Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win 10 being slow, on the machine and on the internet.


  • This topic is locked This topic is locked
4 replies to this topic

#1 sinine

sinine

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 23 June 2018 - 06:00 AM

So it started being slow a while ago. I have MSI GL62 6QF.

At first I thought it could be cause of a windows update cause I've had problems with that before.

Then I thought maybe it's a virus or malware or something. Also, dunno if it's normal but sometimes when I check my processes in task manager it says disc is 100% but pretty much everything on the list is 0 MBs. is that normal? Could it be associated with that?

Also would like to point out that if there is anything to do with Sims 4 then yes I use a nonofficial copy but it is not causing me any problems nor has it ever. It must be something else, so please ignore that if it comes up anywhere :)

Anyway... my log things:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Diana (administrator) on MSI (23-06-2018 13:48:45)
Running from C:\Users\Diana\Desktop
Loaded Profiles: Diana (Available Profiles: Diana)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\igfxCUIService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\ProgramData\EMT Internet\OnlineUpdate\ouc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.16.17656.18052-0\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_67efe445e1ece117\aesm_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\igfxEM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(MSI) C:\Program Files (x86)\SCM\SCM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Nahimic) C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe
(Mega Limited) C:\ProgramData\MEGAsync\MEGAsync.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe
() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-24] (Intel Corporation)
HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [298496 2016-04-16] (MSI)
HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [710328 2017-03-31] (Nahimic)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3920552 2016-06-02] (Synaptics Incorporated)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
Startup: C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2018-04-07]
ShortcutTarget: MEGAsync.lnk -> C:\ProgramData\MEGAsync\MEGAsync.exe (Mega Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.126.97.30 8.8.8.8
Tcpip\..\Interfaces\{104678ca-dd20-4617-8ab4-ac3dd6e4b071}: [NameServer] 192.98.49.8 192.98.49.9
Tcpip\..\Interfaces\{32e16a38-e27b-4b26-ba7c-6157984c6f5f}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{95327654-8a06-4188-9f9a-93c3e67c26f4}: [DhcpNameServer] 194.126.97.30 8.8.8.8
Tcpip\..\Interfaces\{c290de0b-5838-4887-b653-5af710990863}: [NameServer] 192.98.49.8 192.98.49.9
Tcpip\..\Interfaces\{c9d9dddc-0ef6-4f1b-8710-c63c956b72c7}: [DhcpNameServer] 194.126.97.30 8.8.8.8
Tcpip\..\Interfaces\{e4975d04-2d42-472a-b7af-2f83a96fd241}: [NameServer] 192.98.49.8 192.98.49.9

Internet Explorer:
==================
HKU\S-1-5-21-2189618637-825103117-3613998497-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://oem15.msn.com/?pc=NMTE
HKU\S-1-5-21-2189618637-825103117-3613998497-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://oem15.msn.com/?pc=NMTE
SearchScopes: HKU\S-1-5-21-2189618637-825103117-3613998497-1001 -> DefaultScope {33663035-5A20-46F8-A9B4-1BE97359D834} URL =
SearchScopes: HKU\S-1-5-21-2189618637-825103117-3613998497-1001 -> {33663035-5A20-46F8-A9B4-1BE97359D834} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-06-17] (Microsoft Corporation)
BHO: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
BHO-x32: IE Token Signing Plugin -> {2A4E94A4-B275-491A-9E32-CD7A26FC7C3B} -> C:\Program Files\Open-EID\esteid-plugin-ie.dll [2017-10-16] (RIA)
BHO-x32: No Name -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-31] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-31] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: ghotr08e.default
FF ProfilePath: C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\ghotr08e.default [2018-06-23]
FF Homepage: Mozilla\Firefox\Profiles\ghotr08e.default -> hxxps://www.google.com/
FF Extension: (AdBlocker Ultimate) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\ghotr08e.default\Extensions\adblockultimate@adblockultimate.net.xpi [2018-03-25]
FF Extension: (FoxFilter - The content filter!) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\ghotr08e.default\Extensions\foxfilter@inspiredeffect.net.xpi [2017-12-01]
FF Extension: (Video Blocker) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\ghotr08e.default\Extensions\jid1-3OQ5HY7YsLBV7Q@jetpack.xpi [2018-05-22]
FF Extension: (Google Translator for Firefox) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\ghotr08e.default\Extensions\translator@zoli.bod.xpi [2017-12-19]
FF Extension: (Estonian ID Card authentication module) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\ghotr08e.default\Extensions\{aa84ce40-4253-a00a-8cd6-0800200f9a66}.xpi [2017-06-19] [Legacy]
FF Extension: (Flash and Video Download) - C:\Users\Diana\AppData\Roaming\Mozilla\Firefox\Profiles\ghotr08e.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}.xpi [2018-06-15]
FF HKLM\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi
FF Extension: (Token signing) - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi [2017-10-16]
FF HKLM\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF Extension: (PKCS11 loader) - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi [2017-10-04] [Legacy]
FF HKLM-x32\...\Firefox\Extensions: [{443830f0-1fff-4f9a-aa1e-444bafbc7319}] - C:\Program Files (x86)\Open-EID\\{443830f0-1fff-4f9a-aa1e-444bafbc7319}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{aa84ce40-4253-a00a-8cd6-0800200f9a67}] - C:\Program Files\Open-EID\\{aa84ce40-4253-a00a-8cd6-0800200f9a67}.xpi
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_113.dll [2018-06-08] ()
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-12-10] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_113.dll [2018-06-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.2.5.1 -> D:\VLC\npvlc.dll [2017-05-24] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> D:\VLC\npvlc.dll [2017-05-24] (VideoLAN)

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [ckjefchnfjhjfedoccjbhjpbncimppeg] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_67efe445e1ece117\aesm_service.exe [3255240 2018-04-27] (Intel Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8654504 2018-06-12] (Microsoft Corporation)
S2 EMT Internet. RunOuc; C:\Program Files (x86)\EMT Internet\UpdateDog\ouc.exe [655744 2012-09-05] ()
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-14] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-24] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [515768 2017-04-13] (Intel Corporation)
R3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-07] (Intel Corporation)
R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2016-04-16] (Micro-Star International Co., Ltd.) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-07-09] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\NisSrv.exe [4682552 2018-05-30] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MsMpEng.exe [101096 2018-05-30] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-07-09] (Intel® Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7689728 2018-04-12] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmi.inf_amd64_0401a47bc69f625c\nvlddmkm.sys [14456952 2017-06-26] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2016-06-02] (Realsil Semiconductor Corporation)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2016-06-02] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-06-02] (Synaptics Incorporated)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2017-05-14] (Symantec Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46072 2018-05-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [313384 2018-05-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-05-30] (Microsoft Corporation)
R3 WINIO; C:\Program Files (x86)\MSI\Dragon Gaming Center\winio64.sys [15160 2010-06-07] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-23 13:48 - 2018-06-23 13:49 - 000018571 _____ C:\Users\Diana\Desktop\FRST.txt
2018-06-23 13:47 - 2018-06-23 13:47 - 000000000 ____D C:\Users\Diana\Desktop\FRST-OlderVersion
2018-06-23 02:39 - 2018-06-23 02:39 - 000000000 ____D C:\Users\Diana\Documents\Electronic Arts
2018-06-23 02:30 - 2018-06-23 02:31 - 000000000 ____D C:\WINDOWS\SysWOW64\directx
2018-06-14 13:53 - 2018-06-23 13:48 - 000000000 ____D C:\FRST
2018-06-14 13:51 - 2018-06-23 13:47 - 002412544 _____ (Farbar) C:\Users\Diana\Desktop\FRST64.exe
2018-06-14 13:25 - 2018-06-14 13:25 - 000000050 _____ C:\Users\Diana\Desktop\pw.txt
2018-06-13 23:35 - 2018-06-08 12:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-13 23:35 - 2018-06-08 12:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-13 23:34 - 2018-06-08 22:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-13 23:34 - 2018-06-08 22:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-13 23:34 - 2018-06-08 22:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-13 23:34 - 2018-06-08 21:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-13 23:34 - 2018-06-08 21:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-13 23:34 - 2018-06-08 21:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-13 23:34 - 2018-06-08 21:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-13 23:34 - 2018-06-08 21:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-06-13 23:34 - 2018-06-08 21:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-06-13 23:34 - 2018-06-08 21:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-13 23:34 - 2018-06-08 21:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-13 23:34 - 2018-06-08 21:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-13 23:34 - 2018-06-08 19:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-13 23:34 - 2018-06-08 19:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-13 23:34 - 2018-06-08 19:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-13 23:34 - 2018-06-08 19:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-13 23:34 - 2018-06-08 19:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-13 23:34 - 2018-06-08 19:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-13 23:34 - 2018-06-08 19:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-13 23:34 - 2018-06-08 13:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-13 23:34 - 2018-06-08 13:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-13 23:34 - 2018-06-08 13:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-13 23:34 - 2018-06-08 13:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-13 23:34 - 2018-06-08 13:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-13 23:34 - 2018-06-08 13:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-13 23:34 - 2018-06-08 13:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-13 23:34 - 2018-06-08 12:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-13 23:34 - 2018-06-08 12:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-13 23:34 - 2018-06-08 12:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-13 23:34 - 2018-06-08 12:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-13 23:34 - 2018-06-08 12:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-13 23:34 - 2018-06-08 12:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-13 23:34 - 2018-06-08 12:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-13 23:34 - 2018-06-08 12:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-13 23:34 - 2018-06-08 12:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-13 23:34 - 2018-06-08 12:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-13 23:34 - 2018-06-08 12:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-13 23:34 - 2018-06-08 12:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-13 23:34 - 2018-06-08 12:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-13 23:34 - 2018-06-08 12:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-13 23:34 - 2018-06-08 12:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-13 23:34 - 2018-06-08 12:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-13 23:34 - 2018-06-08 12:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-13 23:34 - 2018-06-08 12:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-13 23:34 - 2018-06-08 12:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-13 23:34 - 2018-06-08 12:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-13 23:34 - 2018-06-08 12:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-13 23:34 - 2018-06-08 12:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-13 23:34 - 2018-06-08 12:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-13 23:34 - 2018-06-08 12:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-13 23:34 - 2018-06-08 12:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-13 23:34 - 2018-06-08 12:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-13 23:34 - 2018-06-08 12:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-13 23:34 - 2018-06-08 12:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-13 23:34 - 2018-06-08 12:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-13 23:34 - 2018-06-08 11:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-06-13 23:34 - 2018-06-08 11:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-13 23:34 - 2018-06-08 11:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-13 23:34 - 2018-06-08 11:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-13 23:34 - 2018-06-08 11:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-13 23:34 - 2018-06-08 11:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-13 23:34 - 2018-06-08 11:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-13 23:34 - 2018-06-08 11:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-13 23:34 - 2018-06-08 11:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-06-13 23:34 - 2018-06-08 11:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-13 23:34 - 2018-06-08 11:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-13 23:34 - 2018-06-08 11:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-13 23:34 - 2018-06-08 11:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-13 23:34 - 2018-06-08 11:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-13 23:34 - 2018-06-08 11:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-13 23:34 - 2018-06-08 11:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-13 23:34 - 2018-06-08 11:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-13 23:34 - 2018-06-08 11:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-13 23:34 - 2018-06-08 11:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-13 23:34 - 2018-06-08 11:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-13 23:34 - 2018-06-08 11:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-13 23:34 - 2018-06-08 11:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-13 23:34 - 2018-06-08 11:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-13 23:34 - 2018-06-08 11:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-13 23:34 - 2018-06-08 11:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-06-13 23:34 - 2018-06-08 11:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-13 23:34 - 2018-06-08 11:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-13 23:34 - 2018-06-08 11:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-13 23:34 - 2018-06-08 11:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-13 23:34 - 2018-06-08 11:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-13 23:34 - 2018-06-08 11:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-13 23:34 - 2018-06-08 11:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-13 23:34 - 2018-06-06 21:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-13 23:34 - 2018-06-06 07:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-13 23:34 - 2018-05-20 22:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-13 23:34 - 2018-05-20 22:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-13 23:34 - 2018-05-20 22:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-13 23:34 - 2018-05-20 22:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-13 23:34 - 2018-05-20 22:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-13 23:34 - 2018-05-20 22:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-13 23:34 - 2018-05-20 21:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-13 23:34 - 2018-05-20 21:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-13 23:34 - 2018-05-20 21:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-13 23:34 - 2018-05-20 20:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-13 23:34 - 2018-05-20 19:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-13 23:34 - 2018-05-20 19:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-13 23:34 - 2018-05-20 14:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-13 23:34 - 2018-05-20 14:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-13 23:34 - 2018-05-20 14:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-13 23:34 - 2018-05-20 14:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-13 23:34 - 2018-05-20 14:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-13 23:34 - 2018-05-20 14:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-13 23:34 - 2018-05-20 14:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-13 23:34 - 2018-05-20 14:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-13 23:34 - 2018-05-20 14:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-13 23:34 - 2018-05-20 14:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-13 23:34 - 2018-05-20 14:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-13 23:34 - 2018-05-20 14:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-13 23:34 - 2018-05-20 14:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-13 23:34 - 2018-05-20 14:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-13 23:34 - 2018-05-20 14:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-13 23:34 - 2018-05-20 14:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-13 23:34 - 2018-05-20 14:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-13 23:34 - 2018-05-20 14:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-13 23:34 - 2018-05-20 14:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-13 23:34 - 2018-05-20 14:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-13 23:34 - 2018-05-20 14:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-13 23:34 - 2018-05-20 14:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-13 23:34 - 2018-05-20 14:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-13 23:34 - 2018-05-20 14:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-13 23:34 - 2018-05-20 14:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-13 23:34 - 2018-05-20 14:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-13 23:34 - 2018-05-20 14:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-13 23:34 - 2018-05-20 14:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-13 23:33 - 2018-06-08 22:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-06-13 23:33 - 2018-06-08 22:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-13 23:33 - 2018-06-08 22:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-06-13 23:33 - 2018-06-08 22:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-06-13 23:33 - 2018-06-08 21:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-13 23:33 - 2018-06-08 21:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-13 23:33 - 2018-06-08 21:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-13 23:33 - 2018-06-08 21:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-06-13 23:33 - 2018-06-08 21:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-13 23:33 - 2018-06-08 21:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-06-13 23:33 - 2018-06-08 21:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-06-13 23:33 - 2018-06-08 21:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-06-13 23:33 - 2018-06-08 21:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-13 23:33 - 2018-06-08 21:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-06-13 23:33 - 2018-06-08 21:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-13 23:33 - 2018-06-08 21:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-13 23:33 - 2018-06-08 21:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-13 23:33 - 2018-06-08 21:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-06-13 23:33 - 2018-06-08 21:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-13 23:33 - 2018-06-08 21:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-13 23:33 - 2018-06-08 21:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-13 23:33 - 2018-06-08 21:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-13 23:33 - 2018-06-08 21:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-13 23:33 - 2018-06-08 21:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-06-13 23:33 - 2018-06-08 21:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-06-13 23:33 - 2018-06-08 20:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-13 23:33 - 2018-06-08 19:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-06-13 23:33 - 2018-06-08 19:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-06-13 23:33 - 2018-06-08 19:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-13 23:33 - 2018-06-08 19:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-13 23:33 - 2018-06-08 19:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-06-13 23:33 - 2018-06-08 19:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-06-13 23:33 - 2018-06-08 19:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-13 23:33 - 2018-06-08 19:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-06-13 23:33 - 2018-06-08 19:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-13 23:33 - 2018-06-08 19:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-13 23:33 - 2018-06-08 19:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-06-13 23:33 - 2018-06-08 19:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-13 23:33 - 2018-06-08 17:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-13 23:33 - 2018-06-08 17:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-13 23:33 - 2018-06-08 13:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-13 23:33 - 2018-06-08 13:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-13 23:33 - 2018-06-08 13:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-13 23:33 - 2018-06-08 12:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-13 23:33 - 2018-06-08 12:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-13 23:33 - 2018-06-08 12:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-13 23:33 - 2018-06-08 12:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-13 23:33 - 2018-06-08 12:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-13 23:33 - 2018-06-08 12:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-13 23:33 - 2018-06-08 12:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-13 23:33 - 2018-06-08 12:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-06-13 23:33 - 2018-06-08 12:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-13 23:33 - 2018-06-08 12:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-13 23:33 - 2018-06-08 12:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-13 23:33 - 2018-06-08 12:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-13 23:33 - 2018-06-08 12:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-13 23:33 - 2018-06-08 12:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-13 23:33 - 2018-06-08 12:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-06-13 23:33 - 2018-06-08 12:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-13 23:33 - 2018-06-08 12:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-13 23:33 - 2018-06-08 12:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-13 23:33 - 2018-06-08 12:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-13 23:33 - 2018-06-08 12:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-13 23:33 - 2018-06-08 12:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-13 23:33 - 2018-06-08 12:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-13 23:33 - 2018-06-08 12:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-13 23:33 - 2018-06-08 12:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-13 23:33 - 2018-06-08 12:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-13 23:33 - 2018-06-08 12:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-13 23:33 - 2018-06-08 12:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-13 23:33 - 2018-06-08 12:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-13 23:33 - 2018-06-08 12:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-06-13 23:33 - 2018-06-08 12:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-13 23:33 - 2018-06-08 12:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-13 23:33 - 2018-06-08 12:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-13 23:33 - 2018-06-08 12:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-06-13 23:33 - 2018-06-08 12:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-13 23:33 - 2018-06-08 12:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-06-13 23:33 - 2018-06-08 12:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-13 23:33 - 2018-06-08 12:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-13 23:33 - 2018-06-08 12:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-13 23:33 - 2018-06-08 12:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-13 23:33 - 2018-06-08 12:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-13 23:33 - 2018-06-08 12:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-13 23:33 - 2018-06-08 12:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-06-13 23:33 - 2018-06-08 12:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-13 23:33 - 2018-06-08 12:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-06-13 23:33 - 2018-06-08 12:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-13 23:33 - 2018-06-08 12:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-06-13 23:33 - 2018-06-08 12:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-13 23:33 - 2018-06-08 12:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-13 23:33 - 2018-06-08 12:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-13 23:33 - 2018-06-08 12:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-13 23:33 - 2018-06-08 12:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-06-13 23:33 - 2018-06-08 12:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-06-13 23:33 - 2018-06-08 12:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-06-13 23:33 - 2018-06-08 12:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-13 23:33 - 2018-06-08 12:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-13 23:33 - 2018-06-08 12:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-13 23:33 - 2018-06-08 12:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-13 23:33 - 2018-06-08 12:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-13 23:33 - 2018-06-08 12:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-13 23:33 - 2018-06-08 12:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-06-13 23:33 - 2018-06-08 12:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-13 23:33 - 2018-06-08 12:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-06-13 23:33 - 2018-06-08 12:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-06-13 23:33 - 2018-06-08 12:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-13 23:33 - 2018-06-08 12:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-13 23:33 - 2018-06-08 12:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-13 23:33 - 2018-06-08 11:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-06-13 23:33 - 2018-06-08 11:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-06-13 23:33 - 2018-06-08 11:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-06-13 23:33 - 2018-06-08 11:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-13 23:33 - 2018-06-08 11:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-13 23:33 - 2018-06-08 11:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-13 23:33 - 2018-06-08 11:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-13 23:33 - 2018-06-08 11:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-13 23:33 - 2018-06-08 11:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-13 23:33 - 2018-06-08 11:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-06-13 23:33 - 2018-06-08 11:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-06-13 23:33 - 2018-06-08 11:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-13 23:33 - 2018-06-08 11:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-06-13 23:33 - 2018-06-08 11:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-13 23:33 - 2018-06-08 11:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-13 23:33 - 2018-06-08 11:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-06-13 23:33 - 2018-06-08 11:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-06-13 23:33 - 2018-06-08 11:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-13 23:33 - 2018-06-08 11:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-13 23:33 - 2018-06-08 11:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-13 23:33 - 2018-06-08 11:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-06-13 23:33 - 2018-06-08 11:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-06-13 23:33 - 2018-06-08 11:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-13 23:33 - 2018-06-08 11:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-13 23:33 - 2018-06-08 11:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-13 23:33 - 2018-06-08 11:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-13 23:33 - 2018-06-08 11:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-06-13 23:33 - 2018-06-08 11:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-13 23:33 - 2018-06-08 11:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-06-13 23:33 - 2018-06-08 11:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-13 23:33 - 2018-06-08 11:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-13 23:33 - 2018-06-08 11:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-13 23:33 - 2018-06-08 11:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-06-13 23:33 - 2018-06-08 11:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-13 23:33 - 2018-06-08 11:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-13 23:33 - 2018-06-08 11:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-13 23:33 - 2018-06-08 11:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-13 23:33 - 2018-06-08 11:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-13 23:33 - 2018-06-08 11:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-13 23:33 - 2018-06-08 11:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-13 23:33 - 2018-06-08 11:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-06-13 23:33 - 2018-06-08 11:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-13 23:33 - 2018-06-08 11:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-06-13 23:33 - 2018-06-08 11:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-13 23:33 - 2018-06-08 11:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-13 23:33 - 2018-06-08 11:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-06-13 23:33 - 2018-06-08 11:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-06-13 23:33 - 2018-06-08 11:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-13 23:33 - 2018-06-08 11:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-06-13 23:33 - 2018-06-08 11:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-06-13 23:33 - 2018-06-08 11:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-13 23:33 - 2018-06-08 11:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-13 23:33 - 2018-06-08 11:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-13 23:33 - 2018-06-08 11:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-13 23:33 - 2018-06-08 11:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-13 23:33 - 2018-06-08 11:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-13 23:33 - 2018-06-08 10:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-13 23:33 - 2018-06-02 02:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-13 23:33 - 2018-06-02 01:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-13 23:33 - 2018-05-25 06:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-06-13 23:33 - 2018-05-20 22:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-13 23:33 - 2018-05-20 22:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-13 23:33 - 2018-05-20 22:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-13 23:33 - 2018-05-20 22:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-13 23:33 - 2018-05-20 22:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-13 23:33 - 2018-05-20 22:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-13 23:33 - 2018-05-20 21:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-13 23:33 - 2018-05-20 21:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-13 23:33 - 2018-05-20 20:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-13 23:33 - 2018-05-20 19:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-13 23:33 - 2018-05-20 19:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-13 23:33 - 2018-05-20 19:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-13 23:33 - 2018-05-20 17:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-13 23:33 - 2018-05-20 15:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-13 23:33 - 2018-05-20 14:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-13 23:33 - 2018-05-20 14:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-13 23:33 - 2018-05-20 14:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-13 23:33 - 2018-05-20 14:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-13 23:33 - 2018-05-20 14:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-13 23:33 - 2018-05-20 14:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-13 23:33 - 2018-05-20 14:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-13 23:33 - 2018-05-20 14:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-13 23:33 - 2018-05-20 14:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-13 23:33 - 2018-05-20 14:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-13 23:33 - 2018-05-20 14:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-13 23:33 - 2018-05-20 14:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-13 23:33 - 2018-05-20 14:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-13 23:33 - 2018-05-20 14:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-13 23:33 - 2018-05-20 14:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-13 23:33 - 2018-05-20 14:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-13 23:33 - 2018-05-20 14:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-13 23:33 - 2018-05-20 14:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-13 23:33 - 2018-05-20 14:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-13 23:33 - 2018-05-20 14:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-13 23:33 - 2018-05-20 14:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-13 23:33 - 2018-05-20 14:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-13 23:33 - 2018-05-20 14:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-13 23:33 - 2018-05-20 14:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-13 23:33 - 2018-05-20 14:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-13 23:33 - 2018-05-20 14:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-13 23:33 - 2018-05-20 14:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-13 23:33 - 2018-05-20 14:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-13 23:33 - 2018-05-20 14:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-13 23:33 - 2018-05-20 14:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-13 23:33 - 2018-05-20 14:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-13 23:33 - 2018-05-20 14:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-13 23:33 - 2018-05-20 14:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-13 23:33 - 2018-05-20 14:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-13 23:33 - 2018-05-20 14:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-13 23:33 - 2018-05-20 14:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-13 23:33 - 2018-05-20 14:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-13 23:33 - 2018-05-20 14:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-13 23:33 - 2018-05-20 11:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-13 23:33 - 2018-05-18 20:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-05-26 23:26 - 2018-06-22 10:22 - 000000000 ____D C:\Users\Diana\AppData\Local\D3DSCache

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-23 13:48 - 2017-05-12 00:30 - 000000001 _____ C:\Users\Public\Documents\dgc.txt
2018-06-23 13:43 - 2018-04-12 02:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-23 13:43 - 2017-05-11 10:16 - 000000000 ____D C:\Users\Diana\AppData\LocalLow\Mozilla
2018-06-23 10:28 - 2018-05-23 10:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-23 10:13 - 2017-05-11 10:03 - 000000000 __SHD C:\Users\Diana\IntelGraphicsProfiles
2018-06-23 03:48 - 2017-07-19 13:06 - 000000000 ____D C:\ProgramData\NVIDIA
2018-06-23 03:19 - 2017-06-30 16:22 - 000000000 ____D C:\Users\Diana\Desktop\Sims retrive photos
2018-06-23 02:35 - 2018-05-23 11:13 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-23 02:34 - 2018-04-12 00:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-23 02:31 - 2017-05-13 02:25 - 000000000 ___HD C:\WINDOWS\msdownld.tmp
2018-06-23 02:30 - 2018-05-02 11:17 - 000000999 _____ C:\Users\Diana\Desktop\(64)The Sims 4.lnk
2018-06-23 02:30 - 2018-05-02 11:17 - 000000973 _____ C:\Users\Diana\Desktop\(32)The Sims 4.lnk
2018-06-23 02:30 - 2018-05-02 11:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2018-06-23 01:40 - 2017-11-10 16:29 - 000000000 ____D C:\Games
2018-06-23 01:27 - 2017-05-12 01:21 - 000000000 ____D C:\Users\Diana\AppData\Roaming\Azureus
2018-06-23 00:42 - 2017-05-16 17:53 - 000000000 ____D C:\Users\Diana\AppData\Roaming\vlc
2018-06-22 22:31 - 2018-05-23 11:13 - 000003352 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2189618637-825103117-3613998497-1001
2018-06-22 22:30 - 2018-05-23 10:53 - 000002373 _____ C:\Users\Diana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-22 22:30 - 2017-05-11 10:09 - 000000000 ___RD C:\Users\Diana\OneDrive
2018-06-22 00:08 - 2018-04-12 02:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-22 00:08 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-21 17:08 - 2017-07-19 00:45 - 000000000 ____D C:\Users\Diana\AppData\Roaming\XnConvert
2018-06-18 12:01 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-17 19:34 - 2016-04-09 17:23 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-14 23:21 - 2018-04-12 02:36 - 000000000 ____D C:\WINDOWS\INF
2018-06-14 21:53 - 2018-05-23 11:04 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-14 21:48 - 2017-12-20 15:20 - 000000000 ___RD C:\Users\Diana\3D Objects
2018-06-14 21:48 - 2016-11-20 21:51 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-14 21:46 - 2018-05-23 10:46 - 005156072 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-14 21:43 - 2018-04-12 12:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-14 21:43 - 2018-04-12 02:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-14 21:43 - 2018-04-12 00:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-14 13:42 - 2017-07-19 00:39 - 000000000 ____D C:\ProgramData\WinZip
2018-06-14 13:38 - 2017-10-22 05:25 - 000000000 ____D C:\Users\Diana\AppData\Roaming\DVDVideoSoft
2018-06-14 13:37 - 2018-02-24 02:04 - 000000000 ____D C:\Program Files (x86)\DVDVideoSoft
2018-06-14 13:35 - 2017-12-20 15:00 - 000000000 ____D C:\Users\Diana\AppData\Local\Packages
2018-06-14 13:31 - 2017-05-25 01:25 - 000000000 ____D C:\Users\Diana\Desktop\fot
2018-06-14 13:23 - 2017-05-31 17:49 - 000000000 ____D C:\Users\Diana\Desktop\Instatumblr
2018-06-13 23:41 - 2018-04-12 02:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-13 23:33 - 2017-05-12 23:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-13 23:30 - 2017-10-11 01:04 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-13 23:30 - 2017-05-12 23:14 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-12 23:46 - 2017-08-24 01:49 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-06-12 23:46 - 2017-08-24 01:49 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-06-08 00:41 - 2018-05-23 11:13 - 000004564 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-06-08 00:41 - 2018-05-23 11:13 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-06-08 00:41 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-06-08 00:41 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-07 14:47 - 2017-08-24 01:49 - 000001015 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-06-06 02:29 - 2018-04-12 02:41 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-06 02:29 - 2018-04-12 02:41 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-05-30 21:31 - 2018-03-01 00:08 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-27 10:55 - 2018-04-12 02:38 - 000000000 ____D C:\WINDOWS\appcompat

==================== Files in the root of some directories =======

2017-05-11 10:04 - 2017-05-11 10:04 - 000003332 _____ () C:\Users\Diana\installshield_scm.reg
2017-05-11 10:04 - 2017-05-11 10:04 - 000001860 _____ () C:\Users\Diana\scm.reg
2015-12-30 01:44 - 2015-12-30 01:44 - 000082537 _____ () C:\Program Files (x86)\en.rtf
2017-06-25 13:38 - 2017-06-25 14:07 - 000000132 _____ () C:\Users\Diana\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-05-30 02:10 - 2017-05-30 02:10 - 000001167 _____ () C:\Users\Diana\AppData\Roaming\trace_FilterInstaller.1.txt
2017-05-30 02:10 - 2017-05-30 02:18 - 000000905 _____ () C:\Users\Diana\AppData\Roaming\trace_FilterInstaller.txt
2017-05-30 02:10 - 2017-05-30 02:18 - 000000000 _____ () C:\Users\Diana\AppData\Roaming\trace_FilterInstaller.txt-CRT.txt

Some files in TEMP:
====================
2018-06-16 00:48 - 2018-06-23 01:27 - 000079904 _____ () C:\Users\Diana\AppData\Local\Temp\i4jdel0.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-23 10:46

==================== End of FRST.txt ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Diana (23-06-2018 13:50:51)
Running from C:\Users\Diana\Desktop
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-23 08:14:14)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2189618637-825103117-3613998497-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2189618637-825103117-3613998497-503 - Limited - Disabled)
Diana (S-1-5-21-2189618637-825103117-3613998497-1001 - Administrator - Enabled) => C:\Users\Diana
Guest (S-1-5-21-2189618637-825103117-3613998497-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2189618637-825103117-3613998497-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.113 - Adobe Systems Incorporated)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ApoDispatch Install Configurator (HKLM\...\{F0C1953B-C992-40DE-B78B-CF048002DEB4}) (Version: 2.3.1701 - Nahimic) Hidden
AudioLaunchpad Install Configurator (HKLM\...\{D65A5853-34FA-41AF-AC8C-9618AEFDB5BF}) (Version: 2.3.1701 - Nahimic) Hidden
Battery Calibration (HKLM-x32\...\{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1508.1001 - Micro-Star International Co., Ltd.) Hidden
Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1508.1001 - Micro-Star International Co., Ltd.)
Boot Configure (HKLM-x32\...\{449D0FA3-CC16-4DEB-A2CE-215BE0F66C25}) (Version: 20.015.12293 - Micro-Star International Co., Ltd.)
BurnRecovery (HKLM-x32\...\{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1602.101 - Application) Hidden
BurnRecovery (HKLM-x32\...\InstallShield_{92A6B009-1343-4C44-AFB1-8849137CA3F0}) (Version: 5.0.1602.101 - Application)
CheckDevices Install Configurator (HKLM\...\{23880128-525B-4286-9BDD-17BAD5567E7A}) (Version: 2.3.1701 - Nahimic) Hidden
Chrome Token Signing (HKLM\...\{98F4FF09-5CAF-494A-A67F-C48081CCDF9C}) (Version: 1.0.6.485 - RIA) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5307.55 - CyberLink Corp.)
DigiDoc3 Client (HKLM-x32\...\{188E6E99-CE30-4060-9CDF-E97ADFCB3CF4}) (Version: 3.13.3.1512 - RIA) Hidden
Dragon Gaming Center (HKLM-x32\...\{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1501.2801 - Micro-Star International Co., Ltd.) Hidden
Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 1.0.1501.2801 - Micro-Star International Co., Ltd.)
eID software (HKLM-x32\...\{d23663a7-6af7-4a3f-a7ec-458e9d3ac442}) (Version: 17.10.0.1757 - RIA)
EMT Internet (HKLM-x32\...\EMT Internet) (Version: 23.009.05.03.337 - Huawei Technologies Co.,Ltd)
EstEID Minidriver (HKLM\...\{C8FD6A29-41A0-49CB-AB5B-96598235E4FD}) (Version: 3.12.0.77 - RIA) Hidden
EstEID Shell Extension (HKLM\...\{BB120379-55D5-4774-8B4D-81D9DD16353C}) (Version: 3.13.3.1512 - RIA) Hidden
EstEID Shell Extension (HKLM-x32\...\{B5D2ABF7-F3B8-44A3-A10D-A15DEF2F644D}) (Version: 3.13.3.1512 - RIA) Hidden
FF Token Signing Uninstaller (HKLM-x32\...\{DE25D1DE-8D29-4C37-9C70-2EFFC87EEC64}) (Version: 17.10.0.1757 - RIA) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Firefox PKCS11 Loader (HKLM\...\{31C58AB3-490E-48A9-9B45-98DA934CACEA}) (Version: 3.12.1.1070 - RIA) Hidden
Free MP4 Video Converter (HKLM-x32\...\Free MP4 Video Converter_is1) (Version: 5.0.110.913 - Digital Wave Ltd)
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Help Desk (HKLM-x32\...\{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1707.2501 - Micro-Star International Co., Ltd.) Hidden
Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1707.2501 - Micro-Star International Co., Ltd.)
ID-card utility (HKLM-x32\...\{6C6BE759-429F-406D-9887-CA469A8287FA}) (Version: 3.12.9.1261 - RIA) Hidden
IE Token Signing Plugin (HKLM\...\{92C0E129-C2A7-44F3-955C-AE90D0916337}) (Version: 3.13.0.987 - RIA) Hidden
Instagiffer version 1.75 (HKLM-x32\...\{13DEF8F8-5280-4555-95A4-E815C3F9540F}_is1) (Version: 1.75 - Justin Todd)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{31C74FA2-2AB9-41C3-BFBE-693283E4C28B}) (Version: 17.1.1527.1534 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{795ee3a0-97fa-489a-9543-7564ccc43be4}) (Version: 18.12.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
KB9X Radio Switch Driver (HKLM\...\EC950B206B0E7722C96A318DF396BABFBB057BC0) (Version: 1.1.2.0 - ENE TECHNOLOGY INC.)
LauncherSetup Install (HKLM\...\{8579628D-61F6-4C2F-8E8E-50105CC3356A}) (Version: 2.3.1701 - Nahimic) Hidden
MAGIX Content and Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX Software GmbH)
MAGIX Music Maker Silver (HKLM\...\{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}) (Version: 21.0.3.44 - MAGIX Software GmbH) Hidden
MAGIX Music Maker Silver (HKLM-x32\...\MX.{CD1DE5DB-7AF2-4D01-BBB1-9AD581B34403}) (Version: 21.0.3.44 - MAGIX Software GmbH)
MAGIX Music Maker Silver Soundpools (HKLM\...\{CC8B6E22-F579-46A1-A9F3-985F114590F0}) (Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
MAGIX Photo Manager 15 (HKLM\...\{10FDDBB2-C9D3-4207-B3A9-4910464BA0B0}) (Version: 11.0.2.36 - MAGIX Software GmbH) Hidden
MAGIX Photo Manager 15 (HKLM-x32\...\MX.{10FDDBB2-C9D3-4207-B3A9-4910464BA0B0}) (Version: 11.0.2.36 - MAGIX Software GmbH)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.9330.2124 - Microsoft Corporation)
Microsoft Office 365 - et-ee (HKLM\...\O365HomePremRetail - et-ee) (Version: 16.0.9330.2124 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2189618637-825103117-3613998497-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x64 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 55.0.2 - Mozilla)
MSI Social Media Collection (HKLM-x32\...\{7ADEC426-BE95-48EF-84D4-086BD0F4D331}) (Version: 1.14.2251 - Micro-Star International Co., Ltd.)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
Nahimic 2 Audio Driver (HKLM\...\{1077A06B-793E-495F-B4E8-CB60F6C52390}) (Version: 2.3.1701 - Nahimic) Hidden
Nahimic 2 Audio Driver (HKLM-x32\...\{ac326c43-74ec-455b-aefd-3e94326e9df2}) (Version: 2.3.17 - Nahimic)
NVIDIA GeForce Experience 2.11.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.11.4.1 - NVIDIA Corporation)
NVIDIA Photoshop Plug-ins 64 bit (HKLM-x32\...\{5E386C5B-CDE7-435A-B5C9-EC73A1B0553A}) (Version: 8.50 - )
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Open-EID Metapackage (HKLM-x32\...\{480CC672-1E8A-44B3-BF21-0A378662DD22}) (Version: 17.10.0.1757 - RIA) Hidden
Open-EID QtConf Uninstaller (HKLM-x32\...\{433CCE35-D98B-4ADA-B604-7DCEBC8B09A8}) (Version: 17.10.0.1757 - RIA) Hidden
Open-EID Uninstaller (HKLM-x32\...\{CFB5249C-8910-4154-A306-C43774C90530}) (Version: 17.10.0.1757 - RIA) Hidden
Open-EID Updater (HKLM-x32\...\{A60ADF43-9579-4670-93FC-6D23BD2A8F1C}) (Version: 3.12.2.1012 - RIA) Hidden
paint.net (HKLM\...\{E8FA8815-3817-4128-A814-E2EAC456ADF0}) (Version: 4.0.21 - dotPDN LLC)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
ProductDaemonSetup Install (HKLM\...\{CC40B70F-EDDF-4D79-BF64-4076DB2C04B7}) (Version: 2.3.1701 - Nahimic) Hidden
ProductNS Install Configurator (HKLM\...\{833228CA-A879-4D9C-B278-01971ADAACFC}) (Version: 2.3.1701 - Nahimic) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
SCM (HKLM\...\{6BD35B46-C818-44B1-964A-7A9C44E1238F}) (Version: 13.016.04152 - Application)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.1 - NVIDIA Corporation) Hidden
Sims 4 Studio (HKLM-x32\...\{870AA913-0774-4ED0-B144-BC2C0CBE4BA0}_is1) (Version: 3.1.0.9 - Sims 4 Studio)
Sims 4 Tray Importer (S4TI) 1.6.5.6 (HKLM-x32\...\{8665A9CC-9652-4F31-907A-DE2E7A8E8E97}_is1) (Version: 1.6.5.6 - TeameeVo)
Sizing Options (HKLM-x32\...\{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1512.1801 - Application) Hidden
Sizing Options (HKLM-x32\...\InstallShield_{DFAB6DE8-E45F-4D5D-95C0-E54C58993F9F}) (Version: 3.0.1512.1801 - Application)
SonicMapper Install Configurator (HKLM\...\{13F4B4D0-00BA-4FE6-9CCD-DBC1092068BE}) (Version: 2.3.1701 - Nahimic) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.6.1 - Synaptics Incorporated)
TeRa Client (HKLM\...\{3EC73B3C-9905-46C8-A654-2CBF0152A90A}) (Version: 1.0.0.219 - RIA) Hidden
The Sims 4 v.1.44.77.1020 (HKLM-x32\...\The Sims 4_is1) (Version:  - )
UIInstallUpgrade (HKLM\...\{446B0023-DFEE-4DFF-A983-EEF7718E3AD9}) (Version: 2.3.1701 - Nahimic) Hidden
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 7.13 - NCH Software)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 6.00 - NCH Software)
Windows Driver Package - RIA (Estonian National ID Card) (UMPass) SmartCard  (05/13/2015 3.11.0.1175) (HKLM\...\C478C8A35A0A297F2FADF155E889D402655E894E) (Version: 05/13/2015 3.11.0.1175 - RIA (Estonian National ID Card))
Windows Driver Package - RIA (Estonian National ID Card) (UMPass) SmartCard  (09/21/2017 3.12.0.77) (HKLM\...\0F673E6BE49AB7389244AD28CBFB79163DA20A7E) (Version: 09/21/2017 3.12.0.77 - RIA (Estonian National ID Card))
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VSDC Free Video Editor version 5.8.6.806 (HKLM\...\VSDC Free Video Editor_is1) (Version: 5.8.6.806 - Flash-Integro LLC)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1) (Version: 1.0.54.1 - Intel Corporation Inc.) Hidden
Vulkan Run Time Libraries 1.0.54.1 (HKLM\...\VulkanRT1.0.54.1-2) (Version: 1.0.54.1 - Intel Corporation Inc.)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.7.5.0 - Azureus Software, Inc.)
XnConvert 1.74 (HKLM\...\XnConvert_is1) (Version: 1.74 - Gougelet Pierre-e)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ MEGA (Pending)] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Synced)] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ShellIconOverlayIdentifiers-x32: [ MEGA (Syncing)] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers1: [DigiDoc3ShellExtension] -> {310AAB39-76FE-401B-8A7F-0F578C5F6AB5} => C:\Program Files\Open-EID\EsteidShellExtension.dll [2017-10-24] (RIA)
ContextMenuHandlers1: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers1: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => D:\Diana\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers2: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers2: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => D:\Diana\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers3: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers4: [MEGA (Context menu)] -> {0229E5E7-09E9-45CF-9228-0228EC7D5F17} => C:\ProgramData\MEGAsync\ShellExtX64.dll [2017-10-19] ()
ContextMenuHandlers4: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => D:\Diana\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2e329e8610bbb375\igfxDTCM.dll [2017-12-07] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers5: [WinMerge] -> {4E716236-AA30-4C65-B225-D68BBA81E9C2} => D:\Diana\WinMerge\ShellExtensionX64.dll [2013-02-02] (hxxp://winmerge.org)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0075F8AE-1160-41FA-A2D8-C205A1460CD1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-17] (Microsoft Corporation)
Task: {0892F2C1-E6C4-456E-809E-AC5132D891EE} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-06-17] (Microsoft Corporation)
Task: {11528558-4492-4FCE-A7FD-34EA4B9242E3} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2017-07-25] (Micro-Star International Co., Ltd.)
Task: {28BC4ABA-F75B-4400-8E02-8CAC34654A21} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {347E3454-4C74-41E5-9A68-3208EB243EAF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-30] (Microsoft Corporation)
Task: {4484BE30-DF8F-49FF-8B27-46DFA6DC6ABC} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-24] (TODO: <公司名稱>)
Task: {4ECA8611-88EE-478D-AA10-B58CF83DFA02} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {7FF0DCC8-62ED-425F-8E38-A1250BD50BBD} - System32\Tasks\S-1-5-21-2189618637-825103117-3613998497-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-12] (Microsoft Corporation)
Task: {90311DF4-973D-433E-8235-9D3A45427104} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2017-03-31] ()
Task: {974D140D-6352-4814-8D66-FCC24C2975A8} - System32\Tasks\PDVDServ12 Task => C:\Program Files (x86)\CyberLink\PowerDVD12\PDVD12Serv.exe [2015-05-11] (CyberLink Corp.)
Task: {9C2F5002-052F-4F71-A40A-9DA50AD35508} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-06-02] (Synaptics Incorporated)
Task: {A2D1EB16-9BAC-4214-ACE7-440AEDCF4346} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-17] (Microsoft Corporation)
Task: {A503FE80-1C8E-4765-BBAA-EF2D8E791E92} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation)
Task: {AD9A4215-D320-4196-BE79-2F76E53A6EB6} - System32\Tasks\MEGA\MEGAsync Update Task S-1-5-21-2189618637-825103117-3613998497-1001 => C:\ProgramData\MEGAsync\MEGAupdater.exe [2018-01-15] (Mega Limited)
Task: {AECA2674-97CD-4AEC-B8CE-8C641FA5C162} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2017-03-31] (Nahimic)
Task: {BB1B2304-1D3E-4EF9-B9B4-FB37D75F77FA} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2017-03-31] ()
Task: {BE341C15-104B-470E-A43C-17185B1B8190} - System32\Tasks\id updater task => C:\Program Files (x86)\Open-EID\ID-updater.exe [2017-10-16] (RIA)
Task: {CFE0CDEE-5139-4348-8D65-16BC4255A67E} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {D25BE6BC-5BD8-49D1-AEED-5DB97D3F5207} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation)
Task: {D9E5963E-7D8E-4626-83BC-FCAF48C391ED} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-30] (Microsoft Corporation)
Task: {E18DF911-99E5-4B62-A660-D564822CAC34} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_30_0_0_113_Plugin.exe [2018-06-08] (Adobe Systems Incorporated)
Task: {EBBF9179-2071-42E5-910F-A1F3F9321F38} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-30] (Microsoft Corporation)
Task: {EBDDA624-4BAF-44AF-A239-490698061101} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.16.17656.18052-0\MpCmdRun.exe [2018-05-30] (Microsoft Corporation)
Task: {FDDA16D6-9D9E-432F-9F96-A9453CF88E11} - System32\Tasks\{2A34D78A-94BF-468C-84F8-2B435A29798A} => C:\Windows\system32\pcalua.exe -a "C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" -c /modify

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2011-03-14 18:27 - 2011-03-14 18:27 - 000346976 _____ () C:\ProgramData\DatacardService\HWDeviceService64.exe
2017-05-11 10:10 - 2012-09-05 04:55 - 000655744 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\ouc.exe
2018-04-12 02:34 - 2018-04-12 02:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-07-19 13:06 - 2017-05-01 23:51 - 000133752 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-03-31 18:03 - 2017-03-31 18:03 - 000219832 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll
2017-10-19 00:51 - 2017-10-19 00:51 - 000598528 _____ () C:\ProgramData\MEGAsync\ShellExtX64.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 02:34 - 2018-04-12 02:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-06-13 23:34 - 2018-06-08 11:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2014-01-22 20:44 - 2014-01-22 20:44 - 000075912 _____ () C:\Program Files (x86)\MSI\Dragon Gaming Center\WinIo64.dll
2017-03-31 18:01 - 2017-03-31 18:01 - 002059960 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe
2017-03-31 18:04 - 2017-03-31 18:04 - 000513720 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe
2018-06-09 20:44 - 2018-06-09 20:44 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-09 20:44 - 2018-06-09 20:44 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-09-29 23:08 - 2017-09-29 23:09 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-05-30 21:32 - 2018-05-30 21:32 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2018-05-30 21:32 - 2018-05-30 21:32 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-04-25 21:32 - 2018-04-25 21:33 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-30 21:32 - 2018-05-30 21:32 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-30 09:53 - 2018-03-30 09:54 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-06-09 20:44 - 2018-06-09 20:44 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-30 21:32 - 2018-05-30 21:32 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-09 20:44 - 2018-06-09 20:44 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 21:32 - 2018-05-30 21:32 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-30 21:32 - 2018-05-30 21:32 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 21:32 - 2018-05-30 21:32 - 000103424 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\BendRealityNode.dll
2018-05-30 21:32 - 2018-05-30 21:32 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-03-30 09:53 - 2018-03-30 09:54 - 000043008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2018-06-09 20:44 - 2018-06-09 20:44 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2018-05-30 21:32 - 2018-05-30 21:32 - 000624128 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Lumia.AppTk.SceneGraph.dll
2018-06-09 20:44 - 2018-06-09 20:44 - 000282624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Lumia.ViewerPluginNative.dll
2017-11-14 13:30 - 2017-11-14 13:31 - 001007104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\IPP_UWP.dll
2018-05-30 21:32 - 2018-05-30 21:32 - 000657920 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.dll
2018-04-16 21:42 - 2018-04-16 21:42 - 001922232 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-06-01 01:45 - 2018-06-01 01:45 - 027118080 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-05-23 11:36 - 2018-05-23 11:36 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-05-23 11:36 - 2018-05-23 11:36 - 006748672 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 22:50 - 2017-09-26 22:50 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-23 11:36 - 2018-05-23 11:36 - 009358848 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe\EntPlat.dll
2017-05-11 10:10 - 2009-01-10 13:32 - 000011362 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\mingwm10.dll
2017-05-11 10:10 - 2009-06-22 21:42 - 000043008 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\libgcc_s_dw2-1.dll
2017-05-11 10:10 - 2010-07-23 07:58 - 002415104 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\QtCore4.dll
2017-05-11 10:10 - 2010-02-10 17:10 - 001148416 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\QtNetwork4.dll
2017-05-11 10:10 - 2012-09-05 04:55 - 000843264 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\QueryStrategy.dll
2017-05-11 10:10 - 2010-02-10 17:06 - 000398336 _____ () C:\ProgramData\EMT Internet\OnlineUpdate\QtXml4.dll
2015-08-07 11:09 - 2015-08-07 11:09 - 001243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-06-12 04:42 - 2016-06-15 04:14 - 000020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-03-31 17:59 - 2017-03-31 17:59 - 000194232 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll
2017-09-10 23:51 - 2017-09-10 23:51 - 000798208 _____ () C:\ProgramData\MEGAsync\libsodium.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 10:24 - 2017-08-26 18:53 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2189618637-825103117-3613998497-1001\Control Panel\Desktop\\Wallpaper -> D:\Diana\Matt\nerd1_PNG.png
DNS Servers: 194.126.97.30 - 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{137FFB52-5B95-4723-99DE-38811DAABFE3}C:\games\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4\game\bin\ts4_x64.exe
FirewallRules: [TCP Query User{C9164840-B8F5-4711-8E7C-DC6554CA0F9D}C:\games\the sims 4\game\bin\ts4_x64.exe] => (Block) C:\games\the sims 4\game\bin\ts4_x64.exe
FirewallRules: [UDP Query User{CDF0ADE7-623B-4BF6-852E-EF61BE31ED48}D:\games\the sims 4\game\bin\ts4_x64.exe] => (Allow) D:\games\the sims 4\game\bin\ts4_x64.exe
FirewallRules: [TCP Query User{CD2C9518-D498-4DDB-91E6-F0F7CCDDC2F5}D:\games\the sims 4\game\bin\ts4_x64.exe] => (Allow) D:\games\the sims 4\game\bin\ts4_x64.exe
FirewallRules: [{1E3F16F2-C8CD-4245-8CD7-B78CA08701EA}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{20AB94BD-5E19-49D1-8699-635507ECE037}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{726E0D3C-5611-470C-B5F7-E91964785D4A}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [TCP Query User{983A858B-6284-43B5-805D-097F6E97CAA8}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe
FirewallRules: [{DA255AC9-EC47-4D14-80AB-E5BF37594083}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{97283C4A-B209-4FDC-BC22-B088748983E2}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{641DDB36-FE2D-48C4-9760-A39D3BDF7ABB}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe

==================== Restore Points =========================

07-06-2018 23:26:00 Windows Update
13-06-2018 23:29:58 Windows Update
21-06-2018 01:16:44 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/23/2018 03:48:50 AM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel® Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (06/23/2018 03:25:55 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program TS4_x64.exe version 1.44.77.1020 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 8c0

Start Time: 01d40a86ddec9b2b

Termination Time: 4294967295

Application Path: C:\Games\The Sims 4\Game\Bin\TS4_x64.exe

Report Id: 9df79e9d-800c-4025-9e02-d8a136284d4f

Faulting package full name:

Faulting package-relative application ID:

Error: (06/23/2018 02:33:27 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x80070006, The handle is invalid.
.


Operation:
   Executing Asynchronous Operation

Context:
   Current State: DoSnapshotSet

Error: (06/23/2018 01:55:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MetroZip.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 348

Start Time: 01d40a7c05657c2b

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\BooStudioLLC.8ZipLite_1.2.144.1000_x64__b6e429xa66pga\MetroZip.exe

Report Id: 93e0f0ea-4a38-4c98-85a3-7dbc777be66a

Faulting package full name: BooStudioLLC.8ZipLite_1.2.144.1000_x64__b6e429xa66pga

Faulting package-relative application ID: App

Error: (06/23/2018 01:21:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NVDisplay.Container.exe, version: 1.2.0.0, time stamp: 0x59079e96
Faulting module name: nvxdsyncplugin.dll_unloaded, version: 8.17.13.8205, time stamp: 0x590793c0
Exception code: 0xc0000005
Fault offset: 0x0000000000047f4d
Faulting process id: 0x7d8
Faulting application start time: 0x01d40a775c406a2f
Faulting application path: C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
Faulting module path: nvxdsyncplugin.dll
Report Id: 91a291ae-c429-4388-b39a-72bda88fefcd
Faulting package full name:
Faulting package-relative application ID:

Error: (06/22/2018 09:09:32 AM) (Source: IntelDalJhi) (EventID: 4) (User: )
Description: Intel® Dynamic Application Loader Host Interface Service initialization failure - the spooler applet is invalid.

Error: (06/22/2018 08:52:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WbioSrvc, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: wbiosrvc.dll, version: 10.0.17134.112, time stamp: 0xe11eb7cb
Exception code: 0xc0000409
Fault offset: 0x0000000000002b38
Faulting process id: 0x27e8
Faulting application start time: 0x01d409ed155a5664
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\wbiosrvc.dll
Report Id: a199ff97-0fa0-44ec-84ba-dd6bd55df1af
Faulting package full name:
Faulting package-relative application ID:

Error: (06/21/2018 03:08:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: firefox.exe, version: 60.0.2.6730, time stamp: 0x5b16d65f
Faulting module name: onepin-opensc-pkcs11.dll, version: 0.17.0.1268, time stamp: 0x59c120c7
Exception code: 0xc0000409
Fault offset: 0x0000000000227ac7
Faulting process id: 0xb70
Faulting application start time: 0x01d4094da862b060
Faulting application path: C:\Program Files\Mozilla Firefox\firefox.exe
Faulting module path: C:\WINDOWS\SYSTEM32\onepin-opensc-pkcs11.dll
Report Id: 61a6b8a1-419d-498f-8f05-1e08b659cb79
Faulting package full name:
Faulting package-relative application ID:


System errors:
=============
Error: (06/23/2018 10:40:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/23/2018 10:30:49 AM) (Source: DCOM) (EventID: 10016) (User: MSI)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user MSI\Diana SID (S-1-5-21-2189618637-825103117-3613998497-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (06/23/2018 10:13:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/23/2018 03:12:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/23/2018 02:54:35 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/23/2018 02:40:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/23/2018 02:40:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
 and APPID
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/23/2018 02:35:48 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-06-23 02:38:56.364
Description:
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Oremu.A&threatid=2147727369&enterprise=0
Name: Trojan:Win32/Oremu.A
ID: 2147727369
Severity: Severe
Category: Trojan
Path: containerfile:_C:\Games\The Sims 4\????????\Game.rar;file:_C:\Games\The Sims 4\Game\Bin\OrangeEmu.dll;file:_C:\Games\The Sims 4\????????\Game.rar->Game\Bin\OrangeEmu.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Signature Version: AV: 1.269.1786.0, AS: 1.269.1786.0, NIS: 1.269.1786.0
Engine Version: AM: 1.1.14901.4, NIS: 1.1.14901.4

Date: 2018-06-17 20:17:36.656
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {DB05D8A9-BC05-4C0A-A4CC-4241CFDA7B5B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-15 01:02:02.433
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {F654CC63-801A-4520-BC92-2D3F42E56BDA}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-15 00:54:17.298
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {A08C1B67-1645-4C64-8A8C-D0A38A0E1996}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-14 21:38:33.698
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BA2F9184-6B09-46C0-830C-4AD1EBD7A556}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-06-23 01:33:02.506
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1786.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240016
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-06-14 21:57:17.137
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.1192.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-06-10 22:11:30.740
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.973.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x80240438
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-05-28 16:17:49.707
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.148.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x800704cf
Error description: The network location cannot be reached. For information about network troubleshooting, see Windows Help.

Date: 2018-05-28 02:04:11.235
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.269.148.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14901.4
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

CodeIntegrity:
===================================

Date: 2018-06-23 10:30:04.909
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

Date: 2018-06-23 02:44:44.178
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

Date: 2018-06-14 10:17:45.439
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

Date: 2018-06-05 10:32:07.522
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

Date: 2018-06-02 00:46:04.743
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Store signing level requirements.

Date: 2018-06-02 00:46:04.739
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Store signing level requirements.

Date: 2018-05-31 00:17:38.749
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll that did not meet the Microsoft signing level requirements.

Date: 2018-05-31 00:17:38.746
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\RuntimeBroker.exe) attempted to load \Device\HarddiskVolume3\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 76%
Total physical RAM: 8040.1 MB
Available physical RAM: 1863.88 MB
Total Virtual: 15657.67 MB
Available Virtual: 5642.49 MB

==================== Drives ================================

Drive c: (OS_Install) (Fixed) (Total:558.91 GB) (Free:411.14 GB) NTFS
Drive d: (Data) (Fixed) (Total:354.59 GB) (Free:143.6 GB) NTFS

\\?\Volume{afeb8ee8-a92d-49b3-bfae-2e534927aa35}\ (WinRE tools) (Fixed) (Total:0.88 GB) (Free:0.46 GB) NTFS
\\?\Volume{748833f9-af56-405e-9972-9e270d3c17f4}\ (BIOS_RVY) (Fixed) (Total:16.71 GB) (Free:1.57 GB) NTFS
\\?\Volume{990f2761-3211-468f-ab50-4b7a8f748f3c}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: C12AD832)

Partition: GPT.

==================== End of Addition.txt ============================


Edited by sinine, 23 June 2018 - 07:06 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:59 PM

Posted 28 June 2018 - 06:05 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/679513 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 sinine

sinine
  • Topic Starter

  • Members
  • 165 posts
  • OFFLINE
  •  
  • Local time:12:59 AM

Posted 02 July 2018 - 06:53 AM

Attached File  FRST.txt   77.14KB   5 downloadsAttached File  Addition.txt   46.58KB   5 downloads

 

I do not own any windows Discs. Never did.



#4 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:59 PM

Posted 03 July 2018 - 10:05 AM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:59 PM

Posted 10 July 2018 - 12:09 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users