
2018-06-05 18:55 - 2018-06-05 18:55 - 000000000 ____D C:\WINDOWS\Minidump
2018-06-05 18:51 - 2018-06-05 18:06 - 000548000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-06-05 18:50 - 2018-06-06 23:16 - 000000000 ____D C:\Users\suff2\AppData\Local\CrashDumps
2018-06-05 18:49 - 2018-06-05 18:49 - 000001110 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-06-05 18:49 - 2018-06-05 18:49 - 000000000 ____D C:\Users\suff2\AppData\Local\DBG
2018-06-05 18:48 - 2018-06-05 18:48 - 000000000 ____D C:\Program Files (x86)\VideoLAN
2018-06-05 18:40 - 2018-06-06 15:28 - 000002303 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-06-05 18:39 - 2018-06-06 15:28 - 000000000 ____D C:\Users\suff2\AppData\Local\Google
2018-06-05 18:39 - 2018-06-06 15:27 - 000000000 ____D C:\Program Files (x86)\Google
2018-06-05 18:39 - 2018-06-05 18:39 - 000000000 ____D C:\Program Files\RogueKiller
2018-06-05 18:32 - 2018-06-05 21:06 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2018-06-05 18:32 - 2018-06-05 18:32 - 000000000 ____D C:\Users\suff2\Desktop\Malwarebytes Anti-Malware Premium 2.2.1.1043 + License Key [SadeemPC]
2018-06-05 18:20 - 2018-06-05 18:20 - 000000000 ____D C:\Users\suff2\AppData\Local\PackageStaging
2018-06-05 18:19 - 2018-06-05 21:50 - 000000000 ____D C:\Users\suff2\AppData\Local\Comms
2018-06-05 18:18 - 2018-06-05 18:18 - 000004098 _____ C:\WINDOWS\System32\Tasks\HPGenoobeReminder
2018-06-05 18:17 - 2018-06-05 18:17 - 000000000 ____D C:\Users\suff2\AppData\Local\Cyberlink
2018-06-05 18:15 - 2018-06-05 18:15 - 000000000 ____D C:\Users\suff2\AppData\Roaming\WildTangent
2018-06-05 18:13 - 2018-06-05 18:13 - 000000000 ____D C:\Users\suff2\AppData\LocalLow\IObit
2018-06-05 18:12 - 2018-06-05 18:12 - 000001438 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2018-06-05 18:11 - 2018-06-05 19:59 - 000000000 ____D C:\Users\suff2\AppData\Local\D3DSCache
2018-06-05 18:11 - 2018-06-05 18:11 - 000000000 ____D C:\Program Files (x86)\IObit
2018-06-05 18:09 - 2018-06-05 18:47 - 000000000 ____D C:\Users\suff2\AppData\Roaming\IObit
2018-06-05 18:08 - 2018-06-05 18:08 - 000000000 ____D C:\Users\suff2\AppData\Roaming\Macromedia
2018-06-05 18:07 - 2018-06-05 18:14 - 000000000 ____D C:\Users\suff2\Desktop\films
2018-06-05 18:06 - 2018-06-05 21:56 - 000000000 ____D C:\Users\suff2\Desktop\Essentials
2018-06-05 18:06 - 2018-06-05 18:06 - 000000000 ____D C:\Users\suff2\AppData\Roaming\Hewlett-Packard
2018-06-05 18:06 - 2018-06-05 08:51 - 638160005 _____ (Igor Pavlov) C:\Users\suff2\Desktop\Tron v10.5.1 (2018-05-21).exe
2018-06-05 18:06 - 2018-06-01 09:28 - 036617024 _____ (Adlice Software ) C:\Users\suff2\Desktop\RogueKiller_setup.exe
2018-06-05 18:05 - 2018-06-05 22:27 - 000000000 ____D C:\Users\suff2\AppData\Roaming\HP
2018-06-05 18:05 - 2018-06-05 18:32 - 000000000 ___RD C:\Users\suff2\OneDrive
2018-06-05 18:04 - 2018-06-06 04:07 - 000000000 ____D C:\Users\suff2\AppData\Local\PlaceholderTileLogoFolder
2018-06-05 18:04 - 2018-06-05 20:05 - 000000000 ____D C:\Users\suff2\AppData\Local\Hewlett-Packard
2018-06-05 18:03 - 2018-06-05 18:03 - 000001417 _____ C:\Users\suff2\Desktop\Microsoft Edge.lnk
2018-06-05 18:02 - 2018-06-05 18:30 - 000000000 ____D C:\Users\suff2\AppData\Local\Publishers
2018-06-05 18:02 - 2018-06-05 18:02 - 000000000 ___HD C:\Users\suff2\MicrosoftEdgeBackups
2018-06-05 18:02 - 2018-06-05 18:02 - 000000000 ____D C:\Users\suff2\AppData\Local\MicrosoftEdge
2018-06-05 18:01 - 2018-06-06 13:50 - 000000000 ____D C:\Users\suff2\AppData\Local\Packages
2018-06-05 18:01 - 2018-06-06 10:44 - 000000000 __SHD C:\Users\suff2\IntelGraphicsProfiles
2018-06-05 18:01 - 2018-06-05 18:03 - 000000000 ____D C:\Users\suff2\AppData\Local\ConnectedDevicesPlatform
2018-06-05 18:01 - 2018-06-05 18:01 - 000000000 ___RD C:\Users\suff2\3D Objects
2018-06-05 18:01 - 2018-06-05 18:01 - 000000000 ____D C:\Users\suff2\AppData\Roaming\Synaptics
2018-06-05 18:01 - 2018-06-05 18:01 - 000000000 ____D C:\Users\suff2\AppData\Roaming\Intel
2018-06-05 18:01 - 2018-06-05 18:01 - 000000000 ____D C:\Users\suff2\AppData\Roaming\Adobe
2018-06-05 18:01 - 2018-06-05 18:01 - 000000000 ____D C:\Users\suff2\AppData\Local\VirtualStore
2018-06-05 17:58 - 2018-06-05 21:05 - 000000000 ____D C:\Users\suff2
2018-06-05 17:58 - 2018-06-05 17:58 - 000000020 ___SH C:\Users\suff2\ntuser.ini
2018-06-05 17:58 - 2018-06-05 17:41 - 000000000 ___HD C:\Users\suff2\Documents\hp.system.package.metadata
2018-06-05 17:58 - 2016-10-17 03:20 - 000000000 ___HD C:\Users\suff2\Documents\hp.applications.package.appdata
2018-06-05 17:54 - 2018-06-05 21:42 - 000907826 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-05 17:51 - 2018-06-06 10:43 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-05 17:51 - 2018-06-05 22:34 - 000000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2018-06-05 17:51 - 2018-06-05 17:51 - 000003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2018-06-05 17:51 - 2018-06-05 17:51 - 000002252 _____ C:\WINDOWS\System32\Tasks\HPJumpStartProvider
2018-06-05 17:50 - 2018-06-06 00:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-05 17:50 - 2018-06-05 17:50 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-06-05 17:49 - 2018-04-12 00:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-06-05 17:30 - 2018-06-05 17:30 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-06-05 17:22 - 2018-06-05 17:22 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2018-06-05 17:22 - 2018-06-05 17:22 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-06-05 17:21 - 2018-06-05 22:36 - 000000000 ____D C:\Program Files\Intel
2018-06-05 17:21 - 2018-06-05 22:06 - 000000000 ____D C:\Intel
2018-06-05 17:21 - 2018-06-05 17:21 - 000146463 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2018-06-05 17:21 - 2018-06-05 17:21 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-06-05 17:21 - 2018-06-05 17:21 - 000000000 ____D C:\WINDOWS\system32\SRSLabs
2018-06-05 17:21 - 2018-06-05 17:21 - 000000000 ____D C:\Program Files\Realtek
2018-06-05 17:21 - 2018-06-05 17:21 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-06-05 17:21 - 2018-06-05 17:21 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-06-05 17:21 - 2017-09-01 15:28 - 000140288 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2018-06-05 17:21 - 2017-09-01 15:28 - 000116744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2018-06-05 17:21 - 2017-02-25 00:23 - 000536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-06-05 17:21 - 2017-02-25 00:23 - 000525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-06-05 17:21 - 2017-02-25 00:23 - 000254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-06-05 17:21 - 2017-02-25 00:23 - 000233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-06-05 17:20 - 2018-06-05 17:20 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
2018-06-05 17:20 - 2018-06-05 17:20 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2018-06-05 17:20 - 2018-06-05 17:20 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
2018-06-05 17:20 - 2018-06-05 17:20 - 000000000 ____D C:\WINDOWS\system32\Intel
2018-06-05 17:17 - 2018-06-06 23:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-05 17:17 - 2018-06-05 17:46 - 000313512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-05 17:17 - 2018-06-05 17:17 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-06-05 14:55 - 2018-06-05 17:41 - 000000000 ___HD C:\system.sav
2018-06-05 14:55 - 2016-12-14 03:40 - 000000000 __RSH C:\WINDOWS\system32\Drivers\103C_HP_cNB_Pavilion Notebook_Y5335KV_0U_Q5CD6501PVJ_E5CD61976BL27 DPS_4A_I8215_SHP_V83.14_BF.23_T161013_W1101-0_L809_M8078_J1000_7Intel_86E9_92.40_#161214_N808624FB;10EC8136_(Z9F54EA#ABU)_XMOBILE_CN10_Z.MRK
2018-06-05 14:54 - 2018-06-05 14:58 - 000000000 ____D C:\Windows.old
2018-06-05 14:54 - 2018-06-05 14:54 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-06-05 14:52 - 2018-06-05 14:52 - 000000000 ____D C:\Program Files\Synaptics
2018-06-05 14:50 - 2018-06-05 14:50 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-06-05 14:50 - 2018-06-05 14:50 - 000000000 ____D C:\WINDOWS\Setup
2018-06-05 14:48 - 2018-06-05 17:41 - 000000000 ____D C:\WINDOWS\OCR
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-06-05 14:48 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\Program Files\MSBuild
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-06-05 14:48 - 2018-06-05 14:48 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\0409
2018-06-05 14:46 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-06-05 14:43 - 2018-05-01 22:22 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-05 14:43 - 2018-05-01 22:22 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-06-05 14:40 - 2018-06-06 15:28 - 000000000 ____D C:\Program Files (x86)
2018-06-05 14:40 - 2018-06-06 15:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-05 14:40 - 2018-06-06 13:50 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-05 14:40 - 2018-06-06 13:50 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-05 14:40 - 2018-06-05 20:35 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-06-05 14:40 - 2018-06-05 18:53 - 000000000 ____D C:\Program Files\Windows Defender
2018-06-05 14:40 - 2018-06-05 17:55 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-06-05 14:40 - 2018-06-05 17:51 - 000000000 ____D C:\WINDOWS\Registration
2018-06-05 14:40 - 2018-06-05 17:49 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-06-05 14:40 - 2018-06-05 17:42 - 000000000 ____D C:\WINDOWS\system32\spool
2018-06-05 14:40 - 2018-06-05 17:41 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-06-05 14:40 - 2018-06-05 17:31 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-05 14:40 - 2018-06-05 17:30 - 000000000 ____D C:\WINDOWS\appcompat
2018-06-05 14:40 - 2018-06-05 17:25 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-06-05 14:40 - 2018-06-05 17:25 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-05 14:40 - 2018-06-05 14:55 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-05 14:40 - 2018-06-05 14:54 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\Provisioning
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-05 14:40 - 2018-06-05 14:49 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-05 14:40 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-05 14:40 - 2018-06-05 14:48 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\system32\com
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\IME
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\Help
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\Program Files\Common Files\system
2018-06-05 14:40 - 2018-06-05 14:46 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 __RSD C:\WINDOWS\media
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 __RHD C:\Users\Public\Libraries
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Web
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\WaaS
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Vss
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\tracing
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\TAPI
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SystemResources
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SystemApps
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\ras
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\my-mm
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\IME
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\ias
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\DriverState
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\System
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SKB
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\ServiceState
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\security
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\schemas
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\SchCache
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Resources
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\rescache
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\PLA
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Performance
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\InputMethod
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\IdentityCRL
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Globalization
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Cursors
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\Branding
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\addins
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files\Windows Security
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files\windows nt
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files\Common Files\Services
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-06-05 14:40 - 2018-06-05 14:40 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-06-05 14:40 - 2018-06-05 14:36 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-06-05 14:40 - 2018-06-05 14:36 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-06-05 14:40 - 2018-06-05 14:36 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-06-05 14:40 - 2018-06-05 14:36 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-06-05 14:40 - 2018-06-05 14:36 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-06-05 14:40 - 2018-06-05 14:36 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-06-05 14:40 - 2018-06-05 14:36 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-06-05 14:40 - 2018-06-05 14:36 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-06-05 14:40 - 2018-06-05 14:36 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-06-05 14:37 - 2018-06-06 10:55 - 000000000 ____D C:\WINDOWS\INF
2018-06-05 14:29 - 2018-06-05 23:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-05 14:21 - 2018-06-06 11:42 - 090963968 _____ C:\WINDOWS\system32\config\SYSTEM
2018-06-05 14:21 - 2018-06-06 10:29 - 000524288 _____ C:\WINDOWS\system32\config\DEFAULT
2018-06-05 14:21 - 2018-06-06 10:29 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-05 14:21 - 2018-06-06 10:29 - 000131072 _____ C:\WINDOWS\system32\config\SAM
2018-06-05 14:21 - 2018-06-06 10:29 - 000032768 _____ C:\WINDOWS\system32\config\SECURITY
2018-06-05 14:21 - 2018-06-05 18:52 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-06-05 14:21 - 2018-06-05 17:53 - 000000000 ____D C:\WINDOWS\Panther
2018-06-05 14:21 - 2018-06-05 14:46 - 000000000 ____D C:\WINDOWS\servicing
2018-06-05 14:21 - 2018-06-05 14:40 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-06-05 13:17 - 2018-06-05 14:56 - 000000000 ___HD C:\$SysReset
2018-05-21 22:00 - 2018-05-21 22:00 - 013570560 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-21 22:00 - 2018-05-21 22:00 - 012500992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 025848832 ____N (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 023862272 ____N (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 022707712 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 022002688 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 021389360 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 020383720 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 019525120 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 019399168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 012712960 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 011903488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 009159064 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 008623104 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 008188928 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 007987712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 007583232 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 007519992 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 007436624 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 006661632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 006569952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 006044104 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 005951488 ____N (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 005782528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 004929024 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 004867072 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 004706816 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 004372992 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 004070400 ____N (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003732800 ____N C:\WINDOWS\system32\Windows.Mirage.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003712000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003655168 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 003440640 ____N (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003392512 ____N (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003389952 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003320320 ____N (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003283400 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003086336 ____N (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003015168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002961408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002902528 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002900992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002897408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 002841312 ____N C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002835864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 002753040 ____N (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002700800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002486976 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002422168 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 002366976 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002242208 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 002236928 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 002170368 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001953280 ____N C:\WINDOWS\system32\rdpnano.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001855488 ____N (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001817088 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001664512 ____N (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001636352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001634800 ____N (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001586176 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001585664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001565592 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001550848 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001534976 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001466368 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001456616 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-05-21 21:59 - 2018-05-21 21:59 - 001454016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001426328 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001421312 ____N (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001380864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001258280 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 001235968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001191168 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001174424 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 001160192 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 001063320 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-05-21 21:59 - 2018-05-21 21:59 - 001034624 ____N (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 001012120 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 000976384 ____N (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 000960512 ____N (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000944640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000933376 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000917504 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000898560 ____N (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000894464 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000885848 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000860160 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000836608 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000814592 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000788216 ____N (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000786168 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000776880 ____N (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000775680 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000758272 ____N (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000733992 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000726528 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000709816 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 000705944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 000695296 ____N (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-21 21:59 - 2018-05-21 21:59 - 000669184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000668672 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000665320 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000658432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000624128 ____N (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000619520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000615424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000613376 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000606448 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000604568 ____N (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 000596480 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000585728 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000584192 ____N (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000581120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-21 21:59 - 2018-05-21 21:59 - 000578560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000567136 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000561664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000559968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000553984 ____N (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000543744 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000524800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000494488 ____N (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 000474624 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000473496 ____N (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000444416 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000434584 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-21 21:59 - 2018-05-21 21:59 - 000392192 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000382872 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 000344064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000288256 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000272288 ____N (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000269216 ____N (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000256000 ____N (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000241664 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000171520 ____N (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000170904 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-05-21 21:59 - 2018-05-21 21:59 - 000159744 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000154112 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000150528 ____N (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000150016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000144384 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000143360 ____N (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000142336 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000134552 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000117760 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000046592 ____N (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000023552 ____N (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000019968 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000002560 ____N (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 000001312 ____N C:\WINDOWS\system32\tcbres.wim
2018-05-21 21:54 - 2018-05-21 21:54 - 004492288 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-21 21:54 - 2018-05-21 21:54 - 003398144 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-21 21:54 - 2018-05-21 21:54 - 000925696 ____N (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-21 21:54 - 2018-05-21 21:54 - 000575488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-21 21:54 - 2018-05-21 21:54 - 000100352 ____N (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-21 21:54 - 2018-05-21 21:54 - 000082432 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-21 21:54 - 2018-05-21 21:54 - 000076060 ____N C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-21 21:54 - 2018-05-21 21:54 - 000076060 ____N C:\WINDOWS\system32\xpsrchvw.xml
2018-05-21 21:53 - 2018-05-21 21:53 - 001166520 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-21 21:53 - 2018-05-21 21:53 - 000778936 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-21 21:53 - 2018-05-21 21:53 - 000124624 ____N (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-21 21:53 - 2018-05-21 21:53 - 000103120 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-21 21:53 - 2018-05-21 21:53 - 000035456 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-21 21:53 - 2018-05-21 21:53 - 000035456 ____N (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-05 22:36 - 2016-12-14 03:27 - 000000000 ____D C:\Program Files (x86)\Intel
2018-06-05 22:35 - 2016-10-17 03:20 - 000000000 ____D C:\Program Files (x86)\HP
2018-06-05 22:35 - 2016-10-17 03:20 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2018-06-05 22:31 - 2016-10-17 03:20 - 000000000 ____D C:\Program Files\HP
2018-06-05 18:34 - 2016-12-14 03:46 - 000000000 ____D C:\Program Files (x86)\WildTangent Games
2018-06-05 18:23 - 2016-10-17 03:21 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-06-05 18:04 - 2016-07-29 13:33 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-05 17:49 - 2016-07-16 12:47 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-06-05 17:42 - 2016-12-14 03:33 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-06-05 17:41 - 2016-12-14 03:41 - 000000000 ____D C:\WINDOWS\HP
2018-06-05 17:41 - 2016-12-14 03:28 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2018-06-05 17:41 - 2016-10-17 03:20 - 000000000 ___HD C:\Users\Default\Documents\hp.system.package.metadata
2018-06-05 17:41 - 2016-08-23 20:10 - 000000000 ____D C:\SWSETUP
2018-06-05 17:37 - 2016-12-14 03:43 - 000000000 ____D C:\Program Files (x86)\NSIS Uninstall Information
2018-06-05 17:37 - 2016-12-14 03:26 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-06-05 17:37 - 2016-10-17 03:21 - 000000000 ___RD C:\Program Files (x86)\Online Services
2018-06-05 17:36 - 2016-10-17 03:22 - 000000000 ____D C:\Program Files (x86)\HP Inc
2018-06-05 17:35 - 2016-10-17 03:22 - 000000000 ____D C:\Program Files (x86)\Bonjour
2018-06-05 17:35 - 2016-10-17 03:21 - 000000000 ___RD C:\Program Files\Online Services
2018-06-05 17:34 - 2016-10-17 03:22 - 000000000 ____D C:\Program Files\HPCommRecovery
2018-06-05 17:31 - 2016-12-14 03:32 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-06-05 17:31 - 2016-10-17 03:22 - 000000000 ____D C:\Program Files\Bonjour
2018-06-05 14:36 - 2018-04-12 00:34 - 000055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhsetup.dll
2018-06-05 14:36 - 2018-04-12 00:34 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\hh.exe
2018-06-05 14:35 - 2018-04-12 00:34 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-05 14:35 - 2018-04-12 00:34 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-05 14:35 - 2018-04-12 00:34 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-05 14:35 - 2018-04-12 00:34 - 000506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 000439088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-05 14:35 - 2018-04-12 00:34 - 000248976 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 000209312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2018-06-05 14:35 - 2018-04-12 00:34 - 000159752 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2018-06-05 14:35 - 2018-04-12 00:34 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll
2018-06-05 14:35 - 2018-04-12 00:34 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-06-05 14:35 - 2018-04-12 00:34 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2018-06-05 14:35 - 2018-04-12 00:33 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-06-05 14:35 - 2018-04-12 00:33 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000504832 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\itircl.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000130976 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-06-05 14:34 - 2018-04-12 00:34 - 000008192 _____ C:\WINDOWS\system32\settings.dat
2018-06-05 14:34 - 2018-04-12 00:33 - 002755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2018-06-05 14:34 - 2018-04-12 00:33 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-05 14:34 - 2018-04-12 00:33 - 000073632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-06-05 14:34 - 2018-04-12 00:33 - 000020896 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
 
==================== Files in the root of some directories =======
 
2018-06-06 23:17 - 2018-06-06 23:17 - 001388448 _____ () C:\Users\Public\ASR.dat
2018-06-06 23:17 - 2018-06-06 23:17 - 001388448 _____ () C:\Users\Public\VOIP.dat
 
Some files in TEMP:
====================
2018-06-05 22:34 - 2016-09-21 21:45 - 000049544 _____ (HP Inc.) C:\Users\suff2\AppData\Local\Temp\ACLMInstaller.exe
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-06-05 17:16
 
==================== End of FRST.txt ============================

Edited by ld1234556, 06 June 2018 - 05:32 PM.


#5 ld1234556

ld1234556
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 06 June 2018 - 05:35 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by suff2 (06-06-2018 23:23:28)
Running from C:\Users\suff2\Desktop
Windows 10 Home Version 1803 17134.48 (X64) (2018-06-05 16:53:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2131389051-3585489687-4280800276-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2131389051-3585489687-4280800276-503 - Limited - Disabled)
Guest (S-1-5-21-2131389051-3585489687-4280800276-501 - Limited - Disabled)
suff2 (S-1-5-21-2131389051-3585489687-4280800276-1001 - Administrator - Enabled) => C:\Users\suff2
WDAGUtilityAccount (S-1-5-21-2131389051-3585489687-4280800276-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.62 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.0.294 - SurfRight B.V.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
HP ePrint SW (HKLM-x32\...\{5b1a1d22-bd59-44e0-a954-e2f18ec43a23}) (Version: 5.2.20454 - HP Inc.)
HP Orbit (HKLM-x32\...\{94fe0719-8e44-4833-a106-b54ad117949f}) (Version: 1.0.0.191 - HP Inc.)
HP Sure Connect (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 1.0.0.28 - HP Inc.)
HP Wireless Button Driver (HKLM-x32\...\{099DAD2B-56C5-4919-9F82-418C2A018CAE}) (Version: 1.1.18.1 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{226be6c3-8e08-4d52-bd3a-d361008448c5}) (Version: 10.1.1.37 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11000.2996 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{edcc2d98-dba0-4914-ba46-6dae7352cea9}) (Version: 19.20.0000.5007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4526 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.0.1020 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{3A55D9C8-17B6-41F9-B9C2-4B1532DCD016}) (Version: 19.10.1635.0483 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 7.4.0.8 - IObit)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.21292 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.10.714.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7930 - Realtek Semiconductor Corp.)
RogueKiller version 12.12.19.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.12.19.0 - Adlice Software)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.5.10.66 - Synaptics Incorporated)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.42.0 (HKLM\...\VulkanRT1.0.42.0) (Version: 1.0.42.0 - LunarG, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers1: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\ki124164.inf_amd64_85b60d2b8c3af983\igfxDTCM.dll [2017-09-01] (Intel Corporation)
ContextMenuHandlers6: [IObitUnstaler] -> {B19ED566-D419-470b-B111-3C89040BC027} => C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMenuRight.dll [2018-01-25] (IObit)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {11CA5F0A-7CE3-42A2-96A0-EFCC2250B759} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-06] (Microsoft Corporation)
Task: {1642B2B9-3734-4760-921B-7077C90B86B5} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-06] (Microsoft Corporation)
Task: {3DC67615-5D17-4AA1-872A-E5256C8010C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-06] (Google Inc.)
Task: {4E481E6E-E6E4-4140-A8A1-2E634DCE7501} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-07-26] (Intel® Corporation)
Task: {5CAACAED-FC11-444D-BE2F-D4741225DFD0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-06] (Microsoft Corporation)
Task: {732525E7-4838-403D-A868-C105A4F5F8D1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-06-06] (Microsoft Corporation)
Task: {761148EC-7DD0-4A15-9DFF-4D40C52AA9E1} - System32\Tasks\HPJumpStartProvider => C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartProvider.exe
Task: {82DEC2A8-1852-4BE7-BFF5-D57D13F42031} - System32\Tasks\HPGenoobeReminder => C:\Program Files (x86)\HP\HP Registration Service\HP GenOOBE\HPGenOOBE.exe
Task: {A85240F5-0A22-40B8-A88D-E14A899E4D1F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT-KB890830.exe [2018-06-05] (Microsoft Corporation)
Task: {CCAA5D07-4B7E-4B0E-9ACB-A9EEA1030CA7} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {F5C0743A-A47F-43FF-A446-FEC27D0D1AE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-06-06] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 ____N () C:\Windows\System32\InputHost.dll
2018-06-05 21:12 - 2018-04-25 13:16 - 002297040 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-06-05 21:12 - 2018-04-30 12:54 - 002493648 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 ____N () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 ____N () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 00:35 - 2018-06-05 14:35 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-05 18:41 - 2018-06-05 18:45 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 014850560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 003265536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-06-05 18:41 - 2018-06-05 18:45 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-06-05 18:42 - 2018-06-05 18:43 - 000084992 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll
2018-06-05 18:42 - 2018-06-05 18:43 - 001873120 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 005471232 ____N () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIDataModel.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000047616 ____N () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUITelemetry.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 005082112 ____N () C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUIViewModels.dll
2018-06-06 15:28 - 2018-05-25 21:13 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.62\libglesv2.dll
2018-06-06 15:28 - 2018-05-25 21:13 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.62\libegl.dll
2018-05-21 21:59 - 2018-05-21 21:59 - 003913112 ____N () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2018-04-12 00:35 - 2018-06-05 14:35 - 002506648 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2018-06-05 18:42 - 2018-06-05 18:43 - 000062464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2018-06-05 18:12 - 2017-05-22 11:16 - 000442144 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2018-06-05 18:12 - 2017-05-22 11:16 - 000059680 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2018-06-05 18:12 - 2017-05-22 11:16 - 000210720 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2018-06-05 18:12 - 2018-01-25 17:02 - 000899856 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\webres.dll
2018-06-05 18:12 - 2018-01-25 17:01 - 000631568 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\ProductStatistics.dll
2018-06-05 18:12 - 2017-05-22 11:16 - 000524064 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\sqlite3.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2016-07-16 12:47 - 2018-06-06 00:24 - 000002822 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nstac.net
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 wes.df.telemetry.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 watson.live.com
0.0.0.0 watson.microsoft.com
0.0.0.0 feedback.search.microsoft.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610026\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610286\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2131389051-3585489687-4280800276-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 185.13.191.62 - 182.13.190.232
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E62A7581-4442-4930-B749-86E39B6E008A}] => (Allow) c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{DEA2E6E2-0B3A-4213-B717-3E8A7141EE43}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FB0CB153-CD50-4EA9-91E1-3917759AF7EE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{05B5A633-FCDF-4C23-99F9-4C3A0B8BC60B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1B03D57F-2440-4767-8491-BB7E8667EFD4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E764D47B-A873-49C2-A2D4-93BA209793A3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
06-06-2018 00:24:28 O&O ShutUp10
06-06-2018 01:06:36 TRON v10.5.1: Post-run checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/06/2018 11:16:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettings.exe, version: 10.0.17134.1, time stamp: 0x2a3c4e62
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.17134.1, time stamp: 0x46278cb1
Exception code: 0xc000027b
Fault offset: 0x00000000006a4a12
Faulting process ID: 0xcb0
Faulting application start time: 0x01d3fd96fadea42c
Faulting application path: C:\Windows\ImmersiveControlPanel\SystemSettings.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report ID: f7451a1e-778a-4e8c-938d-dba57883a767
Faulting package full name: windows.immersivecontrolpanel_10.0.2.1000_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: microsoft.windows.immersivecontrolpanel
 
Error: (06/06/2018 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16812
 
Error: (06/06/2018 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16812
 
Error: (06/06/2018 09:01:45 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (06/06/2018 04:04:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_UserDataSvc, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: ucrtbase.dll, version: 10.0.17134.1, time stamp: 0x587decd7
Exception code: 0xc0000005
Fault offset: 0x0000000000038e28
Faulting process ID: 0x1c94
Faulting application start time: 0x01d3fd10997eca2d
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: C:\WINDOWS\System32\ucrtbase.dll
Report ID: 0e7b26ea-eae9-47ed-b6f4-9c4eb3ebe7c4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/06/2018 01:09:33 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\suff2\Desktop\resources\stage_9_manual_tools\Autoruns v13.82 x86.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.48_none_fc5f584151310644.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.48_none_b4b2216a3cb4dd3e.manifest.
 
Error: (06/06/2018 12:26:11 AM) (Source: MsiInstaller) (EventID: 10005) (User: LAPTOP-I2D8U483)
Description: Product: Adobe Flash Player 29 ActiveX -- Your Microsoft Internet Explorer browser includes the latest version of the Adobe Flash Player built-in. Windows Update will inform you when new versions of the Flash Player are available.
 
Error: (06/06/2018 12:00:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WpnUserService, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: NotificationController.dll, version: 10.0.17134.1, time stamp: 0x498118f8
Exception code: 0xc0000005
Fault offset: 0x000000000007a25d
Faulting process ID: 0x1da0
Faulting application start time: 0x01d3fd1c6bd931bf
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\Windows\System32\NotificationController.dll
Report ID: 73ca3547-1f1f-4153-8702-982e918ae726
Faulting package full name: 
Faulting package-relative application ID:
 
 
System errors:
=============
Error: (06/06/2018 11:15:54 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-I2D8U483)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-I2D8U483\suff2 SID (S-1-5-21-2131389051-3585489687-4280800276-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2018 03:28:19 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-I2D8U483)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-I2D8U483\suff2 SID (S-1-5-21-2131389051-3585489687-4280800276-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2018 02:53:06 PM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-I2D8U483)
Description: The server Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe!ContentProcess#{00041402-0002-0000-4CA1-E40000000000} did not register with DCOM within the required timeout.
 
Error: (06/06/2018 02:52:43 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-I2D8U483)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-I2D8U483\suff2 SID (S-1-5-21-2131389051-3585489687-4280800276-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2018 01:40:27 PM) (Source: DCOM) (EventID: 10016) (User: LAPTOP-I2D8U483)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user LAPTOP-I2D8U483\suff2 SID (S-1-5-21-2131389051-3585489687-4280800276-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2018 11:29:23 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-I2D8U483)
Description: The server Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy!App.AppX9s1cz53zc86xn39kwrb02jyft9ecn62r.mca did not register with DCOM within the required timeout.
 
Error: (06/06/2018 11:05:13 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/06/2018 11:03:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
Windows Defender:
===================================
Date: 2018-06-06 14:54:51.558
Description: 
C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe has been blocked from modifying %common_desktop%\ by Controlled Folder Access.
Detection time: 2018-06-06T13:54:51.558Z
Path: %common_desktop%\
Process Name: C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
Signature Version: 1.269.723.0
Engine Version: 1.1.14901.4
Product Version: 4.16.17656.18052
 
Date: 2018-06-06 14:52:52.696
Description: 
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe has been blocked from modifying %desktopdirectory%\ by Controlled Folder Access.
Detection time: 2018-06-06T13:52:52.695Z
Path: %desktopdirectory%\
Process Name: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Signature Version: 1.269.723.0
Engine Version: 1.1.14901.4
Product Version: 4.16.17656.18052
 
Date: 2018-06-06 14:52:52.696
Description: 
C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.62\Installer\setup.exe has been blocked from modifying %common_desktop%\ by Controlled Folder Access.
Detection time: 2018-06-06T13:52:52.695Z
Path: %common_desktop%\
Process Name: C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.62\Installer\setup.exe
Signature Version: 1.269.723.0
Engine Version: 1.1.14901.4
Product Version: 4.16.17656.18052
 
Date: 2018-06-06 10:44:39.861
Description: 
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe has been blocked from modifying %userprofile%\Desktop by Controlled Folder Access.
Detection time: 2018-06-06T09:44:39.672Z
Path: %userprofile%\Desktop
Process Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Signature Version: 1.269.723.0
Engine Version: 1.1.14901.4
Product Version: 4.16.17656.18052
 
Date: 2018-06-06 10:27:04.885
Description: 
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe has been blocked from modifying %userprofile%\Desktop by Controlled Folder Access.
Detection time: 2018-06-06T09:27:04.663Z
Path: %userprofile%\Desktop
Process Name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Signature Version: 1.269.723.0
Engine Version: 1.1.14901.4
Product Version: 4.16.17656.18052
 
Date: 2018-06-06 10:54:12.191
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.723.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-06-06 04:17:11.432
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.723.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-06-06 00:26:17.562
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.708.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-06-06 00:11:07.671
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.708.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
Date: 2018-06-05 21:43:06.746
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.708.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x80246007
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
 
CodeIntegrity:
===================================
 
Date: 2018-06-06 14:53:06.327
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-06 14:53:05.472
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-06 14:52:57.649
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
Date: 2018-06-06 14:52:57.649
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-7100U CPU @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8077.22 MB
Available physical RAM: 4565.82 MB
Total Virtual: 9997.22 MB
Available Virtual: 6325.39 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:916.85 GB) (Free:873.57 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:13.43 GB) (Free:1.41 GB) NTFS ==>[system with boot components (obtained from drive)]
 
\\?\Volume{712da13d-626a-4359-864f-55c046778255}\ (Windows RE tools) (Fixed) (Total:0.96 GB) (Free:0.42 GB) NTFS
\\?\Volume{1567e49d-5ea2-463d-917f-59f9e6d8236b}\ () (Fixed) (Total:0.25 GB) (Free:0.17 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: A24C06A2)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:26 PM

Posted 07 June 2018 - 09:08 AM

ld1234556:

 

Thank you for your post.  Please hold off running the previous FRST "fixlist" script until I have had a chance to analyze your newest FRST scan logs, and please do not run any more scans unless I direct you to do so.  I hope to respond back later today.

 

Thank you for your anticipated cooperation and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#7 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:26 PM

Posted 07 June 2018 - 09:29 AM

ld1234556:

Thank you for your patience while I analyzed your newest FRST logs.

.

:step1: Please run this revised FRST fix for me. This fix will also turn on your System Restore Points, which are turned off by default in Windows 10. This enables to make have a "fallback" just in case. You can turn off the System Restore Points, if you want, after we are done with your topic. While you are working with me, I would appreciate you keeping the System Restore Points turned on. You can also reconfigure the Restore Points to allocate more space for them, if you wish. Thank you for your anticipated cooperation.

NOTICE: This FRST "fixlist" script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.



Start::
StartPowershell:
enable-computerrestore -drive "c:\"
vssadmin resize shadowstorage /on=c: /for=c: /maxsize=15GB
checkpoint-computer -description "FRST"
EndPowershell:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
U3 aspnet_state; no ImagePath
File: C:\WINDOWS\system32\Drivers\103C_HP_cNB_Pavilion Notebook_Y5335KV_0U_Q5CD6501PVJ_E5CD61976BL27 DPS_4A_I8215_SHP_V83.14_BF.23_T161013_W1101-0_L809_M8078_J1000_7Intel_86E9_92.40_#161214_N808624FB;10EC8136_(Z9F54EA#ABU)_XMOBILE_CN10_Z.MRK
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
End::
  • Please highlight the entire contents of the code box above, from the "Start::" line to the "End::" line, including both of those lines, right click, and select "Copy", which will copy the "fix" script into the Windows clipboard.
  • Right click FRST64.exe, and select "Run as Administrator".
  • Press Fix button once and wait.
  • Please reboot the computer, if requested.
  • A log file called "fixlog.txt" will be saved in the same folder as the FRST program is located.
  • Please copy and paste the contents of the "fixlog.txt" file into your next reply.

.

Once I receive your next post with the FRST "fixlog.txt" results, then we will move on to run some standard anti-malware scans.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#8 ld1234556

ld1234556
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 07 June 2018 - 05:09 PM

Thank you phil, here is the fixit

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by suff2 (07-06-2018 23:04:17) Run:1
Running from C:\Users\suff2\Desktop
Loaded Profiles: suff2 (Available Profiles: suff2)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
StartPowershell:
enable-computerrestore -drive "c:\"
vssadmin resize shadowstorage /on=c: /for=c: /maxsize=15GB
checkpoint-computer -description "FRST"
EndPowershell:
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
U3 aspnet_state; no ImagePath
File: C:\WINDOWS\system32\Drivers\103C_HP_cNB_Pavilion Notebook_Y5335KV_0U_Q5CD6501PVJ_E5CD61976BL27 DPS_4A_I8215_SHP_V83.14_BF.23_T161013_W1101-0_L809_M8078_J1000_7Intel_86E9_92.40_#161214_N808624FB;10EC8136_(Z9F54EA#ABU)_XMOBILE_CN10_Z.MRK
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
 
*****************
 
 
========= Powershell: =========
 
vssadmin 1.1 - Volume Shadow Copy Service administrative command-line tool
© Copyright 2001-2013 Microsoft Corp.
 
Successfully resized the shadow copy storage association
 
========= End of Powershell: =========
 
Processes closed successfully.
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => could not remove, key could be protected
"HKLM\System\CurrentControlSet\Services\aspnet_state" => removed successfully
aspnet_state => service removed successfully
 
========================= File: C:\WINDOWS\system32\Drivers\103C_HP_cNB_Pavilion Notebook_Y5335KV_0U_Q5CD6501PVJ_E5CD61976BL27 DPS_4A_I8215_SHP_V83.14_BF.23_T161013_W1101-0_L809_M8078_J1000_7Intel_86E9_92.40_#161214_N808624FB;10EC8136_(Z9F54EA#ABU)_XMOBILE_CN10_Z.MRK ========================
 
"C:\WINDOWS\system32\Drivers\103C_HP_cNB_Pavilion Notebook_Y5335KV_0U_Q5CD6501PVJ_E5CD61976BL27 DPS_4A_I8215_SHP_V83.14_BF.23_T161013_W1101-0_L809_M8078_J1000_7Intel_86E9_92.40_#161214_N808624FB" => not found
"10EC8136_(Z9F54EA#ABU)_XMOBILE_CN10_Z.MRK" => not found
====== End of File: ======
 
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File => Error: No automatic fix found for this entry.
CustomCLSID: HKU\S-1-5-21-2131389051-3585489687-4280800276-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06062018231610485_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\suff2\AppData\Local\Microsoft\OneDrive\18.065.0329.0002\amd64\FileSyncShell64.dll => No File => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}" => removed successfully
"HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}" => removed successfully
"HKU\S-1-5-21-2131389051-3585489687-4280800276-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}" => removed successfully
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui" => removed successfully
HKLM\Software\Classes\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => not found
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc" => removed successfully
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 07-06-2018 23:07:15)
 
 
Result of scheduled keys to remove after reboot:
 
"HKLM\SOFTWARE\Policies\Microsoft\Windows Defender" => removed successfully
 
==== End of Fixlog 23:07:16 ====


#9 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:26 PM

Posted 08 June 2018 - 12:25 PM

ld1234556:
 
Thank you for your post, for running the FRST "fixlist.txt" script, and for copying and pasting the contents of the "fixlog.txt" file.
 
OK, let's start with a couple of standard anti-malware scans to further check out your computer for malware.
 
.
 
:step1: ESET Online Scanner using Internet Explorer:

Note: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Then select: "Enable detection of potentially unwanted applications" - Yes.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply, if any threats were detected. There will be no log, if no threats were detected.

Don't forget to re-enable your antivirus when finished!

.

:step2: Please run a Malwarebytes Anti-Malware scan for me.

  • Please download Malwarebytes to your Desktop.
  • Double-click mb3-setup-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Next, please go to "Settings", "Protection", and turn on "Scan for rootkits", if it is not "On."
  • Ensure that under "Potential Threat Protection", both switches are set to "Always Detect PUPs/PUMs (recommended).
  • Then scroll to the bottom of that page and ensure that "Automatic Quarantine" is turned "On."
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If an update of the definitions is available, it will be downloaded and installed before the scan commences.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.

The Scan log is available through Reports (double-click the appropriate scan log) or you can just double-click the "Last Scan" entry on the Dashboard. Click "Export"., and then select "Copy to Clipboard". Next, please paste the contents of the log into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#10 ld1234556

ld1234556
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 09 June 2018 - 04:20 AM

Thankyou Phil, ESAT didnt find anything neither did malwarebytes 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 09/06/2018
Scan Time: 10:08
Log File: bd9d7894-6bc4-11e8-8919-30e37aabaa26.json
Administrator: Yes
 
-Software Information-
Version: 3.5.1.2522
Components Version: 1.0.365
Update Package Version: 1.0.5414
Licence: Premium
 
-System Information-
OS: Windows 10 (Build 17134.48)
CPU: x64
File System: NTFS
User: LAPTOP-I2D8U483\suff2
 
-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 269224
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 9 min, 9 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
WMI: 0
(No malicious items detected)
 
 
(end)


#11 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:26 PM

Posted 09 June 2018 - 10:56 AM

ld1234556:
 
Thank you for your post and for running the requested scans and posting the results.  Let's run a couple of more standard anti-malware scans.
 
.
 
:step1: zcMPezJ.pngAdwCleaner - Fix Mode

  • Download AdwCleaner and move it to your Desktop.
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button.
    5ace519a6ff4a_Dashboard-firstrun.png.567
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, please do so.
  • After the restart, a log will open when logging in. Please copy and paste the contents of that log into your next reply.

.

:step2: RogueKiller Scan

  • Download the right version of RogueKiller for your Windows version (32 or 64-bit).
  • Move the executable file to your Desktop, right-click on it and select Run as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users).
  • Click on the Start Scan button in the right panel, which will bring up another tab, and click on it again (this time it'll be in the bottom right corner).
  • Wait for the scan to complete.
  • On the completion of the scan, the results will be displayed.
  • Check every single entry (threat found), and click on the Remove Selected button.
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner).
  • This will open the report in Notepad. Please copy and paste the contents of the report into your next reply.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#12 ld1234556

ld1234556
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 09 June 2018 - 05:52 PM

hi phil i couldnt see the settings for adwcleaner, the picture doesnt work? so ive just gone with default
 
# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build:    06-05-2018
# Database: 2018-06-07.1
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    06-09-2018
# Duration: 00:00:02
# OS:       Windows 10 Home
# Cleaned:  0
# Failed:   1
 
 
***** [ Services ] *****
 
No malicious services cleaned.
 
***** [ Folders ] *****
 
No malicious folders cleaned.
 
***** [ Files ] *****
 
No malicious files cleaned.
 
***** [ DLL ] *****
 
No malicious DLLs cleaned.
 
***** [ WMI ] *****
 
No malicious WMI cleaned.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts cleaned.
 
***** [ Tasks ] *****
 
No malicious tasks cleaned.
 
***** [ Registry ] *****
 
No malicious registry entries cleaned.
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries cleaned.
 
***** [ Chromium URLs ] *****
 
Not Deleted   Ask Jeeves
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries cleaned.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs cleaned.
 
 
*************************
 
[+] Delete Tracing Keys
[+] Reset Winsock
 
*************************
 
AdwCleaner[S00].txt - [1251 octets] - [05/06/2018 21:15:46]
AdwCleaner[C00].txt - [1356 octets] - [05/06/2018 21:16:27]
AdwCleaner[S01].txt - [1242 octets] - [05/06/2018 21:30:00]
AdwCleaner[C01].txt - [1367 octets] - [05/06/2018 21:30:46]
AdwCleaner[S02].txt - [1495 octets] - [09/06/2018 23:10:47]
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
 
 
 
------------------------------------------------------------------------------------------------------------
 
 
 
 
RogueKiller V12.12.20.0 (x64) [Jun  4 2018] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.17134) 64 bits version
Started in : Normal mode
User : suff2 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete -- Date : 06/09/2018 23:14:28 (Duration : 00:31:47)
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2131389051-3585489687-4280800276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2131389051-3585489687-4280800276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ WMI : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] e123651dc76e1ab55040e17cb8b79ad2
[BSP] bf5b7ab546beb86e4c45163c0a71f6ae : Empty MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 938852 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1923336192 | Size: 980 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 1925343232 | Size: 13755 MB
Error reading LL1 MBR! ([5] Access is denied. )
Error reading LL2 MBR! ([5] Access is denied. )

Edited by ld1234556, 09 June 2018 - 06:06 PM.


#13 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:26 PM

Posted 10 June 2018 - 04:55 AM

ld1234556:

 

Thank you for your post, for running those scans, and for posting the results.  It all looks good! :thumbup2:

 

How is your computer working now?  If there are still issues, please describe them in as much detail as possible, including messages and/or error codes.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#14 ld1234556

ld1234556
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 10 June 2018 - 05:28 AM

Pc works well, just a little paranoid really. It all started a few weeks ago when somebody hacked into one of my betting accounts and stole all the money. 

Defender didnt find anything, malwarebytes didnt find anything. Tronscan found something though, i dont get why it was missed by defender and malwarebytes. 

 

I restored my laptop to factory settings, and re installed, chrome, 10bit uninstaller, malwarebytes, and superantispyware

about 5 minutes after resetting my pc to factory settings, Windows defender popped up saying it blocked something.

 

How on earth after a 5 minute factory setting restart can it block a serious virus, powerserre?? i dont think i even went on the internet. Could something be really deep into the laptop? 

 

Shut down my laptop last night and just turned it on, Google chrome loaded up straight away? also with a note saying a network change was detected?

 

can you explain these abit more?

¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2131389051-3585489687-4280800276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2131389051-3585489687-4280800276-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Replaced (1)
 
[+] Delete Tracing Keys
[+] Reset Winsock

Edited by ld1234556, 10 June 2018 - 05:29 AM.


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:26 PM

Posted 10 June 2018 - 03:21 PM

ld1234556:
 
Thank you for your post.
 
Hacking is different from malware.  Anyone can attempt to hack anyone's accounts by guessing/knowing login names and passwords or by visiting disreputable websites.  Most commonly, unfortunately, the hacker knows the victim or website itself can "stealing" information; or, the website itself might be less than secure and was itself hacked, without their knowledge.

 

Less commonly, a keylogger or a backdoor Trojan is employed to obtain those credentials.  A format and clean install is the recommended option for dealing with backdoor Trojans, because a very few can burrow pretty deeply into the operating system.  That said, I do not recommend that a user go to that extreme measure unless there is some concrete evidence, after we disinfect the computer, that something nefarious is still active, based on the active monitoring that I strongly recommend, after passwords and logins have been changed.  None of my users has actually resorted to a format and clean install, and none have ever reported any issues, but that said, the "gold standard" is still a format and clean install, not a reset.
 
I have never heard of the Tronscan anti-malware product.  VirusTotal lists all of the reputable, and some not so reputable, anti-malware products/scanners out there.  For instance, I just scanned an old copy of AdwCleaner that I have on my computer at VirusTotal.  The results of that scan can be seen at this link.  You won't see a mention of Tronscan.

IOBIT Uninstaller is not an anti-malware product.  In fact, the company has a dubious reputation because they stole Malwarebytes intellectual property.  See this link or "google" for yourself.  Personally, I would not have an IOBIT product on my computer.  The "gold standard" for program uninstallers is, in my opinion, Revo Uninstaller ProCCleaner has a pretty good program uninstaller as well, and it is available in free and Pro versions.  I have paid versions of Revo Uninstaller Pro on both of my computers, but it is not an anti-malware product.  It is what it says it is: a uninstaller program which removes the uninstalled program remnants that typical Windows uninstalls, via the Control Panel, leave behind.
 
POWESSERE malware is apparently a name assigned only by Windows Defender to what it states is malware that can steal PC information and send it to a hacker.  Unfortunately, malware names are not standardized.  Windows Defender states it can annihilate this malware.  Here are my Google search results for "Powessere malware".  As to why Windows Defender detected if after a factory reset in not known to me.  I would have to know a great deal more about your computer and your personal browsing habits.  The fact that you spoke of the loss of funds related to betting suggests to me, as a possibility, that the site might be compromised ... ?  I would recommend that you do a VirusTotal scan of the betting website URL.
 
As to Chrome loading upon bootup, Chrome is known to relaunch itself if not properly closed, when a computer restarts either deliberately or because of an unexpected issue.  Moreover, if you have Fast Startup enabled, all kinds of weird and "wonderful" (WARNING: sarcasm!) can happen. :(  The first thing that I do is check that Fast Startup remains disabled on both of my computers every time that there is a Windows 10 version update.  See this link for more information.
 
Those registry keys apparently are involved in displaying recently added/upgrade/modified programs and in this case the RogueKiller detection is what is known as a "false positive"; see this link for more information.  There is NO cause for concern.
 
I think that I have answered all of your questions.  You mention being just a "little paranoid", and that's OK. :)  It is always wise to be cautious, but too much paranoia is a BAD thing.
 
If there is something really nefarious hiding deep in the bowels of your computer, and you are not reporting anything to me that would suggest that, nor do the scans show anything, I think that it would be wise to set your mind at ease.  So let's run Malwarebytes Anti-Rootkit scan.
 
.
 
:step1: Let's run a Malwarebytes Anti-Rootkit (MBAR) Scan.

  • Download Malwarebytes Anti-Rootkit from this link.
  • Run the file and follow the onscreen instructions to extract it to a location of your choosing (your desktop by default).
  • Malwarebytes Anti-Rootkit will then open, follow the instruction in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional: Internet access, Windows Update, Windows Firewall.
  • If there are additional problems with your system, such as any of those listed above or other system issues, then run the "fixdamage" tool included with Malwarebytes Anti-Rootkit located within the "Plugins" folder and reboot.
  • Verify that your system is now functioning normally.
  • If you experience any problems running the tool or it hasn't fully resolved all of the issues you had, please let me know.

.

Thank you and have a great day.

Regards,
-Phil


Edited by garioch7, 10 June 2018 - 03:31 PM.
add information

Graduate of the Bleeping Computer Malware Removal Study Hall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users