Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unkillable process spawns multiple TCP sessions and uses 50% CPU (Miner?)


  • Please log in to reply
12 replies to this topic

#1 MostlyFoobar

MostlyFoobar

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 06 July 2018 - 02:04 PM

Was installing a torrent supposed to contain a new picoKMS MS office activator. It tried to install a piece of bloatware, I unchecked the install option for it and it installed a butt ton of BS anyway. I interrupted it about 3/4 of the way through and tracked down and killed a bunch of stuff including chameleon explorer and several other relatively innocuous bits of adware nonsense.

But now I have this process called psnxeomsvc.exe (Which i suspect is a random filename since a google search on it returns nothing.) that autostarts and as soon as i connect to the internet it spawns the processes in the tree below which connect to a dozenish tcp hosts on various cloud platforms and intermittently use as much as 75% of my CPU to do seemingly nothing. (Mining maybe)

 

Other things it seems to do:

  • Prevents AVG from running.
  • Prevents Windows Defender from being turned on.
  • Prevents Process Explorer 2 from launching (Wanted to try using its terminate module to kill the process.)
  • The file (at c:Windows/system32/psnxeomsvc.exe) will not permit me to delete it even while logged in with NT Authority/SYSTEM creds.
  • Prevents viewing of any file folders associated with it. (Access Denied) regardless of NT Authority/SYSTEM rights.
  • New (16:09 PST July 6, 2018) Seems to have disabled my Avast password manager.

Attached File  FRST.txt   106.48KB   11 downloads
Attached File  Addition.txt   73.87KB   8 downloads
Attached File  psnxeomsvc (Process Explorer).png   103.56KB   0 downloadsAttached File  uskawmd.exe TCP-IP Connections (System Explorer).png   749.67KB   0 downloads


Edited by MostlyFoobar, 06 July 2018 - 06:11 PM.


BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 06 July 2018 - 02:56 PM

Hi and welcome to BleepingComputer. :)

 

It looks like we're dealing with a new rootkit variant here so let's also run a rootkit scan. 

 

Please download GMER from the following location and save it to your desktop or downloads folder:
Main Mirror which will download a randomly named file
 
Please close all running programs and temporarily disable any real-time active protection
It is very important you do not use your computer while GMER is running
Double-click on the randomly named GMER gmericon_zps951fd5aa.jpg icon
GMER will open to the Rootkit/Malware tab and perform an automatic quick scan
If you receive a warning about rootkit activity and are asked to fully scan your system click NO and click "save log" once done before continuing. Save the log as Quickscan.log and include it in your next reply.
Please check in the Quick scan box
Please uncheck the following:
 
Devices
IAT/EAT
Show All <<< Important
 
GMER2new_zpsdd936679.jpg
Click Scan
If you see a rootkit warning window click OK
When the scan is finished, Save the results to your desktop as gmer.log
Click Copy then paste the results in your reply
Exit GMER and be sure to re-enable your Antivirus, Firewall and any other security programs you had disabled
 
Note: If you encounter any problems, try running GMER in Safe Mode
GMER is a rootkit scanner, for that reason it can be very unstable and cause a BSOD in some cases. While annoying this is not necessarily an indication of a malware related problem and nothing to worry about.

CloseProcesses:

C:\Users\John\AppData\Local\pwcuael
S4 ewmsin; System32\drivers\snigdxpu.sys [X]
R3 ilosvy; system32\drivers\osvybf.sys [X]
C:\WINDOWS\system32\drivers\mskbfilo.sys

EmptyTemp:

While it's quite possible the malware will regenerate due to the rootkit component, let's nevertheless try to remove it with FRST.

 

Please press Windows key + R, type notepad and press enter. Copy/paste the text in the codebox below into Notepad and save it as fixlist.txt in the same location as FRST. 

 

Now rerun FRST and press the Fix button. Your computer will be rebooted after which the log should open. Please copy it's contents in your next reply.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#3 MostlyFoobar

MostlyFoobar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 06 July 2018 - 04:40 PM

Attached File  GMER.log   5.66KB   9 downloads

 

This is the log from the initial quickscan.

 

Full scan is causing BSOD. Trying again.

 

-j



#4 MostlyFoobar

MostlyFoobar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 06 July 2018 - 05:24 PM

OK. You are not going to believe this.

 

I cannot create a file called fixlist.txt anywhere on my system.

I can create any other .txt file I want, anywhere.

If I try to create a file called fixlist.txt and put the fixlist contents into it, it saves it fine... empty.

if I save the fixlist text from your reply as blah.txt it works fine.

If I then try to rename it to fixlist.txt (anywhere on the system) it says I need permission from myself to change the file. (whoami reveals that i am the person (STEINBECK/John) it says i need permission from.) No matter how many times i click the button to give myself permission it says i need to get permission from myself.

If I cancel and rename it to something else - anything else - it works fine.

 

Am I losing my mind?

 

I am losing my mind.

Attached File  cannot rename any file to fixlist.txt.png   512.91KB   0 downloads


Edited by MostlyFoobar, 06 July 2018 - 05:50 PM.


#5 MostlyFoobar

MostlyFoobar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 06 July 2018 - 08:05 PM

.png of fully elevated dos shell session attempting to rename an arbitrary .txt file to fixlist.txt

 

Attached File  Fully elevated command shell. png.png   45.32KB   0 downloads

 

.png of a fully elevated dos shell creating the fixlist.txt file with copy con.... Says it's fine...File is empty.

Using same process in same session to create anythingelse.txt containing the exact same text... works fine.

 

Attached File  Using copy con to create fixlist.txt.png   61.88KB   0 downloads

 

interestingly, a dir of the two files reveals they are the same size...

 

Attached File  'Empty' fixlist.txt same size as normally behaving anythingelse.txt file.png   47.21KB   0 downloads

 

Not sure what to make of that.

 

Attached File  fixlist.txt   202bytes   7 downloadsAttached File  anythingelse.txt   202bytes   4 downloads

 

 


Edited by MostlyFoobar, 06 July 2018 - 09:02 PM.


#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 07 July 2018 - 04:02 AM

Thanks, the GMER log contained all data necessary this far. :)

This rootkit tries to prevent you from doing a number of useful (to us) things like creating the text file. Let's see if the following works. Copy/paste the text in the codebox by selecting it and then right clicking the selection > Copy.
Now rerun FRST and click the Fix button. Let me know if that works or if you get an error.

If you get an error, please try this:
  • On a clean machine, please download Farbar Recovery Scan Tool and save it to a flash drive.

    Note: You need to download the version compatible with your machine i.e. 32-bit or 64-bit.

    Plug the flashdrive into the infected PC.
  • Enter System Recovery Environment Command Prompt:

    Instructions for Windows 10
    Instructions for Windows 8
    Instructions for Windows 7
  • Once in the Command Prompt:
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#7 MostlyFoobar

MostlyFoobar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 07 July 2018 - 04:33 PM

OK. Here is the logfile. well, I would attach the logfile  but I cannot attach files to the website now it seems. (Both the basic uploader and the flash 9 uploader respond with "Error no file selected for upload")

 

So that's bad news.

 

But there is good news. At the boot command prompt i was able to use copy con to create the fixlist and run it. I have the log file and will paste it in here below the FRST.txt file.

 

On reboot the process is gone apparently. AVG is loading and running normally. I am now able to create .txt files called fixlist.txt wherever I choose.

 

I started a fullscan of FRST but it keeps hanging on "scanning loaded modules"

 

NOTE: I was not able to access a known clean machine, so I just dropped frst64 onto a usb drive from the infected machine.

 

So here's the fix.txt:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by SYSTEM on MININT-R1IK482 (07-07-2018 13:41:13)
Running from I:\
Platform: Windows 10 Home Version 1709 16299.492 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-01] (AVAST Software)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455136 2018-02-28] (Power Software Ltd)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2195968 2018-06-05] ()
HKU\Administrator\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\Administrator\...\Run: [Spotify Web Helper] => C:\Users\John\AppData\Roaming\Spotify\SpotifyWebHelper.exe [781712 2018-06-19] (Spotify Ltd)
HKU\Administrator\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [17753088 2018-05-27] ()
HKU\Administrator\...\Run: [OneDrive] => "C:\Users\John\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
HKU\Administrator\...\Run: [Spotify] => C:\Users\John\AppData\Roaming\Spotify\Spotify.exe [24221072 2018-06-19] (Spotify Ltd)
HKU\Administrator\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\John\...\Run: [Spotify] => C:\Users\John\AppData\Roaming\Spotify\Spotify.exe [24221072 2018-06-19] (Spotify Ltd)
HKU\John\...\Run: [Spotify Web Helper] => C:\Users\John\AppData\Roaming\Spotify\SpotifyWebHelper.exe [781712 2018-06-19] (Spotify Ltd)
HKU\John\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568 2018-06-22] (Google Inc.)
HKU\John\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1801544 2018-06-12] (AVAST Software)
IFEO\taskmgr.exe: [Debugger] "D:\USERS\JOHN\DESKTOP\PROCEXP64.EXE"
AlternateShell: 
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"HKLM\System\ControlSet001\Services\mpcsgkox" => removed successfully
C:\Windows\System32\drivers\msklosvy.sys => moved successfully
C:\Users\John\AppData\Local\pwcuael\pwcuael.exe => moved successfully
C:\Users\John\AppData\Local\pwcuael\uskawmd.exe => moved successfully
C:\Users\John\AppData\Local\Temp\allradio_4.27_portable.exe => moved successfully
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-07-01] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-01] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-01] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-01] (AVAST Software)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [984032 2018-04-27] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5279232 2018-04-27] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712864 2018-04-27] (AVG Technologies CZ, s.r.o.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-06-04] (Microsoft Corporation)
S4 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
S4 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1394360 2015-08-12] (Intel Corporation)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-12-11] (ELAN Microelectronics Corp.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-07-04] (SurfRight B.V.)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S4 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2017-01-06] (Microsoft Corporation)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8914 2016-08-21] ()
S2 osrss; C:\Windows\system32\osrss.dll [108584 2018-03-09] (Microsoft Corporation)
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
S4 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2017-01-05] (Microsoft Corporation)
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
S4 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1371136 2018-06-05] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [11776 2018-06-04] (Microsoft Corporation)
S4 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [811520 2018-06-05] ()
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AsusTP; C:\Windows\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [197160 2018-07-01] (AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229392 2018-07-01] (AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201328 2018-07-01] (AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-07-01] (AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59592 2018-07-01] (AVAST Software)
S3 aswElam; C:\Windows\System32\drivers\aswElam.sys [15360 2018-07-01] (AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239680 2018-07-01] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-07-01] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159640 2018-07-01] (AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111872 2018-07-01] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-07-01] (AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027728 2018-07-01] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [463080 2018-07-01] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [211160 2018-07-01] (AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381584 2018-07-01] (AVAST Software)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313088 2017-03-23] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [283384 2017-09-04] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [253184 2017-04-11] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
S0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55816 2015-08-12] (Intel Corporation)
S3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-12] (Intel Corporation)
S3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-12] (Intel Corporation)
S4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-07-07] ()
S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2017-09-29] (Intel Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-12-11] (Realsil Semiconductor Corporation)
S3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
S3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S4 ewmsin; System32\drivers\snigdxpu.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-06 17:43 - 2018-07-06 17:43 - 000000202 _____ C:\Windows\System32\anythingelse.txt
2018-07-06 17:42 - 2018-07-06 17:42 - 000000202 _____ C:\Windows\System32\fixlist.txt
2018-07-06 13:26 - 2018-07-06 13:26 - 939387234 _____ C:\Windows\MEMORY.DMP
2018-07-06 10:14 - 2018-07-06 16:54 - 000000000 ___DC C:\FRST
2018-07-06 08:18 - 2018-07-07 10:28 - 000000000 ____D C:\Users\John\AppData\Local\CrashDumps
2018-07-06 07:31 - 2018-07-06 16:46 - 000162464 _____ (Sysinternals) C:\Windows\PSEXESVC.exe
2018-07-05 18:37 - 2018-07-01 15:59 - 000378072 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2018-07-05 08:58 - 2018-07-05 08:58 - 000082480 _____ C:\Windows\System32\drvlist.csv
2018-07-05 08:47 - 2018-07-05 08:47 - 000001882 ____C C:\Users\Public\Desktop\Process Hacker 2.lnk
2018-07-05 08:47 - 2018-07-05 08:47 - 000000000 ____D C:\Program Files\Process Hacker 2
2018-07-05 08:22 - 2018-07-05 08:22 - 000003240 _____ C:\Windows\System32\Tasks\Process Explorer-STEINBECK-John
2018-07-05 06:42 - 2018-07-07 12:28 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP152.SYS
2018-07-05 06:38 - 2018-07-06 07:56 - 000000000 ___DC C:\Utilities
2018-07-05 06:38 - 2018-07-05 06:38 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-07-04 07:56 - 2018-07-04 07:56 - 000001964 ____C C:\Users\Public\Desktop\HitmanPro.lnk
2018-07-04 07:56 - 2018-07-04 07:56 - 000000000 ____D C:\Program Files\HitmanPro
2018-07-04 07:49 - 2018-07-04 08:49 - 000000376 _____ C:\Windows\System32\.crusader
2018-07-04 07:43 - 2018-07-07 12:30 - 000055232 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2018-07-04 07:42 - 2018-07-04 07:50 - 000000000 ____D C:\ProgramData\HitmanPro
2018-07-04 07:25 - 2018-07-04 07:25 - 000000000 ____D C:\Program Files\Unlocker
2018-07-03 13:41 - 2018-07-03 13:41 - 000000918 ____C C:\Users\Public\Desktop\VLC media player.lnk
2018-07-03 13:39 - 2018-07-03 13:39 - 000004564 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-03 13:39 - 2018-07-03 13:39 - 000000000 ____D C:\Program Files\7-Zip
2018-07-03 12:54 - 2018-07-06 13:27 - 000000000 ____D C:\Windows\Minidump
2018-07-01 16:14 - 2018-07-01 16:14 - 000002537 ____C C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-07-01 16:13 - 2018-07-01 16:13 - 000003458 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2018-07-01 16:13 - 2018-07-01 16:13 - 000003334 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2018-07-01 16:13 - 2018-07-01 16:13 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-07-01 16:00 - 2018-07-07 11:37 - 000000000 ____D C:\Users\John\AppData\Local\AVAST Software
2018-07-01 16:00 - 2018-07-05 18:38 - 000001969 ____C C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-07-01 16:00 - 2018-07-01 16:00 - 000000000 ____D C:\Users\John\AppData\Roaming\AVAST Software
2018-07-01 15:59 - 2018-07-07 12:29 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-07-01 15:59 - 2018-07-01 15:59 - 001027728 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 001027728 _____ (AVAST Software) C:\Windows\System32\Drivers\asw470f2ee67b67976c.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 001027728 _____ (AVAST Software) C:\Windows\System32\Drivers\asw 94eabc9709e08d2.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000463080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000463080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswdb5fc9470b7cc7f7.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000463080 _____ (AVAST Software) C:\Windows\System32\Drivers\asw1b29047fceb31b02.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000381584 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000381584 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbe8009d5ecbac779.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000381584 _____ (AVAST Software) C:\Windows\System32\Drivers\asw7420a70e15ba0291.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000346664 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbloga.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000346664 _____ (AVAST Software) C:\Windows\System32\Drivers\asw90405aa3fce2d1b1.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000346664 _____ (AVAST Software) C:\Windows\System32\Drivers\asw39a8f885b1576196.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000239680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHdsKe.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000239680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswf3de2398b55b6f54.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000239680 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4f2376932d4e3e74.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000229392 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000229392 _____ (AVAST Software) C:\Windows\System32\Drivers\asw9eb67f8e898bfd33.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000229392 _____ (AVAST Software) C:\Windows\System32\Drivers\asw64ec3f12c8bc651b.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000211160 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000211160 _____ (AVAST Software) C:\Windows\System32\Drivers\aswd5e850afd7fadc0e.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000211160 _____ (AVAST Software) C:\Windows\System32\Drivers\asw57a7095a902a2d08.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000201328 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsha.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000201328 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5bc2e5ed2be00f78.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000201328 _____ (AVAST Software) C:\Windows\System32\Drivers\asw1d7f77405de4c97d.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000197160 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000197160 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5f41e581fb41ebc5.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000197160 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4c8be572157be0a9.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000159640 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000159640 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5200e32aad35e9e0.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000159640 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5086e336b4abead5.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000111872 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000111872 _____ (AVAST Software) C:\Windows\System32\Drivers\aswdd45a514ab64d3c9.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000111872 _____ (AVAST Software) C:\Windows\System32\Drivers\asw9ce2f104f5d9c685.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000085968 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000085968 _____ (AVAST Software) C:\Windows\System32\Drivers\asw923b1daa4ec3f7b7.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000085968 _____ (AVAST Software) C:\Windows\System32\Drivers\asw82b54a5c8cb790ca.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000059592 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniva.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000059592 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4fb4eb1d48a97a3a.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000059592 _____ (AVAST Software) C:\Windows\System32\Drivers\asw17ee6dfec2e20cb5.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000046976 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000046976 _____ (AVAST Software) C:\Windows\System32\Drivers\asw2423415d45f1a9bc.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000046976 _____ (AVAST Software) C:\Windows\System32\Drivers\asw218ccd59cdb7204a.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000015360 _____ (AVAST Software) C:\Windows\System32\Drivers\aswf69ec330f3150120.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000015360 _____ (AVAST Software) C:\Windows\System32\Drivers\aswElam.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000015360 _____ (AVAST Software) C:\Windows\System32\Drivers\asw8219d7de6d5f94af.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-07-01 15:59 - 2018-07-01 15:59 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-07-01 15:58 - 2018-07-01 15:58 - 000000000 ____D C:\Program Files\AVAST Software
2018-07-01 15:57 - 2018-07-01 16:44 - 000000000 ____D C:\ProgramData\AVAST Software
2018-07-01 15:46 - 2018-07-01 15:46 - 000000144 _____ C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-07-01 15:37 - 2018-07-01 15:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-07-01 15:37 - 2018-07-01 15:37 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2018-07-01 15:27 - 2018-07-01 15:27 - 000000000 ____D C:\ProgramData\Packages
2018-07-01 15:16 - 2018-07-01 15:16 - 000000000 ____D C:\Users\Administrator\Documents\My Games
2018-07-01 15:16 - 2018-07-01 15:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Avg
2018-07-01 15:13 - 2018-07-01 15:15 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-07-01 15:12 - 2018-07-01 15:12 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2018-07-01 15:11 - 2018-07-01 15:17 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\qBittorrent
2018-07-01 15:11 - 2018-07-01 15:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\qBittorrent
2018-07-01 15:11 - 2018-07-01 15:11 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups
2018-07-01 15:10 - 2018-07-01 16:51 - 000000000 ____D C:\Program Files\YzFjMzMwMTA4NmI3N
2018-07-01 15:10 - 2018-07-01 16:37 - 000002360 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2018-07-01 15:10 - 2018-07-01 15:10 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2018-07-01 15:10 - 2018-07-01 15:10 - 000000000 ___RD C:\Users\Administrator\3D Objects
2018-07-01 15:10 - 2018-07-01 15:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-07-01 15:10 - 2018-07-01 15:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2018-07-01 15:10 - 2018-07-01 15:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-07-01 15:09 - 2018-07-01 15:09 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-07-01 14:47 - 2018-07-07 12:27 - 002912256 _____ C:\Windows\System32\psnxeomsvc.exe
2018-07-01 14:41 - 2018-07-01 14:41 - 002912256 _____ C:\Windows\System32\psnxeomsvc2.exe
2018-07-01 13:15 - 2018-07-07 09:34 - 000000000 ____D C:\Users\John\AppData\Local\msoegba
2018-07-01 13:04 - 2018-07-01 13:04 - 000000000 ____D C:\Windows\Panther
2018-07-01 12:48 - 2018-07-07 13:41 - 000000000 ____D C:\Users\John\AppData\Local\pwcuael
2018-07-01 12:48 - 2018-07-01 12:48 - 000000000 ____D C:\Users\John\AppData\Local\usrnkhg
2018-07-01 12:47 - 2018-07-01 12:47 - 000004608 _____ C:\Windows\SECOH-QAD.exe
2018-07-01 12:46 - 2018-07-01 14:24 - 002912256 _____ C:\Windows\System32\psnxeomsvc1.exe
2018-07-01 12:45 - 2018-07-01 12:56 - 000000000 ____D C:\Program Files (x86)\s5
2018-07-01 12:45 - 2018-07-01 12:45 - 000000000 ____D C:\Windows\SysWOW64\zaexwlg
2018-07-01 12:45 - 2018-07-01 12:45 - 000000000 ____D C:\Windows\System32\zaexwlg
2018-07-01 12:45 - 2018-07-01 12:45 - 000000000 ____D C:\Users\John\AppData\Roaming\et
2018-07-01 12:45 - 2018-07-01 12:45 - 000000000 ____D C:\ProgramData\1530477910
2018-07-01 12:44 - 2018-07-01 12:44 - 000000000 ____D C:\Users\John\AppData\Local\AdvinstAnalytics
2018-07-01 12:44 - 2018-07-01 12:44 - 000000000 ____D C:\Program Files (x86)\LetsSee!
2018-07-01 12:43 - 2018-07-01 18:01 - 000000000 ____D C:\Program Files (x86)\Chameleon Explorer
2018-07-01 12:43 - 2018-07-01 12:43 - 000001193 ____C C:\Users\Public\Desktop\Chameleon Explorer.lnk
2018-07-01 12:42 - 2018-07-01 13:17 - 000000000 ____D C:\Windows\SysWOW64\SSL
2018-07-01 12:42 - 2018-07-01 12:42 - 001288704 _____ C:\Windows\zofegrpgyzgqwuyn.zofeg
2018-06-29 20:43 - 2018-06-29 20:43 - 000000000 ____D C:\Users\John\AppData\Local\.IdentityService
2018-06-28 18:46 - 2018-06-28 18:46 - 000108489 _____ C:\Windows\uninstaller.dat
2018-06-28 15:09 - 2018-06-28 15:09 - 000000000 ____D C:\Program Files (x86)\GtkSharp
2018-06-28 15:06 - 2018-06-28 15:08 - 000000000 ____D C:\Program Files\Unity
2018-06-28 15:06 - 2018-06-28 15:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
2018-06-28 15:04 - 2018-06-28 15:04 - 000000000 ____D C:\Users\John\.android
2018-06-28 15:02 - 2016-11-11 15:34 - 000091256 _____ (Intel Corporation) C:\Windows\System32\Drivers\IntelHaxm.sys
2018-06-28 15:00 - 2018-06-28 15:00 - 000000000 ____D C:\Program Files (x86)\Android
2018-06-28 14:59 - 2018-06-28 14:59 - 000000000 ___DC C:\Users\John\AppData\LocalLow\Oracle
2018-06-28 14:51 - 2018-06-28 14:54 - 000000000 ____D C:\Program Files (x86)\Xamarin
2018-06-28 14:51 - 2018-06-28 14:51 - 000000000 ____D C:\Program Files (x86)\ShellDir
2018-06-28 14:50 - 2018-06-28 14:50 - 000000000 ____D C:\ProgramData\dftmp
2018-06-28 14:49 - 2018-06-28 14:49 - 000000000 ____D C:\Program Files\VS2012Schemas
2018-06-28 14:49 - 2018-06-28 14:49 - 000000000 ____D C:\Program Files\VS2010Schemas
2018-06-28 14:49 - 2018-06-28 14:49 - 000000000 ____D C:\Program Files\Microsoft SDKs
2018-06-28 14:48 - 2018-06-28 14:48 - 000000000 ____D C:\Program Files (x86)\NuGet
2018-06-28 14:48 - 2018-06-28 14:48 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.1 Local Feed - Visual Studio 2017
2018-06-28 14:48 - 2018-06-28 14:48 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.0 Local Feed - Visual Studio 2017
2018-06-28 14:47 - 2018-06-28 14:47 - 000000000 ____D C:\Program Files\dotnet
2018-06-28 14:45 - 2018-06-28 14:48 - 000000000 ____D C:\Program Files\IIS Express
2018-06-28 14:42 - 2018-06-28 14:43 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\3082
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\2052
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1055
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1049
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1046
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1045
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1042
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1041
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1040
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1036
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1031
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1029
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1028
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\3082
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\2052
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1055
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1049
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1046
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1045
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1042
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1041
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1040
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1036
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1031
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1029
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1028
2018-06-28 14:41 - 2018-06-28 14:41 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2018-06-28 14:36 - 2018-06-28 14:36 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2018-06-28 11:21 - 2018-06-28 11:22 - 000000000 ____D C:\Users\John\Documents\Visual Studio 2015
2018-06-28 11:15 - 2018-06-28 16:16 - 000000000 ____D C:\Users\John\AppData\Roaming\Visual Studio Setup
2018-06-28 11:15 - 2018-06-28 14:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2018-06-28 11:15 - 2018-06-28 11:15 - 000000000 ____D C:\Users\John\AppData\Roaming\vstelemetry
2018-06-28 11:15 - 2018-06-28 11:15 - 000000000 ____D C:\Users\John\AppData\Local\ServiceHub
2018-06-23 14:03 - 2018-06-23 14:03 - 000000000 ___DC C:\Users\John\AppData\LocalLow\LionShield
2018-06-12 09:57 - 2018-06-12 09:57 - 000000000 ____D C:\Windows\PCHEALTH
2018-06-12 09:44 - 2018-06-07 23:32 - 001638432 _____ (Microsoft Corporation) C:\Windows\System32\gdi32full.dll
2018-06-12 09:44 - 2018-06-07 23:32 - 000157696 _____ (Microsoft Corporation) C:\Windows\System32\vertdll.dll
2018-06-12 09:44 - 2018-06-07 23:30 - 008594848 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2018-06-12 09:44 - 2018-06-07 23:30 - 001953544 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2018-06-12 09:44 - 2018-06-07 23:27 - 000377760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2018-06-12 09:44 - 2018-06-07 23:24 - 003009736 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2018-06-12 09:44 - 2018-06-07 23:24 - 002711248 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2018-06-12 09:44 - 2018-06-07 23:24 - 000967584 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2018-06-12 09:44 - 2018-06-07 23:24 - 000891808 _____ (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
2018-06-12 09:44 - 2018-06-07 23:23 - 004486400 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepository.dll
2018-06-12 09:44 - 2018-06-07 23:23 - 002412688 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2018-06-12 09:44 - 2018-06-07 23:22 - 003180176 _____ (Microsoft Corporation) C:\Windows\System32\combase.dll
2018-06-12 09:44 - 2018-06-07 23:22 - 001269640 _____ (Microsoft Corporation) C:\Windows\System32\WinTypes.dll
2018-06-12 09:44 - 2018-06-07 23:22 - 000688072 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentClient.dll
2018-06-12 09:44 - 2018-06-07 23:22 - 000093624 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2018-06-12 09:44 - 2018-06-07 23:21 - 001779960 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2018-06-12 09:44 - 2018-06-07 23:21 - 000594080 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2018-06-12 09:44 - 2018-06-07 22:21 - 001931256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-06-12 09:44 - 2018-06-07 22:21 - 001614168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-06-12 09:44 - 2018-06-07 22:21 - 000777912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-06-12 09:44 - 2018-06-07 22:19 - 001433360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-06-12 09:44 - 2018-06-07 22:18 - 000097160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-06-12 09:44 - 2018-06-07 22:10 - 002338272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2018-06-12 09:44 - 2018-06-07 22:09 - 017161216 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2018-06-12 09:44 - 2018-06-07 22:09 - 002193688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-06-12 09:44 - 2018-06-07 22:09 - 000791968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2018-06-12 09:44 - 2018-06-07 22:09 - 000098304 _____ C:\Windows\System32\runexehelper.exe
2018-06-12 09:44 - 2018-06-07 22:08 - 003979696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2018-06-12 09:44 - 2018-06-07 22:08 - 003663360 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2018-06-12 09:44 - 2018-06-07 22:08 - 001990672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-06-12 09:44 - 2018-06-07 22:08 - 000543920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2018-06-12 09:44 - 2018-06-07 22:07 - 002386320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-06-12 09:44 - 2018-06-07 22:07 - 000536064 _____ (Microsoft Corporation) C:\Windows\System32\edgeIso.dll
2018-06-12 09:44 - 2018-06-07 22:07 - 000206848 _____ (Microsoft Corporation) C:\Windows\System32\IndexedDbLegacy.dll
2018-06-12 09:44 - 2018-06-07 22:06 - 006015208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2018-06-12 09:44 - 2018-06-07 22:06 - 004668688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-06-12 09:44 - 2018-06-07 22:06 - 001524784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2018-06-12 09:44 - 2018-06-07 22:06 - 000551696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-06-12 09:44 - 2018-06-07 22:05 - 000046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2018-06-12 09:44 - 2018-06-07 22:04 - 000201728 _____ (Microsoft Corporation) C:\Windows\System32\EdgeManager.dll
2018-06-12 09:44 - 2018-06-07 22:04 - 000104960 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2018-06-12 09:44 - 2018-06-07 22:03 - 000532480 _____ (Microsoft Corporation) C:\Windows\System32\daxexec.dll
2018-06-12 09:44 - 2018-06-07 22:03 - 000151552 _____ (Microsoft Corporation) C:\Windows\System32\dssvc.dll
2018-06-12 09:44 - 2018-06-07 22:02 - 001498112 _____ (Microsoft Corporation) C:\Windows\System32\WebRuntimeManager.dll
2018-06-12 09:44 - 2018-06-07 22:02 - 001015296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2018-06-12 09:44 - 2018-06-07 22:02 - 000392704 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2018-06-12 09:44 - 2018-06-07 22:02 - 000253440 _____ (Microsoft Corporation) C:\Windows\System32\domgmt.dll
2018-06-12 09:44 - 2018-06-07 22:02 - 000093696 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2018-06-12 09:44 - 2018-06-07 22:01 - 000672768 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2018-06-12 09:44 - 2018-06-07 22:01 - 000652288 _____ (Microsoft Corporation) C:\Windows\System32\OneDriveSettingSyncProvider.dll
2018-06-12 09:44 - 2018-06-07 22:01 - 000229888 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2018-06-12 09:44 - 2018-06-07 22:00 - 012833792 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2018-06-12 09:44 - 2018-06-07 22:00 - 000354304 _____ (Microsoft Corporation) C:\Windows\System32\WwaApi.dll
2018-06-12 09:44 - 2018-06-07 22:00 - 000258560 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2018-06-12 09:44 - 2018-06-07 21:59 - 008432640 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2018-06-12 09:44 - 2018-06-07 21:59 - 001116672 _____ (Microsoft Corporation) C:\Windows\System32\rpcss.dll
2018-06-12 09:44 - 2018-06-07 21:59 - 001043968 _____ (Microsoft Corporation) C:\Windows\System32\NotificationController.dll
2018-06-12 09:44 - 2018-06-07 21:59 - 000757760 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2018-06-12 09:44 - 2018-06-07 21:58 - 008068608 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2018-06-12 09:44 - 2018-06-07 21:58 - 005833216 _____ (Microsoft Corporation) C:\Windows\System32\dbgeng.dll
2018-06-12 09:44 - 2018-06-07 21:58 - 004723712 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2018-06-12 09:44 - 2018-06-07 21:58 - 002083840 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2018-06-12 09:44 - 2018-06-07 21:57 - 002628608 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2018-06-12 09:44 - 2018-06-07 21:57 - 002086400 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2018-06-12 09:44 - 2018-06-07 21:57 - 001812992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2018-06-12 09:44 - 2018-06-07 21:57 - 001345024 _____ (Microsoft Corporation) C:\Windows\System32\dosvc.dll
2018-06-12 09:44 - 2018-06-07 21:57 - 000808960 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2018-06-12 09:44 - 2018-06-07 21:56 - 002035712 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2018-06-12 09:44 - 2018-06-07 21:55 - 000666624 _____ (Microsoft Corporation) C:\Windows\System32\DbgModel.dll
2018-06-12 09:44 - 2018-06-07 21:46 - 002902528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-06-12 09:44 - 2018-06-07 21:46 - 002393600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2018-06-12 09:44 - 2018-06-07 21:46 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-06-12 09:44 - 2018-06-07 21:46 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2018-06-12 09:44 - 2018-06-07 21:45 - 018930688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-06-12 09:44 - 2018-06-07 21:44 - 019358720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-06-12 09:44 - 2018-06-07 21:44 - 000155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-06-12 09:44 - 2018-06-07 21:43 - 000147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-12 09:44 - 2018-06-07 21:43 - 000079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-06-12 09:44 - 2018-06-07 21:42 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-06-12 09:44 - 2018-06-07 21:41 - 013704704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2018-06-12 09:44 - 2018-06-07 21:41 - 011924992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-06-12 09:44 - 2018-06-07 21:41 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-06-12 09:44 - 2018-06-07 21:41 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-06-12 09:44 - 2018-06-07 21:40 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-06-12 09:44 - 2018-06-07 21:40 - 000293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WwaApi.dll
2018-06-12 09:44 - 2018-06-07 21:39 - 000531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-06-12 09:44 - 2018-06-07 21:38 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-06-12 09:44 - 2018-06-07 21:38 - 000664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-06-12 09:44 - 2018-06-07 21:38 - 000235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-06-12 09:44 - 2018-06-07 21:36 - 006060032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-06-12 09:44 - 2018-06-07 21:36 - 003662848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-06-12 09:44 - 2018-06-07 21:35 - 007812608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-06-12 09:44 - 2018-06-07 21:35 - 004839424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-06-12 09:44 - 2018-06-07 21:35 - 002868736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-06-12 09:44 - 2018-06-07 21:35 - 002014720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-06-12 09:44 - 2018-06-07 21:35 - 001565184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-06-12 09:44 - 2018-06-07 21:35 - 001474560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-06-12 09:43 - 2018-06-08 09:26 - 021754880 _____ (Microsoft Corporation) C:\Windows\System32\Hydrogen.dll
2018-06-12 09:43 - 2018-06-08 09:26 - 017084928 _____ (Microsoft Corporation) C:\Windows\System32\HologramCompositor.dll
2018-06-12 09:43 - 2018-06-08 09:03 - 003331520 _____ C:\Windows\System32\Windows.Mirage.dll
2018-06-12 09:43 - 2018-06-08 08:59 - 000956416 _____ (Microsoft Corporation) C:\Windows\System32\Spectrum.exe
2018-06-12 09:43 - 2018-06-08 08:58 - 000882688 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Mirage.Internal.dll
2018-06-12 09:43 - 2018-06-08 03:42 - 002491120 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
2018-06-12 09:43 - 2018-06-08 03:41 - 000618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2018-06-12 09:43 - 2018-06-07 23:36 - 001568160 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2018-06-12 09:43 - 2018-06-07 23:36 - 000137120 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2018-06-12 09:43 - 2018-06-07 23:35 - 001093040 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2018-06-12 09:43 - 2018-06-07 23:35 - 000924656 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2018-06-12 09:43 - 2018-06-07 23:35 - 000300448 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2018-06-12 09:43 - 2018-06-07 23:35 - 000069536 _____ (Microsoft Corporation) C:\Windows\System32\win32appinventorycsp.dll
2018-06-12 09:43 - 2018-06-07 23:34 - 000748472 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2018-06-12 09:43 - 2018-06-07 23:34 - 000423352 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2018-06-12 09:43 - 2018-06-07 23:33 - 002002336 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2018-06-12 09:43 - 2018-06-07 23:33 - 001206688 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2018-06-12 09:43 - 2018-06-07 23:33 - 001056184 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2018-06-12 09:43 - 2018-06-07 23:33 - 000608160 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2018-06-12 09:43 - 2018-06-07 23:33 - 000461216 _____ (Microsoft Corporation) C:\Windows\System32\dcntel.dll
2018-06-12 09:43 - 2018-06-07 23:33 - 000269720 _____ C:\Windows\System32\FaceProcessorCore.dll
2018-06-12 09:43 - 2018-06-07 23:33 - 000192920 _____ (Microsoft Corporation) C:\Windows\System32\skci.dll
2018-06-12 09:43 - 2018-06-07 23:33 - 000035232 _____ (Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
2018-06-12 09:43 - 2018-06-07 23:32 - 000664992 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2018-06-12 09:43 - 2018-06-07 23:32 - 000272288 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2018-06-12 09:43 - 2018-06-07 23:32 - 000077216 _____ (Microsoft Corporation) C:\Windows\System32\hvloader.dll
2018-06-12 09:43 - 2018-06-07 23:30 - 002514944 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2018-06-12 09:43 - 2018-06-07 23:30 - 001416360 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2018-06-12 09:43 - 2018-06-07 23:29 - 002395040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2018-06-12 09:43 - 2018-06-07 23:29 - 001210272 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2018-06-12 09:43 - 2018-06-07 23:27 - 001173584 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2018-06-12 09:43 - 2018-06-07 23:26 - 000712456 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2018-06-12 09:43 - 2018-06-07 23:26 - 000540064 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2018-06-12 09:43 - 2018-06-07 23:25 - 003903784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-06-12 09:43 - 2018-06-07 23:25 - 000525728 _____ (Microsoft Corporation) C:\Windows\System32\wimserv.exe
2018-06-12 09:43 - 2018-06-07 23:24 - 007675792 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2018-06-12 09:43 - 2018-06-07 23:24 - 006282280 _____ (Microsoft Corporation) C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
2018-06-12 09:43 - 2018-06-07 23:24 - 001488288 _____ (Microsoft Corporation) C:\Windows\System32\ContentDeliveryManager.Utilities.dll
2018-06-12 09:43 - 2018-06-07 23:24 - 001029536 _____ (Microsoft Corporation) C:\Windows\System32\efscore.dll
2018-06-12 09:43 - 2018-06-07 23:24 - 000247712 _____ (Microsoft Corporation) C:\Windows\System32\browserbroker.dll
2018-06-12 09:43 - 2018-06-07 23:23 - 021357336 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2018-06-12 09:43 - 2018-06-07 23:23 - 002472888 _____ (Microsoft Corporation) C:\Windows\System32\UpdateAgent.dll
2018-06-12 09:43 - 2018-06-07 23:23 - 000824904 _____ (Microsoft Corporation) C:\Windows\System32\ClipSVC.dll
2018-06-12 09:43 - 2018-06-07 23:23 - 000706464 _____ (Microsoft Corporation) C:\Windows\System32\wimgapi.dll
2018-06-12 09:43 - 2018-06-07 23:23 - 000677304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2018-06-12 09:43 - 2018-06-07 23:23 - 000137552 _____ (Microsoft Corporation) C:\Windows\System32\bcrypt.dll
2018-06-12 09:43 - 2018-06-07 23:22 - 006791992 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
2018-06-12 09:43 - 2018-06-07 23:21 - 007385096 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2018-06-12 09:43 - 2018-06-07 23:21 - 004507096 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2018-06-12 09:43 - 2018-06-07 23:21 - 000260904 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2018-06-12 09:43 - 2018-06-07 23:20 - 001101216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2018-06-12 09:43 - 2018-06-07 22:26 - 025256960 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2018-06-12 09:43 - 2018-06-07 22:18 - 000212920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2018-06-12 09:43 - 2018-06-07 22:10 - 003485400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2018-06-12 09:43 - 2018-06-07 22:10 - 001124768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-06-12 09:43 - 2018-06-07 22:09 - 006092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-06-12 09:43 - 2018-06-07 22:09 - 000832952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2018-06-12 09:43 - 2018-06-07 22:09 - 000592800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2018-06-12 09:43 - 2018-06-07 22:08 - 020290256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-06-12 09:43 - 2018-06-07 22:08 - 000640024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2018-06-12 09:43 - 2018-06-07 22:07 - 000975360 _____ C:\Windows\System32\FaceProcessor.dll
2018-06-12 09:43 - 2018-06-07 22:07 - 000436224 _____ (Microsoft Corporation) C:\Windows\System32\wincorlib.dll
2018-06-12 09:43 - 2018-06-07 22:07 - 000400896 _____ (Microsoft Corporation) C:\Windows\System32\MusNotification.exe
2018-06-12 09:43 - 2018-06-07 22:07 - 000329728 _____ (Microsoft Corporation) C:\Windows\System32\AcGenral.dll
2018-06-12 09:43 - 2018-06-07 22:06 - 006481096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-12 09:43 - 2018-06-07 22:06 - 002890240 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.Resources.dll
2018-06-12 09:43 - 2018-06-07 22:06 - 000239104 _____ (Microsoft Corporation) C:\Windows\System32\smartscreenps.dll
2018-06-12 09:43 - 2018-06-07 22:05 - 000331264 _____ (Microsoft Corporation) C:\Windows\System32\browserexport.exe
2018-06-12 09:43 - 2018-06-07 22:04 - 005784576 _____ (Microsoft Corporation) C:\Windows\System32\VsGraphicsDesktopEngine.exe
2018-06-12 09:43 - 2018-06-07 22:04 - 005195776 _____ (Microsoft Corporation) C:\Windows\System32\cdp.dll
2018-06-12 09:43 - 2018-06-07 22:04 - 001925120 _____ (Microsoft Corporation) C:\Windows\System32\AzureSettingSyncProvider.dll
2018-06-12 09:43 - 2018-06-07 22:04 - 000173568 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepositoryUpgrade.dll
2018-06-12 09:43 - 2018-06-07 22:03 - 000675328 _____ (Microsoft Corporation) C:\Windows\System32\webplatstorageserver.dll
2018-06-12 09:43 - 2018-06-07 22:02 - 000431616 _____ (Microsoft Corporation) C:\Windows\System32\msIso.dll
2018-06-12 09:43 - 2018-06-07 22:02 - 000086528 _____ (Microsoft Corporation) C:\Windows\System32\cldapi.dll
2018-06-12 09:43 - 2018-06-07 22:01 - 023678464 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2018-06-12 09:43 - 2018-06-07 22:01 - 001217024 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Vpn.dll
2018-06-12 09:43 - 2018-06-07 22:01 - 000623616 _____ (Microsoft Corporation) C:\Windows\System32\aadcloudap.dll
2018-06-12 09:43 - 2018-06-07 22:00 - 003180032 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2018-06-12 09:43 - 2018-06-07 22:00 - 001495552 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.desktop.dll
2018-06-12 09:43 - 2018-06-07 22:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\System32\SyncSettings.dll
2018-06-12 09:43 - 2018-06-07 21:59 - 003124224 _____ (Microsoft Corporation) C:\Windows\System32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-06-12 09:43 - 2018-06-07 21:59 - 002596352 _____ (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
2018-06-12 09:43 - 2018-06-07 21:58 - 003332608 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2018-06-12 09:43 - 2018-06-07 21:58 - 002211840 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2018-06-12 09:43 - 2018-06-07 21:57 - 004772352 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2018-06-12 09:43 - 2018-06-07 21:57 - 001597952 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2018-06-12 09:43 - 2018-06-07 21:57 - 001238016 _____ (Microsoft Corporation) C:\Windows\System32\aadtb.dll
2018-06-12 09:43 - 2018-06-07 21:57 - 001135104 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncCore.dll
2018-06-12 09:43 - 2018-06-07 21:56 - 002528768 _____ (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2018-06-12 09:43 - 2018-06-07 21:52 - 000067584 _____ (Microsoft Corporation) C:\Windows\System32\pcadm.dll
2018-06-12 09:43 - 2018-06-07 21:52 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2018-06-12 09:43 - 2018-06-07 21:45 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
2018-06-12 09:43 - 2018-06-07 21:41 - 000372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-06-12 09:43 - 2018-06-07 21:40 - 003181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-06-12 09:43 - 2018-06-07 21:40 - 001277440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2018-06-12 09:43 - 2018-06-07 21:40 - 000534016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2018-06-12 09:43 - 2018-06-07 21:39 - 000941568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
2018-06-12 09:43 - 2018-06-07 21:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2018-06-12 09:43 - 2018-06-07 21:35 - 004384768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-06-12 09:43 - 2018-06-07 21:35 - 000955392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2018-06-12 09:43 - 2018-06-07 21:35 - 000935424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2018-06-12 09:42 - 2018-06-07 23:29 - 001849760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\refs.sys
2018-06-12 09:42 - 2018-06-07 23:29 - 000937376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\refsv1.sys
2018-06-12 09:42 - 2018-06-07 23:29 - 000028576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\uefi.sys
2018-06-12 09:42 - 2018-06-07 23:22 - 001358496 _____ (Microsoft Corporation) C:\Windows\System32\webservices.dll
2018-06-12 09:42 - 2018-06-07 23:22 - 000054376 _____ (Microsoft Corporation) C:\Windows\System32\kernel.appcore.dll
2018-06-12 09:42 - 2018-06-07 23:21 - 001206104 _____ (Microsoft Corporation) C:\Windows\System32\mfnetcore.dll
2018-06-12 09:42 - 2018-06-07 22:09 - 002993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2018-06-12 09:42 - 2018-06-07 22:08 - 001075984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-06-12 09:42 - 2018-06-07 22:07 - 000047608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel.appcore.dll
2018-06-12 09:42 - 2018-06-07 22:06 - 001131696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2018-06-12 09:42 - 2018-06-07 22:06 - 000129208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-06-12 09:42 - 2018-06-07 22:05 - 000408064 _____ (Microsoft Corporation) C:\Windows\System32\microsoft-windows-system-events.dll
2018-06-12 09:42 - 2018-06-07 22:05 - 000090624 _____ (Microsoft Corporation) C:\Windows\System32\VsGraphicsProxyStub.dll
2018-06-12 09:42 - 2018-06-07 22:05 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\GamePanelExternalHook.dll
2018-06-12 09:42 - 2018-06-07 22:04 - 000075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2018-06-12 09:42 - 2018-06-07 22:01 - 000507392 _____ (Microsoft Corporation) C:\Windows\System32\TDLMigration.dll
2018-06-12 09:42 - 2018-06-07 21:59 - 001297920 _____ (Microsoft Corporation) C:\Windows\System32\GamePanel.exe
2018-06-12 09:42 - 2018-06-07 21:59 - 000908800 _____ (Microsoft Corporation) C:\Windows\System32\WpcWebFilter.dll
2018-06-12 09:42 - 2018-06-07 21:56 - 000969728 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2018-06-12 09:42 - 2018-06-07 21:53 - 000143872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2018-06-12 09:42 - 2018-06-07 21:52 - 000012800 _____ (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
2018-06-12 09:42 - 2018-06-07 21:46 - 000309248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2018-06-12 09:42 - 2018-06-07 21:44 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsProxyStub.dll
2018-06-12 09:42 - 2018-06-07 21:39 - 000963584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
2018-06-12 09:42 - 2018-06-07 21:39 - 000636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2018-06-12 09:42 - 2018-06-07 21:37 - 004550144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsDesktopEngine.exe
2018-06-12 09:42 - 2018-06-07 21:35 - 000891904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2018-06-12 09:42 - 2018-06-07 21:34 - 000471040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DbgModel.dll
2018-06-09 09:21 - 2018-06-09 09:21 - 000000000 ____D C:\Users\John\AppData\Local\DBG
2018-06-08 14:56 - 2018-06-08 14:56 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-07 12:29 - 2018-05-31 09:33 - 000000000 ___DC C:\Users\John\AppData\LocalLow\Mozilla
2018-07-07 12:28 - 2018-06-04 00:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-07 12:27 - 2018-06-03 23:56 - 000000000 ____D C:\users\John
2018-07-07 12:27 - 2017-09-29 00:45 - 020709376 _____ C:\Windows\System32\config\HARDWARE
2018-07-07 12:27 - 2017-09-29 00:45 - 001310720 _____ C:\Windows\System32\config\BBI
2018-07-07 12:20 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
2018-07-07 12:18 - 2018-06-03 23:53 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-07-07 12:18 - 2015-06-11 14:27 - 000000000 ____D C:\Users\John\AppData\Roaming\qBittorrent
2018-07-07 06:48 - 2018-06-03 23:56 - 002051066 _____ C:\Windows\System32\PerfStringBackup.INI
2018-07-07 06:46 - 2018-06-04 00:15 - 000004150 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2DEB3890-F6CC-4E93-A3D4-E66EA0F592DB}
2018-07-06 22:30 - 2018-06-04 00:15 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-07-06 14:05 - 2018-06-03 23:56 - 000000000 ____D C:\users\DefaultAppPool
2018-07-06 13:28 - 2017-09-29 00:45 - 000065536 _____ C:\Windows\System32\config\ELAM
2018-07-06 08:15 - 2018-05-31 09:32 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-06 08:15 - 2015-02-03 15:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-06 08:06 - 2018-06-04 00:15 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-07-06 08:05 - 2018-06-04 00:15 - 000002926 _____ C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2018-07-06 08:01 - 2018-06-03 23:56 - 000000000 ____D C:\users\Administrator
2018-07-06 08:00 - 2018-06-03 20:53 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-07-06 08:00 - 2015-08-07 05:44 - 000000000 __SHD C:\Users\John\IntelGraphicsProfiles
2018-07-06 06:43 - 2015-03-02 11:59 - 000000000 ____D C:\Windows\SysWOW64\1033
2018-07-06 06:43 - 2015-03-02 11:48 - 000000000 ____D C:\Windows\System32\1033
2018-07-06 06:20 - 2018-06-04 06:28 - 000000000 ___RD C:\Users\John\OneDrive
2018-07-05 18:37 - 2017-09-29 05:46 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-07-05 08:07 - 2015-01-30 17:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-04 07:15 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
2018-07-03 13:38 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-07-03 13:38 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\Macromed
2018-07-02 07:15 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-07-01 18:44 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-07-01 15:34 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
2018-07-01 15:29 - 2012-08-01 17:24 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-07-01 15:27 - 2017-09-29 05:46 - 000000000 ___RD C:\Windows\PrintDialog
2018-07-01 15:10 - 2013-01-05 04:06 - 000000000 _RHDC C:\Users\Public\AccountPictures
2018-07-01 14:28 - 2015-01-30 04:39 - 000000000 ____D C:\Windows\AutoKMS
2018-07-01 13:04 - 2018-06-03 23:53 - 000435712 _____ C:\Windows\System32\FNTCACHE.DAT
2018-07-01 12:55 - 2015-03-30 15:41 - 000000034 _____ C:\Users\John\AppData\Roaming\AdobeWLCMCache.dat
2018-07-01 05:53 - 2015-01-29 13:48 - 000000000 ____D C:\ProgramData\MFAData
2018-06-30 07:26 - 2015-01-30 04:50 - 000000000 ____D C:\Users\John\AppData\Local\Spotify
2018-06-30 07:24 - 2015-01-30 04:17 - 000000000 ____D C:\Users\John\AppData\Roaming\Spotify
2018-06-29 06:55 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-28 15:02 - 2016-08-12 11:22 - 000000000 ____D C:\Program Files\Intel
2018-06-28 14:59 - 2015-04-13 13:21 - 000000000 ____D C:\Program Files (x86)\Java
2018-06-28 14:51 - 2015-03-02 11:45 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2018-06-28 14:48 - 2015-08-02 17:39 - 000000000 ____D C:\Program Files (x86)\IIS Express
2018-06-28 14:47 - 2015-01-29 13:14 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-28 14:46 - 2015-03-06 08:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2018-06-28 14:35 - 2016-08-21 11:51 - 000000000 ____D C:\Program Files\Application Verifier
2018-06-28 14:35 - 2016-08-21 11:51 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2018-06-28 14:05 - 2018-06-04 00:04 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-06-28 13:33 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-28 13:28 - 2015-03-02 11:49 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2018-06-28 13:19 - 2015-03-02 11:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2018-06-28 13:17 - 2015-08-02 20:31 - 000000000 ____D C:\Users\John\AppData\Local\vsixinstaller
2018-06-28 11:55 - 2015-03-02 12:13 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2018-06-28 11:11 - 2016-01-30 12:19 - 000000000 ___DC C:\overflow
2018-06-24 10:54 - 2015-02-22 14:33 - 000000000 ____D C:\Users\John\AppData\Local\Torch
2018-06-20 15:58 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\rescache
2018-06-20 13:21 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\NDF
2018-06-19 11:59 - 2015-02-27 10:20 - 000000000 ____D C:\Users\John\AppData\Roaming\Mp3tag
2018-06-19 11:43 - 2018-06-04 01:54 - 000000000 ___RD C:\Users\John\3D Objects
2018-06-19 11:43 - 2018-06-04 01:54 - 000000000 ____D C:\Users\John\AppData\Local\PackageStaging
2018-06-19 11:39 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-06-19 11:39 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\System32\F12
2018-06-19 11:39 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\TextInput
2018-06-19 11:39 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\WinBioPlugIns
2018-06-19 11:39 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\ShellExperiences
2018-06-19 11:38 - 2015-02-27 10:20 - 000000000 ____D C:\Program Files (x86)\Mp3tag
2018-06-17 20:58 - 2015-05-06 10:44 - 000000000 ____D C:\ProgramData\Stardock
2018-06-12 10:13 - 2015-01-30 16:42 - 000000000 ____D C:\Windows\System32\MRT
2018-06-12 10:01 - 2018-06-02 14:49 - 133315992 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-06-12 10:00 - 2015-01-30 16:42 - 133315992 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-06-12 09:56 - 2012-07-25 21:26 - 000000199 _____ C:\Windows\win.ini
2018-06-11 19:37 - 2015-04-25 14:53 - 000000000 ____D C:\Users\John\AppData\Roaming\vlc
2018-06-10 15:23 - 2018-06-03 23:58 - 000000000 ____D C:\Users\John\AppData\Local\Packages
 
Some files in TEMP:
====================
2018-07-01 12:43 - 2018-07-01 12:43 - 006860752 _____ (NeoSoft Tools                                               ) C:\Users\John\AppData\Local\Temp\cexplorer.exe
2018-07-01 12:44 - 2018-07-01 12:44 - 000484352 _____ () C:\Users\John\AppData\Local\Temp\lame_enc.dll
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2018-06-12 09:43] - [2018-06-07 23:25] - 003903784 _____ (Microsoft Corporation) 4617D41657001A296F45D026B774C485
 
C:\Windows\SysWOW64\explorer.exe
[2018-06-12 09:43] - [2018-06-07 22:10] - 003485400 _____ (Microsoft Corporation) 16BDDB13A0D8B0FD6D7FD6FBCAA81BE2
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2018-06-04 00:14] - [2018-06-04 00:14] - 000616792 _____ (Microsoft Corporation) 8207DB785C4A1A8C901154D12DF6E38E
 
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-06-12 09:44] - [2018-06-07 21:59] - 001116672 _____ (Microsoft Corporation) 6145D5B0781C11EF2142D3FA3763D26A
 
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 9677.66 MB
Available physical RAM: 8572.6 MB
Total Virtual: 9677.66 MB
Available Virtual: 8619.62 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:194.89 GB) (Free:11.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:272.01 GB) (Free:28.57 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:0.59 GB) (Free:0.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS
Drive h: () (Fixed) (Total:0.8 GB) (Free:0.34 GB) NTFS
Drive i: (ESD-USB) (Removable) (Total:14.92 GB) (Free:0.68 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
 
\\?\Volume{182870a9-5eee-4229-ba32-3a15e9bed7e7}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 489 GB) (Disk ID: DA56A3E5)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 22.4 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 14.9 GB) (Disk ID: FD4263A7)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)
 
LastRegBack: 2018-07-03 12:58
 
==================== End of FRST.txt ============================Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by SYSTEM on MININT-R1IK482 (07-07-2018 13:41:13)
Running from I:\
Platform: Windows 10 Home Version 1709 16299.492 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-01] (AVAST Software)
HKLM-x32\...\Run: [SystemExplorerAutoStart] => "C:\Program Files (x86)\System Explorer\SystemExplorer.exe" /TRAY
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [455136 2018-02-28] (Power Software Ltd)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [2195968 2018-06-05] ()
HKU\Administrator\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\Administrator\...\Run: [Spotify Web Helper] => C:\Users\John\AppData\Roaming\Spotify\SpotifyWebHelper.exe [781712 2018-06-19] (Spotify Ltd)
HKU\Administrator\...\Run: [qBittorrent] => C:\Program Files (x86)\qBittorrent\qbittorrent.exe [17753088 2018-05-27] ()
HKU\Administrator\...\Run: [OneDrive] => "C:\Users\John\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
HKU\Administrator\...\Run: [Spotify] => C:\Users\John\AppData\Roaming\Spotify\Spotify.exe [24221072 2018-06-19] (Spotify Ltd)
HKU\Administrator\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18385368 2018-06-24] (Piriform Ltd)
HKU\Default\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [519680 2017-09-29] (Microsoft Corporation)
HKU\John\...\Run: [Spotify] => C:\Users\John\AppData\Roaming\Spotify\Spotify.exe [24221072 2018-06-19] (Spotify Ltd)
HKU\John\...\Run: [Spotify Web Helper] => C:\Users\John\AppData\Roaming\Spotify\SpotifyWebHelper.exe [781712 2018-06-19] (Spotify Ltd)
HKU\John\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1588568 2018-06-22] (Google Inc.)
HKU\John\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe [1801544 2018-06-12] (AVAST Software)
IFEO\taskmgr.exe: [Debugger] "D:\USERS\JOHN\DESKTOP\PROCEXP64.EXE"
AlternateShell: 
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"HKLM\System\ControlSet001\Services\mpcsgkox" => removed successfully
C:\Windows\System32\drivers\msklosvy.sys => moved successfully
C:\Users\John\AppData\Local\pwcuael\pwcuael.exe => moved successfully
C:\Users\John\AppData\Local\pwcuael\uskawmd.exe => moved successfully
C:\Users\John\AppData\Local\Temp\allradio_4.27_portable.exe => moved successfully
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-07-01] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-01] (AVAST Software)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-01] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-07-01] (AVAST Software)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [984032 2018-04-27] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5279232 2018-04-27] (AVG Technologies CZ, s.r.o.)
S2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [712864 2018-04-27] (AVG Technologies CZ, s.r.o.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2018-06-04] (Microsoft Corporation)
S4 CAMService; C:\Program Files\Intel\CAM\bin\CAMService.exe [1243344 2014-09-03] (Intel® Corporation)
S4 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
S2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1394360 2015-08-12] (Intel Corporation)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-12-11] (ELAN Microelectronics Corp.)
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-07-04] (SurfRight B.V.)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S4 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2017-01-06] (Microsoft Corporation)
S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-30] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S4 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8914 2016-08-21] ()
S2 osrss; C:\Windows\system32\osrss.dll [108584 2018-03-09] (Microsoft Corporation)
S3 SystemExplorerHelpService; C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe [820960 2014-12-20] (Mister Group)
S4 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2017-01-05] (Microsoft Corporation)
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
S3 VSStandardCollectorService150; C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe [128232 2017-02-08] (Microsoft Corporation)
S4 vToolbarUpdater40.3.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.3.8\ToolbarUpdater.exe [1371136 2018-06-05] (AVG Secure Search)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [355304 2017-09-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105944 2017-09-29] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [11776 2018-06-04] (Microsoft Corporation)
S4 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [811520 2018-06-05] ()
S4 windowsmanagementservice; windowsmanagementservice [X] <==== ATTENTION
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AsusTP; C:\Windows\System32\drivers\AsusTP.sys [128024 2017-03-09] (ASUS Corporation)
S1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [197160 2018-07-01] (AVAST Software)
S1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdrivera.sys [229392 2018-07-01] (AVAST Software)
S0 aswbidsh; C:\Windows\System32\drivers\aswbidsha.sys [201328 2018-07-01] (AVAST Software)
S0 aswblog; C:\Windows\System32\drivers\aswbloga.sys [346664 2018-07-01] (AVAST Software)
S0 aswbuniv; C:\Windows\System32\drivers\aswbuniva.sys [59592 2018-07-01] (AVAST Software)
S3 aswElam; C:\Windows\System32\drivers\aswElam.sys [15360 2018-07-01] (AVAST Software)
S1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [239680 2018-07-01] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [46976 2018-07-01] (AVAST Software)
S2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [159640 2018-07-01] (AVAST Software)
S1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [111872 2018-07-01] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [85968 2018-07-01] (AVAST Software)
S1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [1027728 2018-07-01] (AVAST Software)
S1 aswSP; C:\Windows\System32\drivers\aswSP.sys [463080 2018-07-01] (AVAST Software)
S2 aswStm; C:\Windows\System32\drivers\aswStm.sys [211160 2018-07-01] (AVAST Software)
S0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [381584 2018-07-01] (AVAST Software)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313088 2017-03-23] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [283384 2017-09-04] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [253184 2017-04-11] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
S0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [313096 2016-08-04] (AVG Technologies CZ, s.r.o.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dptf_acpi; C:\Windows\System32\drivers\dptf_acpi.sys [55816 2015-08-12] (Intel Corporation)
S3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [53752 2015-08-12] (Intel Corporation)
S3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [261624 2015-08-12] (Intel Corporation)
S4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-07-07] ()
S3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2017-09-29] (Intel Corporation)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-12-11] (Realsil Semiconductor Corporation)
S3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
S3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [259584 2017-09-29] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44608 2017-09-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [309144 2017-09-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119192 2017-09-29] (Microsoft Corporation)
S4 ewmsin; System32\drivers\snigdxpu.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-06 17:43 - 2018-07-06 17:43 - 000000202 _____ C:\Windows\System32\anythingelse.txt
2018-07-06 17:42 - 2018-07-06 17:42 - 000000202 _____ C:\Windows\System32\fixlist.txt
2018-07-06 13:26 - 2018-07-06 13:26 - 939387234 _____ C:\Windows\MEMORY.DMP
2018-07-06 10:14 - 2018-07-06 16:54 - 000000000 ___DC C:\FRST
2018-07-06 08:18 - 2018-07-07 10:28 - 000000000 ____D C:\Users\John\AppData\Local\CrashDumps
2018-07-06 07:31 - 2018-07-06 16:46 - 000162464 _____ (Sysinternals) C:\Windows\PSEXESVC.exe
2018-07-05 18:37 - 2018-07-01 15:59 - 000378072 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2018-07-05 08:58 - 2018-07-05 08:58 - 000082480 _____ C:\Windows\System32\drvlist.csv
2018-07-05 08:47 - 2018-07-05 08:47 - 000001882 ____C C:\Users\Public\Desktop\Process Hacker 2.lnk
2018-07-05 08:47 - 2018-07-05 08:47 - 000000000 ____D C:\Program Files\Process Hacker 2
2018-07-05 08:22 - 2018-07-05 08:22 - 000003240 _____ C:\Windows\System32\Tasks\Process Explorer-STEINBECK-John
2018-07-05 06:42 - 2018-07-07 12:28 - 000041800 _____ (Sysinternals - www.sysinternals.com) C:\Windows\System32\Drivers\PROCEXP152.SYS
2018-07-05 06:38 - 2018-07-06 07:56 - 000000000 ___DC C:\Utilities
2018-07-05 06:38 - 2018-07-05 06:38 - 000000000 _____ C:\Windows\SysWOW64\last.dump
2018-07-04 07:56 - 2018-07-04 07:56 - 000001964 ____C C:\Users\Public\Desktop\HitmanPro.lnk
2018-07-04 07:56 - 2018-07-04 07:56 - 000000000 ____D C:\Program Files\HitmanPro
2018-07-04 07:49 - 2018-07-04 08:49 - 000000376 _____ C:\Windows\System32\.crusader
2018-07-04 07:43 - 2018-07-07 12:30 - 000055232 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2018-07-04 07:42 - 2018-07-04 07:50 - 000000000 ____D C:\ProgramData\HitmanPro
2018-07-04 07:25 - 2018-07-04 07:25 - 000000000 ____D C:\Program Files\Unlocker
2018-07-03 13:41 - 2018-07-03 13:41 - 000000918 ____C C:\Users\Public\Desktop\VLC media player.lnk
2018-07-03 13:39 - 2018-07-03 13:39 - 000004564 _____ C:\Windows\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-07-03 13:39 - 2018-07-03 13:39 - 000000000 ____D C:\Program Files\7-Zip
2018-07-03 12:54 - 2018-07-06 13:27 - 000000000 ____D C:\Windows\Minidump
2018-07-01 16:14 - 2018-07-01 16:14 - 000002537 ____C C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-07-01 16:13 - 2018-07-01 16:13 - 000003458 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineUA
2018-07-01 16:13 - 2018-07-01 16:13 - 000003334 _____ C:\Windows\System32\Tasks\AvastUpdateTaskMachineCore
2018-07-01 16:13 - 2018-07-01 16:13 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-07-01 16:00 - 2018-07-07 11:37 - 000000000 ____D C:\Users\John\AppData\Local\AVAST Software
2018-07-01 16:00 - 2018-07-05 18:38 - 000001969 ____C C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2018-07-01 16:00 - 2018-07-01 16:00 - 000000000 ____D C:\Users\John\AppData\Roaming\AVAST Software
2018-07-01 15:59 - 2018-07-07 12:29 - 000004264 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2018-07-01 15:59 - 2018-07-01 15:59 - 001027728 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 001027728 _____ (AVAST Software) C:\Windows\System32\Drivers\asw470f2ee67b67976c.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 001027728 _____ (AVAST Software) C:\Windows\System32\Drivers\asw 94eabc9709e08d2.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000463080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000463080 _____ (AVAST Software) C:\Windows\System32\Drivers\aswdb5fc9470b7cc7f7.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000463080 _____ (AVAST Software) C:\Windows\System32\Drivers\asw1b29047fceb31b02.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000381584 _____ (AVAST Software) C:\Windows\System32\Drivers\aswVmm.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000381584 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbe8009d5ecbac779.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000381584 _____ (AVAST Software) C:\Windows\System32\Drivers\asw7420a70e15ba0291.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000346664 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbloga.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000346664 _____ (AVAST Software) C:\Windows\System32\Drivers\asw90405aa3fce2d1b1.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000346664 _____ (AVAST Software) C:\Windows\System32\Drivers\asw39a8f885b1576196.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000239680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHdsKe.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000239680 _____ (AVAST Software) C:\Windows\System32\Drivers\aswf3de2398b55b6f54.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000239680 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4f2376932d4e3e74.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000229392 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsdrivera.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000229392 _____ (AVAST Software) C:\Windows\System32\Drivers\asw9eb67f8e898bfd33.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000229392 _____ (AVAST Software) C:\Windows\System32\Drivers\asw64ec3f12c8bc651b.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000211160 _____ (AVAST Software) C:\Windows\System32\Drivers\aswStm.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000211160 _____ (AVAST Software) C:\Windows\System32\Drivers\aswd5e850afd7fadc0e.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000211160 _____ (AVAST Software) C:\Windows\System32\Drivers\asw57a7095a902a2d08.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000201328 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbidsha.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000201328 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5bc2e5ed2be00f78.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000201328 _____ (AVAST Software) C:\Windows\System32\Drivers\asw1d7f77405de4c97d.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000197160 _____ (AVAST Software) C:\Windows\System32\Drivers\aswArPot.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000197160 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5f41e581fb41ebc5.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000197160 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4c8be572157be0a9.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000159640 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000159640 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5200e32aad35e9e0.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000159640 _____ (AVAST Software) C:\Windows\System32\Drivers\asw5086e336b4abead5.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000111872 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000111872 _____ (AVAST Software) C:\Windows\System32\Drivers\aswdd45a514ab64d3c9.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000111872 _____ (AVAST Software) C:\Windows\System32\Drivers\asw9ce2f104f5d9c685.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000085968 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRvrt.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000085968 _____ (AVAST Software) C:\Windows\System32\Drivers\asw923b1daa4ec3f7b7.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000085968 _____ (AVAST Software) C:\Windows\System32\Drivers\asw82b54a5c8cb790ca.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000059592 _____ (AVAST Software) C:\Windows\System32\Drivers\aswbuniva.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000059592 _____ (AVAST Software) C:\Windows\System32\Drivers\asw4fb4eb1d48a97a3a.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000059592 _____ (AVAST Software) C:\Windows\System32\Drivers\asw17ee6dfec2e20cb5.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000046976 _____ (AVAST Software) C:\Windows\System32\Drivers\aswHwid.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000046976 _____ (AVAST Software) C:\Windows\System32\Drivers\asw2423415d45f1a9bc.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000046976 _____ (AVAST Software) C:\Windows\System32\Drivers\asw218ccd59cdb7204a.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000015360 _____ (AVAST Software) C:\Windows\System32\Drivers\aswf69ec330f3150120.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000015360 _____ (AVAST Software) C:\Windows\System32\Drivers\aswElam.sys
2018-07-01 15:59 - 2018-07-01 15:59 - 000015360 _____ (AVAST Software) C:\Windows\System32\Drivers\asw8219d7de6d5f94af.tmp
2018-07-01 15:59 - 2018-07-01 15:59 - 000000000 ____D C:\Windows\System32\Tasks\Avast Software
2018-07-01 15:59 - 2018-07-01 15:59 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-07-01 15:58 - 2018-07-01 15:58 - 000000000 ____D C:\Program Files\AVAST Software
2018-07-01 15:57 - 2018-07-01 16:44 - 000000000 ____D C:\ProgramData\AVAST Software
2018-07-01 15:46 - 2018-07-01 15:46 - 000000144 _____ C:\Windows\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-07-01 15:37 - 2018-07-01 15:37 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2018-07-01 15:37 - 2018-07-01 15:37 - 000000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2018-07-01 15:27 - 2018-07-01 15:27 - 000000000 ____D C:\ProgramData\Packages
2018-07-01 15:16 - 2018-07-01 15:16 - 000000000 ____D C:\Users\Administrator\Documents\My Games
2018-07-01 15:16 - 2018-07-01 15:16 - 000000000 ____D C:\Users\Administrator\AppData\Local\Avg
2018-07-01 15:13 - 2018-07-01 15:15 - 000000000 ___RD C:\Users\Administrator\OneDrive
2018-07-01 15:12 - 2018-07-01 15:12 - 000000000 ____D C:\Users\Administrator\AppData\Local\Comms
2018-07-01 15:11 - 2018-07-01 15:17 - 000000000 ____D C:\Users\Administrator\AppData\Roaming\qBittorrent
2018-07-01 15:11 - 2018-07-01 15:15 - 000000000 ____D C:\Users\Administrator\AppData\Local\qBittorrent
2018-07-01 15:11 - 2018-07-01 15:11 - 000000000 ___HD C:\Users\Administrator\MicrosoftEdgeBackups
2018-07-01 15:10 - 2018-07-01 16:51 - 000000000 ____D C:\Program Files\YzFjMzMwMTA4NmI3N
2018-07-01 15:10 - 2018-07-01 16:37 - 000002360 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2018-07-01 15:10 - 2018-07-01 15:10 - 000000000 __SHD C:\Users\Administrator\IntelGraphicsProfiles
2018-07-01 15:10 - 2018-07-01 15:10 - 000000000 ___RD C:\Users\Administrator\3D Objects
2018-07-01 15:10 - 2018-07-01 15:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2018-07-01 15:10 - 2018-07-01 15:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\MicrosoftEdge
2018-07-01 15:10 - 2018-07-01 15:10 - 000000000 ____D C:\Users\Administrator\AppData\Local\ConnectedDevicesPlatform
2018-07-01 15:09 - 2018-07-01 15:09 - 000000020 ___SH C:\Users\Administrator\ntuser.ini
2018-07-01 14:47 - 2018-07-07 12:27 - 002912256 _____ C:\Windows\System32\psnxeomsvc.exe
2018-07-01 14:41 - 2018-07-01 14:41 - 002912256 _____ C:\Windows\System32\psnxeomsvc2.exe
2018-07-01 13:15 - 2018-07-07 09:34 - 000000000 ____D C:\Users\John\AppData\Local\msoegba
2018-07-01 13:04 - 2018-07-01 13:04 - 000000000 ____D C:\Windows\Panther
2018-07-01 12:48 - 2018-07-07 13:41 - 000000000 ____D C:\Users\John\AppData\Local\pwcuael
2018-07-01 12:48 - 2018-07-01 12:48 - 000000000 ____D C:\Users\John\AppData\Local\usrnkhg
2018-07-01 12:47 - 2018-07-01 12:47 - 000004608 _____ C:\Windows\SECOH-QAD.exe
2018-07-01 12:46 - 2018-07-01 14:24 - 002912256 _____ C:\Windows\System32\psnxeomsvc1.exe
2018-07-01 12:45 - 2018-07-01 12:56 - 000000000 ____D C:\Program Files (x86)\s5
2018-07-01 12:45 - 2018-07-01 12:45 - 000000000 ____D C:\Windows\SysWOW64\zaexwlg
2018-07-01 12:45 - 2018-07-01 12:45 - 000000000 ____D C:\Windows\System32\zaexwlg
2018-07-01 12:45 - 2018-07-01 12:45 - 000000000 ____D C:\Users\John\AppData\Roaming\et
2018-07-01 12:45 - 2018-07-01 12:45 - 000000000 ____D C:\ProgramData\1530477910
2018-07-01 12:44 - 2018-07-01 12:44 - 000000000 ____D C:\Users\John\AppData\Local\AdvinstAnalytics
2018-07-01 12:44 - 2018-07-01 12:44 - 000000000 ____D C:\Program Files (x86)\LetsSee!
2018-07-01 12:43 - 2018-07-01 18:01 - 000000000 ____D C:\Program Files (x86)\Chameleon Explorer
2018-07-01 12:43 - 2018-07-01 12:43 - 000001193 ____C C:\Users\Public\Desktop\Chameleon Explorer.lnk
2018-07-01 12:42 - 2018-07-01 13:17 - 000000000 ____D C:\Windows\SysWOW64\SSL
2018-07-01 12:42 - 2018-07-01 12:42 - 001288704 _____ C:\Windows\zofegrpgyzgqwuyn.zofeg
2018-06-29 20:43 - 2018-06-29 20:43 - 000000000 ____D C:\Users\John\AppData\Local\.IdentityService
2018-06-28 18:46 - 2018-06-28 18:46 - 000108489 _____ C:\Windows\uninstaller.dat
2018-06-28 15:09 - 2018-06-28 15:09 - 000000000 ____D C:\Program Files (x86)\GtkSharp
2018-06-28 15:06 - 2018-06-28 15:08 - 000000000 ____D C:\Program Files\Unity
2018-06-28 15:06 - 2018-06-28 15:06 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
2018-06-28 15:04 - 2018-06-28 15:04 - 000000000 ____D C:\Users\John\.android
2018-06-28 15:02 - 2016-11-11 15:34 - 000091256 _____ (Intel Corporation) C:\Windows\System32\Drivers\IntelHaxm.sys
2018-06-28 15:00 - 2018-06-28 15:00 - 000000000 ____D C:\Program Files (x86)\Android
2018-06-28 14:59 - 2018-06-28 14:59 - 000000000 ___DC C:\Users\John\AppData\LocalLow\Oracle
2018-06-28 14:51 - 2018-06-28 14:54 - 000000000 ____D C:\Program Files (x86)\Xamarin
2018-06-28 14:51 - 2018-06-28 14:51 - 000000000 ____D C:\Program Files (x86)\ShellDir
2018-06-28 14:50 - 2018-06-28 14:50 - 000000000 ____D C:\ProgramData\dftmp
2018-06-28 14:49 - 2018-06-28 14:49 - 000000000 ____D C:\Program Files\VS2012Schemas
2018-06-28 14:49 - 2018-06-28 14:49 - 000000000 ____D C:\Program Files\VS2010Schemas
2018-06-28 14:49 - 2018-06-28 14:49 - 000000000 ____D C:\Program Files\Microsoft SDKs
2018-06-28 14:48 - 2018-06-28 14:48 - 000000000 ____D C:\Program Files (x86)\NuGet
2018-06-28 14:48 - 2018-06-28 14:48 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.1 Local Feed - Visual Studio 2017
2018-06-28 14:48 - 2018-06-28 14:48 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET Core 1.0 Local Feed - Visual Studio 2017
2018-06-28 14:47 - 2018-06-28 14:47 - 000000000 ____D C:\Program Files\dotnet
2018-06-28 14:45 - 2018-06-28 14:48 - 000000000 ____D C:\Program Files\IIS Express
2018-06-28 14:42 - 2018-06-28 14:43 - 000000000 ____D C:\Program Files (x86)\Entity Framework Tools
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\3082
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\2052
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1055
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1049
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1046
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1045
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1042
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1041
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1040
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1036
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1031
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1029
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\SysWOW64\1028
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\3082
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\2052
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1055
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1049
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1046
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1045
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1042
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1041
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1040
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1036
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1031
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1029
2018-06-28 14:42 - 2018-06-28 14:42 - 000000000 ____D C:\Windows\System32\1028
2018-06-28 14:41 - 2018-06-28 14:41 - 000000000 ____D C:\Program Files (x86)\Windows Phone Kits
2018-06-28 14:36 - 2018-06-28 14:36 - 000000000 ____D C:\ProgramData\Windows App Certification Kit
2018-06-28 11:21 - 2018-06-28 11:22 - 000000000 ____D C:\Users\John\Documents\Visual Studio 2015
2018-06-28 11:15 - 2018-06-28 16:16 - 000000000 ____D C:\Users\John\AppData\Roaming\Visual Studio Setup
2018-06-28 11:15 - 2018-06-28 14:34 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2018-06-28 11:15 - 2018-06-28 11:15 - 000000000 ____D C:\Users\John\AppData\Roaming\vstelemetry
2018-06-28 11:15 - 2018-06-28 11:15 - 000000000 ____D C:\Users\John\AppData\Local\ServiceHub
2018-06-23 14:03 - 2018-06-23 14:03 - 000000000 ___DC C:\Users\John\AppData\LocalLow\LionShield
2018-06-12 09:57 - 2018-06-12 09:57 - 000000000 ____D C:\Windows\PCHEALTH
2018-06-12 09:44 - 2018-06-07 23:32 - 001638432 _____ (Microsoft Corporation) C:\Windows\System32\gdi32full.dll
2018-06-12 09:44 - 2018-06-07 23:32 - 000157696 _____ (Microsoft Corporation) C:\Windows\System32\vertdll.dll
2018-06-12 09:44 - 2018-06-07 23:30 - 008594848 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2018-06-12 09:44 - 2018-06-07 23:30 - 001953544 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2018-06-12 09:44 - 2018-06-07 23:27 - 000377760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\msrpc.sys
2018-06-12 09:44 - 2018-06-07 23:24 - 003009736 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2018-06-12 09:44 - 2018-06-07 23:24 - 002711248 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2018-06-12 09:44 - 2018-06-07 23:24 - 000967584 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2018-06-12 09:44 - 2018-06-07 23:24 - 000891808 _____ (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
2018-06-12 09:44 - 2018-06-07 23:23 - 004486400 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepository.dll
2018-06-12 09:44 - 2018-06-07 23:23 - 002412688 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2018-06-12 09:44 - 2018-06-07 23:22 - 003180176 _____ (Microsoft Corporation) C:\Windows\System32\combase.dll
2018-06-12 09:44 - 2018-06-07 23:22 - 001269640 _____ (Microsoft Corporation) C:\Windows\System32\WinTypes.dll
2018-06-12 09:44 - 2018-06-07 23:22 - 000688072 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentClient.dll
2018-06-12 09:44 - 2018-06-07 23:22 - 000093624 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2018-06-12 09:44 - 2018-06-07 23:21 - 001779960 _____ (Microsoft Corporation) C:\Windows\System32\mfplat.dll
2018-06-12 09:44 - 2018-06-07 23:21 - 000594080 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2018-06-12 09:44 - 2018-06-07 22:21 - 001931256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-06-12 09:44 - 2018-06-07 22:21 - 001614168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-06-12 09:44 - 2018-06-07 22:21 - 000777912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-06-12 09:44 - 2018-06-07 22:19 - 001433360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2018-06-12 09:44 - 2018-06-07 22:18 - 000097160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-06-12 09:44 - 2018-06-07 22:10 - 002338272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2018-06-12 09:44 - 2018-06-07 22:09 - 017161216 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2018-06-12 09:44 - 2018-06-07 22:09 - 002193688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2018-06-12 09:44 - 2018-06-07 22:09 - 000791968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2018-06-12 09:44 - 2018-06-07 22:09 - 000098304 _____ C:\Windows\System32\runexehelper.exe
2018-06-12 09:44 - 2018-06-07 22:08 - 003979696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2018-06-12 09:44 - 2018-06-07 22:08 - 003663360 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2018-06-12 09:44 - 2018-06-07 22:08 - 001990672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2018-06-12 09:44 - 2018-06-07 22:08 - 000543920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2018-06-12 09:44 - 2018-06-07 22:07 - 002386320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2018-06-12 09:44 - 2018-06-07 22:07 - 000536064 _____ (Microsoft Corporation) C:\Windows\System32\edgeIso.dll
2018-06-12 09:44 - 2018-06-07 22:07 - 000206848 _____ (Microsoft Corporation) C:\Windows\System32\IndexedDbLegacy.dll
2018-06-12 09:44 - 2018-06-07 22:06 - 006015208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2018-06-12 09:44 - 2018-06-07 22:06 - 004668688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2018-06-12 09:44 - 2018-06-07 22:06 - 001524784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2018-06-12 09:44 - 2018-06-07 22:06 - 000551696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2018-06-12 09:44 - 2018-06-07 22:05 - 000046080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\hidparse.sys
2018-06-12 09:44 - 2018-06-07 22:04 - 000201728 _____ (Microsoft Corporation) C:\Windows\System32\EdgeManager.dll
2018-06-12 09:44 - 2018-06-07 22:04 - 000104960 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2018-06-12 09:44 - 2018-06-07 22:03 - 000532480 _____ (Microsoft Corporation) C:\Windows\System32\daxexec.dll
2018-06-12 09:44 - 2018-06-07 22:03 - 000151552 _____ (Microsoft Corporation) C:\Windows\System32\dssvc.dll
2018-06-12 09:44 - 2018-06-07 22:02 - 001498112 _____ (Microsoft Corporation) C:\Windows\System32\WebRuntimeManager.dll
2018-06-12 09:44 - 2018-06-07 22:02 - 001015296 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2018-06-12 09:44 - 2018-06-07 22:02 - 000392704 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2018-06-12 09:44 - 2018-06-07 22:02 - 000253440 _____ (Microsoft Corporation) C:\Windows\System32\domgmt.dll
2018-06-12 09:44 - 2018-06-07 22:02 - 000093696 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2018-06-12 09:44 - 2018-06-07 22:01 - 000672768 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2018-06-12 09:44 - 2018-06-07 22:01 - 000652288 _____ (Microsoft Corporation) C:\Windows\System32\OneDriveSettingSyncProvider.dll
2018-06-12 09:44 - 2018-06-07 22:01 - 000229888 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2018-06-12 09:44 - 2018-06-07 22:00 - 012833792 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2018-06-12 09:44 - 2018-06-07 22:00 - 000354304 _____ (Microsoft Corporation) C:\Windows\System32\WwaApi.dll
2018-06-12 09:44 - 2018-06-07 22:00 - 000258560 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2018-06-12 09:44 - 2018-06-07 21:59 - 008432640 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2018-06-12 09:44 - 2018-06-07 21:59 - 001116672 _____ (Microsoft Corporation) C:\Windows\System32\rpcss.dll
2018-06-12 09:44 - 2018-06-07 21:59 - 001043968 _____ (Microsoft Corporation) C:\Windows\System32\NotificationController.dll
2018-06-12 09:44 - 2018-06-07 21:59 - 000757760 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2018-06-12 09:44 - 2018-06-07 21:58 - 008068608 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2018-06-12 09:44 - 2018-06-07 21:58 - 005833216 _____ (Microsoft Corporation) C:\Windows\System32\dbgeng.dll
2018-06-12 09:44 - 2018-06-07 21:58 - 004723712 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2018-06-12 09:44 - 2018-06-07 21:58 - 002083840 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2018-06-12 09:44 - 2018-06-07 21:57 - 002628608 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2018-06-12 09:44 - 2018-06-07 21:57 - 002086400 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2018-06-12 09:44 - 2018-06-07 21:57 - 001812992 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2018-06-12 09:44 - 2018-06-07 21:57 - 001345024 _____ (Microsoft Corporation) C:\Windows\System32\dosvc.dll
2018-06-12 09:44 - 2018-06-07 21:57 - 000808960 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2018-06-12 09:44 - 2018-06-07 21:56 - 002035712 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2018-06-12 09:44 - 2018-06-07 21:55 - 000666624 _____ (Microsoft Corporation) C:\Windows\System32\DbgModel.dll
2018-06-12 09:44 - 2018-06-07 21:46 - 002902528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2018-06-12 09:44 - 2018-06-07 21:46 - 002393600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AcGenral.dll
2018-06-12 09:44 - 2018-06-07 21:46 - 000344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgeIso.dll
2018-06-12 09:44 - 2018-06-07 21:46 - 000162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IndexedDbLegacy.dll
2018-06-12 09:44 - 2018-06-07 21:45 - 018930688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2018-06-12 09:44 - 2018-06-07 21:44 - 019358720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2018-06-12 09:44 - 2018-06-07 21:44 - 000155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EdgeManager.dll
2018-06-12 09:44 - 2018-06-07 21:43 - 000147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-12 09:44 - 2018-06-07 21:43 - 000079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2018-06-12 09:44 - 2018-06-07 21:42 - 000078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2018-06-12 09:44 - 2018-06-07 21:41 - 013704704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2018-06-12 09:44 - 2018-06-07 21:41 - 011924992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2018-06-12 09:44 - 2018-06-07 21:41 - 000459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webplatstorageserver.dll
2018-06-12 09:44 - 2018-06-07 21:41 - 000369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msIso.dll
2018-06-12 09:44 - 2018-06-07 21:40 - 000344064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2018-06-12 09:44 - 2018-06-07 21:40 - 000293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WwaApi.dll
2018-06-12 09:44 - 2018-06-07 21:39 - 000531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2018-06-12 09:44 - 2018-06-07 21:38 - 000669184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2018-06-12 09:44 - 2018-06-07 21:38 - 000664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2018-06-12 09:44 - 2018-06-07 21:38 - 000235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2018-06-12 09:44 - 2018-06-07 21:36 - 006060032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2018-06-12 09:44 - 2018-06-07 21:36 - 003662848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2018-06-12 09:44 - 2018-06-07 21:35 - 007812608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2018-06-12 09:44 - 2018-06-07 21:35 - 004839424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2018-06-12 09:44 - 2018-06-07 21:35 - 002868736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2018-06-12 09:44 - 2018-06-07 21:35 - 002014720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2018-06-12 09:44 - 2018-06-07 21:35 - 001565184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2018-06-12 09:44 - 2018-06-07 21:35 - 001474560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2018-06-12 09:43 - 2018-06-08 09:26 - 021754880 _____ (Microsoft Corporation) C:\Windows\System32\Hydrogen.dll
2018-06-12 09:43 - 2018-06-08 09:26 - 017084928 _____ (Microsoft Corporation) C:\Windows\System32\HologramCompositor.dll
2018-06-12 09:43 - 2018-06-08 09:03 - 003331520 _____ C:\Windows\System32\Windows.Mirage.dll
2018-06-12 09:43 - 2018-06-08 08:59 - 000956416 _____ (Microsoft Corporation) C:\Windows\System32\Spectrum.exe
2018-06-12 09:43 - 2018-06-08 08:58 - 000882688 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Mirage.Internal.dll
2018-06-12 09:43 - 2018-06-08 03:42 - 002491120 _____ C:\Windows\SysWOW64\Windows.Mirage.dll
2018-06-12 09:43 - 2018-06-08 03:41 - 000618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Mirage.Internal.dll
2018-06-12 09:43 - 2018-06-07 23:36 - 001568160 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2018-06-12 09:43 - 2018-06-07 23:36 - 000137120 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2018-06-12 09:43 - 2018-06-07 23:35 - 001093040 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2018-06-12 09:43 - 2018-06-07 23:35 - 000924656 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2018-06-12 09:43 - 2018-06-07 23:35 - 000300448 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2018-06-12 09:43 - 2018-06-07 23:35 - 000069536 _____ (Microsoft Corporation) C:\Windows\System32\win32appinventorycsp.dll
2018-06-12 09:43 - 2018-06-07 23:34 - 000748472 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2018-06-12 09:43 - 2018-06-07 23:34 - 000423352 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2018-06-12 09:43 - 2018-06-07 23:33 - 002002336 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2018-06-12 09:43 - 2018-06-07 23:33 - 001206688 _____ (Microsoft Corporation) C:\Windows\System32\hvix64.exe
2018-06-12 09:43 - 2018-06-07 23:33 - 001056184 _____ (Microsoft Corporation) C:\Windows\System32\hvax64.exe
2018-06-12 09:43 - 2018-06-07 23:33 - 000608160 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2018-06-12 09:43 - 2018-06-07 23:33 - 000461216 _____ (Microsoft Corporation) C:\Windows\System32\dcntel.dll
2018-06-12 09:43 - 2018-06-07 23:33 - 000269720 _____ C:\Windows\System32\FaceProcessorCore.dll
2018-06-12 09:43 - 2018-06-07 23:33 - 000192920 _____ (Microsoft Corporation) C:\Windows\System32\skci.dll
2018-06-12 09:43 - 2018-06-07 23:33 - 000035232 _____ (Microsoft Corporation) C:\Windows\System32\DeviceCensus.exe
2018-06-12 09:43 - 2018-06-07 23:32 - 000664992 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2018-06-12 09:43 - 2018-06-07 23:32 - 000272288 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2018-06-12 09:43 - 2018-06-07 23:32 - 000077216 _____ (Microsoft Corporation) C:\Windows\System32\hvloader.dll
2018-06-12 09:43 - 2018-06-07 23:30 - 002514944 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2018-06-12 09:43 - 2018-06-07 23:30 - 001416360 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2018-06-12 09:43 - 2018-06-07 23:29 - 002395040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2018-06-12 09:43 - 2018-06-07 23:29 - 001210272 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2018-06-12 09:43 - 2018-06-07 23:27 - 001173584 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2018-06-12 09:43 - 2018-06-07 23:26 - 000712456 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2018-06-12 09:43 - 2018-06-07 23:26 - 000540064 _____ (Microsoft Corporation) C:\Windows\System32\pcasvc.dll
2018-06-12 09:43 - 2018-06-07 23:25 - 003903784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2018-06-12 09:43 - 2018-06-07 23:25 - 000525728 _____ (Microsoft Corporation) C:\Windows\System32\wimserv.exe
2018-06-12 09:43 - 2018-06-07 23:24 - 007675792 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2018-06-12 09:43 - 2018-06-07 23:24 - 006282280 _____ (Microsoft Corporation) C:\Windows\System32\OneCoreUAPCommonProxyStub.dll
2018-06-12 09:43 - 2018-06-07 23:24 - 001488288 _____ (Microsoft Corporation) C:\Windows\System32\ContentDeliveryManager.Utilities.dll
2018-06-12 09:43 - 2018-06-07 23:24 - 001029536 _____ (Microsoft Corporation) C:\Windows\System32\efscore.dll
2018-06-12 09:43 - 2018-06-07 23:24 - 000247712 _____ (Microsoft Corporation) C:\Windows\System32\browserbroker.dll
2018-06-12 09:43 - 2018-06-07 23:23 - 021357336 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2018-06-12 09:43 - 2018-06-07 23:23 - 002472888 _____ (Microsoft Corporation) C:\Windows\System32\UpdateAgent.dll
2018-06-12 09:43 - 2018-06-07 23:23 - 000824904 _____ (Microsoft Corporation) C:\Windows\System32\ClipSVC.dll
2018-06-12 09:43 - 2018-06-07 23:23 - 000706464 _____ (Microsoft Corporation) C:\Windows\System32\wimgapi.dll
2018-06-12 09:43 - 2018-06-07 23:23 - 000677304 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2018-06-12 09:43 - 2018-06-07 23:23 - 000137552 _____ (Microsoft Corporation) C:\Windows\System32\bcrypt.dll
2018-06-12 09:43 - 2018-06-07 23:22 - 006791992 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
2018-06-12 09:43 - 2018-06-07 23:21 - 007385096 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Protection.PlayReady.dll
2018-06-12 09:43 - 2018-06-07 23:21 - 004507096 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2018-06-12 09:43 - 2018-06-07 23:21 - 000260904 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2018-06-12 09:43 - 2018-06-07 23:20 - 001101216 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\http.sys
2018-06-12 09:43 - 2018-06-07 22:26 - 025256960 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2018-06-12 09:43 - 2018-06-07 22:18 - 000212920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aepic.dll
2018-06-12 09:43 - 2018-06-07 22:10 - 003485400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2018-06-12 09:43 - 2018-06-07 22:10 - 001124768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-06-12 09:43 - 2018-06-07 22:09 - 006092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2018-06-12 09:43 - 2018-06-07 22:09 - 000832952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2018-06-12 09:43 - 2018-06-07 22:09 - 000592800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2018-06-12 09:43 - 2018-06-07 22:08 - 020290256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2018-06-12 09:43 - 2018-06-07 22:08 - 000640024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2018-06-12 09:43 - 2018-06-07 22:07 - 000975360 _____ C:\Windows\System32\FaceProcessor.dll
2018-06-12 09:43 - 2018-06-07 22:07 - 000436224 _____ (Microsoft Corporation) C:\Windows\System32\wincorlib.dll
2018-06-12 09:43 - 2018-06-07 22:07 - 000400896 _____ (Microsoft Corporation) C:\Windows\System32\MusNotification.exe
2018-06-12 09:43 - 2018-06-07 22:07 - 000329728 _____ (Microsoft Corporation) C:\Windows\System32\AcGenral.dll
2018-06-12 09:43 - 2018-06-07 22:06 - 006481096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-12 09:43 - 2018-06-07 22:06 - 002890240 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.Resources.dll
2018-06-12 09:43 - 2018-06-07 22:06 - 000239104 _____ (Microsoft Corporation) C:\Windows\System32\smartscreenps.dll
2018-06-12 09:43 - 2018-06-07 22:05 - 000331264 _____ (Microsoft Corporation) C:\Windows\System32\browserexport.exe
2018-06-12 09:43 - 2018-06-07 22:04 - 005784576 _____ (Microsoft Corporation) C:\Windows\System32\VsGraphicsDesktopEngine.exe
2018-06-12 09:43 - 2018-06-07 22:04 - 005195776 _____ (Microsoft Corporation) C:\Windows\System32\cdp.dll
2018-06-12 09:43 - 2018-06-07 22:04 - 001925120 _____ (Microsoft Corporation) C:\Windows\System32\AzureSettingSyncProvider.dll
2018-06-12 09:43 - 2018-06-07 22:04 - 000173568 _____ (Microsoft Corporation) C:\Windows\System32\Windows.StateRepositoryUpgrade.dll
2018-06-12 09:43 - 2018-06-07 22:03 - 000675328 _____ (Microsoft Corporation) C:\Windows\System32\webplatstorageserver.dll
2018-06-12 09:43 - 2018-06-07 22:02 - 000431616 _____ (Microsoft Corporation) C:\Windows\System32\msIso.dll
2018-06-12 09:43 - 2018-06-07 22:02 - 000086528 _____ (Microsoft Corporation) C:\Windows\System32\cldapi.dll
2018-06-12 09:43 - 2018-06-07 22:01 - 023678464 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2018-06-12 09:43 - 2018-06-07 22:01 - 001217024 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.Vpn.dll
2018-06-12 09:43 - 2018-06-07 22:01 - 000623616 _____ (Microsoft Corporation) C:\Windows\System32\aadcloudap.dll
2018-06-12 09:43 - 2018-06-07 22:00 - 003180032 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2018-06-12 09:43 - 2018-06-07 22:00 - 001495552 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.desktop.dll
2018-06-12 09:43 - 2018-06-07 22:00 - 000324096 _____ (Microsoft Corporation) C:\Windows\System32\SyncSettings.dll
2018-06-12 09:43 - 2018-06-07 21:59 - 003124224 _____ (Microsoft Corporation) C:\Windows\System32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-06-12 09:43 - 2018-06-07 21:59 - 002596352 _____ (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
2018-06-12 09:43 - 2018-06-07 21:58 - 003332608 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2018-06-12 09:43 - 2018-06-07 21:58 - 002211840 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.onecore.dll
2018-06-12 09:43 - 2018-06-07 21:57 - 004772352 _____ (Microsoft Corporation) C:\Windows\System32\ExplorerFrame.dll
2018-06-12 09:43 - 2018-06-07 21:57 - 001597952 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2018-06-12 09:43 - 2018-06-07 21:57 - 001238016 _____ (Microsoft Corporation) C:\Windows\System32\aadtb.dll
2018-06-12 09:43 - 2018-06-07 21:57 - 001135104 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncCore.dll
2018-06-12 09:43 - 2018-06-07 21:56 - 002528768 _____ (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2018-06-12 09:43 - 2018-06-07 21:52 - 000067584 _____ (Microsoft Corporation) C:\Windows\System32\pcadm.dll
2018-06-12 09:43 - 2018-06-07 21:52 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\pcalua.exe
2018-06-12 09:43 - 2018-06-07 21:45 - 000160256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smartscreenps.dll
2018-06-12 09:43 - 2018-06-07 21:41 - 000372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2018-06-12 09:43 - 2018-06-07 21:40 - 003181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2018-06-12 09:43 - 2018-06-07 21:40 - 001277440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2018-06-12 09:43 - 2018-06-07 21:40 - 000534016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2018-06-12 09:43 - 2018-06-07 21:39 - 000941568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Vpn.dll
2018-06-12 09:43 - 2018-06-07 21:39 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cldapi.dll
2018-06-12 09:43 - 2018-06-07 21:35 - 004384768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2018-06-12 09:43 - 2018-06-07 21:35 - 000955392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2018-06-12 09:43 - 2018-06-07 21:35 - 000935424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2018-06-12 09:42 - 2018-06-07 23:29 - 001849760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\refs.sys
2018-06-12 09:42 - 2018-06-07 23:29 - 000937376 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\refsv1.sys
2018-06-12 09:42 - 2018-06-07 23:29 - 000028576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\uefi.sys
2018-06-12 09:42 - 2018-06-07 23:22 - 001358496 _____ (Microsoft Corporation) C:\Windows\System32\webservices.dll
2018-06-12 09:42 - 2018-06-07 23:22 - 000054376 _____ (Microsoft Corporation) C:\Windows\System32\kernel.appcore.dll
2018-06-12 09:42 - 2018-06-07 23:21 - 001206104 _____ (Microsoft Corporation) C:\Windows\System32\mfnetcore.dll
2018-06-12 09:42 - 2018-06-07 22:09 - 002993728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneCoreUAPCommonProxyStub.dll
2018-06-12 09:42 - 2018-06-07 22:08 - 001075984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2018-06-12 09:42 - 2018-06-07 22:07 - 000047608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel.appcore.dll
2018-06-12 09:42 - 2018-06-07 22:06 - 001131696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2018-06-12 09:42 - 2018-06-07 22:06 - 000129208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2018-06-12 09:42 - 2018-06-07 22:05 - 000408064 _____ (Microsoft Corporation) C:\Windows\System32\microsoft-windows-system-events.dll
2018-06-12 09:42 - 2018-06-07 22:05 - 000090624 _____ (Microsoft Corporation) C:\Windows\System32\VsGraphicsProxyStub.dll
2018-06-12 09:42 - 2018-06-07 22:05 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\GamePanelExternalHook.dll
2018-06-12 09:42 - 2018-06-07 22:04 - 000075776 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mpsdrv.sys
2018-06-12 09:42 - 2018-06-07 22:01 - 000507392 _____ (Microsoft Corporation) C:\Windows\System32\TDLMigration.dll
2018-06-12 09:42 - 2018-06-07 21:59 - 001297920 _____ (Microsoft Corporation) C:\Windows\System32\GamePanel.exe
2018-06-12 09:42 - 2018-06-07 21:59 - 000908800 _____ (Microsoft Corporation) C:\Windows\System32\WpcWebFilter.dll
2018-06-12 09:42 - 2018-06-07 21:56 - 000969728 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Networking.BackgroundTransfer.dll
2018-06-12 09:42 - 2018-06-07 21:53 - 000143872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2018-06-12 09:42 - 2018-06-07 21:52 - 000012800 _____ (Microsoft Corporation) C:\Windows\System32\pcaevts.dll
2018-06-12 09:42 - 2018-06-07 21:46 - 000309248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2018-06-12 09:42 - 2018-06-07 21:44 - 000041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsProxyStub.dll
2018-06-12 09:42 - 2018-06-07 21:39 - 000963584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
2018-06-12 09:42 - 2018-06-07 21:39 - 000636416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2018-06-12 09:42 - 2018-06-07 21:37 - 004550144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VsGraphicsDesktopEngine.exe
2018-06-12 09:42 - 2018-06-07 21:35 - 000891904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2018-06-12 09:42 - 2018-06-07 21:34 - 000471040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DbgModel.dll
2018-06-09 09:21 - 2018-06-09 09:21 - 000000000 ____D C:\Users\John\AppData\Local\DBG
2018-06-08 14:56 - 2018-06-08 14:56 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-07 12:29 - 2018-05-31 09:33 - 000000000 ___DC C:\Users\John\AppData\LocalLow\Mozilla
2018-07-07 12:28 - 2018-06-04 00:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-07 12:27 - 2018-06-03 23:56 - 000000000 ____D C:\users\John
2018-07-07 12:27 - 2017-09-29 00:45 - 020709376 _____ C:\Windows\System32\config\HARDWARE
2018-07-07 12:27 - 2017-09-29 00:45 - 001310720 _____ C:\Windows\System32\config\BBI
2018-07-07 12:20 - 2017-09-29 05:44 - 000000000 ____D C:\Windows\INF
2018-07-07 12:18 - 2018-06-03 23:53 - 000000000 ____D C:\Windows\System32\SleepStudy
2018-07-07 12:18 - 2015-06-11 14:27 - 000000000 ____D C:\Users\John\AppData\Roaming\qBittorrent
2018-07-07 06:48 - 2018-06-03 23:56 - 002051066 _____ C:\Windows\System32\PerfStringBackup.INI
2018-07-07 06:46 - 2018-06-04 00:15 - 000004150 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2DEB3890-F6CC-4E93-A3D4-E66EA0F592DB}
2018-07-06 22:30 - 2018-06-04 00:15 - 000004210 _____ C:\Windows\System32\Tasks\CCleaner Update
2018-07-06 14:05 - 2018-06-03 23:56 - 000000000 ____D C:\users\DefaultAppPool
2018-07-06 13:28 - 2017-09-29 00:45 - 000065536 _____ C:\Windows\System32\config\ELAM
2018-07-06 08:15 - 2018-05-31 09:32 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-07-06 08:15 - 2015-02-03 15:15 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-06 08:06 - 2018-06-04 00:15 - 000000000 ____D C:\Windows\System32\Tasks\WPD
2018-07-06 08:05 - 2018-06-04 00:15 - 000002926 _____ C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2018-07-06 08:01 - 2018-06-03 23:56 - 000000000 ____D C:\users\Administrator
2018-07-06 08:00 - 2018-06-03 20:53 - 000000000 ____D C:\ProgramData\ASUS Smart Gesture
2018-07-06 08:00 - 2015-08-07 05:44 - 000000000 __SHD C:\Users\John\IntelGraphicsProfiles
2018-07-06 06:43 - 2015-03-02 11:59 - 000000000 ____D C:\Windows\SysWOW64\1033
2018-07-06 06:43 - 2015-03-02 11:48 - 000000000 ____D C:\Windows\System32\1033
2018-07-06 06:20 - 2018-06-04 06:28 - 000000000 ___RD C:\Users\John\OneDrive
2018-07-05 18:37 - 2017-09-29 05:46 - 000000000 ___HD C:\Windows\ELAMBKUP
2018-07-05 08:07 - 2015-01-30 17:40 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-04 07:15 - 2017-09-29 05:37 - 000000000 ____D C:\Windows\CbsTemp
2018-07-03 13:38 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2018-07-03 13:38 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\Macromed
2018-07-02 07:15 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\DeliveryOptimization
2018-07-01 18:44 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\LiveKernelReports
2018-07-01 15:34 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\AppReadiness
2018-07-01 15:29 - 2012-08-01 17:24 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-07-01 15:27 - 2017-09-29 05:46 - 000000000 ___RD C:\Windows\PrintDialog
2018-07-01 15:10 - 2013-01-05 04:06 - 000000000 _RHDC C:\Users\Public\AccountPictures
2018-07-01 14:28 - 2015-01-30 04:39 - 000000000 ____D C:\Windows\AutoKMS
2018-07-01 13:04 - 2018-06-03 23:53 - 000435712 _____ C:\Windows\System32\FNTCACHE.DAT
2018-07-01 12:55 - 2015-03-30 15:41 - 000000034 _____ C:\Users\John\AppData\Roaming\AdobeWLCMCache.dat
2018-07-01 05:53 - 2015-01-29 13:48 - 000000000 ____D C:\ProgramData\MFAData
2018-06-30 07:26 - 2015-01-30 04:50 - 000000000 ____D C:\Users\John\AppData\Local\Spotify
2018-06-30 07:24 - 2015-01-30 04:17 - 000000000 ____D C:\Users\John\AppData\Roaming\Spotify
2018-06-29 06:55 - 2017-09-29 05:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-06-28 15:02 - 2016-08-12 11:22 - 000000000 ____D C:\Program Files\Intel
2018-06-28 14:59 - 2015-04-13 13:21 - 000000000 ____D C:\Program Files (x86)\Java
2018-06-28 14:51 - 2015-03-02 11:45 - 000000000 ____D C:\Program Files (x86)\Microsoft SDKs
2018-06-28 14:48 - 2015-08-02 17:39 - 000000000 ____D C:\Program Files (x86)\IIS Express
2018-06-28 14:47 - 2015-01-29 13:14 - 000000000 ____D C:\ProgramData\Package Cache
2018-06-28 14:46 - 2015-03-06 08:57 - 000000000 ____D C:\Program Files (x86)\Microsoft Web Tools
2018-06-28 14:35 - 2016-08-21 11:51 - 000000000 ____D C:\Program Files\Application Verifier
2018-06-28 14:35 - 2016-08-21 11:51 - 000000000 ____D C:\Program Files (x86)\Application Verifier
2018-06-28 14:05 - 2018-06-04 00:04 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-06-28 13:33 - 2017-09-29 05:46 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-06-28 13:28 - 2015-03-02 11:49 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2018-06-28 13:19 - 2015-03-02 11:50 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2018-06-28 13:17 - 2015-08-02 20:31 - 000000000 ____D C:\Users\John\AppData\Local\vsixinstaller
2018-06-28 11:55 - 2015-03-02 12:13 - 000000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2018-06-28 11:11 - 2016-01-30 12:19 - 000000000 ___DC C:\overflow
2018-06-24 10:54 - 2015-02-22 14:33 - 000000000 ____D C:\Users\John\AppData\Local\Torch
2018-06-20 15:58 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\rescache
2018-06-20 13:21 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\NDF
2018-06-19 11:59 - 2015-02-27 10:20 - 000000000 ____D C:\Users\John\AppData\Roaming\Mp3tag
2018-06-19 11:43 - 2018-06-04 01:54 - 000000000 ___RD C:\Users\John\3D Objects
2018-06-19 11:43 - 2018-06-04 01:54 - 000000000 ____D C:\Users\John\AppData\Local\PackageStaging
2018-06-19 11:39 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\SysWOW64\F12
2018-06-19 11:39 - 2017-09-29 05:46 - 000000000 ___SD C:\Windows\System32\F12
2018-06-19 11:39 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\TextInput
2018-06-19 11:39 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\System32\WinBioPlugIns
2018-06-19 11:39 - 2017-09-29 05:46 - 000000000 ____D C:\Windows\ShellExperiences
2018-06-19 11:38 - 2015-02-27 10:20 - 000000000 ____D C:\Program Files (x86)\Mp3tag
2018-06-17 20:58 - 2015-05-06 10:44 - 000000000 ____D C:\ProgramData\Stardock
2018-06-12 10:13 - 2015-01-30 16:42 - 000000000 ____D C:\Windows\System32\MRT
2018-06-12 10:01 - 2018-06-02 14:49 - 133315992 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-06-12 10:00 - 2015-01-30 16:42 - 133315992 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-06-12 09:56 - 2012-07-25 21:26 - 000000199 _____ C:\Windows\win.ini
2018-06-11 19:37 - 2015-04-25 14:53 - 000000000 ____D C:\Users\John\AppData\Roaming\vlc
2018-06-10 15:23 - 2018-06-03 23:58 - 000000000 ____D C:\Users\John\AppData\Local\Packages
 
Some files in TEMP:
====================
2018-07-01 12:43 - 2018-07-01 12:43 - 006860752 _____ (NeoSoft Tools                                               ) C:\Users\John\AppData\Local\Temp\cexplorer.exe
2018-07-01 12:44 - 2018-07-01 12:44 - 000484352 _____ () C:\Users\John\AppData\Local\Temp\lame_enc.dll
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2018-06-12 09:43] - [2018-06-07 23:25] - 003903784 _____ (Microsoft Corporation) 4617D41657001A296F45D026B774C485
 
C:\Windows\SysWOW64\explorer.exe
[2018-06-12 09:43] - [2018-06-07 22:10] - 003485400 _____ (Microsoft Corporation) 16BDDB13A0D8B0FD6D7FD6FBCAA81BE2
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2018-06-04 00:14] - [2018-06-04 00:14] - 000616792 _____ (Microsoft Corporation) 8207DB785C4A1A8C901154D12DF6E38E
 
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-06-12 09:44] - [2018-06-07 21:59] - 001116672 _____ (Microsoft Corporation) 6145D5B0781C11EF2142D3FA3763D26A
 
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 11%
Total physical RAM: 9677.66 MB
Available physical RAM: 8572.6 MB
Total Virtual: 9677.66 MB
Available Virtual: 8619.62 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:194.89 GB) (Free:11.58 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:272.01 GB) (Free:28.57 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:0.59 GB) (Free:0.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:0.34 GB) (Free:0.3 GB) NTFS
Drive h: () (Fixed) (Total:0.8 GB) (Free:0.34 GB) NTFS
Drive i: (ESD-USB) (Removable) (Total:14.92 GB) (Free:0.68 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.49 GB) NTFS
 
\\?\Volume{182870a9-5eee-4229-ba32-3a15e9bed7e7}\ (SYSTEM) (Fixed) (Total:0.29 GB) (Free:0.25 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 489 GB) (Disk ID: DA56A3E5)
 
Partition: GPT.
 
========================================================
Disk: 1 (Protective MBR) (Size: 22.4 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 2 (MBR Code: Windows 7/8/10) (Size: 14.9 GB) (Disk ID: FD4263A7)
Partition 1: (Active) - (Size=14.9 GB) - (Type=0C)
 
LastRegBack: 2018-07-03 12:58
 
==================== End of FRST.txt ============================
 
Begin of fixlog.txt
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018
Ran by SYSTEM (07-07-2018 13:49:38) Run:3
Running from I:\
Boot Mode: Recovery
==============================================
 
fixlist content:
*****************
CloseProcesses:
 
C:\Users\John\AppData\Local\pwcuael
S4 ewmsin; System32\drivers\snigdxpu.sys [X]
R3 ilosvy; system32\drivers\osvybf.sys [X]
C:\WINDOWS\system32\drivers\mskbfilo.sys
 
EmptyTemp:                                                                                                                                                                                                          
*****************
 
CloseProcesses: => Error: This directive works only outside recovery mode.
C:\Users\John\AppData\Local\pwcuael => moved successfully
"HKLM\System\ControlSet001\Services\ewmsin" => removed successfully
ewmsin => service removed successfully
ilosvy => service not found.
"C:\WINDOWS\system32\drivers\mskbfilo.sys" => not found
EmptyTemp: => Error: This directive works only outside recovery mode.
 
==== End of Fixlog 13:49:38 ====


 



#8 MostlyFoobar

MostlyFoobar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 07 July 2018 - 04:52 PM

OK. after a few reboots I was able to get a new scan to complete. I have FRST.txt and Addition.txt from that scan.

 

Still cannot add them as attachments, will post them as body text here if you need me to.

 

-j



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 08 July 2018 - 01:58 AM

Please post them as normal text, no need to attach them (you likely used all your attachment space here at bleepingcomputer due to the images you posted earlier).

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#10 MostlyFoobar

MostlyFoobar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 09 July 2018 - 02:04 PM

Attached File  FRST.txt   77.24KB   6 downloadsAttached File  Addition.txt   74.17KB   5 downloads
 

Here they are.
 

Says I've used about 1.2 megs of 10. Attachment worked fine today.



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 09 July 2018 - 02:37 PM

That looks better, how are things running now? Any problem left with the computer?

 

Also, you have both Avast and AVG installed; it is not recommended to run more than one antivirus program at a time. Even if real time protection on one of them is disabled, they both have running drivers that are designed to monitor all processes. This may lead to both AVs fighting for access which in turn can slow your computer down and make it less secure. Please uninstall one of them.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif


#12 MostlyFoobar

MostlyFoobar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:45 AM

Posted 16 July 2018 - 04:24 PM

Everything seems to be A-OK!

Been several days now and things are running more smoothly than ever.

You are a rock star and your help has been invaluable.

Thank you so very much!!!

 

-j



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,615 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:03:45 PM

Posted 17 July 2018 - 02:09 AM

You're most welcome! :) Glad to hear things are running fine now.
 
To be sure, let's do one last online scan:

Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note, this option is only available if malicious objects were detected during the scan.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft

 

animinionsmalltext.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users