Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Dell System is Infected.


  • This topic is locked This topic is locked
30 replies to this topic

#1 rnallamilli

rnallamilli

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 27 June 2018 - 12:38 PM

Hello,

 

My Dell system is infected with Virus.. Seeing a lot of unwanted popups. Please help me in fixing this.

 

Thanks,

Nallamilli Raman.



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:52 PM

Posted 27 June 2018 - 12:48 PM

:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • When finished, a Notepad window will open with the results of the scan.
  • The log named SALog.txt can also be found on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
  • Note:
If you get a Warning from Windows about running the program, click on More info and then click Run Anyway to run it even though Windows says it might put your PC at risk.
 

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

--- ---

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 27 June 2018 - 01:06 PM

Security Analysis: output
 
Result of Security Analysis by Rocket Grannie (x86) Updated: 18th June, 2018
Running from:C:\Users\Nalla\Desktop (23:35:24 - 06/27/2018)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled
Internet Explorer 11
Default Browser: Microsoft Edge
***------------Antivirus - Antispyware - Firewall-----------***
Windows Defender (Enabled - up to Date)
Windows Defender (Enabled - up to Date)
Windows Firewall (Enabled)
No other Firewall Installed
***-------Security Programs - Browsers - Miscellaneous------***
Adobe Flash Player NPAPI is not installed
Google Chrome (67.0.3396.99)
Java (8.0.1520.16) ==> is out of Date
 
***----------------Analysis Complete-------------------------***


#4 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 27 June 2018 - 01:38 PM

No Malware Found.



#5 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 27 June 2018 - 01:48 PM

Adwcleeaneer:

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.0.0
# -------------------------------
# Build:    06-05-2018
# Database: 2018-06-25.3
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    06-28-2018
# Duration: 00:02:35
# OS:       Windows 10 Home
# Scanned:  41265
# Detected: 13
 
 
***** [ Services ] *****
 
No malicious services found.
 
***** [ Folders ] *****
 
PUP.Optional.Legacy             C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverToolkit
PUP.Optional.Legacy             C:\Program Files (x86)\DriverToolkit
PUP.Optional.Legacy             C:\Users\Nalla\AppData\Local\DriverToolkit
PUP.Optional.Legacy             C:\extensions
 
***** [ Files ] *****
 
PUP.Optional.DriverToolkit      C:\Users\Public\Desktop\DriverToolkit.lnk
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
***** [ WMI ] *****
 
No malicious WMI found.
 
***** [ Shortcuts ] *****
 
No malicious shortcuts found.
 
***** [ Tasks ] *****
 
PUP.Optional.Legacy             C:\Windows\Tasks\DRIVERTOOLKIT AUTORUN.job
PUP.Optional.Legacy             C:\Windows\System32\Tasks\DRIVERTOOLKIT AUTORUN
 
***** [ Registry ] *****
 
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1
PUP.Optional.Legacy             HKCU\Software\DriverToolkit
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD44B643-5F0A-4484-8FD4-92182CEF52EA} 
PUP.Optional.Legacy             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DRIVERTOOLKIT AUTORUN
 
***** [ Chromium (and derivatives) ] *****
 
No malicious Chromium entries found.
 
***** [ Chromium URLs ] *****
 
PUP.Optional.Legacy             Ask
PUP.Optional.Legacy             AOL
 
***** [ Firefox (and derivatives) ] *****
 
No malicious Firefox entries found.
 
***** [ Firefox URLs ] *****
 
No malicious Firefox URLs found.
 
 
 
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########


#6 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 27 June 2018 - 02:12 PM

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Nalla (administrator) on DESKTOP-S7T2E8O (28-06-2018 00:23:37)
Running from C:\Users\Nalla\Desktop
Loaded Profiles: Nalla (Available Profiles: Nalla)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Megaify Software Co., Ltd.) C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Malwarebytes) C:\Users\Nalla\Desktop\AdwCleaner.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-11-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-11-16] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [714672 2015-09-25] (Waves Audio Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646680 2017-09-27] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23838896 2018-06-17] (Microsoft Corporation)
HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\MountPoints2: {67bb0bf0-54d2-11e8-98d2-806e6f6e6963} - "E:\RTK_NIC_DRIVER_INSTALLER.sfx.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7030709d-6a76-4242-9d92-f2ab56a41c76}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{c27b9aec-a405-43cb-9f9d-fc0a9052db2a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d1994a97-cdf5-4426-be2c-2cd6ada73ac1}: [DhcpNameServer] 202.65.144.162 202.65.141.82
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3521414181-3465868732-254471055-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-3521414181-3465868732-254471055-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3521414181-3465868732-254471055-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-06-17] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-9.0.1\bin\ssv.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-9.0.1\bin\jp2ssv.dll => No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-31] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-31] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-31] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-05-31] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Nalla\AppData\Roaming\Mozilla\Firefox\Profiles\mbsqxwq6.default [2018-04-12]
FF Plugin: @java.com/DTPlugin,version=12.0.1 -> C:\Program Files\Java\jre-9.0.1\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\plugin2\npjp2.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://movix.searchalgo.com/search/?category=web&s=wvds&q={searchTerms}
CHR DefaultSearchKeyword: Default -> WowMovix
CHR DefaultSuggestURL: Default -> hxxp://sug.searchalgo.com/search/index_sg.php?q={searchTerms}
CHR Profile: C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default [2018-06-28]
CHR Extension: (Slides) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-16]
CHR Extension: (YouTube) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-16]
CHR Extension: (Sheets) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Postman) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2018-06-27]
CHR Extension: (Google Docs Offline) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-16]
CHR Extension: (ESPNCricinfo) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh [2017-10-16]
CHR Extension: (Vysor.com) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdphpklacmlhmooodiekhpbepcdlaghl [2018-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]
StartMenuInternet: Google Chrome Beta - C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8654504 2018-06-12] (Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-16] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [578480 2015-09-25] (Waves Audio Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-27] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
S3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [86016 2017-11-20] (Huawei Technologies Co., Ltd.) [File not signed]
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2016-07-27] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3524360 2016-09-24] (Intel Corporation)
S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [348672 2018-04-12] (Realtek )
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [143592 2015-06-10] (STMicroelectronics)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-27] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-27] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-27] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-28 00:23 - 2018-06-28 00:26 - 000016569 _____ C:\Users\Nalla\Desktop\FRST.txt
2018-06-28 00:23 - 2018-06-28 00:23 - 002412544 _____ (Farbar) C:\Users\Nalla\Desktop\FRST64.exe
2018-06-28 00:22 - 2018-06-28 00:22 - 001773056 _____ (Farbar) C:\Users\Nalla\Desktop\FRST.exe
2018-06-28 00:21 - 2018-06-28 00:21 - 000000000 ____D C:\Users\Nalla\AppData\Local\D3DSCache
2018-06-28 00:10 - 2018-06-28 00:10 - 007372496 _____ (Malwarebytes) C:\Users\Nalla\Desktop\AdwCleaner.exe
2018-06-27 23:39 - 2018-06-27 23:39 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\25B1434F.sys
2018-06-27 23:39 - 2018-06-27 23:39 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-06-27 23:38 - 2018-06-28 00:08 - 000000000 ____D C:\Users\Nalla\Desktop\mbar
2018-06-27 23:38 - 2018-06-27 23:38 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Nalla\Desktop\mbar-1.10.3.1001.exe
2018-06-27 23:35 - 2018-06-27 23:35 - 000000756 _____ C:\Users\Nalla\Desktop\SALog.txt
2018-06-27 23:33 - 2018-06-27 23:33 - 000899584 _____ C:\Users\Nalla\Desktop\RGSA.exe
2018-06-27 23:26 - 2018-06-27 23:26 - 000000040 _____ C:\Users\Nalla\Desktop\link.txt
2018-06-27 17:36 - 2018-06-27 17:36 - 000003033 _____ C:\Users\Nalla\Desktop\notepadcode_merge.txt
2018-06-21 14:31 - 2018-06-21 14:31 - 000000000 ____D C:\ProgramData\Packages
2018-06-20 15:22 - 2018-06-20 15:26 - 000000000 ____D C:\Users\Nalla\Desktop\JKLakshmi_Offline
2018-06-20 15:20 - 2018-06-20 15:21 - 339057009 _____ C:\Users\Nalla\Desktop\JKLakshmi_Offline.rar
2018-06-20 12:43 - 2018-06-20 12:44 - 000000000 ____D C:\Users\Nalla\Desktop\HTML_parctice
2018-06-20 12:19 - 2018-06-20 12:19 - 000000000 _____ C:\WINDOWS\Minidump\062018-30796-01.dmp
2018-06-19 23:31 - 2018-06-19 23:31 - 000000000 ____D C:\Users\Nalla\Desktop\oldtemplate
2018-06-19 21:49 - 2018-06-19 21:49 - 000000000 ____D C:\Users\Nalla\Desktop\dump
2018-06-19 20:33 - 2018-06-19 20:33 - 000000000 ____D C:\Users\Nalla\Desktop\New folder (2)
2018-06-19 20:21 - 2018-06-19 20:22 - 000000000 ____D C:\Users\Nalla\Desktop\vamtantra_changes_colors
2018-06-19 17:48 - 2018-06-19 17:48 - 000002758 _____ C:\Users\Nalla\Desktop\responsive.txt
2018-06-19 12:28 - 2018-06-19 12:30 - 000000000 ____D C:\Users\Nalla\Desktop\newvamtantracode
2018-06-18 14:59 - 2018-06-18 14:59 - 000000000 ____D C:\WINDOWS\Minidump
2018-06-18 14:59 - 2018-06-18 14:59 - 000000000 _____ C:\WINDOWS\Minidump\061818-38734-01.dmp
2018-06-18 12:36 - 2018-06-18 12:42 - 000000000 ____D C:\Users\Nalla\Desktop\swamy
2018-06-18 10:22 - 2018-06-18 10:22 - 012019275 _____ C:\Users\Nalla\Desktop\kitsune_template.zip
2018-06-18 10:21 - 2018-06-18 10:21 - 000000000 ____D C:\Users\Nalla\Desktop\kitsune_template
2018-06-17 16:03 - 2018-06-17 16:03 - 000000000 ____D C:\Users\Nalla\Desktop\source
2018-06-17 16:02 - 2018-06-17 16:03 - 000001488 _____ C:\Users\Nalla\Desktop\source.zip
2018-06-17 14:55 - 2018-06-17 14:55 - 000000043 _____ C:\Users\Nalla\Desktop\dropdown.txt
2018-06-17 07:49 - 2018-06-17 09:46 - 000000087 _____ C:\Users\Nalla\Desktop\freesites.txt
2018-06-16 21:36 - 2018-06-16 21:36 - 002057928 _____ C:\Users\Nalla\Desktop\AnyDesk.exe
2018-06-16 03:53 - 2018-06-16 03:53 - 000315733 _____ C:\Users\Nalla\Desktop\vamtantrawebsitetwo.zip
2018-06-16 02:19 - 2018-06-16 02:19 - 000000057 _____ C:\Users\Nalla\Desktop\grids.txt
2018-06-16 02:07 - 2018-06-16 02:07 - 000000041 _____ C:\Users\Nalla\Desktop\referencelinkforkitsune.txt
2018-06-15 11:57 - 2018-06-15 11:57 - 000000110 _____ C:\Users\Nalla\Desktop\freewebsite.txt
2018-06-15 10:04 - 2018-06-15 10:04 - 000000062 _____ C:\Users\Nalla\Desktop\sitescheck.txt
2018-06-15 08:25 - 2018-06-15 10:04 - 000000092 _____ C:\Users\Nalla\Desktop\numbers.txt
2018-06-14 22:36 - 2018-06-14 22:36 - 000000180 _____ C:\Users\Nalla\Desktop\websitetemplate.txt
2018-06-14 16:49 - 2018-06-14 18:46 - 000000293 _____ C:\Users\Nalla\Desktop\websitetemplates.txt
2018-06-14 14:52 - 2018-06-09 00:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-14 14:52 - 2018-06-09 00:15 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-14 14:52 - 2018-06-09 00:13 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-06-14 14:52 - 2018-06-09 00:12 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-14 14:52 - 2018-06-09 00:11 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-14 14:52 - 2018-06-08 22:17 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-14 14:52 - 2018-06-08 16:05 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-14 14:52 - 2018-06-08 16:04 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-14 14:52 - 2018-06-08 16:01 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-14 14:52 - 2018-06-08 16:01 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-14 14:52 - 2018-06-08 16:00 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-14 14:52 - 2018-06-08 15:01 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-06-14 14:52 - 2018-06-08 15:00 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-14 14:52 - 2018-06-08 15:00 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-14 14:52 - 2018-06-08 15:00 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-06-14 14:52 - 2018-06-08 15:00 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-14 14:52 - 2018-06-08 14:59 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-14 14:52 - 2018-06-08 14:59 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-14 14:52 - 2018-06-08 14:59 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-14 14:52 - 2018-06-08 14:59 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-14 14:52 - 2018-06-08 14:59 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-06-14 14:52 - 2018-06-08 14:59 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-14 14:52 - 2018-06-08 14:43 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-14 14:52 - 2018-06-08 14:39 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-14 14:52 - 2018-06-08 14:39 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-14 14:52 - 2018-06-08 14:33 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-06-14 14:52 - 2018-06-08 14:32 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-14 14:52 - 2018-06-08 14:31 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-14 14:52 - 2018-06-08 14:30 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-06-14 14:52 - 2018-06-08 14:30 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-14 14:52 - 2018-06-08 14:29 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-06-14 14:52 - 2018-06-08 14:29 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-14 14:52 - 2018-06-08 14:28 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-14 14:52 - 2018-06-08 14:28 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-14 14:52 - 2018-06-08 14:28 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-14 14:52 - 2018-06-08 14:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-14 14:52 - 2018-06-08 14:27 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-06-14 14:52 - 2018-06-08 14:26 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-06-14 14:52 - 2018-06-08 14:25 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-14 14:52 - 2018-06-08 14:25 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-14 14:52 - 2018-06-08 14:25 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-06-14 14:52 - 2018-06-08 14:25 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-14 14:52 - 2018-06-08 14:24 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-14 14:52 - 2018-05-21 01:13 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-14 14:52 - 2018-05-20 22:29 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-14 14:52 - 2018-05-20 18:03 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-14 14:52 - 2018-05-20 17:23 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-14 14:52 - 2018-05-20 17:22 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-14 14:52 - 2018-05-20 17:22 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-14 14:52 - 2018-05-20 17:22 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-14 14:52 - 2018-05-20 17:04 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-14 14:52 - 2018-05-20 17:02 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-14 14:52 - 2018-05-20 16:56 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-14 14:52 - 2018-05-20 16:56 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-14 14:52 - 2018-05-20 16:54 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-14 14:52 - 2018-05-20 16:53 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-14 14:52 - 2018-05-20 16:43 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-14 14:51 - 2018-06-09 00:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-14 14:51 - 2018-06-09 00:32 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-14 14:51 - 2018-06-09 00:31 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-14 14:51 - 2018-06-09 00:31 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-06-14 14:51 - 2018-06-09 00:15 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-14 14:51 - 2018-06-09 00:15 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-14 14:51 - 2018-06-09 00:14 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-06-14 14:51 - 2018-06-09 00:13 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-14 14:51 - 2018-06-09 00:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-14 14:51 - 2018-06-09 00:12 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-14 14:51 - 2018-06-09 00:11 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-14 14:51 - 2018-06-08 22:28 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-14 14:51 - 2018-06-08 22:21 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-14 14:51 - 2018-06-08 22:17 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-14 14:51 - 2018-06-08 21:35 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-14 14:51 - 2018-06-08 19:30 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-14 14:51 - 2018-06-08 16:08 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-14 14:51 - 2018-06-08 16:07 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-14 14:51 - 2018-06-08 16:04 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-14 14:51 - 2018-06-08 16:01 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-14 14:51 - 2018-06-08 15:03 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-14 14:51 - 2018-06-08 15:00 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-14 14:51 - 2018-06-08 15:00 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-14 14:51 - 2018-06-08 15:00 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-14 14:51 - 2018-06-08 15:00 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-14 14:51 - 2018-06-08 15:00 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-14 14:51 - 2018-06-08 15:00 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-14 14:51 - 2018-06-08 15:00 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-14 14:51 - 2018-06-08 15:00 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-14 14:51 - 2018-06-08 15:00 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-14 14:51 - 2018-06-08 14:59 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-14 14:51 - 2018-06-08 14:59 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-14 14:51 - 2018-06-08 14:42 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-14 14:51 - 2018-06-08 14:41 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-14 14:51 - 2018-06-08 14:40 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-14 14:51 - 2018-06-08 14:40 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-14 14:51 - 2018-06-08 14:40 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-14 14:51 - 2018-06-08 14:40 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-14 14:51 - 2018-06-08 14:40 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-14 14:51 - 2018-06-08 14:34 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-14 14:51 - 2018-06-08 14:33 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-14 14:51 - 2018-06-08 14:31 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-14 14:51 - 2018-06-08 14:31 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-14 14:51 - 2018-06-08 14:30 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-14 14:51 - 2018-06-08 14:30 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-14 14:51 - 2018-06-08 14:30 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-14 14:51 - 2018-06-08 14:30 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-14 14:51 - 2018-06-08 14:29 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-14 14:51 - 2018-06-08 14:29 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-14 14:51 - 2018-06-08 14:29 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-14 14:51 - 2018-06-08 14:29 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-14 14:51 - 2018-06-08 14:28 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-14 14:51 - 2018-06-08 14:28 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-06-14 14:51 - 2018-06-08 14:28 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-14 14:51 - 2018-06-08 14:27 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-14 14:51 - 2018-06-08 14:27 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-06-14 14:51 - 2018-06-08 14:24 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-14 14:51 - 2018-06-08 14:24 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-14 14:51 - 2018-06-08 14:24 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-14 14:51 - 2018-06-08 14:24 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-14 14:51 - 2018-06-08 14:24 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-06-14 14:51 - 2018-06-08 14:23 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-14 14:51 - 2018-06-07 00:27 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-14 14:51 - 2018-06-06 09:50 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-14 14:51 - 2018-05-21 01:12 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-14 14:51 - 2018-05-21 00:53 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-14 14:51 - 2018-05-21 00:53 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-14 14:51 - 2018-05-21 00:52 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-14 14:51 - 2018-05-21 00:52 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-14 14:51 - 2018-05-21 00:52 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-14 14:51 - 2018-05-20 23:44 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-14 14:51 - 2018-05-20 23:44 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-14 14:51 - 2018-05-20 23:30 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-14 14:51 - 2018-05-20 23:29 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-14 14:51 - 2018-05-20 22:15 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-14 14:51 - 2018-05-20 17:23 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-14 14:51 - 2018-05-20 17:23 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-14 14:51 - 2018-05-20 17:23 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-14 14:51 - 2018-05-20 17:22 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-14 14:51 - 2018-05-20 17:22 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-14 14:51 - 2018-05-20 17:03 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-14 14:51 - 2018-05-20 17:02 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-14 14:51 - 2018-05-20 17:02 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-14 14:51 - 2018-05-20 17:01 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-14 14:51 - 2018-05-20 17:00 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-14 14:51 - 2018-05-20 16:56 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-14 14:51 - 2018-05-20 16:56 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-14 14:51 - 2018-05-20 16:56 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-14 14:51 - 2018-05-20 16:54 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-14 14:51 - 2018-05-20 16:53 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-14 14:51 - 2018-05-20 16:53 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-14 14:51 - 2018-05-20 16:53 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-14 14:51 - 2018-05-20 16:53 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-14 14:51 - 2018-05-20 16:51 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-14 14:51 - 2018-05-20 16:51 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-14 14:51 - 2018-05-20 16:51 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-14 14:51 - 2018-05-20 16:51 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-14 14:51 - 2018-05-20 16:47 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-14 14:51 - 2018-05-20 16:46 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-14 14:51 - 2018-05-20 16:44 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-14 14:51 - 2018-05-20 16:41 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-14 14:50 - 2018-06-09 00:37 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-06-14 14:50 - 2018-06-09 00:35 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-14 14:50 - 2018-06-09 00:32 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-06-14 14:50 - 2018-06-09 00:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-14 14:50 - 2018-06-09 00:16 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-14 14:50 - 2018-06-09 00:15 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-06-14 14:50 - 2018-06-09 00:14 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-06-14 14:50 - 2018-06-09 00:14 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-14 14:50 - 2018-06-09 00:14 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-06-14 14:50 - 2018-06-09 00:13 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-14 14:50 - 2018-06-09 00:13 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-06-14 14:50 - 2018-06-09 00:13 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-06-14 14:50 - 2018-06-09 00:13 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-14 14:50 - 2018-06-09 00:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-14 14:50 - 2018-06-09 00:12 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-14 14:50 - 2018-06-09 00:12 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-06-14 14:50 - 2018-06-09 00:11 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-14 14:50 - 2018-06-09 00:11 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-14 14:50 - 2018-06-09 00:11 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-14 14:50 - 2018-06-09 00:11 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-06-14 14:50 - 2018-06-09 00:10 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-06-14 14:50 - 2018-06-08 22:34 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-14 14:50 - 2018-06-08 22:28 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-06-14 14:50 - 2018-06-08 22:20 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-06-14 14:50 - 2018-06-08 22:18 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-14 14:50 - 2018-06-08 22:18 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-14 14:50 - 2018-06-08 22:17 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-06-14 14:50 - 2018-06-08 22:17 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-06-14 14:50 - 2018-06-08 22:17 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-14 14:50 - 2018-06-08 22:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-06-14 14:50 - 2018-06-08 22:16 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-14 14:50 - 2018-06-08 22:16 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-14 14:50 - 2018-06-08 22:16 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-06-14 14:50 - 2018-06-08 22:15 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-14 14:50 - 2018-06-08 21:36 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-14 14:50 - 2018-06-08 21:35 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-14 14:50 - 2018-06-08 19:30 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-14 14:50 - 2018-06-08 16:05 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-14 14:50 - 2018-06-08 15:04 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-14 14:50 - 2018-06-08 15:04 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-14 14:50 - 2018-06-08 15:03 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-14 14:50 - 2018-06-08 15:03 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-14 14:50 - 2018-06-08 15:03 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-14 14:50 - 2018-06-08 15:01 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-14 14:50 - 2018-06-08 15:01 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-14 14:50 - 2018-06-08 15:00 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-14 14:50 - 2018-06-08 15:00 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-14 14:50 - 2018-06-08 15:00 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-14 14:50 - 2018-06-08 15:00 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-14 14:50 - 2018-06-08 14:59 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-14 14:50 - 2018-06-08 14:59 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-06-14 14:50 - 2018-06-08 14:59 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-14 14:50 - 2018-06-08 14:42 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-14 14:50 - 2018-06-08 14:41 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-14 14:50 - 2018-06-08 14:40 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-06-14 14:50 - 2018-06-08 14:40 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-14 14:50 - 2018-06-08 14:40 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-06-14 14:50 - 2018-06-08 14:40 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-14 14:50 - 2018-06-08 14:33 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-14 14:50 - 2018-06-08 14:33 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-14 14:50 - 2018-06-08 14:33 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-14 14:50 - 2018-06-08 14:32 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-06-14 14:50 - 2018-06-08 14:32 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-06-14 14:50 - 2018-06-08 14:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-14 14:50 - 2018-06-08 14:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-14 14:50 - 2018-06-08 14:31 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-14 14:50 - 2018-06-08 14:31 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-14 14:50 - 2018-06-08 14:31 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-14 14:50 - 2018-06-08 14:31 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-14 14:50 - 2018-06-08 14:31 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-06-14 14:50 - 2018-06-08 14:30 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-06-14 14:50 - 2018-06-08 14:30 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-14 14:50 - 2018-06-08 14:30 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-14 14:50 - 2018-06-08 14:29 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-06-14 14:50 - 2018-06-08 14:29 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-06-14 14:50 - 2018-06-08 14:29 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-06-14 14:50 - 2018-06-08 14:29 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-14 14:50 - 2018-06-08 14:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-14 14:50 - 2018-06-08 14:28 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-14 14:50 - 2018-06-08 14:28 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-14 14:50 - 2018-06-08 14:28 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-14 14:50 - 2018-06-08 14:28 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-06-14 14:50 - 2018-06-08 14:27 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-06-14 14:50 - 2018-06-08 14:27 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-14 14:50 - 2018-06-08 14:27 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-14 14:50 - 2018-06-08 14:27 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-14 14:50 - 2018-06-08 14:27 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-14 14:50 - 2018-06-08 14:26 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-06-14 14:50 - 2018-06-08 14:24 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-06-14 14:50 - 2018-06-08 14:23 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-06-14 14:50 - 2018-06-08 14:23 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-14 14:50 - 2018-06-08 14:23 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-14 14:50 - 2018-06-08 14:23 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-14 14:50 - 2018-06-08 14:23 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-14 14:50 - 2018-06-08 14:23 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-14 14:50 - 2018-06-08 14:23 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-14 14:50 - 2018-06-08 13:11 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-14 14:50 - 2018-06-02 04:54 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-14 14:50 - 2018-06-02 04:24 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-14 14:50 - 2018-05-25 08:54 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-06-14 14:50 - 2018-05-21 01:15 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-14 14:50 - 2018-05-21 01:12 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-14 14:50 - 2018-05-21 00:56 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-14 14:50 - 2018-05-21 00:53 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-14 14:50 - 2018-05-21 00:52 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-14 14:50 - 2018-05-20 23:45 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-14 14:50 - 2018-05-20 23:32 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-14 14:50 - 2018-05-20 23:29 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-14 14:50 - 2018-05-20 22:09 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-14 14:50 - 2018-05-20 22:05 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-14 14:50 - 2018-05-20 22:04 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-14 14:50 - 2018-05-20 20:24 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-14 14:50 - 2018-05-20 17:23 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-14 14:50 - 2018-05-20 17:23 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-14 14:50 - 2018-05-20 17:04 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-14 14:50 - 2018-05-20 17:03 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-14 14:50 - 2018-05-20 17:02 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-14 14:50 - 2018-05-20 17:02 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-14 14:50 - 2018-05-20 17:02 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-14 14:50 - 2018-05-20 16:58 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-14 14:50 - 2018-05-20 16:58 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-14 14:50 - 2018-05-20 16:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-14 14:50 - 2018-05-20 16:57 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-14 14:50 - 2018-05-20 16:57 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-14 14:50 - 2018-05-20 16:56 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-14 14:50 - 2018-05-20 16:56 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-14 14:50 - 2018-05-20 16:56 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-14 14:50 - 2018-05-20 16:55 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-14 14:50 - 2018-05-20 16:55 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-14 14:50 - 2018-05-20 16:54 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-14 14:50 - 2018-05-20 16:51 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-14 14:50 - 2018-05-20 16:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-14 14:50 - 2018-05-20 16:46 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-14 14:50 - 2018-05-20 16:46 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-14 14:50 - 2018-05-20 16:45 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-14 14:50 - 2018-05-20 16:45 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-14 14:50 - 2018-05-20 16:44 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-14 14:50 - 2018-05-20 16:43 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-14 14:50 - 2018-05-20 16:42 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-14 14:50 - 2018-05-20 16:42 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-14 14:50 - 2018-05-20 16:41 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-14 14:50 - 2018-05-20 13:56 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-14 14:50 - 2018-05-18 22:38 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-06-14 13:33 - 2018-06-14 13:39 - 000000000 ____D C:\Users\Nalla\Desktop\vamantantranew
2018-06-14 12:11 - 2018-06-14 12:13 - 000000000 ____D C:\Users\Nalla\Desktop\images
2018-06-13 18:24 - 2018-06-13 18:24 - 000000010 _____ C:\Users\Nalla\Desktop\sss.txt
2018-06-12 18:24 - 2018-06-12 18:24 - 004167225 _____ C:\Users\Nalla\Desktop\How-to-Analyze-Your-Google-Analytics-in-20-minutes.pptx
2018-06-12 17:41 - 2018-06-13 11:48 - 000000000 ____D C:\Users\Nalla\Desktop\googleanalytics
2018-06-12 10:49 - 2018-06-26 15:13 - 000000000 ____D C:\Users\Nalla\Desktop\mithuna_kitsune
2018-06-12 07:30 - 2018-06-12 15:46 - 000000825 _____ C:\Users\Nalla\Desktop\kkkkkk.txt
2018-06-11 16:46 - 2018-06-11 16:46 - 001148699 _____ C:\Users\Nalla\Desktop\Aahaa Deals PPT.pptx
2018-06-11 12:26 - 2018-06-11 12:26 - 000000000 ____D C:\Users\Nalla\Desktop\new
2018-06-07 20:11 - 2018-06-16 03:49 - 000000000 ____D C:\Users\Nalla\Desktop\vamtantrawebsitetwo
2018-06-07 19:35 - 2018-06-07 19:44 - 000000000 ____D C:\Users\Nalla\Desktop\kitsune
2018-06-06 11:32 - 2018-06-06 15:50 - 000000254 _____ C:\Users\Nalla\Desktop\aahaadeals google analytics.txt
2018-06-06 10:42 - 2018-06-06 10:45 - 000000000 ____D C:\Users\Nalla\Desktop\AaHaaDeals
2018-06-06 10:41 - 2018-06-06 10:41 - 000000187 _____ C:\Users\Nalla\Desktop\kit.txt
2018-06-06 10:37 - 2018-05-15 15:40 - 000005569 _____ C:\Users\Nalla\Desktop\config.xml
2018-06-06 10:37 - 2018-05-15 15:40 - 000001168 _____ C:\Users\Nalla\Desktop\package.json
2018-06-06 10:37 - 2018-03-23 12:15 - 000174307 _____ C:\Users\Nalla\Desktop\package-lock.json
2018-06-06 10:37 - 2018-01-13 22:17 - 000001388 _____ C:\Users\Nalla\Desktop\gulpfile.js
2018-06-06 10:37 - 2018-01-13 22:17 - 000000594 _____ C:\Users\Nalla\Desktop\.project
2018-06-06 10:37 - 2018-01-13 22:17 - 000000240 _____ C:\Users\Nalla\Desktop\README.md
2018-06-06 10:37 - 2018-01-13 22:17 - 000000190 _____ C:\Users\Nalla\Desktop\.classpath
2018-06-06 10:37 - 2018-01-13 22:17 - 000000176 _____ C:\Users\Nalla\Desktop\bower.json
2018-06-06 10:37 - 2018-01-13 22:17 - 000000143 _____ C:\Users\Nalla\Desktop\ionic.config.json
2018-06-06 10:37 - 2018-01-13 22:17 - 000000138 _____ C:\Users\Nalla\Desktop\.gitignore
2018-06-06 10:37 - 2018-01-13 22:17 - 000000029 _____ C:\Users\Nalla\Desktop\.bowerrc
2018-06-06 10:35 - 2018-06-06 10:36 - 168302549 _____ C:\Users\Nalla\Desktop\AaHaaDeals.zip
2018-06-05 15:24 - 2018-06-05 15:25 - 024724143 _____ C:\Users\Nalla\Desktop\app-debug.apk
2018-06-04 11:33 - 2018-06-04 11:33 - 000000000 ____D C:\Users\Nalla\Desktop\New folder
2018-06-01 17:26 - 2018-06-01 17:26 - 000030122 _____ C:\Users\Nalla\Desktop\redBus_Ticket__TM6X38156416_.pdf
2018-06-01 17:08 - 2018-06-01 17:08 - 000030122 _____ C:\Users\Nalla\Desktop\redBus_Ticket__TM6X70430130_.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-28 00:23 - 2016-10-04 22:33 - 000000000 ____D C:\FRST
2018-06-28 00:15 - 2016-10-04 22:22 - 000000000 ____D C:\AdwCleaner
2018-06-28 00:08 - 2018-02-24 13:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-06-28 00:06 - 2018-05-12 09:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-27 22:46 - 2018-04-12 05:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-27 22:15 - 2018-05-12 09:22 - 000793704 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-27 22:15 - 2018-04-12 05:06 - 000000000 ____D C:\WINDOWS\INF
2018-06-27 22:14 - 2018-05-12 09:34 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A7B6733F-98CE-4D61-9F5C-E981DB4D1C23}
2018-06-27 22:10 - 2017-10-15 17:49 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-06-27 22:10 - 2017-10-15 17:49 - 000000000 __SHD C:\Users\Nalla\IntelGraphicsProfiles
2018-06-27 22:09 - 2018-05-12 09:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-27 15:27 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-27 13:52 - 2018-05-24 14:00 - 000000000 ____D C:\Users\Nalla\Desktop\DAMAC
2018-06-27 13:20 - 2017-10-19 16:25 - 000000000 ____D C:\Users\Nalla\AppData\Local\Packages
2018-06-27 10:02 - 2018-02-28 16:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 10:47 - 2018-04-12 05:08 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-26 10:38 - 2018-05-12 09:42 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3521414181-3465868732-254471055-1001
2018-06-26 10:38 - 2018-05-12 09:09 - 000002365 _____ C:\Users\Nalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-26 10:38 - 2017-10-15 17:53 - 000000000 ___RD C:\Users\Nalla\OneDrive
2018-06-26 10:07 - 2017-10-16 09:36 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-22 11:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-22 10:27 - 2018-04-27 10:04 - 000000000 ____D C:\Users\Nalla\AppData\Local\atom
2018-06-22 10:26 - 2017-10-17 13:14 - 000000000 ____D C:\Users\Nalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2018-06-22 10:26 - 2017-10-17 13:14 - 000000000 ____D C:\Users\Nalla\AppData\Roaming\Atom
2018-06-22 10:26 - 2017-10-04 11:55 - 000002243 _____ C:\Users\Nalla\Desktop\Atom.lnk
2018-06-22 10:24 - 2017-10-15 20:02 - 000000000 ____D C:\Users\Nalla\AppData\Local\SquirrelTemp
2018-06-20 15:37 - 2017-10-15 19:43 - 000000000 ____D C:\Users\Nalla\.android
2018-06-20 12:22 - 2018-05-12 09:09 - 000000000 ____D C:\Users\Nalla
2018-06-20 12:21 - 2018-04-12 18:21 - 000000390 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2018-06-19 10:41 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-18 15:07 - 2017-10-15 19:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-15 00:09 - 2018-04-12 02:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-06-14 23:12 - 2017-10-16 15:56 - 000000000 ___RD C:\Users\Nalla\3D Objects
2018-06-14 23:12 - 2017-10-15 17:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-14 23:10 - 2018-05-12 09:03 - 000406520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-14 23:06 - 2018-04-12 02:34 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-14 23:05 - 2018-04-12 05:08 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-14 23:05 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-14 23:05 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-14 23:05 - 2018-04-12 05:08 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-14 23:05 - 2018-04-12 05:08 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-14 15:02 - 2017-10-15 23:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-14 14:59 - 2018-04-12 05:00 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-14 14:59 - 2017-10-15 23:10 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-14 14:59 - 2017-10-15 23:09 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-06 12:41 - 2017-10-20 18:14 - 000000000 ____D C:\Users\Nalla\.ionic
2018-06-06 04:59 - 2018-04-12 05:11 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-06 04:59 - 2018-04-12 05:11 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-12 09:03
 
==================== End of FRST.txt ============================

Additions:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Nalla (28-06-2018 00:26:45)
Running from C:\Users\Nalla\Desktop
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-12 04:06:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3521414181-3465868732-254471055-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3521414181-3465868732-254471055-503 - Limited - Disabled)
Guest (S-1-5-21-3521414181-3465868732-254471055-501 - Limited - Disabled)
Nalla (S-1-5-21-3521414181-3465868732-254471055-1001 - Administrator - Enabled) => C:\Users\Nalla
WDAGUtilityAccount (S-1-5-21-3521414181-3465868732-254471055-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Atom (HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\atom) (Version: 1.28.0 - GitHub Inc.)
DriverToolkit version 8.5.0.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.5.0.0 - Megaify Software)
Git version 2.14.2.3 (HKLM\...\Git_is1) (Version: 2.14.2.3 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
Java 8 Update 152 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180152F0}) (Version: 8.0.1520.16 - Oracle Corporation)
Java 9.0.1 (64-bit) (HKLM\...\{2590B9D6-4310-52BC-808E-1A585861A836}) (Version: 9.0.1.0 - Oracle Corporation)
Java SE Development Kit 8 Update 152 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180152}) (Version: 8.0.1520.16 - Oracle Corporation)
Java™ SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6570.1 - Waves Audio Ltd.) Hidden
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.9330.2124 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.9330.2124 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Node.js (HKLM\...\{A25EF8A9-BF15-454F-930E-2B03D9D77F3E}) (Version: 8.10.0 - Node.js Foundation)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.4 - Notepad++ Team)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.9330.2124 - Microsoft Corporation) Hidden
Postman-win64-5.1.2 (HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\Postman) (Version: 5.1.2 - Postman)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Yahoo! Powered (HKLM-x32\...\{5C60B4A0-0CE0-6520-BD60-15A06DE0C620}) (Version:  - ) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3521414181-3465868732-254471055-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E83E8EF0FAEF}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3521414181-3465868732-254471055-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-16] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {032F5170-4DB0-4767-8473-98239503C881} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-17] (Microsoft Corporation)
Task: {0E605FE7-850D-487C-8003-710FCBEE3FB1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-17] (Microsoft Corporation)
Task: {147F5857-3E59-43EB-B491-581DE4A01CFF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
Task: {1E2BD29D-D99B-4A6F-82D9-C8960101529D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
Task: {2B906AA6-EC97-4F24-B427-7589BB2ED4E6} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation)
Task: {566D6589-6DCC-45F3-A694-6FB71F9B1A5C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-17] (Microsoft Corporation)
Task: {5A3438F4-EDBE-4C07-81E0-290F5B08A4C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-16] (Google Inc.)
Task: {5FC5A2E9-EFCD-440B-9B56-E45D6B633AC6} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2018-04-24] (Adobe Systems Incorporated)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {68E30A8E-5BB3-47EC-9541-1B35B230BAEF} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-nallamillitejasri@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {6A5ABD15-F599-4206-8824-8009C4D53D94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-16] (Google Inc.)
Task: {7AA32365-CD4B-423A-845C-C1A4C04DE813} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-27] (Oracle Corporation)
Task: {7EEA3551-37D7-4F30-90C2-CE33F0669D1C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
Task: {81DDC979-8B45-423A-801D-71E5260B04E5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-17] (Microsoft Corporation)
Task: {9F3728A4-AD40-410F-9AE2-0B9BAA086944} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-nallamillitejasri@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {A4B2200B-8E45-46FC-B138-76F1F56C742E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-06-17] (Microsoft Corporation)
Task: {AAFFA3DF-E4EF-44D3-80E3-99C997687AEC} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-06-17] (Microsoft Corporation)
Task: {BD44B643-5F0A-4484-8FD4-92182CEF52EA} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe [2015-07-01] (Megaify Software Co., Ltd.)
Task: {C432E1BA-5AFB-4087-A30B-F91ADA013C36} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
Task: {FA4A0D64-7220-4584-ABBF-6AA5E32B56CA} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-12] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Nalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
 
==================== Loaded Modules (Whitelisted) ==============
 
2017-02-16 12:53 - 2017-02-16 12:53 - 000410608 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-04-12 05:04 - 2018-04-12 05:04 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-02-10 01:12 - 2018-02-10 01:12 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-04-12 05:04 - 2018-04-12 05:04 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 05:04 - 2018-04-12 05:04 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-01-01 06:37 - 2018-01-01 06:37 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-24 08:27 - 2018-05-24 08:34 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-24 08:27 - 2018-05-24 08:34 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-24 08:27 - 2018-05-24 08:36 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-24 08:27 - 2018-05-24 08:34 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-24 08:27 - 2018-05-24 08:28 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-17 07:05 - 2018-04-17 07:09 - 001922232 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-06-26 10:38 - 2018-06-26 10:41 - 027126784 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-06-26 10:38 - 2018-06-26 10:39 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-06-26 10:38 - 2018-06-26 10:39 - 006735872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-10-15 18:34 - 2017-10-15 18:34 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-06-26 10:38 - 2018-06-26 10:39 - 009360384 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-06-07 16:26 - 2018-06-07 16:27 - 000478720 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2018-06-07 16:26 - 2018-06-07 16:27 - 067232256 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2018-05-30 12:25 - 2018-05-30 12:25 - 000010752 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RenderingPlugin.dll
2017-10-15 18:36 - 2017-10-15 18:42 - 002523136 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\UnityEngineDelegates.dll
2018-04-26 08:37 - 2018-04-26 08:38 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\ImagePipelineNative.dll
2018-05-30 12:25 - 2018-05-30 12:25 - 004214784 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngineCSWrapper.dll
2018-05-30 12:25 - 2018-05-30 12:25 - 000035840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\WinMLWrapper.UWP.dll
2018-03-30 08:17 - 2018-03-30 08:19 - 002283008 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\TrackingDLLUWP.dll
2018-06-07 16:26 - 2018-06-07 16:27 - 014851072 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2018-05-30 12:25 - 2018-05-30 12:25 - 004058624 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2018-06-07 16:26 - 2018-06-07 16:26 - 003266048 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2018-05-30 12:25 - 2018-05-30 12:25 - 001393664 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2018-05-30 12:25 - 2018-05-30 12:25 - 004218080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-05-30 12:25 - 2018-05-30 12:25 - 000872448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\RuntimeConfiguration.dll
2018-06-07 16:26 - 2018-06-07 16:27 - 000165376 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18041.15530.0_x64__8wekyb3d8bbwe\SKU.dll
2018-06-26 10:07 - 2018-06-23 00:45 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-26 10:07 - 2018-06-23 00:45 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
2018-04-12 05:04 - 2018-04-12 05:04 - 001310208 _____ () c:\windows\system32\FaceProcessor.dll
2018-04-12 05:04 - 2018-04-12 05:04 - 000542888 _____ () c:\windows\system32\FaceProcessorCore.dll
2018-04-12 05:04 - 2018-04-12 05:04 - 001348664 _____ () c:\windows\system32\FaceTrackerInternal.dll
2018-04-12 07:14 - 2014-02-17 19:13 - 000092984 _____ () C:\Program Files (x86)\DriverToolkit\zlibwapi.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\sharepoint.com -> hxxps://netorg529623-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-19 02:33 - 2017-10-23 12:39 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3521414181-3465868732-254471055-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\StartupApproved\Run: => "Lync"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7ABD4BCB-252F-481E-8A46-49D075A0D820}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{421C32AA-623D-4CB5-AAE2-94C97CD558CE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{C8FBF533-64AA-4A28-A45F-3768BD7DF0EE}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [TCP Query User{6FDDB48D-C67A-422B-A4BD-036879DDF377}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [{614D7DA0-7DF3-4580-A603-63C8148CC0BE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3E9E8307-F98D-49DD-9FC4-C974E999A578}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2E0BC70E-6B34-49D8-8321-A7AE775647A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{15FBAB3E-72F9-4B50-B270-33DBD7E3A7AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{580EE764-D139-4171-83B5-1D06C826B8DA}C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe
FirewallRules: [TCP Query User{B9C4F73B-ED72-4AD2-93DA-5496AF179E41}C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe
FirewallRules: [UDP Query User{BB656EA3-4628-4644-A173-4D05F04A3D5F}C:\users\nalla\desktop\24-feb-18\desktop_dump\anydesk.exe] => (Allow) C:\users\nalla\desktop\24-feb-18\desktop_dump\anydesk.exe
FirewallRules: [TCP Query User{2DF6711B-DE7D-4E0E-95C6-3C5F4BFB8CF1}C:\users\nalla\desktop\24-feb-18\desktop_dump\anydesk.exe] => (Allow) C:\users\nalla\desktop\24-feb-18\desktop_dump\anydesk.exe
FirewallRules: [UDP Query User{11685DBD-B45E-4A88-8B20-7E341982EBB0}C:\users\nalla\appdata\roaming\npm\node_modules\node\bin\node.exe] => (Allow) C:\users\nalla\appdata\roaming\npm\node_modules\node\bin\node.exe
FirewallRules: [TCP Query User{8A1818A3-45FB-48E0-97D8-75B65EF4AEF6}C:\users\nalla\appdata\roaming\npm\node_modules\node\bin\node.exe] => (Allow) C:\users\nalla\appdata\roaming\npm\node_modules\node\bin\node.exe
FirewallRules: [UDP Query User{76F7A6B4-4D5B-4149-8239-3B8CA80C1FB1}C:\program files\android\android studio1\bin\studio64.exe] => (Allow) C:\program files\android\android studio1\bin\studio64.exe
FirewallRules: [TCP Query User{8D0F30DC-D8D5-4AA9-ABD9-E919054E0789}C:\program files\android\android studio1\bin\studio64.exe] => (Allow) C:\program files\android\android studio1\bin\studio64.exe
FirewallRules: [UDP Query User{21781391-54C3-4DC1-A8DB-74D7A5A971B9}C:\program files\java\jdk1.8.0_152\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_152\bin\java.exe
FirewallRules: [TCP Query User{281DC0DD-07CE-40C8-AB42-1EE93AA7E163}C:\program files\java\jdk1.8.0_152\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_152\bin\java.exe
FirewallRules: [{1A06981F-818A-4395-8BDC-C44909AD5966}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{5CD83CE4-C8B9-4265-A2C9-A98F020DABDA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
07-06-2018 12:30:45 Scheduled Checkpoint
14-06-2018 12:32:42 Scheduled Checkpoint
14-06-2018 22:42:39 june14
25-06-2018 10:43:33 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/27/2018 10:55:58 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\MICROSOFTEDGE.EXE-5516D41D.pf for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\Prefetch\MICROSOFTEDGE.EXE-5516D41D.pf
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (06/27/2018 10:55:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: sysmain.dll, version: 10.0.17134.1, time stamp: 0x0421300e
Exception code: 0xc0000006
Fault offset: 0x0000000000025414
Faulting process id: 0x3b34
Faulting application start time: 0x01d40e3ab9ebd6d5
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: d211c290-dc1f-4c52-b9cc-7b40a8454de8
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/27/2018 10:46:25 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\MICROSOFTEDGE.EXE-5516D41D.pf for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\Prefetch\MICROSOFTEDGE.EXE-5516D41D.pf
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (06/27/2018 10:46:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: sysmain.dll, version: 10.0.17134.1, time stamp: 0x0421300e
Exception code: 0xc0000006
Fault offset: 0x0000000000025414
Faulting process id: 0x204c
Faulting application start time: 0x01d40e3645f2aef3
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: ee4df7db-82a4-4ca5-94b4-16cd31b47824
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/27/2018 10:13:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MicrosoftEdge.exe version 11.0.17134.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: f60
 
Start Time: 01d40e3597c6dd56
 
Termination Time: 4294967295
 
Application Path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
 
Report Id: a3292c38-9c9c-4fba-95dd-7b9e4754d634
 
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
 
Faulting package-relative application ID: MicrosoftEdge
 
Error: (06/27/2018 10:12:54 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\MICROSOFTEDGE.EXE-5516D41D.pf for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\Prefetch\MICROSOFTEDGE.EXE-5516D41D.pf
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (06/27/2018 10:12:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: sysmain.dll, version: 10.0.17134.1, time stamp: 0x0421300e
Exception code: 0xc0000006
Fault offset: 0x0000000000025414
Faulting process id: 0x61c
Faulting application start time: 0x01d40e356bd01f86
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: e2074b49-e853-459c-932a-e4437c8095a1
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/27/2018 05:22:17 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
 
System errors:
=============
Error: (06/28/2018 12:13:11 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/28/2018 12:13:10 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/28/2018 12:13:09 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/28/2018 12:13:08 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/28/2018 12:13:07 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/28/2018 12:13:03 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/28/2018 12:12:59 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/28/2018 12:12:56 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
Windows Defender:
===================================
Date: 2018-06-27 23:47:18.766
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: SoftwareBundler:Win32/Aftodds
ID: 242523
Severity: High
Category: Software Bundler
Path: file:_C:\$Recycle.Bin\S-1-5-21-3521414181-3465868732-254471055-1001\$RDMTFX4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Nalla\Desktop\mbar\mbar.exe
Signature Version: AV: 1.271.120.0, AS: 1.271.120.0, NIS: 1.271.120.0
Engine Version: AM: 1.1.15000.2, NIS: 1.1.15000.2
 
Date: 2018-06-26 14:16:22.539
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {067E0AD0-E8F2-49AC-8429-C2B2431BB919}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-26 13:32:47.693
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5B0F8845-D196-47A6-ACD5-310EAE5EB96C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-26 13:16:29.127
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {45C1588D-A8A0-4ABE-BCFA-AF94D3097FBB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-26 13:11:54.850
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {94CAE79C-F503-4853-A14C-BCC6DD39108A}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-16 08:34:00.607
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2018-05-25 07:48:01.306
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.13.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x800704cf
Error description: The network location cannot be reached. For information about network troubleshooting, see Windows Help. 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 43%
Total physical RAM: 8103.78 MB
Available physical RAM: 4615.13 MB
Total Virtual: 11687.78 MB
Available Virtual: 8457.87 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.82 GB) (Free:104.89 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:457.72 GB) (Free:379.45 GB) NTFS
 
\\?\Volume{79e10ba6-ca21-41d3-a7b2-6f5813ce224e}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS
\\?\Volume{aef364fd-6b22-4df7-848e-636d6e1cfb3e}\ () (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{5f31efe3-48c5-49b6-b70a-7cfc05283c5a}\ (PBR Image) (Fixed) (Total:7.14 GB) (Free:0.37 GB) NTFS
\\?\Volume{1676ef37-b977-45ce-a994-2f50f4de668c}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3D885C9F)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#7 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:52 PM

Posted 27 June 2018 - 04:10 PM

Hello,

:step1: Run Malwarebytes Anti-Rootkit again: Double click mbar.exe to run the tool.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step2: Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8/10 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


:step3: How the computer is running now?


***


:step4: Please download Zemana AntiMalware and save it to your Desktop.
- Start it...
- Without changing any options, press Scan to begin.
After the short scan is finished, if threats are detected press Next to remove them.

Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.

- Open Zemana AntiMalware again.
- Click on icon and double click the latest report.
- Now click File > Save As and choose your Desktop before pressing Save.
The only left thing is to attach saved report in your next message.


:step5: FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Put a check into the box next to Addition.txt. Then press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste both logs in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 30 June 2018 - 04:59 AM

Malwarebytes Anti-Rootkit BETA 1.10.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2017.10.25.11
  rootkit: v2017.10.14.01
 
Windows 10 x64 NTFS
Internet Explorer 11.112.17134.0
Nalla :: DESKTOP-S7T2E8O [administrator]
 
6/30/2018 2:47:53 PM
mbar-log-2018-06-30 (14-47-53).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 287845
Time elapsed: 28 minute(s), 17 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 1
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Notepad++ (Trojan.FakeNPP) -> Delete on reboot. [911e8758c7e27cbaec79a568e41db14f]
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 1
C:\Program Files (x86)\Notepad++\uninstall.exe (Trojan.FakeNPP) -> Delete on reboot. [911e8758c7e27cbaec79a568e41db14f]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)


#9 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 30 June 2018 - 05:24 AM

Adware programme failed. attached screen shot.


Edited by rnallamilli, 30 June 2018 - 06:26 AM.


#10 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 30 June 2018 - 06:27 AM

.

Attached Files



#11 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:52 PM

Posted 30 June 2018 - 06:28 AM

OK, skip AdwCleaner and continue with the steps 3, 4 and 5 please.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 30 June 2018 - 06:35 AM

Step # 3: Still seeing un wanted popups and system performance is also slow.

 

working on Step # 4: till now found one and still running.



#13 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 30 June 2018 - 07:31 AM

Zemana AntiMalware 2.74.2.150 (Portable)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2018/6/30
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i7-5500U CPU @ 2.40GHz
BIOS Mode              : UEFI
CUID                   : 121D98C413B87F80F8F139
Scan Type              : System Scan
Duration               : 47m 35s
Scanned Objects        : 598523
Detected Objects       : 1
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : Enabled
Detect All Extensions  : Disabled
Scan Documents         : Disabled
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
Firefox Search
Status             : Scanned
Object             : Yahoo! Powered - http://in.search.yahoo.com
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Firefox Search
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 1
Reported as safe      : 0
Failed                : 0


#14 rnallamilli

rnallamilli
  • Topic Starter

  • Members
  • 377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 PM

Posted 30 June 2018 - 07:52 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Nalla (administrator) on DESKTOP-S7T2E8O (30-06-2018 18:02:41)
Running from C:\Users\Nalla\Desktop
Loaded Profiles: Nalla (Available Profiles: Nalla)
Platform: Windows 10 Home Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\MsMpEng.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1806.18062-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8725248 2015-11-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1407744 2015-11-16] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [714672 2015-09-25] (Waves Audio Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [646680 2017-09-27] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2409424 2018-04-24] (Adobe Systems Incorporated)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\Run: [Lync] => C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe [23789232 2018-06-30] (Microsoft Corporation)
HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\MountPoints2: {67bb0bf0-54d2-11e8-98d2-806e6f6e6963} - "E:\RTK_NIC_DRIVER_INSTALLER.sfx.exe" 
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{7030709d-6a76-4242-9d92-f2ab56a41c76}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{c27b9aec-a405-43cb-9f9d-fc0a9052db2a}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{d1994a97-cdf5-4426-be2c-2cd6ada73ac1}: [DhcpNameServer] 202.65.144.162 202.65.141.82
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3521414181-3465868732-254471055-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
SearchScopes: HKU\S-1-5-21-3521414181-3465868732-254471055-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
SearchScopes: HKU\S-1-5-21-3521414181-3465868732-254471055-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-06-30] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-9.0.1\bin\ssv.dll => No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-9.0.1\bin\jp2ssv.dll => No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-04-29] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-06-30] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Nalla\AppData\Roaming\Mozilla\Firefox\Profiles\mbsqxwq6.default [2018-06-30]
FF Plugin: @java.com/DTPlugin,version=12.0.1 -> C:\Program Files\Java\jre-9.0.1\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\plugin2\npjp2.dll [No File]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2018-04-24] (Adobe Systems)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-04-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-03-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2018-04-24] (Adobe Systems)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://movix.searchalgo.com/search/?category=web&s=wvds&q={searchTerms}
CHR DefaultSearchKeyword: Default -> WowMovix
CHR DefaultSuggestURL: Default -> hxxp://sug.searchalgo.com/search/index_sg.php?q={searchTerms}
CHR Profile: C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default [2018-06-30]
CHR Extension: (Slides) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-16]
CHR Extension: (Docs) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-16]
CHR Extension: (Google Drive) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-16]
CHR Extension: (YouTube) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-16]
CHR Extension: (Sheets) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-16]
CHR Extension: (Postman) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhbjgbiflinjbdggehcddcbncdddomop [2018-06-27]
CHR Extension: (Google Docs Offline) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-16]
CHR Extension: (ESPNCricinfo) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijhlikjoigjegofbedmfmlcfkmhabldh [2017-10-16]
CHR Extension: (Vysor.com) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdphpklacmlhmooodiekhpbepcdlaghl [2018-05-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-16]
CHR Extension: (Chrome Media Router) - C:\Users\Nalla\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-11]
StartMenuInternet: Google Chrome Beta - C:\Program Files (x86)\Google\Chrome Beta\Application\chrome.exe
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2018-04-24] (Adobe Systems Incorporated)
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [8765104 2018-06-20] (Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190208 2016-11-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [382456 2017-02-16] (Intel Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [307456 2015-11-16] (Realtek Semiconductor)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-12-03] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10803440 2017-12-18] (TeamViewer GmbH)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [578480 2015-09-25] (Waves Audio Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\NisSrv.exe [3925648 2018-06-27] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MsMpEng.exe [100080 2018-06-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [22864 2016-10-27] (OSR Open Systems Resources, Inc.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
S3 huawei_enumerator; C:\WINDOWS\System32\drivers\ew_jubusenum.sys [86016 2017-11-20] (Huawei Technologies Co., Ltd.) [File not signed]
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230144 2016-11-11] (Intel Corporation)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2016-07-27] ()
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3524360 2016-09-24] (Intel Corporation)
S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [348672 2018-04-12] (Realtek )
R3 ST_Accel; C:\WINDOWS\system32\DRIVERS\ST_Accel.sys [143592 2015-06-10] (STMicroelectronics)
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [22016 2018-04-12] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46592 2018-06-27] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-06-27] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [59944 2018-06-27] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2018-06-30] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2018-06-30] (Zemana Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-30 18:01 - 2018-06-30 18:01 - 000001304 _____ C:\Users\Nalla\Desktop\2018.06.30-16.59.46-i0-t92-d1.txt
2018-06-30 16:59 - 2018-06-30 18:04 - 000067941 _____ C:\WINDOWS\ZAM.krnl.trace
2018-06-30 16:59 - 2018-06-30 18:04 - 000033854 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2018-06-30 16:59 - 2018-06-30 16:59 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2018-06-30 16:59 - 2018-06-30 16:59 - 000203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2018-06-30 16:59 - 2018-06-30 16:59 - 000000000 ____D C:\Users\Nalla\AppData\Local\Zemana
2018-06-30 14:50 - 2018-06-30 14:50 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-06-30 14:50 - 2018-06-30 14:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-06-30 14:47 - 2018-06-30 14:47 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\12734774.sys
2018-06-30 14:39 - 2018-06-30 14:39 - 000000611 _____ C:\Users\Nalla\Desktop\query.txt
2018-06-30 09:16 - 2018-06-30 16:59 - 000000000 ____D C:\Users\Nalla\Desktop\pppp
2018-06-29 07:00 - 2018-06-29 07:00 - 000000081 _____ C:\Users\Nalla\Desktop\hhhhhhhhhhhh.txt
2018-06-28 15:38 - 2018-06-28 15:38 - 000000076 _____ C:\Users\Nalla\Desktop\latestcodepathvamtantra.txt
2018-06-28 10:35 - 2018-06-28 10:35 - 000000055 _____ C:\Users\Nalla\Desktop\android.txt
2018-06-28 00:26 - 2018-06-28 00:42 - 000039043 _____ C:\Users\Nalla\Desktop\Addition.txt
2018-06-28 00:23 - 2018-06-30 18:05 - 000016030 _____ C:\Users\Nalla\Desktop\FRST.txt
2018-06-28 00:23 - 2018-06-28 00:23 - 002412544 _____ (Farbar) C:\Users\Nalla\Desktop\FRST64.exe
2018-06-28 00:22 - 2018-06-28 00:22 - 001773056 _____ (Farbar) C:\Users\Nalla\Desktop\FRST.exe
2018-06-28 00:21 - 2018-06-28 00:21 - 000000000 ____D C:\Users\Nalla\AppData\Local\D3DSCache
2018-06-28 00:10 - 2018-06-28 00:10 - 007372496 _____ (Malwarebytes) C:\Users\Nalla\Desktop\AdwCleaner.exe
2018-06-27 23:39 - 2018-06-30 14:46 - 000192952 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2018-06-27 23:39 - 2018-06-27 23:39 - 000255928 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\25B1434F.sys
2018-06-27 23:38 - 2018-06-30 15:17 - 000000000 ____D C:\Users\Nalla\Desktop\mbar
2018-06-27 23:38 - 2018-06-27 23:38 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Nalla\Desktop\mbar-1.10.3.1001.exe
2018-06-27 23:35 - 2018-06-27 23:35 - 000000756 _____ C:\Users\Nalla\Desktop\SALog.txt
2018-06-27 23:33 - 2018-06-27 23:33 - 000899584 _____ C:\Users\Nalla\Desktop\RGSA.exe
2018-06-27 23:26 - 2018-06-27 23:26 - 000000040 _____ C:\Users\Nalla\Desktop\link.txt
2018-06-27 17:36 - 2018-06-27 17:36 - 000003033 _____ C:\Users\Nalla\Desktop\notepadcode_merge.txt
2018-06-21 14:31 - 2018-06-21 14:31 - 000000000 ____D C:\ProgramData\Packages
2018-06-20 15:22 - 2018-06-20 15:26 - 000000000 ____D C:\Users\Nalla\Desktop\JKLakshmi_Offline
2018-06-20 15:20 - 2018-06-20 15:21 - 339057009 _____ C:\Users\Nalla\Desktop\JKLakshmi_Offline.rar
2018-06-20 12:43 - 2018-06-20 12:44 - 000000000 ____D C:\Users\Nalla\Desktop\HTML_parctice
2018-06-20 12:19 - 2018-06-20 12:19 - 000000000 _____ C:\WINDOWS\Minidump\062018-30796-01.dmp
2018-06-19 23:31 - 2018-06-19 23:31 - 000000000 ____D C:\Users\Nalla\Desktop\oldtemplate
2018-06-19 21:49 - 2018-06-19 21:49 - 000000000 ____D C:\Users\Nalla\Desktop\dump
2018-06-19 20:33 - 2018-06-19 20:33 - 000000000 ____D C:\Users\Nalla\Desktop\New folder (2)
2018-06-19 20:21 - 2018-06-19 20:22 - 000000000 ____D C:\Users\Nalla\Desktop\vamtantra_changes_colors
2018-06-19 17:48 - 2018-06-19 17:48 - 000002758 _____ C:\Users\Nalla\Desktop\responsive.txt
2018-06-19 12:28 - 2018-06-19 12:30 - 000000000 ____D C:\Users\Nalla\Desktop\newvamtantracode
2018-06-18 14:59 - 2018-06-18 14:59 - 000000000 ____D C:\WINDOWS\Minidump
2018-06-18 14:59 - 2018-06-18 14:59 - 000000000 _____ C:\WINDOWS\Minidump\061818-38734-01.dmp
2018-06-18 12:36 - 2018-06-18 12:42 - 000000000 ____D C:\Users\Nalla\Desktop\swamy
2018-06-18 10:22 - 2018-06-18 10:22 - 012019275 _____ C:\Users\Nalla\Desktop\kitsune_template.zip
2018-06-18 10:21 - 2018-06-18 10:21 - 000000000 ____D C:\Users\Nalla\Desktop\kitsune_template
2018-06-17 16:03 - 2018-06-17 16:03 - 000000000 ____D C:\Users\Nalla\Desktop\source
2018-06-17 16:02 - 2018-06-17 16:03 - 000001488 _____ C:\Users\Nalla\Desktop\source.zip
2018-06-17 14:55 - 2018-06-17 14:55 - 000000043 _____ C:\Users\Nalla\Desktop\dropdown.txt
2018-06-17 07:49 - 2018-06-17 09:46 - 000000087 _____ C:\Users\Nalla\Desktop\freesites.txt
2018-06-16 21:36 - 2018-06-16 21:36 - 002057928 _____ C:\Users\Nalla\Desktop\AnyDesk.exe
2018-06-16 03:53 - 2018-06-16 03:53 - 000315733 _____ C:\Users\Nalla\Desktop\vamtantrawebsitetwo.zip
2018-06-16 02:19 - 2018-06-16 02:19 - 000000057 _____ C:\Users\Nalla\Desktop\grids.txt
2018-06-16 02:07 - 2018-06-16 02:07 - 000000041 _____ C:\Users\Nalla\Desktop\referencelinkforkitsune.txt
2018-06-15 11:57 - 2018-06-15 11:57 - 000000110 _____ C:\Users\Nalla\Desktop\freewebsite.txt
2018-06-15 10:04 - 2018-06-15 10:04 - 000000062 _____ C:\Users\Nalla\Desktop\sitescheck.txt
2018-06-15 08:25 - 2018-06-15 10:04 - 000000092 _____ C:\Users\Nalla\Desktop\numbers.txt
2018-06-14 22:36 - 2018-06-14 22:36 - 000000180 _____ C:\Users\Nalla\Desktop\websitetemplate.txt
2018-06-14 16:49 - 2018-06-14 18:46 - 000000293 _____ C:\Users\Nalla\Desktop\websitetemplates.txt
2018-06-14 14:52 - 2018-06-09 00:18 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-14 14:52 - 2018-06-09 00:15 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-14 14:52 - 2018-06-09 00:13 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-06-14 14:52 - 2018-06-09 00:12 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-14 14:52 - 2018-06-09 00:11 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-14 14:52 - 2018-06-08 22:17 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-14 14:52 - 2018-06-08 16:05 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-14 14:52 - 2018-06-08 16:04 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-14 14:52 - 2018-06-08 16:01 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-14 14:52 - 2018-06-08 16:01 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-14 14:52 - 2018-06-08 16:00 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-14 14:52 - 2018-06-08 15:01 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-06-14 14:52 - 2018-06-08 15:00 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-14 14:52 - 2018-06-08 15:00 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-14 14:52 - 2018-06-08 15:00 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-06-14 14:52 - 2018-06-08 15:00 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-14 14:52 - 2018-06-08 14:59 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-14 14:52 - 2018-06-08 14:59 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-14 14:52 - 2018-06-08 14:59 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-14 14:52 - 2018-06-08 14:59 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-14 14:52 - 2018-06-08 14:59 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-06-14 14:52 - 2018-06-08 14:59 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-14 14:52 - 2018-06-08 14:59 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-14 14:52 - 2018-06-08 14:43 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-14 14:52 - 2018-06-08 14:39 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-14 14:52 - 2018-06-08 14:39 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-14 14:52 - 2018-06-08 14:33 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-06-14 14:52 - 2018-06-08 14:32 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-14 14:52 - 2018-06-08 14:31 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-14 14:52 - 2018-06-08 14:30 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-06-14 14:52 - 2018-06-08 14:30 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-14 14:52 - 2018-06-08 14:29 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-06-14 14:52 - 2018-06-08 14:29 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-14 14:52 - 2018-06-08 14:28 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-14 14:52 - 2018-06-08 14:28 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-14 14:52 - 2018-06-08 14:28 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-14 14:52 - 2018-06-08 14:27 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-14 14:52 - 2018-06-08 14:27 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-06-14 14:52 - 2018-06-08 14:26 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-06-14 14:52 - 2018-06-08 14:25 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-14 14:52 - 2018-06-08 14:25 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-14 14:52 - 2018-06-08 14:25 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-06-14 14:52 - 2018-06-08 14:25 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-14 14:52 - 2018-06-08 14:24 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-14 14:52 - 2018-05-21 01:13 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-14 14:52 - 2018-05-20 22:29 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-14 14:52 - 2018-05-20 18:03 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-14 14:52 - 2018-05-20 17:23 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-14 14:52 - 2018-05-20 17:22 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-14 14:52 - 2018-05-20 17:22 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-14 14:52 - 2018-05-20 17:22 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-14 14:52 - 2018-05-20 17:04 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-14 14:52 - 2018-05-20 17:02 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-14 14:52 - 2018-05-20 16:56 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-14 14:52 - 2018-05-20 16:56 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-14 14:52 - 2018-05-20 16:54 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-14 14:52 - 2018-05-20 16:53 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-14 14:52 - 2018-05-20 16:43 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-14 14:51 - 2018-06-09 00:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-14 14:51 - 2018-06-09 00:32 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-14 14:51 - 2018-06-09 00:31 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-14 14:51 - 2018-06-09 00:31 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-06-14 14:51 - 2018-06-09 00:15 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-14 14:51 - 2018-06-09 00:15 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-14 14:51 - 2018-06-09 00:14 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-06-14 14:51 - 2018-06-09 00:13 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-14 14:51 - 2018-06-09 00:13 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-14 14:51 - 2018-06-09 00:12 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-14 14:51 - 2018-06-09 00:11 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-14 14:51 - 2018-06-08 22:28 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-14 14:51 - 2018-06-08 22:21 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-14 14:51 - 2018-06-08 22:17 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-14 14:51 - 2018-06-08 21:35 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-14 14:51 - 2018-06-08 19:30 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-14 14:51 - 2018-06-08 16:08 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-14 14:51 - 2018-06-08 16:07 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-14 14:51 - 2018-06-08 16:04 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-14 14:51 - 2018-06-08 16:01 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-14 14:51 - 2018-06-08 15:03 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-14 14:51 - 2018-06-08 15:00 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-14 14:51 - 2018-06-08 15:00 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-14 14:51 - 2018-06-08 15:00 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-14 14:51 - 2018-06-08 15:00 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-14 14:51 - 2018-06-08 15:00 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-14 14:51 - 2018-06-08 15:00 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-14 14:51 - 2018-06-08 15:00 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-14 14:51 - 2018-06-08 15:00 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-14 14:51 - 2018-06-08 15:00 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-14 14:51 - 2018-06-08 14:59 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-14 14:51 - 2018-06-08 14:59 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-14 14:51 - 2018-06-08 14:59 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-14 14:51 - 2018-06-08 14:42 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-14 14:51 - 2018-06-08 14:41 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-14 14:51 - 2018-06-08 14:40 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-14 14:51 - 2018-06-08 14:40 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-14 14:51 - 2018-06-08 14:40 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-14 14:51 - 2018-06-08 14:40 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-14 14:51 - 2018-06-08 14:40 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-14 14:51 - 2018-06-08 14:39 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-14 14:51 - 2018-06-08 14:34 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-14 14:51 - 2018-06-08 14:33 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-14 14:51 - 2018-06-08 14:31 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-14 14:51 - 2018-06-08 14:31 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-14 14:51 - 2018-06-08 14:30 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-14 14:51 - 2018-06-08 14:30 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-14 14:51 - 2018-06-08 14:30 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-14 14:51 - 2018-06-08 14:30 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-14 14:51 - 2018-06-08 14:29 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-14 14:51 - 2018-06-08 14:29 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-14 14:51 - 2018-06-08 14:29 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-14 14:51 - 2018-06-08 14:29 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-14 14:51 - 2018-06-08 14:28 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-14 14:51 - 2018-06-08 14:28 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-06-14 14:51 - 2018-06-08 14:28 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-14 14:51 - 2018-06-08 14:27 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-14 14:51 - 2018-06-08 14:27 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-14 14:51 - 2018-06-08 14:25 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-06-14 14:51 - 2018-06-08 14:24 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-14 14:51 - 2018-06-08 14:24 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-14 14:51 - 2018-06-08 14:24 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-14 14:51 - 2018-06-08 14:24 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-14 14:51 - 2018-06-08 14:24 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-06-14 14:51 - 2018-06-08 14:23 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-14 14:51 - 2018-06-07 00:27 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-14 14:51 - 2018-06-06 09:50 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-14 14:51 - 2018-05-21 01:12 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-14 14:51 - 2018-05-21 00:53 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-14 14:51 - 2018-05-21 00:53 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-14 14:51 - 2018-05-21 00:52 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-14 14:51 - 2018-05-21 00:52 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-14 14:51 - 2018-05-21 00:52 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-14 14:51 - 2018-05-20 23:44 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-14 14:51 - 2018-05-20 23:44 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-14 14:51 - 2018-05-20 23:30 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-14 14:51 - 2018-05-20 23:29 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-14 14:51 - 2018-05-20 22:15 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-14 14:51 - 2018-05-20 17:23 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-14 14:51 - 2018-05-20 17:23 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-14 14:51 - 2018-05-20 17:23 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-14 14:51 - 2018-05-20 17:22 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-14 14:51 - 2018-05-20 17:22 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-14 14:51 - 2018-05-20 17:03 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-14 14:51 - 2018-05-20 17:02 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-14 14:51 - 2018-05-20 17:02 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-14 14:51 - 2018-05-20 17:01 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-14 14:51 - 2018-05-20 17:00 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-14 14:51 - 2018-05-20 16:56 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-14 14:51 - 2018-05-20 16:56 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-14 14:51 - 2018-05-20 16:56 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-14 14:51 - 2018-05-20 16:54 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-14 14:51 - 2018-05-20 16:53 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-14 14:51 - 2018-05-20 16:53 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-14 14:51 - 2018-05-20 16:53 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-14 14:51 - 2018-05-20 16:53 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-14 14:51 - 2018-05-20 16:51 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-14 14:51 - 2018-05-20 16:51 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-14 14:51 - 2018-05-20 16:51 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-14 14:51 - 2018-05-20 16:51 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-14 14:51 - 2018-05-20 16:47 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-14 14:51 - 2018-05-20 16:46 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-14 14:51 - 2018-05-20 16:44 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-14 14:51 - 2018-05-20 16:41 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-14 14:50 - 2018-06-09 00:37 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-06-14 14:50 - 2018-06-09 00:35 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-14 14:50 - 2018-06-09 00:32 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-06-14 14:50 - 2018-06-09 00:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-14 14:50 - 2018-06-09 00:16 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-14 14:50 - 2018-06-09 00:15 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-06-14 14:50 - 2018-06-09 00:14 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-06-14 14:50 - 2018-06-09 00:14 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-14 14:50 - 2018-06-09 00:14 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-06-14 14:50 - 2018-06-09 00:13 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-14 14:50 - 2018-06-09 00:13 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-06-14 14:50 - 2018-06-09 00:13 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-06-14 14:50 - 2018-06-09 00:13 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-14 14:50 - 2018-06-09 00:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-14 14:50 - 2018-06-09 00:12 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-14 14:50 - 2018-06-09 00:12 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-06-14 14:50 - 2018-06-09 00:11 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-14 14:50 - 2018-06-09 00:11 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-14 14:50 - 2018-06-09 00:11 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-14 14:50 - 2018-06-09 00:11 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-06-14 14:50 - 2018-06-09 00:10 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-06-14 14:50 - 2018-06-08 22:34 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-14 14:50 - 2018-06-08 22:28 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-06-14 14:50 - 2018-06-08 22:20 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-06-14 14:50 - 2018-06-08 22:18 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-14 14:50 - 2018-06-08 22:18 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-14 14:50 - 2018-06-08 22:17 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-06-14 14:50 - 2018-06-08 22:17 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-06-14 14:50 - 2018-06-08 22:17 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-14 14:50 - 2018-06-08 22:17 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-06-14 14:50 - 2018-06-08 22:16 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-14 14:50 - 2018-06-08 22:16 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-14 14:50 - 2018-06-08 22:16 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-06-14 14:50 - 2018-06-08 22:15 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-14 14:50 - 2018-06-08 21:36 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-14 14:50 - 2018-06-08 21:35 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-14 14:50 - 2018-06-08 19:30 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-14 14:50 - 2018-06-08 16:05 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-14 14:50 - 2018-06-08 15:04 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-14 14:50 - 2018-06-08 15:04 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-14 14:50 - 2018-06-08 15:03 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-14 14:50 - 2018-06-08 15:03 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-14 14:50 - 2018-06-08 15:03 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-14 14:50 - 2018-06-08 15:01 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-14 14:50 - 2018-06-08 15:01 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-14 14:50 - 2018-06-08 15:00 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-14 14:50 - 2018-06-08 15:00 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-14 14:50 - 2018-06-08 15:00 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-14 14:50 - 2018-06-08 15:00 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-14 14:50 - 2018-06-08 14:59 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-14 14:50 - 2018-06-08 14:59 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-06-14 14:50 - 2018-06-08 14:59 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-14 14:50 - 2018-06-08 14:59 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-14 14:50 - 2018-06-08 14:42 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-14 14:50 - 2018-06-08 14:41 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-14 14:50 - 2018-06-08 14:40 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-06-14 14:50 - 2018-06-08 14:40 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-14 14:50 - 2018-06-08 14:40 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-06-14 14:50 - 2018-06-08 14:40 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-06-14 14:50 - 2018-06-08 14:39 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-14 14:50 - 2018-06-08 14:33 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-14 14:50 - 2018-06-08 14:33 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-14 14:50 - 2018-06-08 14:33 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-14 14:50 - 2018-06-08 14:32 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-06-14 14:50 - 2018-06-08 14:32 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-06-14 14:50 - 2018-06-08 14:32 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-14 14:50 - 2018-06-08 14:31 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-14 14:50 - 2018-06-08 14:31 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-14 14:50 - 2018-06-08 14:31 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-14 14:50 - 2018-06-08 14:31 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-14 14:50 - 2018-06-08 14:31 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-14 14:50 - 2018-06-08 14:31 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-06-14 14:50 - 2018-06-08 14:30 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-06-14 14:50 - 2018-06-08 14:30 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-14 14:50 - 2018-06-08 14:30 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-14 14:50 - 2018-06-08 14:29 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-06-14 14:50 - 2018-06-08 14:29 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-06-14 14:50 - 2018-06-08 14:29 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-06-14 14:50 - 2018-06-08 14:29 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-14 14:50 - 2018-06-08 14:29 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-14 14:50 - 2018-06-08 14:28 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-14 14:50 - 2018-06-08 14:28 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-14 14:50 - 2018-06-08 14:28 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-14 14:50 - 2018-06-08 14:28 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-06-14 14:50 - 2018-06-08 14:27 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-06-14 14:50 - 2018-06-08 14:27 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-14 14:50 - 2018-06-08 14:27 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-14 14:50 - 2018-06-08 14:27 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-14 14:50 - 2018-06-08 14:27 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-14 14:50 - 2018-06-08 14:26 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-14 14:50 - 2018-06-08 14:26 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-14 14:50 - 2018-06-08 14:25 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-06-14 14:50 - 2018-06-08 14:24 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-14 14:50 - 2018-06-08 14:24 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-06-14 14:50 - 2018-06-08 14:23 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-06-14 14:50 - 2018-06-08 14:23 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-14 14:50 - 2018-06-08 14:23 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-14 14:50 - 2018-06-08 14:23 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-14 14:50 - 2018-06-08 14:23 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-14 14:50 - 2018-06-08 14:23 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-14 14:50 - 2018-06-08 14:23 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-14 14:50 - 2018-06-08 13:11 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-14 14:50 - 2018-06-02 04:54 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-14 14:50 - 2018-06-02 04:24 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-14 14:50 - 2018-05-25 08:54 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-06-14 14:50 - 2018-05-21 01:15 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-14 14:50 - 2018-05-21 01:12 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-14 14:50 - 2018-05-21 00:56 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-14 14:50 - 2018-05-21 00:53 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-14 14:50 - 2018-05-21 00:52 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-14 14:50 - 2018-05-20 23:45 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-14 14:50 - 2018-05-20 23:32 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-14 14:50 - 2018-05-20 23:29 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-14 14:50 - 2018-05-20 22:09 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-14 14:50 - 2018-05-20 22:05 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-14 14:50 - 2018-05-20 22:04 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-14 14:50 - 2018-05-20 20:24 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-14 14:50 - 2018-05-20 17:23 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-14 14:50 - 2018-05-20 17:23 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-14 14:50 - 2018-05-20 17:04 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-14 14:50 - 2018-05-20 17:03 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-14 14:50 - 2018-05-20 17:02 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-14 14:50 - 2018-05-20 17:02 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-14 14:50 - 2018-05-20 17:02 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-14 14:50 - 2018-05-20 16:58 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-14 14:50 - 2018-05-20 16:58 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-14 14:50 - 2018-05-20 16:58 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-14 14:50 - 2018-05-20 16:57 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-14 14:50 - 2018-05-20 16:57 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-14 14:50 - 2018-05-20 16:56 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-14 14:50 - 2018-05-20 16:56 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-14 14:50 - 2018-05-20 16:56 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-14 14:50 - 2018-05-20 16:55 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-14 14:50 - 2018-05-20 16:55 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-14 14:50 - 2018-05-20 16:54 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-14 14:50 - 2018-05-20 16:51 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-14 14:50 - 2018-05-20 16:46 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-14 14:50 - 2018-05-20 16:46 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-14 14:50 - 2018-05-20 16:46 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-14 14:50 - 2018-05-20 16:45 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-14 14:50 - 2018-05-20 16:45 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-14 14:50 - 2018-05-20 16:44 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-14 14:50 - 2018-05-20 16:43 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-14 14:50 - 2018-05-20 16:42 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-14 14:50 - 2018-05-20 16:42 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-14 14:50 - 2018-05-20 16:41 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-14 14:50 - 2018-05-20 13:56 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-14 14:50 - 2018-05-18 22:38 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-06-14 13:33 - 2018-06-14 13:39 - 000000000 ____D C:\Users\Nalla\Desktop\vamantantranew
2018-06-14 12:11 - 2018-06-14 12:13 - 000000000 ____D C:\Users\Nalla\Desktop\images
2018-06-13 18:24 - 2018-06-13 18:24 - 000000010 _____ C:\Users\Nalla\Desktop\sss.txt
2018-06-12 18:24 - 2018-06-12 18:24 - 004167225 _____ C:\Users\Nalla\Desktop\How-to-Analyze-Your-Google-Analytics-in-20-minutes.pptx
2018-06-12 17:41 - 2018-06-13 11:48 - 000000000 ____D C:\Users\Nalla\Desktop\googleanalytics
2018-06-12 10:49 - 2018-06-28 18:14 - 000000000 ____D C:\Users\Nalla\Desktop\mithuna_kitsune
2018-06-12 07:30 - 2018-06-12 15:46 - 000000825 _____ C:\Users\Nalla\Desktop\kkkkkk.txt
2018-06-11 16:46 - 2018-06-11 16:46 - 001148699 _____ C:\Users\Nalla\Desktop\Aahaa Deals PPT.pptx
2018-06-11 12:26 - 2018-06-11 12:26 - 000000000 ____D C:\Users\Nalla\Desktop\new
2018-06-07 20:11 - 2018-06-16 03:49 - 000000000 ____D C:\Users\Nalla\Desktop\vamtantrawebsitetwo
2018-06-07 19:35 - 2018-06-07 19:44 - 000000000 ____D C:\Users\Nalla\Desktop\kitsune
2018-06-06 11:32 - 2018-06-06 15:50 - 000000254 _____ C:\Users\Nalla\Desktop\aahaadeals google analytics.txt
2018-06-06 10:42 - 2018-06-06 10:45 - 000000000 ____D C:\Users\Nalla\Desktop\AaHaaDeals
2018-06-06 10:41 - 2018-06-06 10:41 - 000000187 _____ C:\Users\Nalla\Desktop\kit.txt
2018-06-06 10:37 - 2018-05-15 15:40 - 000005569 _____ C:\Users\Nalla\Desktop\config.xml
2018-06-06 10:37 - 2018-05-15 15:40 - 000001168 _____ C:\Users\Nalla\Desktop\package.json
2018-06-06 10:37 - 2018-03-23 12:15 - 000174307 _____ C:\Users\Nalla\Desktop\package-lock.json
2018-06-06 10:37 - 2018-01-13 22:17 - 000001388 _____ C:\Users\Nalla\Desktop\gulpfile.js
2018-06-06 10:37 - 2018-01-13 22:17 - 000000594 _____ C:\Users\Nalla\Desktop\.project
2018-06-06 10:37 - 2018-01-13 22:17 - 000000240 _____ C:\Users\Nalla\Desktop\README.md
2018-06-06 10:37 - 2018-01-13 22:17 - 000000190 _____ C:\Users\Nalla\Desktop\.classpath
2018-06-06 10:37 - 2018-01-13 22:17 - 000000176 _____ C:\Users\Nalla\Desktop\bower.json
2018-06-06 10:37 - 2018-01-13 22:17 - 000000143 _____ C:\Users\Nalla\Desktop\ionic.config.json
2018-06-06 10:37 - 2018-01-13 22:17 - 000000138 _____ C:\Users\Nalla\Desktop\.gitignore
2018-06-06 10:37 - 2018-01-13 22:17 - 000000029 _____ C:\Users\Nalla\Desktop\.bowerrc
2018-06-06 10:35 - 2018-06-06 10:36 - 168302549 _____ C:\Users\Nalla\Desktop\AaHaaDeals.zip
2018-06-05 15:24 - 2018-06-05 15:25 - 024724143 _____ C:\Users\Nalla\Desktop\app-debug.apk
2018-06-04 11:33 - 2018-06-04 11:33 - 000000000 ____D C:\Users\Nalla\Desktop\New folder
2018-06-01 17:26 - 2018-06-01 17:26 - 000030122 _____ C:\Users\Nalla\Desktop\redBus_Ticket__TM6X38156416_.pdf
2018-06-01 17:08 - 2018-06-01 17:08 - 000030122 _____ C:\Users\Nalla\Desktop\redBus_Ticket__TM6X70430130_.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-06-30 18:04 - 2018-04-12 05:08 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-30 18:02 - 2016-10-04 22:33 - 000000000 ____D C:\FRST
2018-06-30 17:59 - 2018-05-12 09:22 - 000793704 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-30 17:59 - 2018-04-12 05:06 - 000000000 ____D C:\WINDOWS\INF
2018-06-30 17:54 - 2017-10-15 17:49 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-06-30 17:54 - 2017-10-15 17:49 - 000000000 __SHD C:\Users\Nalla\IntelGraphicsProfiles
2018-06-30 17:53 - 2018-05-12 09:34 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-06-30 17:53 - 2018-04-12 02:34 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-06-30 17:53 - 2018-02-24 13:34 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-06-30 16:52 - 2016-10-04 22:22 - 000000000 ____D C:\AdwCleaner
2018-06-30 16:50 - 2018-05-12 09:03 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-06-30 15:22 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-30 15:20 - 2018-04-12 18:21 - 000000390 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
2018-06-30 15:17 - 2018-04-13 22:33 - 000000000 ____D C:\Program Files (x86)\Notepad++
2018-06-30 14:50 - 2017-10-15 19:34 - 000002500 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-06-30 14:50 - 2017-10-15 19:34 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-06-30 14:50 - 2017-10-15 19:34 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-06-30 14:50 - 2017-10-15 19:34 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-06-30 14:50 - 2017-10-15 19:34 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-06-30 14:50 - 2017-10-15 19:34 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-06-30 14:50 - 2017-10-15 19:34 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-06-30 14:49 - 2017-10-15 19:26 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-06-30 14:37 - 2018-05-12 09:34 - 000004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{A7B6733F-98CE-4D61-9F5C-E981DB4D1C23}
2018-06-30 11:07 - 2018-05-24 14:00 - 000000000 ____D C:\Users\Nalla\Desktop\DAMAC
2018-06-30 10:53 - 2018-03-23 12:09 - 000000000 ____D C:\Users\Nalla\Desktop\screenshots
2018-06-30 08:55 - 2017-10-19 16:25 - 000000000 ____D C:\Users\Nalla\AppData\Local\Packages
2018-06-29 21:29 - 2018-04-12 05:08 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-28 09:19 - 2018-05-12 09:09 - 000000000 ____D C:\Users\Nalla
2018-06-27 10:02 - 2018-02-28 16:02 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-06-26 10:38 - 2018-05-12 09:42 - 000003376 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3521414181-3465868732-254471055-1001
2018-06-26 10:38 - 2018-05-12 09:09 - 000002365 _____ C:\Users\Nalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-26 10:38 - 2017-10-15 17:53 - 000000000 ___RD C:\Users\Nalla\OneDrive
2018-06-26 10:07 - 2017-10-16 09:36 - 000002303 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-06-22 11:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-06-22 10:27 - 2018-04-27 10:04 - 000000000 ____D C:\Users\Nalla\AppData\Local\atom
2018-06-22 10:26 - 2017-10-17 13:14 - 000000000 ____D C:\Users\Nalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2018-06-22 10:26 - 2017-10-17 13:14 - 000000000 ____D C:\Users\Nalla\AppData\Roaming\Atom
2018-06-22 10:26 - 2017-10-04 11:55 - 000002243 _____ C:\Users\Nalla\Desktop\Atom.lnk
2018-06-22 10:24 - 2017-10-15 20:02 - 000000000 ____D C:\Users\Nalla\AppData\Local\SquirrelTemp
2018-06-20 15:37 - 2017-10-15 19:43 - 000000000 ____D C:\Users\Nalla\.android
2018-06-19 10:41 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-06-14 23:12 - 2017-10-16 15:56 - 000000000 ___RD C:\Users\Nalla\3D Objects
2018-06-14 23:12 - 2017-10-15 17:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-14 23:10 - 2018-05-12 09:03 - 000406520 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-14 23:06 - 2018-04-12 14:49 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-14 23:06 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-14 23:06 - 2018-04-12 02:34 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-14 23:05 - 2018-04-12 05:08 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-14 23:05 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-14 23:05 - 2018-04-12 05:08 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-14 23:05 - 2018-04-12 05:08 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-14 23:05 - 2018-04-12 05:08 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-14 15:02 - 2017-10-15 23:10 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-14 14:59 - 2018-04-12 05:00 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-14 14:59 - 2017-10-15 23:10 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-14 14:59 - 2017-10-15 23:09 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-06 12:41 - 2017-10-20 18:14 - 000000000 ____D C:\Users\Nalla\.ionic
2018-06-06 04:59 - 2018-04-12 05:11 - 000835056 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-06-06 04:59 - 2018-04-12 05:11 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-12 09:03
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by Nalla (30-06-2018 18:06:22)
Running from C:\Users\Nalla\Desktop
Windows 10 Home Version 1803 17134.112 (X64) (2018-05-12 04:06:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3521414181-3465868732-254471055-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3521414181-3465868732-254471055-503 - Limited - Disabled)
Guest (S-1-5-21-3521414181-3465868732-254471055-501 - Limited - Disabled)
Nalla (S-1-5-21-3521414181-3465868732-254471055-1001 - Administrator - Enabled) => C:\Users\Nalla
WDAGUtilityAccount (S-1-5-21-3521414181-3465868732-254471055-504 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.5.0.331 - Adobe Systems Incorporated)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Atom (HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\atom) (Version: 1.28.0 - GitHub Inc.)
DriverToolkit version 8.5.0.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.5.0.0 - Megaify Software)
Git version 2.14.2.3 (HKLM\...\Git_is1) (Version: 2.14.2.3 - The Git Development Community)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel® Hardware Accelerated Execution Manager (HKLM\...\{6230EE50-BD4E-4B39-904D-3E7600053E08}) (Version: 6.2.1 - Intel Corporation)
Java 8 Update 152 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180152F0}) (Version: 8.0.1520.16 - Oracle Corporation)
Java 9.0.1 (64-bit) (HKLM\...\{2590B9D6-4310-52BC-808E-1A585861A836}) (Version: 9.0.1.0 - Oracle Corporation)
Java SE Development Kit 8 Update 152 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180152}) (Version: 8.0.1520.16 - Oracle Corporation)
Java™ SE Development Kit 9.0.1 (64-bit) (HKLM\...\{4AC8DBB2-1AE5-5156-83F9-D4E2E6DD564B}) (Version: 9.0.1.0 - Oracle Corporation)
Maxx Audio Installer (x64) (HKLM\...\{307032B2-6AF2-46D7-B933-62438DEB2B9A}) (Version: 2.6.6570.1 - Waves Audio Ltd.) Hidden
Microsoft Office 365 Business - en-us (HKLM\...\O365BusinessRetail - en-us) (Version: 16.0.10228.20080 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.10228.20080 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40649 (HKLM-x32\...\{35b83883-40fa-423c-ae73-2aff7e1ea820}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810 (HKLM-x32\...\{56e11d69-7cc9-40a5-a4f9-8f6190c4d84d}) (Version: 14.12.25810.0 - Microsoft Corporation)
Node.js (HKLM\...\{A25EF8A9-BF15-454F-930E-2B03D9D77F3E}) (Version: 8.10.0 - Node.js Foundation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.10228.20080 - Microsoft Corporation) Hidden
Postman-win64-5.1.2 (HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\Postman) (Version: 5.1.2 - Postman)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7647 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.51.0 - SAMSUNG Electronics Co., Ltd.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.90922 - TeamViewer)
WinRAR 5.50 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
Yahoo! Powered (HKLM-x32\...\{5C60B4A0-0CE0-6520-BD60-15A06DE0C620}) (Version:  - ) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3521414181-3465868732-254471055-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-E83E8EF0FAEF}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3521414181-3465868732-254471055-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
ShellIconOverlayIdentifiers: [   AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [   AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ShellIconOverlayIdentifiers: [   AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2018-01-01] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-02-16] (Intel Corporation)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-02-10] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext64.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files (x86)\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {147F5857-3E59-43EB-B491-581DE4A01CFF} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
Task: {1E2BD29D-D99B-4A6F-82D9-C8960101529D} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
Task: {2CD8745D-ACCF-498C-9C11-33F73A43E7F3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-30] (Microsoft Corporation)
Task: {32B9346B-D712-455D-B10A-CE9D0ACA7148} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-30] (Microsoft Corporation)
Task: {5A3438F4-EDBE-4C07-81E0-290F5B08A4C9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-16] (Google Inc.)
Task: {5FC5A2E9-EFCD-440B-9B56-E45D6B633AC6} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2018-04-24] (Adobe Systems Incorporated)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {68E30A8E-5BB3-47EC-9541-1B35B230BAEF} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-nallamillitejasri@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {6A5ABD15-F599-4206-8824-8009C4D53D94} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-10-16] (Google Inc.)
Task: {7295121E-C8D1-4B30-A6FC-A974F8684A69} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)
Task: {7AA32365-CD4B-423A-845C-C1A4C04DE813} - System32\Tasks\JavaUpdateSched => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2017-09-27] (Oracle Corporation)
Task: {7EEA3551-37D7-4F30-90C2-CE33F0669D1C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
Task: {9F3728A4-AD40-410F-9AE2-0B9BAA086944} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-nallamillitejasri@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {A4B2200B-8E45-46FC-B138-76F1F56C742E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-06-30] (Microsoft Corporation)
Task: {A8289EF8-E586-4AD3-926B-8DC7101F797A} - System32\Tasks\Microsoft\Office\OfficeOsfInstaller => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\osfinstaller.exe [2018-06-30] (Microsoft Corporation)
Task: {BD44B643-5F0A-4484-8FD4-92182CEF52EA} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: {BF1DB7C2-1F72-471B-9DB1-8DBF1A592106} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-06-20] (Microsoft Corporation)
Task: {C432E1BA-5AFB-4087-A30B-F91ADA013C36} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1806.18062-0\MpCmdRun.exe [2018-06-27] (Microsoft Corporation)
Task: {C5B4D334-1130-48AC-B872-6364DE92B72C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-06-30] (Microsoft Corporation)
Task: {F2407023-BE61-4703-8E9B-CFD023D82E6B} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-06-30] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\Nalla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Postman.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fhbjgbiflinjbdggehcddcbncdddomop
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 05:04 - 2018-04-12 05:04 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2017-02-16 12:53 - 2017-02-16 12:53 - 000410608 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-02-10 01:12 - 2018-02-10 01:12 - 000614856 _____ () C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
2018-04-12 05:04 - 2018-04-12 05:04 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 05:04 - 2018-04-12 05:04 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-01-01 06:37 - 2018-01-01 06:37 - 000230064 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2018-06-14 14:51 - 2018-06-08 14:26 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-05-24 08:27 - 2018-05-24 08:34 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-05-24 08:27 - 2018-05-24 08:34 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-05-24 08:27 - 2018-05-24 08:36 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-05-24 08:27 - 2018-05-24 08:34 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll
2018-05-24 08:27 - 2018-05-24 08:28 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-17 07:05 - 2018-04-17 07:09 - 001922232 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2018-06-26 10:38 - 2018-06-26 10:41 - 027126784 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-06-26 10:38 - 2018-06-26 10:39 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-06-26 10:38 - 2018-06-26 10:39 - 006735872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-10-15 18:34 - 2017-10-15 18:34 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-06-26 10:38 - 2018-06-26 10:39 - 009360384 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-06-26 10:07 - 2018-06-23 00:45 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll
2018-06-26 10:07 - 2018-06-23 00:45 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\sharepoint.com -> hxxps://netorg529623-files.sharepoint.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2017-03-19 02:33 - 2017-10-23 12:39 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3521414181-3465868732-254471055-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKLM\...\StartupApproved\Run: => "AdobeGCInvoker-1.0"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3521414181-3465868732-254471055-1001\...\StartupApproved\Run: => "Lync"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7ABD4BCB-252F-481E-8A46-49D075A0D820}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{421C32AA-623D-4CB5-AAE2-94C97CD558CE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [UDP Query User{C8FBF533-64AA-4A28-A45F-3768BD7DF0EE}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [TCP Query User{6FDDB48D-C67A-422B-A4BD-036879DDF377}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [{614D7DA0-7DF3-4580-A603-63C8148CC0BE}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3E9E8307-F98D-49DD-9FC4-C974E999A578}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2E0BC70E-6B34-49D8-8321-A7AE775647A0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{15FBAB3E-72F9-4B50-B270-33DBD7E3A7AB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{580EE764-D139-4171-83B5-1D06C826B8DA}C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe
FirewallRules: [TCP Query User{B9C4F73B-ED72-4AD2-93DA-5496AF179E41}C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe] => (Allow) C:\program files\adobe\adobe dreamweaver cc 2018\node\node.exe
FirewallRules: [UDP Query User{BB656EA3-4628-4644-A173-4D05F04A3D5F}C:\users\nalla\desktop\24-feb-18\desktop_dump\anydesk.exe] => (Allow) C:\users\nalla\desktop\24-feb-18\desktop_dump\anydesk.exe
FirewallRules: [TCP Query User{2DF6711B-DE7D-4E0E-95C6-3C5F4BFB8CF1}C:\users\nalla\desktop\24-feb-18\desktop_dump\anydesk.exe] => (Allow) C:\users\nalla\desktop\24-feb-18\desktop_dump\anydesk.exe
FirewallRules: [UDP Query User{11685DBD-B45E-4A88-8B20-7E341982EBB0}C:\users\nalla\appdata\roaming\npm\node_modules\node\bin\node.exe] => (Allow) C:\users\nalla\appdata\roaming\npm\node_modules\node\bin\node.exe
FirewallRules: [TCP Query User{8A1818A3-45FB-48E0-97D8-75B65EF4AEF6}C:\users\nalla\appdata\roaming\npm\node_modules\node\bin\node.exe] => (Allow) C:\users\nalla\appdata\roaming\npm\node_modules\node\bin\node.exe
FirewallRules: [UDP Query User{76F7A6B4-4D5B-4149-8239-3B8CA80C1FB1}C:\program files\android\android studio1\bin\studio64.exe] => (Allow) C:\program files\android\android studio1\bin\studio64.exe
FirewallRules: [TCP Query User{8D0F30DC-D8D5-4AA9-ABD9-E919054E0789}C:\program files\android\android studio1\bin\studio64.exe] => (Allow) C:\program files\android\android studio1\bin\studio64.exe
FirewallRules: [UDP Query User{21781391-54C3-4DC1-A8DB-74D7A5A971B9}C:\program files\java\jdk1.8.0_152\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_152\bin\java.exe
FirewallRules: [TCP Query User{281DC0DD-07CE-40C8-AB42-1EE93AA7E163}C:\program files\java\jdk1.8.0_152\bin\java.exe] => (Allow) C:\program files\java\jdk1.8.0_152\bin\java.exe
FirewallRules: [{1A06981F-818A-4395-8BDC-C44909AD5966}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{5CD83CE4-C8B9-4265-A2C9-A98F020DABDA}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
14-06-2018 12:32:42 Scheduled Checkpoint
14-06-2018 22:42:39 june14
25-06-2018 10:43:33 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/30/2018 05:57:13 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\MICROSOFTEDGE.EXE-5516D41D.pf for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\Prefetch\MICROSOFTEDGE.EXE-5516D41D.pf
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (06/30/2018 05:57:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: sysmain.dll, version: 10.0.17134.1, time stamp: 0x0421300e
Exception code: 0xc0000006
Fault offset: 0x0000000000025414
Faulting process id: 0x694
Faulting application start time: 0x01d4106d38b7db2b
Faulting application path: c:\windows\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: 0d0be282-e3a2-49d7-bf1a-f8b8c6e8e4d6
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/30/2018 05:23:49 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0
 
Error: (06/30/2018 04:12:43 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\RUNTIMEBROKER.EXE-EF720075.pf for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\Prefetch\RUNTIMEBROKER.EXE-EF720075.pf
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (06/30/2018 04:12:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: ntdll.dll, version: 10.0.17134.112, time stamp: 0x6529f37c
Exception code: 0xc0000006
Fault offset: 0x000000000008329d
Faulting process id: 0x21d0
Faulting application start time: 0x01d4105f10876bd8
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 5d836121-c8e1-4304-8fbf-ff6fcb73c9a7
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/30/2018 04:11:35 PM) (Source: Application Error) (EventID: 1005) (User: )
Description: Windows cannot access the file C:\Windows\Prefetch\MICROSOFTEDGE.EXE-5516D41D.pf for one of the following reasons:
there is a problem with the network connection, the disk that the file is stored on, or the storage
drivers installed on this computer; or the disk is missing.
Windows closed the program Host Process for Windows Services because of this error.
 
Program: Host Process for Windows Services
File: C:\Windows\Prefetch\MICROSOFTEDGE.EXE-5516D41D.pf
 
The error value is listed in the Additional Data section.
User Action
1. Open the file again.
This situation might be a temporary problem that corrects itself when the program runs again.
2.
If the file still cannot be accessed and
- It is on the network,
your network administrator should verify that there is not a problem with the network and that the server can be contacted.
- It is on a removable disk, for example, a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3. Check and repair the file system by running CHKDSK. To run CHKDSK, click Start, click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then press ENTER.
4. If the problem persists, restore the file from a backup copy.
5. Determine whether other files on the same disk can be opened. If not, the disk might be damaged. If it is a hard disk, contact your administrator or computer hardware vendor for
further assistance.
 
Additional Data
Error value: C000009C
Disk type: 3
 
Error: (06/30/2018 04:11:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 10.0.17134.1, time stamp: 0xa38b9ab2
Faulting module name: sysmain.dll, version: 10.0.17134.1, time stamp: 0x0421300e
Exception code: 0xc0000006
Fault offset: 0x0000000000025414
Faulting process id: 0x1540
Faulting application start time: 0x01d41058cf1ae59e
Faulting application path: C:\WINDOWS\system32\svchost.exe
Faulting module path: c:\windows\system32\sysmain.dll
Report Id: 94816bc3-1438-4555-891b-1b8a9947588a
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (06/30/2018 03:58:07 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
 
 
System errors:
=============
Error: (06/30/2018 06:04:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/30/2018 05:59:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
Error: (06/30/2018 05:58:56 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-S7T2E8O)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-S7T2E8O\Nalla SID (S-1-5-21-3521414181-3465868732-254471055-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/30/2018 05:57:24 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/30/2018 05:57:23 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/30/2018 05:57:21 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/30/2018 05:57:20 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (06/30/2018 05:57:19 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
Windows Defender:
===================================
Date: 2018-06-28 14:02:25.385
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {57EDDE4F-D67F-48D5-B309-FF74651C7CF7}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-27 23:47:18.766
Description: 
Windows Defender Antivirus has detected malware or other potentially unwanted software.
For more information please see the following:
Name: SoftwareBundler:Win32/Aftodds
ID: 242523
Severity: High
Category: Software Bundler
Path: file:_C:\$Recycle.Bin\S-1-5-21-3521414181-3465868732-254471055-1001\$RDMTFX4.exe
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Users\Nalla\Desktop\mbar\mbar.exe
Signature Version: AV: 1.271.120.0, AS: 1.271.120.0, NIS: 1.271.120.0
Engine Version: AM: 1.1.15000.2, NIS: 1.1.15000.2
 
Date: 2018-06-26 14:16:22.539
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {067E0AD0-E8F2-49AC-8429-C2B2431BB919}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-26 13:32:47.693
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {5B0F8845-D196-47A6-ACD5-310EAE5EB96C}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-26 13:16:29.127
Description: 
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {45C1588D-A8A0-4ABE-BCFA-AF94D3097FBB}
Scan Type: Antimalware
Scan Parameters: Quick Scan
 
Date: 2018-06-16 08:34:00.607
Description: 
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: On Access
Error Code: 0x80004005
Error description: Unspecified error 
Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
 
Date: 2018-05-25 07:48:01.306
Description: 
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version: 
Previous Signature Version: 1.269.13.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version: 
Previous Engine Version: 1.1.14901.4
Error code: 0x800704cf
Error description: The network location cannot be reached. For information about network troubleshooting, see Windows Help. 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 36%
Total physical RAM: 8103.78 MB
Available physical RAM: 5181.68 MB
Total Virtual: 12967.78 MB
Available Virtual: 10373.66 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:464.82 GB) (Free:100.05 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:457.72 GB) (Free:379.45 GB) NTFS
 
\\?\Volume{79e10ba6-ca21-41d3-a7b2-6f5813ce224e}\ (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS
\\?\Volume{aef364fd-6b22-4df7-848e-636d6e1cfb3e}\ () (Fixed) (Total:0.44 GB) (Free:0.07 GB) NTFS
\\?\Volume{5f31efe3-48c5-49b6-b70a-7cfc05283c5a}\ (PBR Image) (Fixed) (Total:7.14 GB) (Free:0.37 GB) NTFS
\\?\Volume{1676ef37-b977-45ce-a994-2f50f4de668c}\ (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3D885C9F)
 
Partition: GPT.
 

==================== End of Addition.txt ============================


#15 Jo*

Jo*

  • Malware Response Team
  • 3,445 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:01:52 PM

Posted 30 June 2018 - 08:57 AM

I noticed that you have Potentially Unwanted Programs (PUPs) installed on your system.
I'll ask you to uninstall them since uninstalling such programs before running more malware removal tools will ensure a better clean-up.
Go to Start > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista / Windows 7/8/10 and remove:

DriverToolkit version 8.5.0.0
Yahoo! Powered

---

---

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt
 
Start::
CreateRestorePoint:
CloseProcesses:
VirusTotal: C:\Windows\Temp\DPTF\esif_assist_64.exe
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre-9.0.1\bin\ssv.dll => No File
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre-9.0.1\bin\jp2ssv.dll => No File
FF Plugin: @java.com/DTPlugin,version=12.0.1 -> C:\Program Files\Java\jre-9.0.1\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @java.com/JavaPlugin,version=12.0.1.0 -> C:\Program Files\Java\jre-9.0.1\bin\plugin2\npjp2.dll [No File]
VirusTotal: C:\WINDOWS\System32\drivers\ew_jubusenum.sys
2018-06-30 15:20 - 2018-04-12 18:21 - 000000390 _____ C:\WINDOWS\Tasks\DriverToolkit Autorun.job
Task: {BD44B643-5F0A-4484-8FD4-92182CEF52EA} - System32\Tasks\DriverToolkit Autorun => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
Task: C:\WINDOWS\Tasks\DriverToolkit Autorun.job => C:\Program Files (x86)\DriverToolkit\DriverToolkit.exe
VirusTotal: C:\program files\nodejs\node.exe
FirewallRules: [UDP Query User{C8FBF533-64AA-4A28-A45F-3768BD7DF0EE}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
FirewallRules: [TCP Query User{6FDDB48D-C67A-422B-A4BD-036879DDF377}C:\program files\nodejs\node.exe] => (Allow) C:\program files\nodejs\node.exe
End::
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST / FSRT64 again as Administrator like we did before but this time press the Fix button just once and wait.

The tool will make a log (Fixlog.txt) please post it to your reply.

How the computer is running now?

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users