Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I believe I have a persistent Kernel rootkit


  • Please log in to reply
6 replies to this topic

#1 phibonacci

phibonacci

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 08 August 2018 - 09:48 AM

Hello,

 

I believe I have a rootkit. I have done a clean install and partitioned my drives and run numerous antivirus programs. I still get the following issues:

 

My permissions won't change without lots of work and then they change back

CMD prompt doesnt work at all (ie: I type commands ex:"/?" and it says that is a invalid command...)

It changes my administrator privileges and I can't access certain things

RootkitRevealer says "access is denied" upon starting

Tons of Event viewer logs that are related to blocking software, VM, registry and some unknown users that I didn't set up

lots Users and computer names that I didn't set up

Some files are inaccessible even after changing permissions.

It "acted" like it was reinstalling windows but it didn't. Old files were still there and it was too fast for a real clean install

GMER wouldn't run

new files keep popping up out of nowhere.

I watched the mouse move and take control of my computer when I wasn't touching it.

My amazon and gmail were hacked. I created new ones and those were hacked immediately.

smartscreen.exe uses half of my 16gb of ram

tons of svcnhosts.exes processes

lots of weird processes

and many, MANY more strange things.

 

My roommates and I share this computer and both game on it. He has been on it a lot and I have some weird files were downloaded. There is also a facebook link that supposedly downloaded a virus on our computer. I'd like to do a clean install but it wont let me.

 

I am semi-knowledgeable(being nice to myself) with computers and this is frustrating as heck, I would love to learn from you geniuses on how to stop these types of threats for my family and loved ones. Thank you in advance, Phibonacci

 

Logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by b (ATTENTION: The user is not administrator) on DESKTOP-97DUDUE (08-08-2018 07:33:36)
Running from C:\Users\b\Desktop
Loaded Profiles: PC & b (Available Profiles: PC & B)
Platform: Windows 10 Pro Version 1803 17134.137 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> winlogon.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> NVDisplay.Container.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> NVDisplay.Container.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> AvastSvc.exe
Failed to access process -> wlanext.exe
Failed to access process -> conhost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> vpnclient_x64.exe
Failed to access process -> LogiRegistryService.exe
Failed to access process -> SecurityHealthService.exe
Failed to access process -> svchost.exe
Failed to access process -> dasHost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> aswidsagenta.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
Failed to access process -> unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech, Inc.) C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
Failed to access process -> svchost.exe
(Apple Inc.) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> SgrmBroker.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\System32\OpenWith.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> svchost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(F-Secure Corporation) C:\Users\b\AppData\Local\FSDART\f008f8cc-c28d-4726-9f80-fd7f9b96c2e4\fssos.exe
(F-Secure Corporation) C:\Users\b\AppData\Local\FSDART\f008f8cc-c28d-4726-9f80-fd7f9b96c2e4\fssos_admin_helper.exe
Failed to access process -> fsorsp64.exe
Failed to access process -> fshoster64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Failed to access process -> SearchProtocolHost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198080 2017-02-05] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-20] (AVAST Software)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2018-06-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2850893678-3308694845-315594102-1002\...\RunOnce: [Uninstall 18.111.0603.0006\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\b\AppData\Local\Microsoft\OneDrive\18.111.0603.0006\amd64"
HKU\S-1-5-21-2850893678-3308694845-315594102-1002\...\RunOnce: [Uninstall 18.111.0603.0006] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\b\AppData\Local\Microsoft\OneDrive\18.111.0603.0006"
HKU\S-1-5-21-2850893678-3308694845-315594102-1002\...\RunOnce: [RemovalTool] => C:\Users\b\AppData\Local\FSDART\f008f8cc-c28d-4726-9f80-fd7f9b96c2e4\fssos.exe [2953696 2018-08-08] (F-Secure Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2018-06-07]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ae7a1205-9871-4e30-9937-fe069d9cbe5f}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
URLSearchHook: [S-1-5-21-2850893678-3308694845-315594102-1001] ATTENTION => Default URLSearchHook is missing
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\b\AppData\Local\Google\Chrome\User Data\Default [2018-08-08]
CHR Extension: (Slides) - C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-03-06]
CHR Extension: (Docs) - C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-03-06]
CHR Extension: (Google Drive) - C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-03-06]
CHR Extension: (YouTube) - C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-03-06]
CHR Extension: (Sheets) - C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-03-06]
CHR Extension: (Google Docs Offline) - C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-03-14]
CHR Extension: (Avast Online Security) - C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-11]
CHR Extension: (Gmail) - C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-03-06]
CHR Extension: (Chrome Media Router) - C:\Users\b\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-20] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-20] (AVAST Software)
R2 fsulhoster; C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\fshoster64.exe [574944 2018-08-08] (F-Secure Corporation)
R2 fsulorsp; C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\fsorsp64.exe [78304 2018-08-08] (F-Secure Corporation)
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [51288 2018-04-11] (Microsoft Corporation)
R3 lmhosts; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-11] (Microsoft Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [51288 2018-04-11] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-11] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [51288 2018-04-11] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\SysWOW64\svchost.exe [44520 2018-04-11] (Microsoft Corporation)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2018-06-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-11] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-05-20] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-03-15] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-03-15] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-03-15] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-03-15] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [234560 2018-05-20] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-05-20] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159120 2018-05-20] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111360 2018-05-20] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-05-20] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-05-20] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-05-20] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-05-20] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381552 2018-05-20] (AVAST Software)
R3 BCMH43XX; C:\WINDOWS\system32\DRIVERS\AE2500w764.sys [2576632 2016-12-03] (Broadcom Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 fsbts; C:\WINDOWS\System32\drivers\fsbts.sys [65872 2018-08-08] ()
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-11] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2017-04-05] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2017-04-05] (Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-05] (Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [64280 2017-04-05] (Logitech Inc.)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2018-06-07] (SoftEther Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2018-06-07] (SoftEther Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-08 07:33 - 2018-08-08 07:33 - 000018261 _____ C:\Users\b\Desktop\FRST.txt
2018-08-08 07:33 - 2018-08-08 07:33 - 000000000 ____D C:\FRST
2018-08-08 07:32 - 2018-08-08 07:32 - 002412544 _____ (Farbar) C:\Users\b\Desktop\FRST64.exe
2018-08-08 07:26 - 2018-08-08 07:26 - 000464491 _____ C:\Users\b\Downloads\RootRepeal.zip
2018-08-08 07:21 - 2018-08-08 07:21 - 000065872 _____ C:\WINDOWS\system32\Drivers\fsbts.sys
2018-08-08 07:20 - 2018-08-08 07:26 - 000000000 ____D C:\ProgramData\F-Secure
2018-08-08 07:20 - 2018-08-08 07:20 - 000000000 ____D C:\Users\b\AppData\Local\F-Secure
2018-08-08 07:20 - 2018-08-08 07:20 - 000000000 ____D C:\Users\b\AppData\Local\FSDART
2018-08-08 07:20 - 2018-08-08 07:20 - 000000000 ____D C:\Program Files\F-Secure
2018-08-08 07:09 - 2018-08-08 07:09 - 000000000 ____D C:\Users\b\Documents\AccessChk
2018-08-08 07:08 - 2018-08-08 07:08 - 000378512 _____ C:\Users\b\Documents\AccessChk.zip
2018-08-08 07:02 - 2018-08-08 07:02 - 000000000 ____D C:\Users\b\Documents\Sysmon (1)
2018-08-08 07:02 - 2018-08-08 06:39 - 001463899 _____ C:\Users\b\Documents\Sysmon (1).zip
2018-08-08 07:01 - 2018-08-08 07:01 - 000000000 ____D C:\Users\b\Documents\RootkitRevealer (1)
2018-08-08 06:47 - 2018-08-08 06:47 - 000000000 ____D C:\Users\b\Downloads\gimmerdemo-win32-x64-0.1.7
2018-08-08 06:47 - 2018-08-08 06:47 - 000000000 ____D C:\Users\b\AppData\Roaming\Gimmer Demo
2018-08-08 06:19 - 2018-08-08 06:25 - 699400192 _____ C:\Users\b\Downloads\bitdefender-rescue-cd.iso
2018-08-08 06:16 - 2018-08-08 07:05 - 1953349632 _____ C:\Users\b\Downloads\ubuntu-18.04.1-desktop-amd64.iso
2018-08-08 03:36 - 2018-08-08 03:39 - 175065824 _____ (Microsoft Corporation) C:\Users\b\Downloads\msert.exe
2018-08-08 03:27 - 2018-08-08 03:27 - 286785970 _____ C:\Users\b\Documents\123.reg
2018-08-08 03:25 - 2018-08-08 03:25 - 000000000 ___HD C:\OneDriveTemp
2018-08-08 03:22 - 2018-08-08 03:24 - 000000000 ____D C:\Users\b\AppData\Local\D3DSCache
2018-08-08 03:21 - 2018-08-08 03:21 - 000234292 _____ C:\WINDOWS\ntbtlog.txt
2018-07-10 05:20 - 2018-07-10 05:20 - 000000765 _____ C:\Users\b\Downloads\5 SITES (1).txt
2018-07-10 05:18 - 2018-07-10 05:18 - 000000765 _____ C:\Users\b\Downloads\5 SITES.txt
2018-07-10 01:52 - 2018-07-10 01:52 - 000002055 _____ C:\Users\b\Downloads\CHECKCVVANDBALANCE.txt
2018-07-10 01:49 - 2018-07-10 01:49 - 000006238 _____ C:\Users\b\Downloads\how to bypass screen lock.txt
2018-07-10 01:46 - 2018-07-10 05:18 - 000008192 _____ C:\Users\b\Downloads\ktlh_flash_ff (3).dll
2018-07-10 01:46 - 2018-07-10 05:18 - 000008192 _____ C:\Users\b\Downloads\ktlh_flash_ff (2).dll
2018-07-10 01:46 - 2018-07-10 05:18 - 000000047 _____ C:\Users\b\Downloads\mms (2).cfg
2018-07-10 01:46 - 2018-07-10 01:47 - 019478528 _____ C:\Users\b\Downloads\NPSWF32_22_0_0_209.dll
2018-07-10 01:46 - 2018-07-10 01:47 - 000000047 _____ C:\Users\b\Downloads\mms (3).cfg
2018-07-10 01:46 - 2018-07-10 01:46 - 003446976 _____ (Adobe Systems, Inc.) C:\Users\b\Downloads\FlashPlayerPlugin_22_0_0_209.exe
2018-07-10 01:46 - 2018-07-10 01:46 - 003446976 _____ (Adobe Systems, Inc.) C:\Users\b\Downloads\FlashPlayerPlugin_21_0_0_197.exe
2018-07-10 01:46 - 2018-07-10 01:46 - 001210560 _____ (Adobe Systems Incorporated) C:\Users\b\Downloads\FlashUtil32_22_0_0_209_Plugin.exe
2018-07-10 01:46 - 2018-07-10 01:46 - 001164992 _____ (Adobe Systems Incorporated) C:\Users\b\Downloads\FlashUtil32_21_0_0_197_Plugin.exe
2018-07-10 01:46 - 2018-07-10 01:46 - 000442439 _____ C:\Users\b\Downloads\plugin (3).vch
2018-07-10 01:46 - 2018-07-10 01:46 - 000440627 _____ C:\Users\b\Downloads\plugin (2).vch
2018-07-10 01:46 - 2018-07-10 01:46 - 000000856 _____ C:\Users\b\Downloads\flashplayer (3).xpt
2018-07-10 01:46 - 2018-07-10 01:46 - 000000856 _____ C:\Users\b\Downloads\flashplayer (2).xpt
2018-07-10 01:46 - 2018-07-10 01:46 - 000000856 _____ C:\Users\b\Downloads\flashplayer (1).xpt
2018-07-10 01:45 - 2018-07-10 01:45 - 442512337 _____ C:\Users\b\Downloads\antidetect7.cc
2018-07-10 01:45 - 2018-07-10 01:45 - 003446976 _____ (Adobe Systems, Inc.) C:\Users\b\Downloads\FlashPlayerPlugin_21_0_0_182.exe
2018-07-10 01:45 - 2018-07-10 01:45 - 003442368 _____ (Adobe Systems, Inc.) C:\Users\b\Downloads\FlashPlayerPlugin_20_0_0_306.exe
2018-07-10 01:45 - 2018-07-10 01:45 - 001164992 _____ (Adobe Systems Incorporated) C:\Users\b\Downloads\FlashUtil32_21_0_0_182_Plugin.exe
2018-07-10 01:45 - 2018-07-10 01:45 - 001163968 _____ (Adobe Systems Incorporated) C:\Users\b\Downloads\FlashUtil32_20_0_0_306_Plugin.exe
2018-07-10 01:45 - 2018-07-10 01:45 - 000440631 _____ C:\Users\b\Downloads\plugin (1).vch
2018-07-10 01:45 - 2018-07-10 01:45 - 000401547 _____ C:\Users\b\Downloads\plugin.vch
2018-07-10 01:45 - 2018-07-10 01:45 - 000026576 _____ C:\Users\b\Downloads\jsoverrider (5).json
2018-07-10 01:45 - 2018-07-10 01:45 - 000026072 _____ C:\Users\b\Downloads\userContent (2).css
2018-07-10 01:45 - 2018-07-10 01:45 - 000014287 _____ C:\Users\b\Downloads\jsoverrider (4).json
2018-07-10 01:45 - 2018-07-10 01:45 - 000013130 _____ C:\Users\b\Downloads\userContent (4).css
2018-07-10 01:45 - 2018-07-10 01:45 - 000013044 _____ C:\Users\b\Downloads\userContent (5).css
2018-07-10 01:45 - 2018-07-10 01:45 - 000009836 _____ C:\Users\b\Downloads\jsoverrider (3).json
2018-07-10 01:45 - 2018-07-10 01:45 - 000006084 _____ C:\Users\b\Downloads\jsoverrider (1).json
2018-07-10 01:45 - 2018-07-10 01:45 - 000005825 _____ C:\Users\b\Downloads\userContent (3).css
2018-07-10 01:45 - 2018-07-10 01:45 - 000005748 _____ C:\Users\b\Downloads\jsoverrider.json
2018-07-10 01:45 - 2018-07-10 01:45 - 000002767 _____ C:\Users\b\Downloads\jsoverrider (2).json
2018-07-10 01:45 - 2018-07-10 01:45 - 000001804 _____ C:\Users\b\Downloads\userContent (1).css
2018-07-10 01:45 - 2018-07-10 01:45 - 000001239 _____ C:\Users\b\Downloads\userContent.css
2018-07-10 01:45 - 2018-07-10 01:45 - 000000856 _____ C:\Users\b\Downloads\flashplayer.xpt
2018-07-10 01:45 - 2018-07-10 01:45 - 000000629 _____ C:\Users\b\Downloads\modifyheaders.conf
2018-07-10 01:45 - 2018-07-10 01:45 - 000000629 _____ C:\Users\b\Downloads\modifyheaders (1).conf
2018-07-10 01:45 - 2018-07-10 01:45 - 000000621 _____ C:\Users\b\Downloads\modifyheaders (4).conf
2018-07-10 01:45 - 2018-07-10 01:45 - 000000612 _____ C:\Users\b\Downloads\modifyheaders (5).conf
2018-07-10 01:45 - 2018-07-10 01:45 - 000000605 _____ C:\Users\b\Downloads\modifyheaders (2).conf
2018-07-10 01:45 - 2018-07-10 01:45 - 000000583 _____ C:\Users\b\Downloads\modifyheaders (3).conf
2018-07-10 01:44 - 2018-07-10 01:44 - 013767776 _____ (Microsoft Corporation) C:\Users\b\Downloads\vc_redist.x86.exe
2018-07-10 01:44 - 2018-07-10 01:44 - 011277312 _____ C:\Users\b\Downloads\Antidetect 7_Cracked.exe
2018-07-10 01:44 - 2018-07-10 01:44 - 000668389 _____ C:\Users\b\Downloads\manual_russian_7.pdf
2018-07-10 01:44 - 2018-07-10 01:44 - 000632778 _____ C:\Users\b\Downloads\overrider.xpi
2018-07-10 01:44 - 2018-07-10 01:44 - 000591953 _____ C:\Users\b\Downloads\manual_english_7.pdf
2018-07-10 01:44 - 2018-07-10 01:44 - 000000633 _____ C:\Users\b\Downloads\README (1).txt
2018-07-10 01:44 - 2018-07-10 01:44 - 000000046 _____ C:\Users\b\Downloads\ANTIDETECT7PASSWORD.txt
2018-07-10 01:44 - 2018-07-10 01:44 - 000000036 _____ C:\Users\b\Downloads\ANTIDETECT7 CC FILE PASSWORD.txt
2018-07-10 01:43 - 2018-07-10 01:43 - 442512337 _____ C:\Users\b\Downloads\ad7.cc
2018-07-10 01:40 - 2018-07-10 01:40 - 000195185 _____ C:\Users\b\Downloads\config_78480_55329_77394_78556_38262_77590_22808_78613_78568_78631_40063_72457_70355_61738_76927_58973_21632_73401_22365_74276.zip
2018-07-10 01:32 - 2018-07-10 01:32 - 000015324 _____ C:\Users\b\Downloads\MASTERTHEARTOFCARDINGBEGINNERSGUIDE.txt
2018-07-10 01:31 - 2018-07-10 01:31 - 000001425 _____ C:\Users\b\Downloads\simple APPLE carding tutorial.txt
2018-07-10 01:21 - 2018-07-10 01:21 - 000000132 _____ C:\Users\b\Downloads\Buy Bitcoin VIDEO TUTORIAL.txt
2018-07-10 00:21 - 2018-07-10 00:21 - 000000000 ____D C:\ProgramData\Apple
2018-07-10 00:06 - 2018-08-08 03:27 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-07-10 00:06 - 2018-07-10 00:06 - 000000000 ____D C:\ProgramData\Apple Computer
2018-07-10 00:05 - 2018-07-10 00:19 - 000000000 ____D C:\ProgramData\Packages
2018-07-10 00:04 - 2018-07-10 05:44 - 000000000 ____D C:\Users\b\AppData\Local\PlaceholderTileLogoFolder
2018-07-10 00:04 - 2018-07-10 00:04 - 000001417 _____ C:\Users\b\Desktop\Microsoft Edge.lnk
2018-07-10 00:04 - 2018-07-10 00:04 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-07-10 00:03 - 2018-07-10 00:03 - 000000000 ___RD C:\Users\b\3D Objects
2018-07-10 00:03 - 2018-07-10 00:03 - 000000000 ___HD C:\Users\b\MicrosoftEdgeBackups
2018-07-10 00:02 - 2018-07-10 00:02 - 000000432 __RSH C:\Users\b\ntuser.pol
2018-07-10 00:02 - 2018-07-10 00:02 - 000000020 ___SH C:\Users\b\ntuser.ini
2018-07-10 00:01 - 2018-08-08 03:24 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-10 00:01 - 2018-07-10 00:01 - 000011433 _____ C:\WINDOWS\diagwrn.xml
2018-07-10 00:01 - 2018-07-10 00:01 - 000011433 _____ C:\WINDOWS\diagerr.xml
2018-07-10 00:01 - 2018-07-10 00:01 - 000000000 ____D C:\ProgramData\USOShared
2018-07-10 00:01 - 2018-04-11 16:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-07-10 00:00 - 2018-07-10 00:00 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-07-09 23:58 - 2018-08-08 03:25 - 000002404 _____ C:\Users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-07-09 23:58 - 2018-07-10 02:14 - 000000000 ____D C:\Users\PC
2018-07-09 23:58 - 2018-07-10 00:03 - 000000000 ____D C:\Users\b
2018-07-09 23:58 - 2018-07-09 23:58 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-07-09 23:57 - 2018-07-09 23:57 - 000002141 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2018-07-09 23:57 - 2018-07-09 23:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2018-07-09 23:57 - 2018-07-09 23:57 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-07-09 23:57 - 2017-11-09 05:43 - 000540784 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2018-07-09 23:57 - 2017-10-27 09:06 - 000136312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2018-07-09 23:57 - 2017-09-13 16:20 - 000798008 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2018-07-09 23:57 - 2017-09-13 16:20 - 000490296 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2018-07-09 23:57 - 2017-09-13 16:19 - 000927544 _____ C:\WINDOWS\system32\vulkan-1.dll
2018-07-09 23:57 - 2017-09-13 16:19 - 000591160 _____ C:\WINDOWS\system32\vulkaninfo.exe
2018-07-09 23:56 - 2018-07-27 04:16 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-09 23:56 - 2018-07-09 23:58 - 000233856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-07-09 23:23 - 2018-05-20 21:07 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-07-09 23:23 - 2018-05-20 21:07 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-07-09 23:23 - 2018-05-20 21:07 - 000381552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-07-09 23:23 - 2018-05-20 21:07 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-07-09 23:23 - 2018-05-20 21:07 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-07-09 23:23 - 2018-05-20 21:07 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-07-09 23:23 - 2018-05-20 21:07 - 000159120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-07-09 23:23 - 2018-05-20 21:07 - 000111360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-07-09 23:23 - 2018-05-20 21:07 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-07-09 23:23 - 2018-05-20 21:07 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-07-09 23:23 - 2018-03-15 01:13 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-07-09 23:23 - 2018-03-15 01:13 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-07-09 23:23 - 2018-03-15 01:13 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-07-09 23:23 - 2018-03-15 01:13 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-07-09 23:22 - 2018-07-09 23:23 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-07-09 23:21 - 2018-07-09 23:21 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-07-09 23:21 - 2018-07-09 23:21 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 022714368 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 022003712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 021388856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 012710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 009147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 008623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 006817872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 006572000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 006528600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004788504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004561920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004333568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002962944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002903040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002830240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002718624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-07-09 23:20 - 2018-07-09 23:20 - 002583552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002563960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002548736 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002535032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-07-09 23:20 - 2018-07-09 23:20 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002367488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-07-09 23:20 - 2018-07-09 23:20 - 002266016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 002206528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-07-09 23:20 - 2018-07-09 23:20 - 002193920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppAgent.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002163184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-07-09 23:20 - 2018-07-09 23:20 - 002062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002051072 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002015744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-07-09 23:20 - 2018-07-09 23:20 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001981384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001946752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001921944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001805752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001768448 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001742272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001724928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001710240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001659296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001632256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001581568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001538976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001487360 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001462824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001457128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-07-09 23:20 - 2018-07-09 23:20 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001397192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001380192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001376576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001360384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001356800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001342976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001308672 _____ C:\WINDOWS\system32\FaceProcessor.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001295872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 001288840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 001254400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001251736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContentDeliveryManager.Utilities.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001186816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CommonBridge.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001175056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001150408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001145696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001144120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001140568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-07-09 23:20 - 2018-07-09 23:20 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplySettingsTemplateCatalog.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001114112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001112600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001110528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001097640 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-07-09 23:20 - 2018-07-09 23:20 - 001054720 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 001026896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001020160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000988128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000978432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-07-09 23:20 - 2018-07-09 23:20 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-07-09 23:20 - 2018-07-09 23:20 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000898760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-07-09 23:20 - 2018-07-09 23:20 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-07-09 23:20 - 2018-07-09 23:20 - 000851968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000831488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000826776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000811520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-07-09 23:20 - 2018-07-09 23:20 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-07-09 23:20 - 2018-07-09 23:20 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000770152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000761440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.PrinterCustomActions.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000753152 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000749976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000740352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000719552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000717208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000709848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000704000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-07-09 23:20 - 2018-07-09 23:20 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000661152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000652184 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000642088 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp_win.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000611232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-07-09 23:20 - 2018-07-09 23:20 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-07-09 23:20 - 2018-07-09 23:20 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000562080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000558592 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000550608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000542888 _____ C:\WINDOWS\system32\FaceProcessorCore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000541600 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000515072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000510904 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000500552 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000491304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000482472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000472136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000444240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000433560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000413816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.CscUnpinTool.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000399768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Diagnostics.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcLayers.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000348256 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000338352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000326024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000324000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\DiagnosticLogCSP.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Diagnostics.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcLayers.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000281080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExecModelClient.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000269248 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000247984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2018-07-09 23:20 - 2018-07-09 23:20 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000232488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2018-07-09 23:20 - 2018-07-09 23:20 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000228768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthAgent.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpRelayTransport.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-07-09 23:20 - 2018-07-09 23:20 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\autopilot.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VideoHandlers.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000183712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cdrom.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManagerAPI.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000148896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000134560 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000118872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000116632 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandler.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatecsp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000105376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSoftwareInstallationClient.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000093600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthProxyStub.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000083360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000072768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Uev.ModernAppCore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UevAppMonitor.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000048544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storufs.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\cellulardatacapabilityhandler.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000040864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClientPS.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-07-09 23:20 - 2018-07-09 23:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-07-09 23:20 - 2018-07-09 23:20 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DTUHandlerPS.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000019872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVTerminator.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-07-09 23:20 - 2018-07-09 23:20 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-07-09 23:20 - 2018-07-09 23:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-07-09 23:17 - 2018-04-11 06:48 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-07-09 23:17 - 2018-04-11 06:45 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-07-09 23:17 - 2018-04-11 06:41 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-07-09 23:17 - 2018-04-11 05:14 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-07-09 23:17 - 2018-04-11 05:12 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-07-09 23:17 - 2018-04-11 05:09 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-07-09 23:17 - 2017-10-29 18:03 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-07-09 23:17 - 2017-10-29 16:42 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-07-09 23:16 - 2018-07-09 23:16 - 000245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2018-07-09 23:16 - 2018-07-09 23:16 - 000245760 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2018-07-09 23:16 - 2018-07-09 23:16 - 000058524 _____ C:\WINDOWS\system32\srms.dat
2018-07-09 23:01 - 2018-07-10 00:03 - 000000000 ___DC C:\WINDOWS\Panther
2018-07-09 23:00 - 2018-07-09 23:01 - 000000036 _____ C:\WINDOWS\progress.ini
2018-07-09 22:53 - 2018-07-09 23:00 - 000000000 ___HD C:\$GetCurrent
2018-07-09 22:53 - 2018-07-09 22:59 - 000000000 ____D C:\Windows10Upgrade
2018-07-09 22:53 - 2018-07-09 22:53 - 000000738 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-08 07:15 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-08 03:27 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-08 03:25 - 2018-02-15 21:25 - 000000000 ___RD C:\Users\b\OneDrive
2018-08-08 03:24 - 2018-06-07 05:56 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2018-08-08 03:24 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-08 03:24 - 2018-02-15 21:58 - 000000000 ____D C:\ProgramData\Logishrd
2018-08-08 03:24 - 2018-02-11 15:03 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-08 03:16 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-08 03:05 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-17 12:02 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-17 12:02 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-07-14 03:55 - 2018-03-20 09:58 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-07-14 03:55 - 2018-03-20 09:58 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-14 03:55 - 2018-03-20 09:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-10 05:47 - 2018-05-22 09:26 - 000000000 ____D C:\Users\b\AppData\LocalLow\Mozilla
2018-07-10 05:44 - 2018-02-15 21:25 - 000000000 ____D C:\Users\b\AppData\Local\Packages
2018-07-10 03:14 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-07-10 02:14 - 2018-02-15 21:57 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-10 00:56 - 2018-06-07 05:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2018-07-10 00:56 - 2018-04-11 16:41 - 000000000 ____D C:\WINDOWS\Setup
2018-07-10 00:56 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-07-10 00:56 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-07-10 00:56 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-07-10 00:56 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Help
2018-07-10 00:56 - 2018-03-02 19:46 - 000000000 ____D C:\Users\b\AppData\Local\Comms
2018-07-10 00:56 - 2018-02-15 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2018-07-10 00:56 - 2018-02-11 15:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2018-07-10 00:56 - 2018-02-11 15:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2018-07-10 00:56 - 2018-02-11 15:02 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2018-07-10 00:56 - 2018-02-10 18:35 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2018-07-10 00:56 - 2018-02-10 18:35 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-07-10 00:19 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-07-10 00:04 - 2018-02-15 21:25 - 000000000 ____D C:\Users\b\AppData\Local\ConnectedDevicesPlatform
2018-07-10 00:03 - 2018-02-11 13:55 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-07-10 00:01 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Registration
2018-07-10 00:01 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-07-10 00:01 - 2018-03-06 10:23 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-10 00:01 - 2018-03-06 10:23 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-10 00:00 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-07-09 23:59 - 2018-06-07 05:43 - 000000000 ____D C:\Users\b\Downloads\VPNS
2018-07-09 23:59 - 2018-04-11 16:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-07-09 23:57 - 2018-02-11 15:02 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2018-07-09 23:57 - 2018-02-11 15:02 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2018-07-09 23:57 - 2018-02-10 23:04 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-07-09 23:57 - 2018-02-10 23:04 - 000000000 ____D C:\WINDOWS\system32\DAX3
2018-07-09 23:57 - 2018-02-10 23:04 - 000000000 ____D C:\WINDOWS\system32\DAX2
2018-07-09 23:57 - 2018-02-10 23:04 - 000000000 ____D C:\ProgramData\Audyssey Labs
2018-07-09 23:23 - 2018-02-10 23:04 - 000000000 ____D C:\Program Files\Realtek
2018-07-09 23:21 - 2018-04-12 02:37 - 000000000 ____D C:\WINDOWS\Containers
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-07-09 23:21 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-07-09 23:21 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-07-09 23:21 - 2018-04-11 14:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-07-09 23:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-07-09 23:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-07-09 23:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-07-09 23:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-07-09 23:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-07-09 23:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-07-09 23:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-07-09 23:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-07-09 23:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-07-09 23:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-07-09 23:17 - 2018-04-11 16:33 - 000424448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2018-07-09 23:17 - 2018-04-11 16:33 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
Some files in TEMP:
====================
2018-08-08 07:01 - 2018-08-08 07:01 - 000383872 _____ (Sysinternals - www.sysinternals.com) C:\Users\b\AppData\Local\Temp\PSZLPIRP.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD. The user is not administrator
==================== End of FRST.txt ============================

 

 

 

Addition log:

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by b (08-08-2018 07:33:57)
Running from C:\Users\b\Desktop
Windows 10 Pro Version 1803 17134.137 (X64) (2018-07-10 07:01:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2850893678-3308694845-315594102-500 - Administrator - Disabled)
b (S-1-5-21-2850893678-3308694845-315594102-1002 - Limited - Enabled) => C:\Users\b
DefaultAccount (S-1-5-21-2850893678-3308694845-315594102-503 - Limited - Disabled)
Guest (S-1-5-21-2850893678-3308694845-315594102-501 - Limited - Disabled)
PC (S-1-5-21-2850893678-3308694845-315594102-1001 - Administrator - Enabled) => C:\Users\PC
WDAGUtilityAccount (S-1-5-21-2850893678-3308694845-315594102-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2850893678-3308694845-315594102-1002\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8053 - Realtek Semiconductor Corp.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{5009B7EE-8A15-4A23-B404-15E31D02DA67}) (Version: 2.43.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-20] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-20] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-20] (AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-20] (AVAST Software)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job =>
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-10-19 20:29 - 2017-10-19 20:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-10-19 20:29 - 2017-10-19 20:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2017-10-19 20:02 - 2017-10-19 20:02 - 000077824 _____ () C:\Program Files\Logitech Gaming Software\LAClient\zlib.dll
2017-10-19 20:02 - 2017-10-19 20:02 - 000144896 _____ () C:\Program Files\Logitech Gaming Software\LAClient\libssh2.dll
2018-07-10 00:05 - 2018-07-10 00:05 - 000088888 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\zlib1.dll
2018-07-10 00:05 - 2018-07-10 00:05 - 001356088 _____ () C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\libxml2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-02-10 18:35 - 2018-02-10 18:34 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2850893678-3308694845-315594102-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\b\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\scinotesperiodictablebbg.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{0C65F788-6BA3-4D66-A7E3-A09D9A9C5A92}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [UDP Query User{3C7AC4D2-155A-4048-8FB9-1BD77AC230A9}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{BBD6D78A-C088-4D5D-88A7-A330C11CFBCC}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{380BA2AB-3E4C-41CE-BF4E-FED041AAD82C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{19E4DB58-790E-4749-AEDE-F1F1731CC820}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{93133A4A-DD4B-4902-A864-64C6A77D892E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{5C7F3DAA-3456-45CC-8EE4-DD5AEB963A25}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{54527764-3F37-4F6F-A880-DC6062A17D9F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{794926FE-2B1F-4E1C-9CDB-A3BA4098FF0E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [UDP Query User{F08B7E4F-4724-4BB4-AFBD-09AC0D372532}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{9DB77AC6-C519-4C04-8B46-6AB8353B9F0C}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{A9D7166E-5C15-4ACA-89E2-677877F70492}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{5AEF48E7-6FF6-401A-89E4-2411AF1A9179}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{805F94B0-6139-447F-A814-8A836B6DD0A6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{A857F0BB-7417-44B4-B7F3-9B992CF32399}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{671DDAB2-F348-4FC2-8DB1-AA1393C1DD7A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{F99B2405-A848-4144-A5BF-71ADC55220DA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{BF229DC9-9E62-4797-B68D-7FDCD2F0C4B5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{FEE56551-1BF8-4596-AA4B-39ADC1990853}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{071812AC-6CC7-41F4-9D78-1D5F60E5B67C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1B471531-000C-48FF-AD4A-5A8F6CBAAE16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1810B806-C41D-4548-8DC8-2DC64A669A82}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{728A0280-1FE5-43C8-BC46-01A52C0D036C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{91842C5B-9B8B-47B4-AB1E-D35AB70BC2AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{100C4F22-CF8D-4854-8EAD-2684FF35D54A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FE602DCC-1251-4F22-ACAB-EFC935B403E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FFE2B68F-B085-4D91-B235-0A3613B95E30}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [TCP Query User{7F67AA3D-09BC-4C32-908C-06118023E53A}C:\users\b\downloads\gimmerdemo-win32-x64-0.1.7\gimmerdemo.exe] => (Allow) C:\users\b\downloads\gimmerdemo-win32-x64-0.1.7\gimmerdemo.exe
FirewallRules: [UDP Query User{4948AF34-3D83-4183-95E3-60A86FAD8298}C:\users\b\downloads\gimmerdemo-win32-x64-0.1.7\gimmerdemo.exe] => (Allow) C:\users\b\downloads\gimmerdemo-win32-x64-0.1.7\gimmerdemo.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (08/08/2018 07:18:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.137, time stamp: 0x5b234384
Faulting module name: edgehtml.dll, version: 11.0.17134.137, time stamp: 0x19e0b525
Exception code: 0xc0000005
Fault offset: 0x000000000037ad5a
Faulting process id: 0x15bc
Faulting application start time: 0x01d42f21d96bcd99
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report Id: f22ecb0a-2aae-4447-bd33-0ff8a20c22dc
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (08/08/2018 07:01:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x3d2c
Faulting application start time: 0x01d42f204e43252e
Faulting application path: C:\Users\b\Documents\RootkitRevealer (1)\RootkitRevealer.exe
Faulting module path: C:\Users\b\Documents\RootkitRevealer (1)\RootkitRevealer.exe
Report Id: 553ff179-3abd-437f-9214-d4e192e5bf6b
Faulting package full name:
Faulting package-relative application ID:
Error: (08/08/2018 06:29:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x356c
Faulting application start time: 0x01d42f1bdca0a482
Faulting application path: C:\Users\b\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\RootkitRevealer (1)\RootkitRevealer.exe
Faulting module path: C:\Users\b\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\RootkitRevealer (1)\RootkitRevealer.exe
Report Id: 2bc213d8-683c-4f02-b170-5fdcf29861e4
Faulting package full name:
Faulting package-relative application ID:
Error: (08/08/2018 05:05:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.137, time stamp: 0x5b234384
Faulting module name: EdgeContent.dll, version: 11.0.17134.137, time stamp: 0x2fd4aae0
Exception code: 0xc0000409
Fault offset: 0x00000000000ace9a
Faulting process id: 0xdd0
Faulting application start time: 0x01d42f020debcddf
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeContent.dll
Report Id: b3c95c5e-6348-4555-a500-7232ce0854e3
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (08/08/2018 03:10:56 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (08/08/2018 03:10:56 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (07/10/2018 12:00:02 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Error: (07/09/2018 11:59:15 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

System errors:
=============
Error: (08/08/2018 03:23:57 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-97DUDUE)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/08/2018 03:23:54 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-97DUDUE)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
Error: (08/08/2018 03:23:54 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-97DUDUE)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess
Error: (08/08/2018 03:23:54 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-97DUDUE)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess
Error: (08/08/2018 03:23:54 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-97DUDUE)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess
Error: (08/08/2018 03:23:53 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-97DUDUE)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
Error: (08/08/2018 03:23:53 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-97DUDUE)
Description: DCOM got error "1084" attempting to start the service InstallService with arguments "Unavailable" in order to run the server:
WindowsUpdate.Internal.InstallControl
Error: (08/08/2018 03:23:53 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-97DUDUE)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess

Windows Defender:
===================================
Date: 2018-07-10 00:01:32.755
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2018-07-10 00:01:30.691
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
==================== Memory info ===========================
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 58%
Total physical RAM: 8147.16 MB
Available physical RAM: 3340.51 MB
Total Virtual: 13727.03 MB
Available Virtual: 5632.06 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:220.73 GB) (Free:128.87 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1844.39 GB) (Free:1835.55 GB) NTFS
\\?\Volume{2f352ad6-1b95-4475-a1c1-334c53bf5ec9}\ (Recovery) (Fixed) (Total:2.23 GB) (Free:1.85 GB) NTFS
\\?\Volume{d0f19c50-0000-0000-0000-f018cd010000}\ (Recovery) (Fixed) (Total:18.63 GB) (Free:18.21 GB) NTFS
\\?\Volume{ae4d3fe4-7e83-4347-a0f5-5608b2080749}\ (BOOT) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
==================== MBR & Partition Table ==================
==================== End of Addition.txt ============================

Attached Files


Edited by phibonacci, 08 August 2018 - 10:05 AM.
Took out user's note about duplicate topic and this being the one to save


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 PM

Posted 09 August 2018 - 07:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The Farbar program must be run in an Administrator account.

If you cannot run it in Normal Mode run the program in Safe Moded with Internet connection.

Post fresh logs for my review.

#3 phibonacci

phibonacci
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 10 August 2018 - 06:27 PM

Thank you for your help nasdaq.
 
I did as you asked and I think have added the correct administrator farbar scan.  Sorry in advance for my ignorance. :smash:  Thank you.
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by PC (administrator) on DESKTOP-97DUDUE (10-08-2018 16:23:34)
Running from C:\Users\PC\Desktop
Loaded Profiles: PC & b (Available Profiles: PC & B)
Platform: Windows 10 Pro Version 1803 17134.137 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\fsorsp64.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\fshoster64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198080 2017-02-05] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-08-10] (AVAST Software)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2018-06-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2850893678-3308694845-315594102-1001\...\RunOnce: [Uninstall 17.3.7294.0108\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PC\AppData\Local\Microsoft\OneDrive\17.3.7294.0108\amd64"
HKU\S-1-5-21-2850893678-3308694845-315594102-1001\...\RunOnce: [Uninstall 17.3.7294.0108] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\PC\AppData\Local\Microsoft\OneDrive\17.3.7294.0108"
HKU\S-1-5-21-2850893678-3308694845-315594102-1002\...\RunOnce: [RemovalTool] => C:\Users\b\AppData\Local\FSDART\f008f8cc-c28d-4726-9f80-fd7f9b96c2e4\fssos.exe [2953696 2018-08-08] (F-Secure Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2018-06-07]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ae7a1205-9871-4e30-9937-fe069d9cbe5f}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-08-10] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-10] (AVAST Software)
R2 fsulhoster; C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\fshoster64.exe [574944 2018-08-08] (F-Secure Corporation)
R2 fsulorsp; C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\fsorsp64.exe [78304 2018-08-08] (F-Secure Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2018-06-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-11] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-08-10] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-08-10] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-08-10] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-08-10] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-08-10] (AVAST Software)
S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-10] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-08-10] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-08-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-08-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-08-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-08-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-08-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467064 2018-08-10] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-08-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-08-10] (AVAST Software)
R3 BCMH43XX; C:\WINDOWS\system32\DRIVERS\AE2500w764.sys [2576632 2016-12-03] (Broadcom Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 fsbts; C:\WINDOWS\System32\drivers\fsbts.sys [65872 2018-08-08] ()
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-11] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2017-04-05] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2017-04-05] (Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-05] (Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [64280 2017-04-05] (Logitech Inc.)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2018-06-07] (SoftEther Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2018-06-07] (SoftEther Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-10 16:23 - 2018-08-10 16:23 - 000011803 _____ C:\Users\PC\Desktop\FRST.txt
2018-08-10 16:20 - 2018-08-10 16:20 - 000026999 _____ C:\Users\PC\Downloads\Addition.txt
2018-08-10 16:19 - 2018-08-10 16:20 - 000024861 _____ C:\Users\PC\Downloads\FRST.txt
2018-08-10 16:19 - 2018-08-10 16:19 - 002412544 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2018-08-10 16:19 - 2018-08-10 16:19 - 000000000 ____D C:\Users\PC\AppData\Local\AVAST Software
2018-08-10 16:15 - 2018-08-10 16:15 - 000001417 _____ C:\Users\PC\Desktop\Microsoft Edge.lnk
2018-08-10 16:15 - 2018-08-10 16:15 - 000000000 ___HD C:\Users\PC\MicrosoftEdgeBackups
2018-08-10 16:15 - 2018-08-10 16:15 - 000000000 ____D C:\Users\PC\AppData\Local\Logitech
2018-08-10 16:14 - 2018-08-10 16:14 - 000000432 __RSH C:\Users\PC\ntuser.pol
2018-08-10 16:14 - 2018-08-10 16:14 - 000000000 ___RD C:\Users\PC\3D Objects
2018-08-10 16:14 - 2018-08-10 16:14 - 000000000 ____D C:\Users\PC\AppData\Local\Google
2018-08-10 16:02 - 2018-08-10 16:02 - 000378072 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-08-10 16:02 - 2018-08-10 16:02 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2018-08-08 07:33 - 2018-08-10 16:23 - 000000000 ____D C:\FRST
2018-08-08 07:33 - 2018-08-08 07:34 - 000123366 _____ C:\Users\b\Desktop\FRST.txt
2018-08-08 07:33 - 2018-08-08 07:34 - 000022099 _____ C:\Users\b\Desktop\Addition.txt
2018-08-08 07:32 - 2018-08-08 07:32 - 002412544 _____ (Farbar) C:\Users\b\Desktop\FRST64.exe
2018-08-08 07:26 - 2018-08-08 07:26 - 000464491 _____ C:\Users\b\Downloads\RootRepeal.zip
2018-08-08 07:21 - 2018-08-08 07:21 - 000065872 _____ C:\WINDOWS\system32\Drivers\fsbts.sys
2018-08-08 07:20 - 2018-08-08 07:26 - 000000000 ____D C:\ProgramData\F-Secure
2018-08-08 07:20 - 2018-08-08 07:20 - 000000000 ____D C:\Users\b\AppData\Local\F-Secure
2018-08-08 07:20 - 2018-08-08 07:20 - 000000000 ____D C:\Users\b\AppData\Local\FSDART
2018-08-08 07:20 - 2018-08-08 07:20 - 000000000 ____D C:\Program Files\F-Secure
2018-08-08 07:09 - 2018-08-08 07:09 - 000000000 ____D C:\Users\b\Documents\AccessChk
2018-08-08 07:08 - 2018-08-08 07:08 - 000378512 _____ C:\Users\b\Documents\AccessChk.zip
2018-08-08 07:02 - 2018-08-08 07:02 - 000000000 ____D C:\Users\b\Documents\Sysmon (1)
2018-08-08 07:02 - 2018-08-08 06:39 - 001463899 _____ C:\Users\b\Documents\Sysmon (1).zip
2018-08-08 07:01 - 2018-08-08 07:01 - 000000000 ____D C:\Users\b\Documents\RootkitRevealer (1)
2018-08-08 06:47 - 2018-08-08 06:47 - 000000000 ____D C:\Users\b\Downloads\gimmerdemo-win32-x64-0.1.7
2018-08-08 06:47 - 2018-08-08 06:47 - 000000000 ____D C:\Users\b\AppData\Roaming\Gimmer Demo
2018-08-08 06:29 - 2018-08-08 06:29 - 000000000 ____D C:\Users\PC\AppData\Local\DBG
2018-08-08 06:19 - 2018-08-08 06:25 - 699400192 _____ C:\Users\b\Downloads\bitdefender-rescue-cd.iso
2018-08-08 06:16 - 2018-08-08 07:05 - 1953349632 _____ C:\Users\b\Downloads\ubuntu-18.04.1-desktop-amd64.iso
2018-08-08 03:36 - 2018-08-08 03:39 - 175065824 _____ (Microsoft Corporation) C:\Users\b\Downloads\msert.exe
2018-08-08 03:27 - 2018-08-08 03:27 - 286785970 _____ C:\Users\b\Documents\123.reg
2018-08-08 03:22 - 2018-08-08 03:24 - 000000000 ____D C:\Users\b\AppData\Local\D3DSCache
2018-08-08 03:21 - 2018-08-10 16:17 - 000410874 _____ C:\WINDOWS\ntbtlog.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-10 16:22 - 2018-07-10 00:06 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-10 16:22 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-10 16:21 - 2018-07-10 00:01 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2850893678-3308694845-315594102-1001
2018-08-10 16:21 - 2018-07-09 23:58 - 000002407 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-10 16:21 - 2018-02-11 13:56 - 000000000 ___RD C:\Users\PC\OneDrive
2018-08-10 16:20 - 2018-07-10 00:05 - 000000000 ____D C:\ProgramData\Packages
2018-08-10 16:20 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-10 16:20 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-10 16:20 - 2018-02-11 13:55 - 000000000 ____D C:\Users\PC\AppData\Local\Packages
2018-08-10 16:18 - 2018-07-10 00:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-10 16:18 - 2018-07-09 23:56 - 000233856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-10 16:18 - 2018-06-07 05:56 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2018-08-10 16:18 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-10 16:18 - 2018-02-11 15:03 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-08-10 16:17 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-08-10 16:17 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-08-10 16:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-08-10 16:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-08-10 16:17 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-08-10 16:17 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-08-10 16:15 - 2018-07-09 23:58 - 000000000 ____D C:\Users\PC
2018-08-10 16:15 - 2018-02-11 13:55 - 000000000 ____D C:\Users\PC\AppData\Local\ConnectedDevicesPlatform
2018-08-10 16:14 - 2018-02-11 13:55 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-08-10 16:09 - 2018-07-09 23:58 - 000000000 ____D C:\Users\b
2018-08-10 16:09 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-10 16:09 - 2018-02-15 21:58 - 000000000 ____D C:\ProgramData\Logishrd
2018-08-10 16:09 - 2018-02-15 21:25 - 000000000 ___RD C:\Users\b\OneDrive
2018-08-10 16:08 - 2018-03-20 09:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-08-10 16:07 - 2018-03-20 09:58 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-08-10 16:03 - 2018-07-09 23:23 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-08-10 16:03 - 2018-03-06 10:23 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 16:03 - 2018-03-06 10:23 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-10 16:02 - 2018-07-10 00:01 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-08-10 16:02 - 2018-07-09 23:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-10 16:02 - 2018-07-09 23:23 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-08-10 16:02 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-08-10 16:02 - 2018-02-15 21:27 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-08-08 06:40 - 2018-06-12 07:35 - 000002070 _____ C:\Users\PC\Desktop\Rkill.txt
2018-08-08 03:25 - 2018-07-10 00:01 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2850893678-3308694845-315594102-1002
2018-08-08 03:25 - 2018-07-09 23:58 - 000002404 _____ C:\Users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-08 03:05 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-17 12:02 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-14 03:55 - 2018-03-20 09:58 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
Some files in TEMP:
====================
2018-08-08 07:01 - 2018-08-08 07:01 - 000383872 _____ (Sysinternals - www.sysinternals.com) C:\Users\b\AppData\Local\Temp\PSZLPIRP.exe
2018-08-08 06:29 - 2018-08-08 06:29 - 000367488 _____ (Sysinternals - www.sysinternals.com) C:\Users\PC\AppData\Local\Temp\LRXBLZD.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-07-09 23:56
==================== End of FRST.txt ============================
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by PC (10-08-2018 16:23:52)
Running from C:\Users\PC\Desktop
Windows 10 Pro Version 1803 17134.137 (X64) (2018-07-10 07:01:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2850893678-3308694845-315594102-500 - Administrator - Disabled)
b (S-1-5-21-2850893678-3308694845-315594102-1002 - Limited - Enabled) => C:\Users\b
DefaultAccount (S-1-5-21-2850893678-3308694845-315594102-503 - Limited - Disabled)
Guest (S-1-5-21-2850893678-3308694845-315594102-501 - Limited - Disabled)
PC (S-1-5-21-2850893678-3308694845-315594102-1001 - Administrator - Enabled) => C:\Users\PC
WDAGUtilityAccount (S-1-5-21-2850893678-3308694845-315594102-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2850893678-3308694845-315594102-1001\...\OneDriveSetup.exe) (Version: 18.111.0603.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2850893678-3308694845-315594102-1002\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8053 - Realtek Semiconductor Corp.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{5009B7EE-8A15-4A23-B404-15E31D02DA67}) (Version: 2.43.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-10] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-10] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-10] (AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-10] (AVAST Software)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {178BECB7-6807-4B50-AA27-460E022F59C3} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {2C8E402B-E617-4EDD-A963-B3BE52D1FEA9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-10] (AVAST Software)
Task: {64467370-736D-4ABD-A2ED-620408B6077A} - System32\Tasks\S-1-5-21-2850893678-3308694845-315594102-1002\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {7F59BE51-C72D-4AD8-82DE-9B926680EA70} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2850893678-3308694845-315594102-1002
Task: {86B1E90E-FBAA-46AA-AC3C-FBD41715B70B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-06] (Google Inc.)
Task: {C14BE46E-39C6-4941-88F0-1AF2CEC27311} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-06-06] (AVAST Software)
Task: {C7933DA5-9542-4534-B82D-DFCF382B5140} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-06] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2018-08-08 07:21 - 2018-08-08 07:21 - 000418784 _____ () C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\daas2_x64.dll
2018-08-08 07:21 - 2018-08-08 07:21 - 000319968 _____ () C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\senddump_fshoster_plugin64.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-07-09 23:20 - 2018-07-09 23:20 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-10-19 20:29 - 2017-10-19 20:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-10-19 20:29 - 2017-10-19 20:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2018-03-15 01:13 - 2018-03-15 01:13 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-08-10 16:02 - 2018-08-10 16:02 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-08-10 16:02 - 2018-08-10 16:02 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-02-10 18:35 - 2018-02-10 18:34 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2850893678-3308694845-315594102-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2850893678-3308694845-315594102-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\b\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\scinotesperiodictablebbg.png
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{3C7AC4D2-155A-4048-8FB9-1BD77AC230A9}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{BBD6D78A-C088-4D5D-88A7-A330C11CFBCC}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{380BA2AB-3E4C-41CE-BF4E-FED041AAD82C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{19E4DB58-790E-4749-AEDE-F1F1731CC820}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{93133A4A-DD4B-4902-A864-64C6A77D892E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{5C7F3DAA-3456-45CC-8EE4-DD5AEB963A25}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{54527764-3F37-4F6F-A880-DC6062A17D9F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{794926FE-2B1F-4E1C-9CDB-A3BA4098FF0E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [UDP Query User{F08B7E4F-4724-4BB4-AFBD-09AC0D372532}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{9DB77AC6-C519-4C04-8B46-6AB8353B9F0C}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{A9D7166E-5C15-4ACA-89E2-677877F70492}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{5AEF48E7-6FF6-401A-89E4-2411AF1A9179}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{805F94B0-6139-447F-A814-8A836B6DD0A6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{A857F0BB-7417-44B4-B7F3-9B992CF32399}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{671DDAB2-F348-4FC2-8DB1-AA1393C1DD7A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{F99B2405-A848-4144-A5BF-71ADC55220DA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{BF229DC9-9E62-4797-B68D-7FDCD2F0C4B5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{FEE56551-1BF8-4596-AA4B-39ADC1990853}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{071812AC-6CC7-41F4-9D78-1D5F60E5B67C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1B471531-000C-48FF-AD4A-5A8F6CBAAE16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1810B806-C41D-4548-8DC8-2DC64A669A82}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{728A0280-1FE5-43C8-BC46-01A52C0D036C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{91842C5B-9B8B-47B4-AB1E-D35AB70BC2AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{100C4F22-CF8D-4854-8EAD-2684FF35D54A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FE602DCC-1251-4F22-ACAB-EFC935B403E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FFE2B68F-B085-4D91-B235-0A3613B95E30}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [TCP Query User{7F67AA3D-09BC-4C32-908C-06118023E53A}C:\users\b\downloads\gimmerdemo-win32-x64-0.1.7\gimmerdemo.exe] => (Allow) C:\users\b\downloads\gimmerdemo-win32-x64-0.1.7\gimmerdemo.exe
FirewallRules: [UDP Query User{4948AF34-3D83-4183-95E3-60A86FAD8298}C:\users\b\downloads\gimmerdemo-win32-x64-0.1.7\gimmerdemo.exe] => (Allow) C:\users\b\downloads\gimmerdemo-win32-x64-0.1.7\gimmerdemo.exe
FirewallRules: [{1B4F6DFC-E199-4E1D-AE6A-86DED4E8A626}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{9F752C14-6348-4A4D-BB34-6B07BFA6594D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{7FC786F3-F0AB-476B-B3B9-EF5D0DE06ED1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
10-07-2018 02:14:33 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
14-07-2018 03:55:17 Windows Update
24-07-2018 16:33:04 Scheduled Checkpoint
10-08-2018 16:07:42 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (08/08/2018 07:18:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.137, time stamp: 0x5b234384
Faulting module name: edgehtml.dll, version: 11.0.17134.137, time stamp: 0x19e0b525
Exception code: 0xc0000005
Fault offset: 0x000000000037ad5a
Faulting process id: 0x15bc
Faulting application start time: 0x01d42f21d96bcd99
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report Id: f22ecb0a-2aae-4447-bd33-0ff8a20c22dc
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (08/08/2018 07:01:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x3d2c
Faulting application start time: 0x01d42f204e43252e
Faulting application path: C:\Users\b\Documents\RootkitRevealer (1)\RootkitRevealer.exe
Faulting module path: C:\Users\b\Documents\RootkitRevealer (1)\RootkitRevealer.exe
Report Id: 553ff179-3abd-437f-9214-d4e192e5bf6b
Faulting package full name:
Faulting package-relative application ID:
Error: (08/08/2018 06:29:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x356c
Faulting application start time: 0x01d42f1bdca0a482
Faulting application path: C:\Users\b\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\RootkitRevealer (1)\RootkitRevealer.exe
Faulting module path: C:\Users\b\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\RootkitRevealer (1)\RootkitRevealer.exe
Report Id: 2bc213d8-683c-4f02-b170-5fdcf29861e4
Faulting package full name:
Faulting package-relative application ID:
Error: (08/08/2018 05:05:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.137, time stamp: 0x5b234384
Faulting module name: EdgeContent.dll, version: 11.0.17134.137, time stamp: 0x2fd4aae0
Exception code: 0xc0000409
Fault offset: 0x00000000000ace9a
Faulting process id: 0xdd0
Faulting application start time: 0x01d42f020debcddf
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeContent.dll
Report Id: b3c95c5e-6348-4555-a500-7232ce0854e3
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (08/08/2018 03:10:56 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (08/08/2018 03:10:56 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (07/10/2018 12:00:02 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A
Error: (07/09/2018 11:59:15 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

System errors:
=============
Error: (08/10/2018 04:18:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0923: 2018-07 Cumulative Update for Windows 10 Version 1803 for x64-based Systems (KB4338819).
Error: (08/10/2018 04:17:49 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll
Error Code: 21
Error: (08/10/2018 04:16:23 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-97DUDUE)
Description: The server {D63B10C5-BB46-4990-A94F-E40B9D520160} did not register with DCOM within the required timeout.
Error: (08/10/2018 04:02:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 9:24:41 AM on ‎8/‎8/‎2018 was unexpected.
Error: (08/08/2018 08:28:34 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-97DUDUE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-97DUDUE\b SID (S-1-5-21-2850893678-3308694845-315594102-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/08/2018 03:23:57 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-97DUDUE)
Description: DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "Unavailable" in order to run the server:
{DD522ACC-F821-461A-A407-50B198B896DC}
Error: (08/08/2018 03:23:54 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-97DUDUE)
Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server:
Windows.Internal.Security.Authentication.Web.TokenBrokerInternal
Error: (08/08/2018 03:23:54 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-97DUDUE)
Description: DCOM got error "1084" attempting to start the service camsvc with arguments "Unavailable" in order to run the server:
Windows.Internal.CapabilityAccess.CapabilityAccess

Windows Defender:
===================================
Date: 2018-07-10 00:01:32.755
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2018-07-10 00:01:30.691
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
==================== Memory info ===========================
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 33%
Total physical RAM: 8147.16 MB
Available physical RAM: 5397.33 MB
Total Virtual: 9427.16 MB
Available Virtual: 5706.94 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:220.73 GB) (Free:128.48 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1844.39 GB) (Free:1835.55 GB) NTFS
\\?\Volume{2f352ad6-1b95-4475-a1c1-334c53bf5ec9}\ (Recovery) (Fixed) (Total:2.23 GB) (Free:1.85 GB) NTFS
\\?\Volume{d0f19c50-0000-0000-0000-f018cd010000}\ (Recovery) (Fixed) (Total:18.63 GB) (Free:18.21 GB) NTFS
\\?\Volume{ae4d3fe4-7e83-4347-a0f5-5608b2080749}\ (BOOT) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 16F544A7)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: D0F19C50)
Partition 1: (Not Active) - (Size=1844.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=18.6 GB) - (Type=27)
==================== End of Addition.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 PM

Posted 11 August 2018 - 06:44 AM


Hi,

Error: (08/10/2018 04:18:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0923: 2018-07 Cumulative Upda

te for Windows 10 Version 1803 for x64-based Systems (KB4338819).

If you Search Google for KB4338819 you will see that you are not alone with this issue.

Let see if we can fix this issue.

Try this. Follow the instructions on each step.

Locate the CMD.EXE and run it as an Administrator.

At the DOS prompt execute this command in bold.

:step1: net stop wuauserv

:step2: Renames the C:\Windows\SoftwareDistribution folder to C:\Windows\SoftwareDistribution.old , essentially clearing the Windows Update download cache so that it can start over.

:step3: Restart the Windows Update service net start wuauserv

Restart the computer normally.

If the Windows Updates do not start do it your self.

How to:
https://venturebeat.com/2015/07/28/how-to-force-windows-to-start-downloading-the-windows-10-update-files/

How is it now?

<<<>>>

p.s
Let the Updates complete. Do not power off the computer it can cause problems.

#5 phibonacci

phibonacci
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:02 PM

Posted 12 August 2018 - 02:49 PM

Thank you for the help.  I first searched Google for KB4338819 and found some similar issues.

 

1. I ran CMD as administrator and stopped windowsupdate via typing net stop wuauserv

 

2. I renamed C:\\Windows\SoftwareDistribution to C:\\Windows\SoftwareDistribtution.old 

 

3. I restarted windowsupdate by typing net start wuauserv

 

4. I restarted the comp normally

 

5. Windows Update didn't start automatically so I went into windows update from settings and it said it was already up to date.

 

I think I still have the same issues so I ran farbar again

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02.08.2018
Ran by PC (administrator) on DESKTOP-97DUDUE (12-08-2018 12:47:03)
Running from C:\Users\PC\Desktop
Loaded Profiles: PC (Available Profiles: PC & B)
Platform: Windows 10 Pro Version 1803 17134.165 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\fsorsp64.exe
(F-Secure Corporation) C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\fshoster64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198080 2017-02-05] (Realtek Semiconductor)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-08-10] (AVAST Software)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17987704 2017-10-19] (Logitech Inc.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2018-06-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-11] (Microsoft Corporation)
HKU\S-1-5-21-2850893678-3308694845-315594102-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3206432 2018-08-08] (Valve Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2018-06-07]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
GroupPolicy\User: Restriction ? <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{ae7a1205-9871-4e30-9937-fe069d9cbe5f}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
FireFox:
========
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-10-27] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-20] (Google Inc.)
Chrome:
=======
CHR Profile: C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default [2018-08-12]
CHR Extension: (Slides) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-08-10]
CHR Extension: (Docs) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-08-12]
CHR Extension: (Google Drive) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-08-12]
CHR Extension: (YouTube) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-08-12]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2018-08-10]
CHR Extension: (Sheets) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-08-10]
CHR Extension: (Google Docs Offline) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-12]
CHR Extension: (Avast Online Security) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-08-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-08-10]
CHR Extension: (Gmail) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-08-12]
CHR Extension: (Chrome Media Router) - C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-08-10]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-08-10] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-10] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-08-10] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-08-10] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [6877224 2018-08-11] ()
R2 fsulhoster; C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\fshoster64.exe [574944 2018-08-08] (F-Secure Corporation)
R2 fsulorsp; C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\fsorsp64.exe [78304 2018-08-08] (F-Secure Corporation)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017-10-19] (Logitech Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5248456 2018-06-07] (SoftEther VPN Project at University of Tsukuba, Japan.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-11] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-08-10] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-08-10] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-08-10] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-08-10] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-08-10] (AVAST Software)
S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-08-10] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-08-10] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-08-10] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-08-10] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-08-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-08-10] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-08-10] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467064 2018-08-10] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-08-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-08-10] (AVAST Software)
R3 BCMH43XX; C:\WINDOWS\system32\DRIVERS\AE2500w764.sys [2576632 2016-12-03] (Broadcom Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
R0 fsbts; C:\WINDOWS\System32\drivers\fsbts.sys [65872 2018-08-08] ()
R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [145920 2018-04-11] (Qualcomm Atheros, Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
S3 LGJoyHidFilter; C:\WINDOWS\system32\drivers\LGJoyHidFilter.sys [57368 2017-04-05] (Logitech Inc.)
S3 LGJoyHidLo; C:\WINDOWS\system32\drivers\LGJoyHidLo.sys [47256 2017-04-05] (Logitech Inc.)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2017-04-05] (Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\System32\drivers\LGSHidFilt.Sys [64280 2017-04-05] (Logitech Inc.)
R3 Neo_VPN; C:\WINDOWS\System32\drivers\Neo6_x64_VPN.sys [38216 2018-06-07] (SoftEther Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_2e7fa54192fe16d0\nvlddmkm.sys [16936048 2017-11-09] (NVIDIA Corporation)
R1 SeLow; C:\WINDOWS\system32\DRIVERS\SeLow_x64.sys [51024 2018-06-07] (SoftEther Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [166288 2017-05-18] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-11 01:40 - 2018-08-11 01:40 - 000000000 ____D C:\Users\PC\AppData\Local\BattlEye
2018-08-11 01:40 - 2018-08-11 01:40 - 000000000 ____D C:\Users\PC\ansel
2018-08-10 22:49 - 2018-08-10 22:49 - 000000222 _____ C:\Users\PC\Desktop\The Elder Scrolls Online.url
2018-08-10 21:50 - 2018-08-10 21:50 - 000000000 ____D C:\Users\PC\AppData\Roaming\CC
2018-08-10 21:33 - 2010-06-02 04:55 - 000527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2018-08-10 21:33 - 2010-06-02 04:55 - 000518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2018-08-10 21:33 - 2010-06-02 04:55 - 000239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2018-08-10 21:33 - 2010-06-02 04:55 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2018-08-10 21:33 - 2010-06-02 04:55 - 000077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2018-08-10 21:33 - 2010-06-02 04:55 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2018-08-10 21:33 - 2010-05-26 11:41 - 002526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2018-08-10 21:33 - 2010-05-26 11:41 - 002401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2018-08-10 21:33 - 2010-05-26 11:41 - 002106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2018-08-10 21:33 - 2010-05-26 11:41 - 001998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2018-08-10 21:33 - 2010-05-26 11:41 - 001907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2018-08-10 21:33 - 2010-05-26 11:41 - 001868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2018-08-10 21:33 - 2010-05-26 11:41 - 000511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2018-08-10 21:33 - 2010-05-26 11:41 - 000470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2018-08-10 21:33 - 2010-05-26 11:41 - 000276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2018-08-10 21:33 - 2010-05-26 11:41 - 000248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2018-08-10 21:33 - 2010-02-04 10:01 - 000530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2018-08-10 21:33 - 2010-02-04 10:01 - 000528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2018-08-10 21:33 - 2010-02-04 10:01 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2018-08-10 21:33 - 2010-02-04 10:01 - 000176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2018-08-10 21:33 - 2010-02-04 10:01 - 000078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2018-08-10 21:33 - 2010-02-04 10:01 - 000074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2018-08-10 21:33 - 2010-02-04 10:01 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2018-08-10 21:33 - 2010-02-04 10:01 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2018-08-10 21:33 - 2009-09-04 17:44 - 000517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2018-08-10 21:33 - 2009-09-04 17:44 - 000515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2018-08-10 21:33 - 2009-09-04 17:44 - 000238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2018-08-10 21:33 - 2009-09-04 17:44 - 000176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2018-08-10 21:33 - 2009-09-04 17:44 - 000073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2018-08-10 21:33 - 2009-09-04 17:44 - 000069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2018-08-10 21:33 - 2009-09-04 17:29 - 005554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2018-08-10 21:33 - 2009-09-04 17:29 - 005501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2018-08-10 21:33 - 2009-09-04 17:29 - 002582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2018-08-10 21:33 - 2009-09-04 17:29 - 002475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2018-08-10 21:33 - 2009-09-04 17:29 - 001974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2018-08-10 21:33 - 2009-09-04 17:29 - 001892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2018-08-10 21:33 - 2009-09-04 17:29 - 000523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2018-08-10 21:33 - 2009-09-04 17:29 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2018-08-10 21:33 - 2009-09-04 17:29 - 000285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2018-08-10 21:33 - 2009-09-04 17:29 - 000235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2018-08-10 21:33 - 2009-03-16 14:18 - 000521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2018-08-10 21:33 - 2009-03-16 14:18 - 000517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2018-08-10 21:33 - 2009-03-16 14:18 - 000235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2018-08-10 21:33 - 2009-03-16 14:18 - 000174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2018-08-10 21:33 - 2009-03-16 14:18 - 000024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2018-08-10 21:33 - 2009-03-16 14:18 - 000022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2018-08-10 21:33 - 2009-03-09 15:27 - 005425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2018-08-10 21:33 - 2009-03-09 15:27 - 004178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2018-08-10 21:33 - 2009-03-09 15:27 - 002430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2018-08-10 21:33 - 2009-03-09 15:27 - 001846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2018-08-10 21:33 - 2009-03-09 15:27 - 000520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2018-08-10 21:33 - 2009-03-09 15:27 - 000453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2018-08-10 21:33 - 2008-10-27 10:04 - 000518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2018-08-10 21:33 - 2008-10-27 10:04 - 000514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2018-08-10 21:33 - 2008-10-27 10:04 - 000235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2018-08-10 21:33 - 2008-10-27 10:04 - 000175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2018-08-10 21:33 - 2008-10-27 10:04 - 000074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2018-08-10 21:33 - 2008-10-27 10:04 - 000070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2018-08-10 21:33 - 2008-10-27 10:04 - 000025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2018-08-10 21:33 - 2008-10-27 10:04 - 000023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2018-08-10 21:33 - 2008-10-15 06:22 - 005631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2018-08-10 21:33 - 2008-10-15 06:22 - 004379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2018-08-10 21:33 - 2008-10-15 06:22 - 002605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2018-08-10 21:33 - 2008-10-15 06:22 - 002036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2018-08-10 21:33 - 2008-10-15 06:22 - 000519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2018-08-10 21:33 - 2008-10-15 06:22 - 000452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2018-08-10 21:33 - 2008-07-31 10:41 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2018-08-10 21:33 - 2008-07-31 10:41 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2018-08-10 21:33 - 2008-07-31 10:41 - 000072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2018-08-10 21:33 - 2008-07-31 10:41 - 000068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2018-08-10 21:33 - 2008-07-31 10:40 - 000513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2018-08-10 21:33 - 2008-07-31 10:40 - 000509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2018-08-10 21:33 - 2008-07-10 11:01 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2018-08-10 21:33 - 2008-07-10 11:00 - 004992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2018-08-10 21:33 - 2008-07-10 11:00 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2018-08-10 21:33 - 2008-07-10 11:00 - 001942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2018-08-10 21:33 - 2008-07-10 11:00 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2018-08-10 21:33 - 2008-07-10 11:00 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2018-08-10 21:33 - 2008-05-30 14:19 - 000511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2018-08-10 21:33 - 2008-05-30 14:19 - 000507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2018-08-10 21:33 - 2008-05-30 14:18 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2018-08-10 21:33 - 2008-05-30 14:18 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2018-08-10 21:33 - 2008-05-30 14:17 - 000068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2018-08-10 21:33 - 2008-05-30 14:17 - 000065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2018-08-10 21:33 - 2008-05-30 14:17 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2018-08-10 21:33 - 2008-05-30 14:16 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2018-08-10 21:33 - 2008-05-30 14:11 - 004991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2018-08-10 21:33 - 2008-05-30 14:11 - 003850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2018-08-10 21:33 - 2008-05-30 14:11 - 001941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2018-08-10 21:33 - 2008-05-30 14:11 - 001491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2018-08-10 21:33 - 2008-05-30 14:11 - 000540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2018-08-10 21:33 - 2008-05-30 14:11 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2018-08-10 21:33 - 2008-03-05 16:04 - 000489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2018-08-10 21:33 - 2008-03-05 16:03 - 000479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2018-08-10 21:33 - 2008-03-05 16:03 - 000238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2018-08-10 21:33 - 2008-03-05 16:03 - 000177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2018-08-10 21:33 - 2008-03-05 16:00 - 000028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2018-08-10 21:33 - 2008-03-05 16:00 - 000025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2018-08-10 21:33 - 2008-03-05 15:56 - 004910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2018-08-10 21:33 - 2008-03-05 15:56 - 003786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2018-08-10 21:33 - 2008-03-05 15:56 - 001860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2018-08-10 21:33 - 2008-03-05 15:56 - 001420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2018-08-10 21:33 - 2008-02-05 23:07 - 000529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2018-08-10 21:33 - 2008-02-05 23:07 - 000462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2018-08-10 21:33 - 2007-10-22 03:40 - 000411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2018-08-10 21:33 - 2007-10-22 03:39 - 000267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2018-08-10 21:33 - 2007-10-22 03:37 - 000021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2018-08-10 21:33 - 2007-10-22 03:37 - 000017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2018-08-10 21:33 - 2007-10-12 15:14 - 005081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2018-08-10 21:33 - 2007-10-12 15:14 - 003734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2018-08-10 21:33 - 2007-10-12 15:14 - 002006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2018-08-10 21:33 - 2007-10-12 15:14 - 001374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2018-08-10 21:33 - 2007-10-02 09:56 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2018-08-10 21:33 - 2007-10-02 09:56 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2018-08-10 21:33 - 2007-07-20 00:57 - 000411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2018-08-10 21:33 - 2007-07-20 00:57 - 000267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2018-08-10 21:33 - 2007-07-19 18:14 - 005073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2018-08-10 21:33 - 2007-07-19 18:14 - 003727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2018-08-10 21:33 - 2007-07-19 18:14 - 001985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2018-08-10 21:33 - 2007-07-19 18:14 - 001358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2018-08-10 21:33 - 2007-07-19 18:14 - 000508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2018-08-10 21:33 - 2007-07-19 18:14 - 000444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2018-08-10 21:33 - 2007-06-20 20:49 - 000409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2018-08-10 21:33 - 2007-06-20 20:46 - 000266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2018-08-10 21:33 - 2007-05-16 16:45 - 004496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2018-08-10 21:33 - 2007-05-16 16:45 - 003497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2018-08-10 21:33 - 2007-05-16 16:45 - 001401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2018-08-10 21:33 - 2007-05-16 16:45 - 001124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2018-08-10 21:33 - 2007-05-16 16:45 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2018-08-10 21:33 - 2007-05-16 16:45 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2018-08-10 21:33 - 2007-04-04 18:55 - 000403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2018-08-10 21:33 - 2007-04-04 18:55 - 000261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2018-08-10 21:33 - 2007-04-04 18:54 - 000107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2018-08-10 21:33 - 2007-04-04 18:53 - 000081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2018-08-10 21:33 - 2007-03-15 16:57 - 000506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2018-08-10 21:33 - 2007-03-15 16:57 - 000443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2018-08-10 21:33 - 2007-03-12 16:42 - 004494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2018-08-10 21:33 - 2007-03-12 16:42 - 003495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2018-08-10 21:33 - 2007-03-12 16:42 - 001400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2018-08-10 21:33 - 2007-03-12 16:42 - 001123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2018-08-10 21:33 - 2007-03-05 12:42 - 000017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2018-08-10 21:33 - 2007-03-05 12:42 - 000015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2018-08-10 21:33 - 2007-01-24 15:27 - 000393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2018-08-10 21:33 - 2007-01-24 15:27 - 000255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2018-08-10 21:33 - 2006-12-08 12:02 - 000251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2018-08-10 21:33 - 2006-12-08 12:00 - 000390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2018-08-10 21:33 - 2006-11-29 13:06 - 004398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2018-08-10 21:33 - 2006-11-29 13:06 - 003426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2018-08-10 21:33 - 2006-11-29 13:06 - 000469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2018-08-10 21:33 - 2006-11-29 13:06 - 000440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2018-08-10 21:33 - 2006-09-28 16:05 - 003977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2018-08-10 21:33 - 2006-09-28 16:05 - 002414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2018-08-10 21:33 - 2006-09-28 16:05 - 000237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2018-08-10 21:33 - 2006-09-28 16:04 - 000364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2018-08-10 21:33 - 2006-07-28 09:31 - 000083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2018-08-10 21:33 - 2006-07-28 09:30 - 000363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2018-08-10 21:33 - 2006-07-28 09:30 - 000236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2018-08-10 21:33 - 2006-07-28 09:30 - 000062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2018-08-10 21:33 - 2006-05-31 07:24 - 000230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2018-08-10 21:33 - 2006-05-31 07:22 - 000354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2018-08-10 21:33 - 2006-03-31 12:41 - 003927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2018-08-10 21:33 - 2006-03-31 12:40 - 002388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2018-08-10 21:33 - 2006-03-31 12:40 - 000352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2018-08-10 21:33 - 2006-03-31 12:39 - 000229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2018-08-10 21:33 - 2006-03-31 12:39 - 000083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2018-08-10 21:33 - 2006-03-31 12:39 - 000062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2018-08-10 21:33 - 2006-02-03 08:43 - 003830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2018-08-10 21:33 - 2006-02-03 08:43 - 002332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2018-08-10 21:33 - 2006-02-03 08:42 - 000355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2018-08-10 21:33 - 2006-02-03 08:42 - 000230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2018-08-10 21:33 - 2006-02-03 08:41 - 000016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2018-08-10 21:33 - 2006-02-03 08:41 - 000014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2018-08-10 21:33 - 2005-12-05 18:09 - 003815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2018-08-10 21:33 - 2005-12-05 18:09 - 002323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2018-08-10 21:33 - 2005-07-22 19:59 - 003807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2018-08-10 21:33 - 2005-07-22 19:59 - 002319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2018-08-10 21:33 - 2005-05-26 15:34 - 003767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2018-08-10 21:33 - 2005-05-26 15:34 - 002297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2018-08-10 21:33 - 2005-03-18 17:19 - 003823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2018-08-10 21:33 - 2005-03-18 17:19 - 002337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2018-08-10 21:33 - 2005-02-05 19:45 - 003544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2018-08-10 21:33 - 2005-02-05 19:45 - 002222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2018-08-10 21:13 - 2018-08-11 00:08 - 000000000 ____D C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2018-08-10 17:12 - 2018-08-10 17:12 - 000003458 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineUA
2018-08-10 17:12 - 2018-08-10 17:12 - 000003334 _____ C:\WINDOWS\System32\Tasks\AvastUpdateTaskMachineCore
2018-08-10 17:12 - 2018-08-10 17:12 - 000002577 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-08-10 17:12 - 2018-08-10 17:12 - 000002542 _____ C:\Users\Public\Desktop\Avast Secure Browser.lnk
2018-08-10 17:12 - 2018-08-10 17:12 - 000000000 ____D C:\Program Files (x86)\AVAST Software
2018-08-10 17:11 - 2018-08-12 12:33 - 000000000 ____D C:\Program Files (x86)\Steam
2018-08-10 17:11 - 2018-08-10 17:11 - 001573568 _____ C:\Users\PC\Downloads\SteamSetup.exe
2018-08-10 17:11 - 2018-08-10 17:11 - 000001039 _____ C:\Users\Public\Desktop\Steam.lnk
2018-08-10 17:11 - 2018-08-10 17:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2018-08-10 16:32 - 2018-08-10 16:32 - 000000000 ____D C:\Users\PC\AppData\Local\Steam
2018-08-10 16:23 - 2018-08-12 12:47 - 000014570 _____ C:\Users\PC\Desktop\FRST.txt
2018-08-10 16:23 - 2018-08-12 12:46 - 000030578 _____ C:\Users\PC\Desktop\Addition.txt
2018-08-10 16:20 - 2018-08-10 16:20 - 000026999 _____ C:\Users\PC\Downloads\Addition.txt
2018-08-10 16:19 - 2018-08-10 20:53 - 000000000 ____D C:\Users\PC\AppData\Local\AVAST Software
2018-08-10 16:19 - 2018-08-10 16:20 - 000024861 _____ C:\Users\PC\Downloads\FRST.txt
2018-08-10 16:19 - 2018-08-10 16:19 - 002412544 _____ (Farbar) C:\Users\PC\Desktop\FRST64.exe
2018-08-10 16:15 - 2018-08-10 16:15 - 000001417 _____ C:\Users\PC\Desktop\Microsoft Edge.lnk
2018-08-10 16:15 - 2018-08-10 16:15 - 000000000 ___HD C:\Users\PC\MicrosoftEdgeBackups
2018-08-10 16:15 - 2018-08-10 16:15 - 000000000 ____D C:\Users\PC\AppData\Local\Logitech
2018-08-10 16:14 - 2018-08-10 16:14 - 000000432 __RSH C:\Users\PC\ntuser.pol
2018-08-10 16:14 - 2018-08-10 16:14 - 000000000 ___RD C:\Users\PC\3D Objects
2018-08-10 16:14 - 2018-08-10 16:14 - 000000000 ____D C:\Users\PC\AppData\Local\Google
2018-08-10 16:08 - 2018-07-06 07:20 - 002868640 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-08-10 16:08 - 2018-07-06 07:20 - 001610648 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-08-10 16:08 - 2018-07-06 07:20 - 000792472 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-08-10 16:08 - 2018-07-06 07:20 - 000689560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-08-10 16:08 - 2018-07-06 07:20 - 000612248 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-08-10 16:08 - 2018-07-06 07:20 - 000451992 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-08-10 16:08 - 2018-07-06 07:20 - 000309664 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-08-10 16:08 - 2018-07-06 07:20 - 000144792 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-08-10 16:08 - 2018-07-06 07:20 - 000070040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-08-10 16:08 - 2018-07-06 07:17 - 003932672 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2018-08-10 16:08 - 2018-07-06 07:15 - 002266520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-08-10 16:08 - 2018-07-06 07:14 - 000541592 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-08-10 16:08 - 2018-07-06 06:56 - 004708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2018-08-10 16:08 - 2018-07-06 06:53 - 000672768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpprefcl.dll
2018-08-10 16:08 - 2018-07-06 06:53 - 000409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2018-08-10 16:08 - 2018-07-06 06:53 - 000386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2018-08-10 16:08 - 2018-07-06 06:53 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-08-10 16:08 - 2018-07-06 06:52 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-08-10 16:08 - 2018-07-06 06:52 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-08-10 16:08 - 2018-07-06 06:51 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-08-10 16:08 - 2018-07-06 06:51 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-08-10 16:08 - 2018-07-06 06:51 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-08-10 16:08 - 2018-07-06 06:51 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-08-10 16:08 - 2018-07-06 06:51 - 000391680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-08-10 16:08 - 2018-07-06 06:50 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-08-10 16:08 - 2018-07-06 06:49 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-08-10 16:08 - 2018-07-06 05:12 - 001539000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-08-10 16:08 - 2018-07-06 05:06 - 003611368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2018-08-10 16:08 - 2018-07-06 04:54 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-08-10 16:08 - 2018-07-06 04:54 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-08-10 16:08 - 2018-07-06 04:53 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-08-10 16:08 - 2018-07-06 04:53 - 000565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpprefcl.dll
2018-08-10 16:08 - 2018-07-06 04:53 - 000347136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2018-08-10 16:08 - 2018-07-06 04:52 - 002895360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-08-10 16:08 - 2018-07-06 04:52 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-08-10 16:08 - 2018-07-06 04:52 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-08-10 16:08 - 2018-07-06 04:51 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-08-10 16:08 - 2018-07-06 04:51 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-08-10 16:08 - 2018-07-06 04:26 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-08-10 16:08 - 2018-07-06 04:25 - 023863296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-08-10 16:08 - 2018-07-06 04:01 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-08-10 16:08 - 2018-07-06 00:32 - 000480672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-08-10 16:08 - 2018-07-06 00:31 - 000462752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-08-10 16:08 - 2018-07-06 00:31 - 000035232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-08-10 16:08 - 2018-07-06 00:29 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-08-10 16:08 - 2018-07-06 00:29 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-08-10 16:08 - 2018-07-06 00:27 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-08-10 16:08 - 2018-07-06 00:27 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-08-10 16:08 - 2018-07-06 00:27 - 001012632 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-08-10 16:08 - 2018-07-06 00:27 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-08-10 16:08 - 2018-07-06 00:27 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-08-10 16:08 - 2018-07-06 00:27 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-08-10 16:08 - 2018-07-06 00:27 - 000057440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.ShellCommon.Broker.dll
2018-08-10 16:08 - 2018-07-06 00:26 - 002712992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-08-10 16:08 - 2018-07-06 00:26 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-08-10 16:08 - 2018-07-06 00:26 - 000930720 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-08-10 16:08 - 2018-07-06 00:26 - 000766608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-08-10 16:08 - 2018-07-06 00:26 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-08-10 16:08 - 2018-07-06 00:25 - 009147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-08-10 16:08 - 2018-07-06 00:25 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-08-10 16:08 - 2018-07-06 00:25 - 002571728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-08-10 16:08 - 2018-07-06 00:25 - 002420632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-08-10 16:08 - 2018-07-06 00:25 - 001945784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-08-10 16:08 - 2018-07-06 00:25 - 001026464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-08-10 16:08 - 2018-07-06 00:25 - 001018616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-08-10 16:08 - 2018-07-06 00:25 - 000885856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-08-10 16:08 - 2018-07-06 00:25 - 000483048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-08-10 16:08 - 2018-07-06 00:25 - 000335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-08-10 16:08 - 2018-07-06 00:25 - 000267680 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-08-10 16:08 - 2018-07-06 00:25 - 000139672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-08-10 16:08 - 2018-07-06 00:24 - 000380824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-08-10 16:08 - 2018-07-06 00:16 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-08-10 16:08 - 2018-07-06 00:14 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-08-10 16:08 - 2018-07-06 00:14 - 001981896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-08-10 16:08 - 2018-07-06 00:14 - 001175568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-08-10 16:08 - 2018-07-06 00:14 - 000988640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-08-10 16:08 - 2018-07-06 00:14 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-08-10 16:08 - 2018-07-06 00:14 - 000573904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-08-10 16:08 - 2018-07-06 00:13 - 001620872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-08-10 16:08 - 2018-07-06 00:10 - 025845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-08-10 16:08 - 2018-07-06 00:07 - 022006272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-08-10 16:08 - 2018-07-06 00:04 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-08-10 16:08 - 2018-07-06 00:03 - 004371456 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-08-10 16:08 - 2018-07-06 00:02 - 009084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-08-10 16:08 - 2018-07-06 00:01 - 007057408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-08-10 16:08 - 2018-07-06 00:01 - 005883904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-08-10 16:08 - 2018-07-06 00:01 - 000104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2018-08-10 16:08 - 2018-07-06 00:01 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2018-08-10 16:08 - 2018-07-06 00:00 - 019403264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-08-10 16:08 - 2018-07-06 00:00 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2018-08-10 16:08 - 2018-07-06 00:00 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2018-08-10 16:08 - 2018-07-06 00:00 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2018-08-10 16:08 - 2018-07-06 00:00 - 000053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2018-08-10 16:08 - 2018-07-06 00:00 - 000029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsTelemetry.dll
2018-08-10 16:08 - 2018-07-06 00:00 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2018-08-10 16:08 - 2018-07-05 23:59 - 006647296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-08-10 16:08 - 2018-07-05 23:59 - 003381248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-08-10 16:08 - 2018-07-05 23:59 - 001153536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2018-08-10 16:08 - 2018-07-05 23:59 - 000453632 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2018-08-10 16:08 - 2018-07-05 23:59 - 000334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2018-08-10 16:08 - 2018-07-05 23:59 - 000200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Geolocation.dll
2018-08-10 16:08 - 2018-07-05 23:59 - 000086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2018-08-10 16:08 - 2018-07-05 23:59 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2018-08-10 16:08 - 2018-07-05 23:59 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 002825728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 001931776 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 000670720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 000530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 000236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 000224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Cortana.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 000107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProv2faHelper.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2018-08-10 16:08 - 2018-07-05 23:58 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-08-10 16:08 - 2018-07-05 23:58 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2018-08-10 16:08 - 2018-07-05 23:57 - 007579648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-08-10 16:08 - 2018-07-05 23:57 - 005779456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-08-10 16:08 - 2018-07-05 23:57 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-08-10 16:08 - 2018-07-05 23:57 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-08-10 16:08 - 2018-07-05 23:57 - 000839680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2018-08-10 16:08 - 2018-07-05 23:57 - 000813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-08-10 16:08 - 2018-07-05 23:57 - 000676864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Devices.dll
2018-08-10 16:08 - 2018-07-05 23:57 - 000614912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-08-10 16:08 - 2018-07-05 23:57 - 000473088 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-08-10 16:08 - 2018-07-05 23:57 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-08-10 16:08 - 2018-07-05 23:57 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 001986560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 001817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 001567744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 001225216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 000814592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 000784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuietHours.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 000508416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 000330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 000327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\BioCredProv.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 000181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-08-10 16:08 - 2018-07-05 23:56 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProv2faHelper.dll
2018-08-10 16:08 - 2018-07-05 23:55 - 003440128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-08-10 16:08 - 2018-07-05 23:55 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-08-10 16:08 - 2018-07-05 23:55 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-08-10 16:08 - 2018-07-05 23:55 - 001395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-08-10 16:08 - 2018-07-05 23:55 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-08-10 16:08 - 2018-07-05 23:55 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-08-10 16:08 - 2018-07-05 23:55 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-08-10 16:08 - 2018-07-05 23:55 - 000415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-08-10 16:08 - 2018-07-05 23:55 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 003015680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 002449408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-08-10 16:08 - 2018-07-05 23:54 - 001214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 000978944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 000943616 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 000884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 000884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 000275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-08-10 16:08 - 2018-07-05 23:54 - 000254464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BioCredProv.dll
2018-08-10 16:08 - 2018-07-05 23:53 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-08-10 16:08 - 2018-07-05 23:53 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2018-08-10 16:08 - 2018-07-05 23:53 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-08-10 16:08 - 2018-07-05 23:53 - 000705024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-08-10 16:08 - 2018-07-05 23:52 - 000533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-08-10 16:08 - 2018-07-05 22:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-08-10 16:08 - 2018-06-28 21:16 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-08-10 16:08 - 2018-05-20 04:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-08-10 16:02 - 2018-08-10 16:02 - 000378072 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-08-10 16:02 - 2018-08-10 16:02 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2018-08-08 07:33 - 2018-08-12 12:47 - 000000000 ____D C:\FRST
2018-08-08 07:33 - 2018-08-08 07:34 - 000123366 _____ C:\Users\b\Desktop\FRST.txt
2018-08-08 07:33 - 2018-08-08 07:34 - 000022099 _____ C:\Users\b\Desktop\Addition.txt
2018-08-08 07:32 - 2018-08-08 07:32 - 002412544 _____ (Farbar) C:\Users\b\Desktop\FRST64.exe
2018-08-08 07:26 - 2018-08-08 07:26 - 000464491 _____ C:\Users\b\Downloads\RootRepeal.zip
2018-08-08 07:21 - 2018-08-08 07:21 - 000065872 _____ C:\WINDOWS\system32\Drivers\fsbts.sys
2018-08-08 07:20 - 2018-08-08 07:26 - 000000000 ____D C:\ProgramData\F-Secure
2018-08-08 07:20 - 2018-08-08 07:20 - 000000000 ____D C:\Users\b\AppData\Local\F-Secure
2018-08-08 07:20 - 2018-08-08 07:20 - 000000000 ____D C:\Users\b\AppData\Local\FSDART
2018-08-08 07:20 - 2018-08-08 07:20 - 000000000 ____D C:\Program Files\F-Secure
2018-08-08 07:09 - 2018-08-08 07:09 - 000000000 ____D C:\Users\b\Documents\AccessChk
2018-08-08 07:08 - 2018-08-08 07:08 - 000378512 _____ C:\Users\b\Documents\AccessChk.zip
2018-08-08 07:02 - 2018-08-08 07:02 - 000000000 ____D C:\Users\b\Documents\Sysmon (1)
2018-08-08 07:02 - 2018-08-08 06:39 - 001463899 _____ C:\Users\b\Documents\Sysmon (1).zip
2018-08-08 07:01 - 2018-08-08 07:01 - 000000000 ____D C:\Users\b\Documents\RootkitRevealer (1)
2018-08-08 06:47 - 2018-08-08 06:47 - 000000000 ____D C:\Users\b\Downloads\gimmerdemo-win32-x64-0.1.7
2018-08-08 06:47 - 2018-08-08 06:47 - 000000000 ____D C:\Users\b\AppData\Roaming\Gimmer Demo
2018-08-08 06:29 - 2018-08-08 06:29 - 000000000 ____D C:\Users\PC\AppData\Local\DBG
2018-08-08 06:19 - 2018-08-08 06:25 - 699400192 _____ C:\Users\b\Downloads\bitdefender-rescue-cd.iso
2018-08-08 06:16 - 2018-08-08 07:05 - 1953349632 _____ C:\Users\b\Downloads\ubuntu-18.04.1-desktop-amd64.iso
2018-08-08 03:36 - 2018-08-08 03:39 - 175065824 _____ (Microsoft Corporation) C:\Users\b\Downloads\msert.exe
2018-08-08 03:27 - 2018-08-08 03:27 - 286785970 _____ C:\Users\b\Documents\123.reg
2018-08-08 03:22 - 2018-08-08 03:24 - 000000000 ____D C:\Users\b\AppData\Local\D3DSCache
2018-08-08 03:21 - 2018-08-10 16:17 - 000410874 _____ C:\WINDOWS\ntbtlog.txt
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-08-12 12:40 - 2018-04-11 16:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-08-12 12:38 - 2018-07-10 00:06 - 000793700 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-08-12 12:38 - 2018-04-11 16:36 - 000000000 ____D C:\WINDOWS\INF
2018-08-12 12:33 - 2018-06-07 05:56 - 000000000 ____D C:\Program Files\SoftEther VPN Client
2018-08-12 12:32 - 2018-07-10 00:01 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-08-12 12:32 - 2018-04-11 14:04 - 000786432 _____ C:\WINDOWS\system32\config\BBI
2018-08-12 12:32 - 2018-02-11 15:03 - 000000000 ____D C:\ProgramData\NVIDIA
2018-08-12 12:30 - 2018-07-09 22:53 - 000000000 ____D C:\Windows10Upgrade
2018-08-12 11:24 - 2018-07-09 23:56 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-08-12 05:06 - 2018-07-10 00:01 - 000003370 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2850893678-3308694845-315594102-1001
2018-08-12 05:06 - 2018-07-09 23:58 - 000002407 _____ C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-12 05:06 - 2018-02-11 13:56 - 000000000 ___RD C:\Users\PC\OneDrive
2018-08-12 05:05 - 2018-07-09 23:56 - 000233856 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-08-12 05:04 - 2018-04-12 02:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-08-12 05:04 - 2018-04-11 16:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-08-12 05:04 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-08-12 05:04 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-08-12 05:04 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-08-12 04:12 - 2018-04-11 16:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-08-11 01:41 - 2018-07-10 00:01 - 000003346 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-08-11 01:41 - 2018-07-10 00:01 - 000003122 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-08-11 01:41 - 2018-07-10 00:01 - 000002856 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2850893678-3308694845-315594102-1002
2018-08-11 01:41 - 2018-07-10 00:01 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-08-11 01:40 - 2018-07-09 23:58 - 000000000 ____D C:\Users\PC
2018-08-11 01:40 - 2018-04-11 16:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-08-11 01:40 - 2018-02-15 21:57 - 000000000 ____D C:\ProgramData\Package Cache
2018-08-10 18:53 - 2018-02-11 13:55 - 000000000 ____D C:\Users\PC\AppData\Local\ConnectedDevicesPlatform
2018-08-10 16:38 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-08-10 16:20 - 2018-07-10 00:05 - 000000000 ____D C:\ProgramData\Packages
2018-08-10 16:20 - 2018-04-11 16:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-08-10 16:20 - 2018-02-11 13:55 - 000000000 ____D C:\Users\PC\AppData\Local\Packages
2018-08-10 16:14 - 2018-02-11 13:55 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-08-10 16:09 - 2018-07-09 23:58 - 000000000 ____D C:\Users\b
2018-08-10 16:09 - 2018-02-15 21:58 - 000000000 ____D C:\ProgramData\Logishrd
2018-08-10 16:09 - 2018-02-15 21:25 - 000000000 ___RD C:\Users\b\OneDrive
2018-08-10 16:08 - 2018-03-20 09:58 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-08-10 16:07 - 2018-03-20 09:58 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-08-10 16:03 - 2018-07-09 23:23 - 000467064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-08-10 16:03 - 2018-03-06 10:23 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-08-10 16:03 - 2018-03-06 10:23 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-08-10 16:02 - 2018-07-10 00:01 - 000003990 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-08-10 16:02 - 2018-07-09 23:23 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-08-10 16:02 - 2018-07-09 23:23 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-08-10 16:02 - 2018-04-11 16:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-08-10 16:02 - 2018-02-15 21:27 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-08-08 06:40 - 2018-06-12 07:35 - 000002070 _____ C:\Users\PC\Desktop\Rkill.txt
2018-08-08 03:25 - 2018-07-09 23:58 - 000002404 _____ C:\Users\b\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-08-08 03:05 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-07-17 12:02 - 2018-04-11 16:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-07-14 03:55 - 2018-03-20 09:58 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
Some files in TEMP:
====================
2018-08-08 07:01 - 2018-08-08 07:01 - 000383872 _____ (Sysinternals - www.sysinternals.com) C:\Users\b\AppData\Local\Temp\PSZLPIRP.exe
2018-08-08 06:29 - 2018-08-08 06:29 - 000367488 _____ (Sysinternals - www.sysinternals.com) C:\Users\PC\AppData\Local\Temp\LRXBLZD.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-07-09 23:56
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02.08.2018
Ran by PC (12-08-2018 12:47:22)
Running from C:\Users\PC\Desktop
Windows 10 Pro Version 1803 17134.165 (X64) (2018-07-10 07:01:33)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-2850893678-3308694845-315594102-500 - Administrator - Disabled)
b (S-1-5-21-2850893678-3308694845-315594102-1002 - Limited - Enabled) => C:\Users\b
DefaultAccount (S-1-5-21-2850893678-3308694845-315594102-503 - Limited - Disabled)
Guest (S-1-5-21-2850893678-3308694845-315594102-501 - Limited - Disabled)
PC (S-1-5-21-2850893678-3308694845-315594102-1001 - Administrator - Enabled) => C:\Users\PC
WDAGUtilityAccount (S-1-5-21-2850893678-3308694845-315594102-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)
Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 67.1.664.99 - AVAST Software)
Avast Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.154.333 - AVAST Software) Hidden
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 68.0.3440.106 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Logitech Gaming Software 8.96 (HKLM\...\Logitech Gaming Software) (Version: 8.96.88 - Logitech Inc.)
Microsoft OneDrive (HKU\S-1-5-21-2850893678-3308694845-315594102-1001\...\OneDriveSetup.exe) (Version: 18.131.0701.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NVIDIA 3D Vision Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 388.13 - NVIDIA Corporation)
NVIDIA Graphics Driver 388.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 388.13 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.35.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.35.1 - NVIDIA Corporation)
osrss (HKLM-x32\...\{1BA1133B-1C7A-41A0-8CBF-9B993E63D296}) (Version: 1.0.0 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8053 - Realtek Semiconductor Corp.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.22.9634 - SoftEther VPN Project)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{5009B7EE-8A15-4A23-B404-15E31D02DA67}) (Version: 2.43.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22452 - Microsoft Corporation)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-10] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-10] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-10] (AVAST Software)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-10-27] (NVIDIA Corporation)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-08-10] (AVAST Software)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {178BECB7-6807-4B50-AA27-460E022F59C3} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {2C8E402B-E617-4EDD-A963-B3BE52D1FEA9} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-08-10] (AVAST Software)
Task: {64467370-736D-4ABD-A2ED-620408B6077A} - System32\Tasks\S-1-5-21-2850893678-3308694845-315594102-1002\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2018-04-11] (Microsoft Corporation)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {777083A3-C87B-4169-BCC2-B9AA23212570} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-08-10] (AVAST Software)
Task: {7F59BE51-C72D-4AD8-82DE-9B926680EA70} - System32\Tasks\Optimize Push Notification Data File-S-1-5-21-2850893678-3308694845-315594102-1002
Task: {86B1E90E-FBAA-46AA-AC3C-FBD41715B70B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-06] (Google Inc.)
Task: {C14BE46E-39C6-4941-88F0-1AF2CEC27311} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-06-06] (AVAST Software)
Task: {C7933DA5-9542-4534-B82D-DFCF382B5140} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-03-06] (Google Inc.)
Task: {FD7CDF13-9580-4145-A7E2-527D5E2AFEA7} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-08-10] (AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============
2018-04-11 16:34 - 2018-04-11 16:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 16:34 - 2018-04-11 16:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-08-08 07:21 - 2018-08-08 07:21 - 000418784 _____ () C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\daas2_x64.dll
2018-08-08 07:21 - 2018-08-08 07:21 - 000319968 _____ () C:\Program Files\F-Secure\Ultralight\ulcore\1530012511\senddump_fshoster_plugin64.dll
2018-08-10 16:08 - 2018-07-05 23:55 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 000908568 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2017-10-19 20:29 - 2017-10-19 20:29 - 001096824 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2015-03-06 17:07 - 2015-03-06 17:07 - 000060184 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2017-10-19 20:29 - 2017-10-19 20:29 - 000241784 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2018-03-15 01:13 - 2018-03-15 01:13 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-08-10 16:02 - 2018-08-10 16:02 - 000483544 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-08-10 16:02 - 2018-08-10 16:02 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-08-10 17:11 - 2018-07-21 14:07 - 000854304 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2018-08-10 17:11 - 2016-08-31 18:02 - 004969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2018-08-10 17:11 - 2018-08-08 15:43 - 002644768 _____ () C:\Program Files (x86)\Steam\video.dll
2018-08-10 17:11 - 2016-08-31 18:02 - 001563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2018-08-10 17:11 - 2016-08-31 18:02 - 001195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2018-08-10 17:11 - 2017-12-19 18:43 - 005137696 _____ () C:\Program Files (x86)\Steam\libavcodec-57.dll
2018-08-10 17:11 - 2017-12-19 18:43 - 000695584 _____ () C:\Program Files (x86)\Steam\libavformat-57.dll
2018-08-10 17:11 - 2017-12-19 18:43 - 000351520 _____ () C:\Program Files (x86)\Steam\libavresample-3.dll
2018-08-10 17:11 - 2017-12-19 18:43 - 000847136 _____ () C:\Program Files (x86)\Steam\libavutil-55.dll
2018-08-10 17:11 - 2017-12-19 18:43 - 000783648 _____ () C:\Program Files (x86)\Steam\libswscale-4.dll
2018-08-10 17:11 - 2018-08-08 15:43 - 001015072 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2018-08-10 17:11 - 2016-07-04 15:17 - 000266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2018-08-10 17:11 - 2018-07-21 14:07 - 000854304 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\SDL2.dll
2018-08-10 17:11 - 2018-07-20 15:24 - 083524896 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2018-08-10 17:11 - 2018-07-20 15:24 - 003732256 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libglesv2.dll
2018-08-10 17:11 - 2018-07-20 15:24 - 000086304 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libegl.dll
2018-08-10 17:11 - 2018-07-03 14:58 - 000137504 _____ () C:\Program Files (x86)\Steam\winh264.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2018-02-10 18:35 - 2018-02-10 18:34 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2850893678-3308694845-315594102-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{3C7AC4D2-155A-4048-8FB9-1BD77AC230A9}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{BBD6D78A-C088-4D5D-88A7-A330C11CFBCC}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{380BA2AB-3E4C-41CE-BF4E-FED041AAD82C}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{19E4DB58-790E-4749-AEDE-F1F1731CC820}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{93133A4A-DD4B-4902-A864-64C6A77D892E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{5C7F3DAA-3456-45CC-8EE4-DD5AEB963A25}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{54527764-3F37-4F6F-A880-DC6062A17D9F}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{794926FE-2B1F-4E1C-9CDB-A3BA4098FF0E}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [UDP Query User{F08B7E4F-4724-4BB4-AFBD-09AC0D372532}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [TCP Query User{9DB77AC6-C519-4C04-8B46-6AB8353B9F0C}C:\program files\logitech gaming software\lcore.exe] => (Block) C:\program files\logitech gaming software\lcore.exe
FirewallRules: [{A9D7166E-5C15-4ACA-89E2-677877F70492}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{5AEF48E7-6FF6-401A-89E4-2411AF1A9179}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{805F94B0-6139-447F-A814-8A836B6DD0A6}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{A857F0BB-7417-44B4-B7F3-9B992CF32399}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\iTunes.exe
FirewallRules: [{671DDAB2-F348-4FC2-8DB1-AA1393C1DD7A}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{F99B2405-A848-4144-A5BF-71ADC55220DA}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{BF229DC9-9E62-4797-B68D-7FDCD2F0C4B5}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{FEE56551-1BF8-4596-AA4B-39ADC1990853}] => (Allow) C:\Program Files\WindowsApps\AppleInc.iTunes_12080.150.37023.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
FirewallRules: [{071812AC-6CC7-41F4-9D78-1D5F60E5B67C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1B471531-000C-48FF-AD4A-5A8F6CBAAE16}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{1810B806-C41D-4548-8DC8-2DC64A669A82}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{728A0280-1FE5-43C8-BC46-01A52C0D036C}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{91842C5B-9B8B-47B4-AB1E-D35AB70BC2AB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{100C4F22-CF8D-4854-8EAD-2684FF35D54A}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FE602DCC-1251-4F22-ACAB-EFC935B403E1}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{FFE2B68F-B085-4D91-B235-0A3613B95E30}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.87.491.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [TCP Query User{7F67AA3D-09BC-4C32-908C-06118023E53A}C:\users\b\downloads\gimmerdemo-win32-x64-0.1.7\gimmerdemo.exe] => (Allow) C:\users\b\downloads\gimmerdemo-win32-x64-0.1.7\gimmerdemo.exe
FirewallRules: [UDP Query User{4948AF34-3D83-4183-95E3-60A86FAD8298}C:\users\b\downloads\gimmerdemo-win32-x64-0.1.7\gimmerdemo.exe] => (Allow) C:\users\b\downloads\gimmerdemo-win32-x64-0.1.7\gimmerdemo.exe
FirewallRules: [{1B4F6DFC-E199-4E1D-AE6A-86DED4E8A626}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{9F752C14-6348-4A4D-BB34-6B07BFA6594D}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{7FC786F3-F0AB-476B-B3B9-EF5D0DE06ED1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{66A8FF4C-DCB0-4952-AAF0-53C7479AC6D7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9A289D1D-4BEC-437A-804C-BAB460752E92}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{D0547EB2-5723-4FD8-9864-369F3412E093}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{F2B04C96-0C5D-4892-9CC8-F61356EC2454}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{13B8A431-4B77-49D8-9D59-F75607B81492}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{582C24C6-D340-40E2-8A4C-EB1F6150BC19}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{62C41384-E294-4C6F-A19B-C889616F8A14}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4FF1F336-4D1E-408F-B854-E0E49E3946C0}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
FirewallRules: [{A71CB776-35B3-48A1-BF18-718D40625242}] => (Allow) D:\SteamLibrary\steamapps\common\ARK\ShooterGame\Binaries\Win64\ShooterGame.exe
==================== Restore Points =========================
24-07-2018 16:33:04 Scheduled Checkpoint
10-08-2018 16:07:42 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (08/10/2018 04:31:25 PM) (Source: Steam Client Service) (EventID: 1) (User: )
Description: Error: Failed to add firewall exception for C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
Error: (08/08/2018 07:18:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.137, time stamp: 0x5b234384
Faulting module name: edgehtml.dll, version: 11.0.17134.137, time stamp: 0x19e0b525
Exception code: 0xc0000005
Fault offset: 0x000000000037ad5a
Faulting process id: 0x15bc
Faulting application start time: 0x01d42f21d96bcd99
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\edgehtml.dll
Report Id: f22ecb0a-2aae-4447-bd33-0ff8a20c22dc
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (08/08/2018 07:01:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x3d2c
Faulting application start time: 0x01d42f204e43252e
Faulting application path: C:\Users\b\Documents\RootkitRevealer (1)\RootkitRevealer.exe
Faulting module path: C:\Users\b\Documents\RootkitRevealer (1)\RootkitRevealer.exe
Report Id: 553ff179-3abd-437f-9214-d4e192e5bf6b
Faulting package full name:
Faulting package-relative application ID:
Error: (08/08/2018 06:29:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x356c
Faulting application start time: 0x01d42f1bdca0a482
Faulting application path: C:\Users\b\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\RootkitRevealer (1)\RootkitRevealer.exe
Faulting module path: C:\Users\b\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\RootkitRevealer (1)\RootkitRevealer.exe
Report Id: 2bc213d8-683c-4f02-b170-5fdcf29861e4
Faulting package full name:
Faulting package-relative application ID:
Error: (08/08/2018 05:05:16 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdgeCP.exe, version: 11.0.17134.137, time stamp: 0x5b234384
Faulting module name: EdgeContent.dll, version: 11.0.17134.137, time stamp: 0x2fd4aae0
Exception code: 0xc0000409
Fault offset: 0x00000000000ace9a
Faulting process id: 0xdd0
Faulting application start time: 0x01d42f020debcddf
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
Faulting module path: C:\WINDOWS\SYSTEM32\EdgeContent.dll
Report Id: b3c95c5e-6348-4555-a500-7232ce0854e3
Faulting package full name: Microsoft.MicrosoftEdge_42.17134.1.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: ContentProcess
Error: (08/08/2018 03:10:56 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {41FD88F7-F295-4D39-91AC-A85F3149A05B} was rejected
Error: (08/08/2018 03:10:56 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {95CABCC9-BC57-4C12-B8DF-BA193232AA01} was rejected
Error: (07/10/2018 12:00:02 AM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: Failed trying to get the state of the cluster node: .The error code returned: 0x8007085A

System errors:
=============
Error: (08/12/2018 12:33:14 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-97DUDUE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-97DUDUE\PC SID (S-1-5-21-2850893678-3308694845-315594102-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/12/2018 12:29:46 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-97DUDUE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-97DUDUE\PC SID (S-1-5-21-2850893678-3308694845-315594102-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/12/2018 11:48:10 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-97DUDUE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-97DUDUE\PC SID (S-1-5-21-2850893678-3308694845-315594102-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/12/2018 11:25:50 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-97DUDUE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-97DUDUE\PC SID (S-1-5-21-2850893678-3308694845-315594102-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/12/2018 05:05:44 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-97DUDUE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-97DUDUE\PC SID (S-1-5-21-2850893678-3308694845-315594102-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/12/2018 05:03:38 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Update Orchestrator Service service terminated with the following error:
This operation returned because the timeout period expired.
Error: (08/11/2018 04:24:39 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-97DUDUE)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-97DUDUE\PC SID (S-1-5-21-2850893678-3308694845-315594102-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (08/11/2018 02:08:44 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-97DUDUE)
Description: DCOM got error "1053" attempting to start the service BcastDVRUserService_26ecd with arguments "Unavailable" in order to run the server:
Windows.Media.Capture.Internal.AppCaptureShell

Windows Defender:
===================================
Date: 2018-07-10 00:01:32.755
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
Date: 2018-07-10 00:01:30.691
Description:
Windows Defender Antivirus Real-Time Protection feature has encountered an error and failed.
Feature: Behavior Monitoring
Error Code: 0x80070006
Error description: The handle is invalid.
Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
==================== Memory info ===========================
Processor: Intel® Core™ i7-6700K CPU @ 4.00GHz
Percentage of memory in use: 33%
Total physical RAM: 8147.16 MB
Available physical RAM: 5419.65 MB
Total Virtual: 9427.16 MB
Available Virtual: 5342.31 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:220.73 GB) (Free:36.35 GB) NTFS
Drive d: (New Volume) (Fixed) (Total:1844.39 GB) (Free:1768.92 GB) NTFS
\\?\Volume{2f352ad6-1b95-4475-a1c1-334c53bf5ec9}\ (Recovery) (Fixed) (Total:2.23 GB) (Free:1.85 GB) NTFS
\\?\Volume{d0f19c50-0000-0000-0000-f018cd010000}\ (Recovery) (Fixed) (Total:18.63 GB) (Free:18.21 GB) NTFS
\\?\Volume{ae4d3fe4-7e83-4347-a0f5-5608b2080749}\ (BOOT) (Fixed) (Total:0.48 GB) (Free:0.46 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 223.6 GB) (Disk ID: 16F544A7)
Partition: GPT.
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 1863 GB) (Disk ID: D0F19C50)
Partition 1: (Not Active) - (Size=1844.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=18.6 GB) - (Type=27)
==================== End of Addition.txt ============================
 

 

 

 

 

Attached Files



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 PM

Posted 13 August 2018 - 10:25 AM

Hi,

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
CloseProcesses:

HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
GroupPolicy\User: Restriction ? <==== ATTENTION

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

If the problem persists run these programs.

We will check your BIOS and Master boot record.

Read carefully and follow these steps.
TDSS
  • Download TDSSKiller and save it to your Desktop.
  • Doubleclick on TDSSKiller.exe to run the application.
  • Then click on Start Scan.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • Important: Do NOT change the default action on your own unless instructed by a malware Helper! Doing so may render your computer unbootable.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  • ===

    Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
    • Click the "Scan" button to start scan.
    • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
    • Please paste the contents of that log in your next reply.
    There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.
    ===

    Wait for further instructions.

    Please let me know what problem persists with this computer.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,569 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:02 PM

Posted Today, 07:44 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users