Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I infected?


  • Please log in to reply
11 replies to this topic

#1 Arbedark

Arbedark

  • Members
  • 6 posts
  • ONLINE
  •  
  • Local time:07:54 AM

Posted 17 September 2018 - 01:46 PM

Hi folks,

First off thank you for letting me join your forums.

I have a Lenovo G505 running windows 10 that has been working just fine until around a week ago when things started to run slow and startup times increased dramatically. Loading tabs through Firefox now without exception fail and FF also tells me it is unable to restore my session even when starting afresh. downloads are also very slow.

I have Avast free AV and also have run Superantispyware Pro and Malwarebytes none of which have detected anything.

 

Can you help please?

 

Jim



BC AdBot (Login to Remove)

 


#2 polskamachina

polskamachina

  • Malware Response Team
  • 4,004 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 18 September 2018 - 06:43 PM

Hi Jim :)
 
My name is polskamachina and I would like to :welcome: you to the Malware Removal Forum. I will be helping you with your malware issues.

What follows below are some ground rules for this forum.
 
I will reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine. Running any additional tools may detect false positives, interfere with our tools, cause unforeseen damage, or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text into your replies to me.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Let's begin.

  • Please click on this link and follow the detailed directions at step :step6:
  • After you have completed step :step6: (which included downloading and running the Farbar Recovery Scan Tool) return here and copy and paste the logs, FRST.txt and Addition.txt into your next reply to me

In summary I will need from you:

  • FRST.txt
  • Addition.txt

Let me know if you have any questions.
 
polskamachina



#3 Arbedark

Arbedark
  • Topic Starter

  • Members
  • 6 posts
  • ONLINE
  •  
  • Local time:07:54 AM

Posted 19 September 2018 - 03:31 AM

Hi,
Thank oh for getting back to me.
I will endeavour to reply to you as soon as possible as it is not only in my interests but because you are taking the time to assist me.
I am in work at the moment (9.30am) here and will not have access to my laptop until I return home this evening.

Cheers,
Jim

#4 polskamachina

polskamachina

  • Malware Response Team
  • 4,004 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 19 September 2018 - 10:58 AM

Hi Jim :)

 

Thank you for keeping me in the loop.

 

Regards,

polskamachina



#5 Arbedark

Arbedark
  • Topic Starter

  • Members
  • 6 posts
  • ONLINE
  •  
  • Local time:07:54 AM

Posted 19 September 2018 - 01:54 PM

Here we go, as requested

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.09.2018
Ran by ADMIN (administrator) on 3L60BX (19-09-2018 19:42:43)
Running from C:\Users\ADMIN\Downloads
Loaded Profiles: ADMIN &  (Available Profiles: ADMIN & smcle_000 & Administrator)
Platform: Windows 10 Home Version 1803 17134.285 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3743648 2015-08-22] (ELAN Microelectronics Corp.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [935104 2014-11-25] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-08-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-08-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [316392 2018-05-11] (Adobe Systems, Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-09-15] (AVAST Software)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [5060864 2015-06-16] (Realtek semiconductor)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-07-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190405451\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190406998\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8893360 2018-09-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\Run: [FlickrUploadr] => "C:\Users\ADMIN\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399224 2018-09-18] (BitTorrent, Inc.)
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\MountPoints2: {e3464091-0da3-11e3-be6d-806e6f6e6963} - "E:\SETUP.EXE"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [8893360 2018-09-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\Run: [FlickrUploadr] => "C:\Users\ADMIN\AppData\Local\FlickrUploadrWindows\Update.exe" --processStart Flickr.exe
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9773272 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\Run: [uTorrent] => C:\Program Files (x86)\uTorrent\uTorrent.exe [399224 2018-09-18] (BitTorrent, Inc.)
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\MountPoints2: {e3464091-0da3-11e3-be6d-806e6f6e6963} - "E:\SETUP.EXE"
HKU\S-1-5-21-1606855114-3203990875-874764488-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190414050\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1606855114-3203990875-874764488-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190423082\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{60774272-da74-41a5-a583-5ad23aaa4924}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{693d3988-28aa-45c4-8f72-a095556e5271}: [NameServer] 8.8.4.4,208.67.220.220
Tcpip\..\Interfaces\{693d3988-28aa-45c4-8f72-a095556e5271}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{70255ad5-5e23-439f-91f1-bb5df3d907f5}: [NameServer] 77.234.40.79
Tcpip\..\Interfaces\{cff62186-9bbc-4a08-b27a-831f9069bfb1}: [DhcpNameServer] 8.8.8.8
Tcpip\..\Interfaces\{dc8df398-99de-4278-8f3e-b58624586410}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-1606855114-3203990875-874764488-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190414050\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-1606855114-3203990875-874764488-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190414050\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-1606855114-3203990875-874764488-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190414050\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
HKU\S-1-5-21-1606855114-3203990875-874764488-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190423082\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com
HKU\S-1-5-21-1606855114-3203990875-874764488-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190423082\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com
HKU\S-1-5-21-1606855114-3203990875-874764488-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190423082\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com
SearchScopes: HKU\S-1-5-21-1606855114-3203990875-874764488-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190414050 -> DefaultScope {26196BF1-D2A6-4B66-9A58-E66142B63480} URL =
SearchScopes: HKU\S-1-5-21-1606855114-3203990875-874764488-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190414050 -> {26196BF1-D2A6-4B66-9A58-E66142B63480} URL =
SearchScopes: HKU\S-1-5-21-1606855114-3203990875-874764488-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190423082 -> DefaultScope {26196BF1-D2A6-4B66-9A58-E66142B63480} URL =
SearchScopes: HKU\S-1-5-21-1606855114-3203990875-874764488-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190423082 -> {26196BF1-D2A6-4B66-9A58-E66142B63480} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}

FireFox:
========
FF DefaultProfile: u1d0ddgz.default-1429477880677-1503332065403
FF ProfilePath: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\u1d0ddgz.default-1429477880677-1503332065403 [2018-09-19]
FF Homepage: Mozilla\Firefox\Profiles\u1d0ddgz.default-1429477880677-1503332065403 -> www.google.co.uk/
FF NetworkProxy: Mozilla\Firefox\Profiles\u1d0ddgz.default-1429477880677-1503332065403 -> type", 0
FF Extension: (Avast Passwords) - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\u1d0ddgz.default-1429477880677-1503332065403\Extensions\jid1-r1tDuNiNb4SEww@jetpack.xpi [2018-08-18]
FF Extension: (uBlock Origin) - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\u1d0ddgz.default-1429477880677-1503332065403\Extensions\uBlock0@raymondhill.net.xpi [2018-08-29]
FF Extension: (Avast Online Security) - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\u1d0ddgz.default-1429477880677-1503332065403\Extensions\wrc@avast.com.xpi [2018-06-23]
FF Extension: (Popup Blocker Ultimate) - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\u1d0ddgz.default-1429477880677-1503332065403\Extensions\{60B7679C-BED9-11E5-998D-8526BB8E7F8B}.xpi [2017-11-20]
FF Extension: (Adblock Plus) - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\u1d0ddgz.default-1429477880677-1503332065403\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-09-01]
FF Extension: (Greasemonkey) - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\u1d0ddgz.default-1429477880677-1503332065403\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2018-08-29]
FF Extension: (Firefox Monitor) - C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\u1d0ddgz.default-1429477880677-1503332065403\features\{49be8ca1-dc23-4c7a-b4a0-1f83799a3df0}\fxmonitor@mozilla.org.xpi [2018-09-17]
FF SearchPlugin: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\u1d0ddgz.default-1429477880677-1503332065403\searchplugins\bing-lavasoft-ff59.xml [2018-05-27]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_31_0_0_108.dll [2018-09-15] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_31_0_0_108.dll [2018-09-15] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-08-09] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1606855114-3203990875-874764488-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
FF Plugin HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\defaults\pref\‘local-settings.js [2015-04-15]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-07-12] (SUPERAntiSpyware.com)
R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [103424 2013-04-25] () [File not signed]
R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [2321384 2018-05-11] (Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2128872 2018-05-11] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-28] (Advanced Micro Devices, Inc.) [File not signed]
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7994520 2018-09-15] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-09-15] (AVAST Software)
S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-09-15] (AVAST Software)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-08-22] (ELAN Microelectronics Corp.)
S3 LSC.Services.SystemService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.SystemService.exe [271128 2017-06-09] (Lenovo)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [106904 2018-08-03] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-01-25] (Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R2 APXACC; C:\WINDOWS\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [199712 2018-09-15] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229384 2018-09-15] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201320 2018-09-15] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-09-15] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59568 2018-09-15] (AVAST Software)
R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-23] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [249016 2018-09-15] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-09-15] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163392 2018-09-15] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111864 2018-09-15] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [87904 2018-09-15] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-09-15] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467320 2018-09-15] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [215920 2018-09-15] (AVAST Software)
R3 aswTap; C:\WINDOWS\System32\drivers\aswTap.sys [53904 2018-05-21] (The OpenVPN Project)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381560 2018-09-15] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-28] (Symantec Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-06-19] (Malwarebytes)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [55232 2018-02-03] ()
R1 HssDRV6; C:\WINDOWS\system32\DRIVERS\hssdrv6.sys [44648 2015-09-18] (AnchorFree Inc.)
S3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [114920 2018-08-12] (Malwarebytes)
S3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [48360 2018-08-12] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-09-18] (Malwarebytes)
S3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [102632 2018-08-18] (Malwarebytes)
R1 MeDlpFlt; C:\WINDOWS\System32\DRIVERS\MeDlpFlt.sys [131072 2018-08-07] (Check Point Software Technologies Ltd.)
R3 mevdbus; C:\WINDOWS\System32\drivers\mevdbus.sys [33040 2018-08-07] (Check Point Software Technologies Ltd.)
S3 mevdfunction; C:\WINDOWS\System32\drivers\mevdfunction.sys [63272 2018-08-07] (Check Point Software Technologies Ltd.)
S3 npf; C:\Windows\System32\drivers\npf.sys [36600 2014-08-19] (Riverbed Technology, Inc.)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 RtlWlanu; C:\WINDOWS\System32\drivers\rtwlanu.sys [5707264 2018-04-12] (Realtek Semiconductor Corporation )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [25608 2018-05-07] (SlimWare Utilities, Inc.)
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-06-15] (Anchorfree Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20180917.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20180917.002\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-19 19:42 - 2018-09-19 19:44 - 000023706 _____ C:\Users\ADMIN\Downloads\FRST.txt
2018-09-19 19:42 - 2018-09-19 19:42 - 000000000 ____D C:\FRST
2018-09-19 19:41 - 2018-09-19 19:41 - 002413568 _____ (Farbar) C:\Users\ADMIN\Downloads\FRST64.exe
2018-09-19 19:07 - 2018-09-19 19:13 - 1238813563 _____ C:\Users\ADMIN\Downloads\The.Last.Ship.S05E02.720p.WEBRip.x264-TBS[eztv].mkv
2018-09-19 19:07 - 2018-09-19 19:10 - 000000000 ____D C:\Users\ADMIN\Downloads\The.Last.Ship.S05E01.WEBRip.x264-TBS[ettv]
2018-09-18 20:19 - 2018-09-18 20:21 - 000000000 ____D C:\Users\ADMIN\Downloads\The.Meg.2018.HC.HDRip.XviD.AC3-EVO
2018-09-18 20:11 - 2018-09-18 20:16 - 000000000 ____D C:\Users\ADMIN\AppData\Roaming\PortForward.com
2018-09-18 20:11 - 2018-09-18 20:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PortForward.com
2018-09-18 20:11 - 2018-09-18 20:11 - 000000000 ____D C:\Program Files (x86)\Portforward
2018-09-18 20:10 - 2018-09-18 20:10 - 005184928 _____ (Portforward, LLC) C:\Users\ADMIN\Downloads\SetupPortForwardNetworkUtilities.exe
2018-09-18 19:33 - 2018-09-18 19:33 - 000001029 _____ C:\ProgramData\Microsoft\Windows\Start Menu\µTorrent.lnk
2018-09-18 19:32 - 2018-09-19 19:31 - 000000000 ____D C:\Users\ADMIN\AppData\Roaming\uTorrent
2018-09-18 19:29 - 2018-09-18 19:29 - 000003614 _____ C:\WINDOWS\System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-jmcleod01@blueyonder.co.uk
2018-09-18 01:51 - 2018-09-18 01:51 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-09-17 22:26 - 2018-09-17 23:10 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2018-09-17 22:17 - 2018-09-17 22:17 - 000000207 _____ C:\WINDOWS\tweaking.com-regbackup-3L60BX-Windows-10-Home-(64-bit).dat
2018-09-17 22:17 - 2018-09-17 22:17 - 000000000 ____D C:\RegBackup
2018-09-17 20:12 - 2018-09-05 00:04 - 000835144 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-09-17 20:12 - 2018-09-05 00:04 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-09-17 19:27 - 2018-09-17 19:27 - 000000000 ____D C:\Users\Public\Downloads\Norton
2018-09-17 19:20 - 2018-09-17 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2018-09-17 19:19 - 2018-09-17 19:19 - 000000000 ____D C:\Program Files (x86)\Tweaking.com
2018-09-17 19:18 - 2018-09-17 19:22 - 000194329 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2018-09-17 19:17 - 2018-09-17 19:17 - 038350280 _____ (Tweaking.com) C:\Users\ADMIN\Downloads\tweaking.com_windows_repair_aio_setup.exe
2018-09-17 19:09 - 2018-09-18 19:27 - 000000000 ____D C:\ProgramData\Norton
2018-09-17 19:09 - 2018-09-18 19:27 - 000000000 ____D C:\Program Files (x86)\NortonInstaller
2018-09-17 19:09 - 2018-09-17 19:09 - 000000000 ____D C:\ProgramData\NortonInstaller
2018-09-17 19:09 - 2018-09-17 19:09 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-09-17 18:46 - 2018-08-31 04:42 - 009090016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-09-17 18:46 - 2018-08-31 04:42 - 007520064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-09-17 18:46 - 2018-08-31 04:42 - 007436192 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-09-17 18:46 - 2018-08-31 04:28 - 006570040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-09-17 18:46 - 2018-08-31 04:26 - 025847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-09-17 18:46 - 2018-08-31 04:21 - 022008320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-09-17 18:46 - 2018-08-31 04:20 - 022715904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-09-17 18:46 - 2018-08-31 04:18 - 008189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-09-17 18:46 - 2018-08-31 04:16 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-09-17 18:46 - 2018-08-31 04:15 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-09-17 18:46 - 2018-08-28 08:17 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-09-17 18:46 - 2018-08-09 10:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-09-17 18:46 - 2018-08-09 10:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-09-17 18:46 - 2018-08-09 05:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-09-17 18:46 - 2018-08-09 05:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-09-17 18:46 - 2018-08-03 09:39 - 021389368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-09-17 18:46 - 2018-08-03 09:20 - 004049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-09-17 18:46 - 2018-08-03 08:43 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-09-17 18:46 - 2018-08-03 08:27 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2018-09-17 18:45 - 2018-08-31 08:43 - 001524152 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-09-17 18:45 - 2018-08-31 08:42 - 001636232 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-09-17 18:45 - 2018-08-31 08:24 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-09-17 18:45 - 2018-08-31 08:23 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-09-17 18:45 - 2018-08-31 08:23 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-09-17 18:45 - 2018-08-31 08:22 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-09-17 18:45 - 2018-08-31 08:22 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2018-09-17 18:45 - 2018-08-31 07:55 - 001455960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-09-17 18:45 - 2018-08-31 07:53 - 001327504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-09-17 18:45 - 2018-08-31 07:36 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2018-09-17 18:45 - 2018-08-31 04:44 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-09-17 18:45 - 2018-08-31 04:44 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-09-17 18:45 - 2018-08-31 04:43 - 002719216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-09-17 18:45 - 2018-08-31 04:43 - 000722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-09-17 18:45 - 2018-08-31 04:42 - 002824672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-09-17 18:45 - 2018-08-31 04:42 - 002461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-09-17 18:45 - 2018-08-31 04:42 - 001767064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2018-09-17 18:45 - 2018-08-31 04:42 - 001458552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-09-17 18:45 - 2018-08-31 04:42 - 001258352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-09-17 18:45 - 2018-08-31 04:42 - 001142000 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-09-17 18:45 - 2018-08-31 04:42 - 001097720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-09-17 18:45 - 2018-08-31 04:42 - 000983080 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-09-17 18:45 - 2018-08-31 04:42 - 000632296 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpx.dll
2018-09-17 18:45 - 2018-08-31 04:28 - 006043680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-09-17 18:45 - 2018-08-31 04:28 - 001989496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-09-17 18:45 - 2018-08-31 04:28 - 001514352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2018-09-17 18:45 - 2018-08-31 04:28 - 001129728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-09-17 18:45 - 2018-08-31 04:28 - 000453104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpx.dll
2018-09-17 18:45 - 2018-08-31 04:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-09-17 18:45 - 2018-08-31 04:16 - 004382720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-09-17 18:45 - 2018-08-31 04:15 - 004866560 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-09-17 18:45 - 2018-08-31 04:15 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-09-17 18:45 - 2018-08-31 04:15 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-09-17 18:45 - 2018-08-31 04:14 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-09-17 18:45 - 2018-08-31 04:14 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-09-17 18:45 - 2018-08-31 04:13 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-09-17 18:45 - 2018-08-31 04:11 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-09-17 18:45 - 2018-08-31 04:11 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-09-17 18:45 - 2018-08-31 04:11 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-09-17 18:45 - 2018-08-31 04:11 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-09-17 18:45 - 2018-08-31 04:11 - 000604160 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-09-17 18:45 - 2018-08-31 04:10 - 005777920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-09-17 18:45 - 2018-08-31 04:10 - 003711488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-09-17 18:45 - 2018-08-31 04:10 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-09-17 18:45 - 2018-08-31 04:10 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-09-17 18:45 - 2018-08-31 04:09 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-09-17 18:45 - 2018-08-31 04:07 - 001627648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-09-17 18:45 - 2018-08-28 07:48 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-09-17 18:45 - 2018-08-28 07:45 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedRealitySvc.dll
2018-09-17 18:45 - 2018-08-09 10:16 - 004491264 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-09-17 18:45 - 2018-08-09 10:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-09-17 18:45 - 2018-08-09 10:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-09-17 18:45 - 2018-08-09 10:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2018-09-17 18:45 - 2018-08-09 10:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-09-17 18:45 - 2018-08-09 10:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2018-09-17 18:45 - 2018-08-09 10:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2018-09-17 18:45 - 2018-08-09 10:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2018-09-17 18:45 - 2018-08-09 09:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-09-17 18:45 - 2018-08-09 09:23 - 003397632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-09-17 18:45 - 2018-08-09 09:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-09-17 18:45 - 2018-08-09 09:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-09-17 18:45 - 2018-08-09 06:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-09-17 18:45 - 2018-08-09 06:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll
2018-09-17 18:45 - 2018-08-09 05:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2018-09-17 18:45 - 2018-08-09 05:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2018-09-17 18:45 - 2018-08-09 05:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-09-17 18:45 - 2018-08-09 05:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-09-17 18:45 - 2018-08-09 05:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2018-09-17 18:45 - 2018-08-09 05:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-09-17 18:45 - 2018-08-09 05:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2018-09-17 18:45 - 2018-08-09 05:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-09-17 18:45 - 2018-08-09 05:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-09-17 18:45 - 2018-08-09 05:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2018-09-17 18:45 - 2018-08-09 05:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-09-17 18:45 - 2018-08-09 05:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-09-17 18:45 - 2018-08-09 05:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-09-17 18:45 - 2018-08-09 05:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-09-17 18:45 - 2018-08-09 05:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-09-17 18:45 - 2018-08-09 05:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2018-09-17 18:45 - 2018-08-09 05:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-09-17 18:45 - 2018-08-09 05:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2018-09-17 18:45 - 2018-08-09 05:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-09-17 18:45 - 2018-08-09 05:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-09-17 18:45 - 2018-08-09 05:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-09-17 18:45 - 2018-08-09 05:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-09-17 18:45 - 2018-08-09 05:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-09-17 18:45 - 2018-08-09 05:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-09-17 18:45 - 2018-08-09 05:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-09-17 18:45 - 2018-08-09 05:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-09-17 18:45 - 2018-08-09 05:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2018-09-17 18:45 - 2018-08-09 05:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-09-17 18:45 - 2018-08-09 05:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-09-17 18:45 - 2018-08-03 09:39 - 000790304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-09-17 18:45 - 2018-08-03 08:45 - 000663128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-09-17 18:45 - 2018-08-03 04:40 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-09-17 18:45 - 2018-08-03 04:39 - 000692240 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2018-09-17 18:45 - 2018-08-03 04:38 - 001285536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-09-17 18:45 - 2018-08-03 04:25 - 000539168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2018-09-17 18:45 - 2018-08-03 04:14 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-09-17 18:45 - 2018-08-03 04:11 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-09-17 18:45 - 2018-08-03 04:09 - 001932288 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll
2018-09-17 18:45 - 2018-08-03 04:09 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-09-17 18:45 - 2018-08-03 04:09 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-09-17 18:45 - 2018-08-03 04:08 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-09-17 18:45 - 2018-08-03 04:08 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-09-17 18:45 - 2018-08-03 04:08 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-09-17 18:45 - 2018-08-03 04:06 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-09-17 18:45 - 2018-08-03 04:06 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-09-17 18:45 - 2018-08-03 04:05 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-09-17 18:45 - 2018-08-03 04:05 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-09-17 18:44 - 2018-08-31 08:46 - 000542504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-09-17 18:44 - 2018-08-31 08:45 - 000348328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-09-17 18:44 - 2018-08-31 08:27 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-09-17 18:44 - 2018-08-31 08:27 - 000056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf3216.dll
2018-09-17 18:44 - 2018-08-31 08:26 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-09-17 18:44 - 2018-08-31 08:25 - 000270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2018-09-17 18:44 - 2018-08-31 08:24 - 000482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2018-09-17 18:44 - 2018-08-31 08:24 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-09-17 18:44 - 2018-08-31 07:41 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-09-17 18:44 - 2018-08-31 07:41 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf3216.dll
2018-09-17 18:44 - 2018-08-31 07:40 - 000216576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2018-09-17 18:44 - 2018-08-31 07:37 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-09-17 18:44 - 2018-08-31 07:37 - 000622080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-09-17 18:44 - 2018-08-31 07:37 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-09-17 18:44 - 2018-08-31 04:50 - 000273720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-09-17 18:44 - 2018-08-31 04:50 - 000270648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-09-17 18:44 - 2018-08-31 04:44 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-09-17 18:44 - 2018-08-31 04:44 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-09-17 18:44 - 2018-08-31 04:44 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-09-17 18:44 - 2018-08-31 04:44 - 000076256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-09-17 18:44 - 2018-08-31 04:42 - 000885928 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-09-17 18:44 - 2018-08-31 04:42 - 000604640 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-09-17 18:44 - 2018-08-31 04:42 - 000527328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-09-17 18:44 - 2018-08-31 04:42 - 000494472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2018-09-17 18:44 - 2018-08-31 04:42 - 000155112 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2018-09-17 18:44 - 2018-08-31 04:28 - 000568568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-09-17 18:44 - 2018-08-31 04:28 - 000134936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2018-09-17 18:44 - 2018-08-31 04:15 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-09-17 18:44 - 2018-08-31 04:15 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-09-17 18:44 - 2018-08-31 04:14 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-09-17 18:44 - 2018-08-31 04:14 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-09-17 18:44 - 2018-08-31 04:13 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-09-17 18:44 - 2018-08-31 04:13 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-09-17 18:44 - 2018-08-31 04:12 - 000736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-09-17 18:44 - 2018-08-31 04:11 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-09-17 18:44 - 2018-08-31 04:11 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-09-17 18:44 - 2018-08-31 04:10 - 000889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-09-17 18:44 - 2018-08-31 04:10 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-09-17 18:44 - 2018-08-31 04:10 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2018-09-17 18:44 - 2018-08-31 04:09 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-09-17 18:44 - 2018-08-31 04:08 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-09-17 18:44 - 2018-08-31 04:07 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-09-17 18:44 - 2018-08-31 04:07 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-09-17 18:44 - 2018-08-31 04:06 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-09-17 18:44 - 2018-08-28 07:56 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-09-17 18:44 - 2018-08-28 07:49 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-09-17 18:44 - 2018-08-28 06:51 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-09-17 18:44 - 2018-08-14 03:14 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2018-09-17 18:44 - 2018-08-14 03:14 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-09-17 18:44 - 2018-08-09 10:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-09-17 18:44 - 2018-08-09 10:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2018-09-17 18:44 - 2018-08-09 10:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-09-17 18:44 - 2018-08-09 10:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2018-09-17 18:44 - 2018-08-09 10:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll
2018-09-17 18:44 - 2018-08-09 10:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2018-09-17 18:44 - 2018-08-09 10:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2018-09-17 18:44 - 2018-08-09 10:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-09-17 18:44 - 2018-08-09 10:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-09-17 18:44 - 2018-08-09 10:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2018-09-17 18:44 - 2018-08-09 10:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-09-17 18:44 - 2018-08-09 10:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-09-17 18:44 - 2018-08-09 10:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll
2018-09-17 18:44 - 2018-08-09 10:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll
2018-09-17 18:44 - 2018-08-09 10:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe
2018-09-17 18:44 - 2018-08-09 09:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-09-17 18:44 - 2018-08-09 09:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-09-17 18:44 - 2018-08-09 09:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2018-09-17 18:44 - 2018-08-09 09:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll
2018-09-17 18:44 - 2018-08-09 09:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2018-09-17 18:44 - 2018-08-09 09:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-09-17 18:44 - 2018-08-09 09:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2018-09-17 18:44 - 2018-08-09 09:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2018-09-17 18:44 - 2018-08-09 09:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-09-17 18:44 - 2018-08-09 09:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2018-09-17 18:44 - 2018-08-09 09:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2018-09-17 18:44 - 2018-08-09 09:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2018-09-17 18:44 - 2018-08-09 09:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll
2018-09-17 18:44 - 2018-08-09 09:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe
2018-09-17 18:44 - 2018-08-09 05:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2018-09-17 18:44 - 2018-08-09 05:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-09-17 18:44 - 2018-08-09 05:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2018-09-17 18:44 - 2018-08-09 05:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-09-17 18:44 - 2018-08-09 05:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-09-17 18:44 - 2018-08-09 05:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-09-17 18:44 - 2018-08-09 05:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-09-17 18:44 - 2018-08-09 05:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll
2018-09-17 18:44 - 2018-08-09 05:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2018-09-17 18:44 - 2018-08-09 05:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-09-17 18:44 - 2018-08-09 05:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll
2018-09-17 18:44 - 2018-08-09 05:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll
2018-09-17 18:44 - 2018-08-09 05:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2018-09-17 18:44 - 2018-08-09 05:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-09-17 18:44 - 2018-08-09 05:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-09-17 18:44 - 2018-08-09 05:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2018-09-17 18:44 - 2018-08-09 05:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-09-17 18:44 - 2018-08-09 05:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-09-17 18:44 - 2018-08-09 05:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-09-17 18:44 - 2018-08-09 05:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2018-09-17 18:44 - 2018-08-09 05:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2018-09-17 18:44 - 2018-08-09 05:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll
2018-09-17 18:44 - 2018-08-09 05:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2018-09-17 18:44 - 2018-08-09 05:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-09-17 18:44 - 2018-08-09 05:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe
2018-09-17 18:44 - 2018-08-09 05:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2018-09-17 18:44 - 2018-08-09 05:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll
2018-09-17 18:44 - 2018-08-09 05:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2018-09-17 18:44 - 2018-08-09 05:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-09-17 18:44 - 2018-08-09 05:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll
2018-09-17 18:44 - 2018-08-09 05:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2018-09-17 18:44 - 2018-08-09 05:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-09-17 18:44 - 2018-08-09 04:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls
2018-09-17 18:44 - 2018-08-09 04:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls
2018-09-17 18:44 - 2018-08-03 09:25 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-09-17 18:44 - 2018-08-03 09:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-09-17 18:44 - 2018-08-03 09:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2018-09-17 18:44 - 2018-08-03 08:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-09-17 18:44 - 2018-08-03 08:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2018-09-17 18:44 - 2018-08-03 08:30 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-09-17 18:44 - 2018-08-03 04:47 - 000128920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2018-09-17 18:44 - 2018-08-03 04:41 - 000061736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-09-17 18:44 - 2018-08-03 04:40 - 000228136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-09-17 18:44 - 2018-08-03 04:40 - 000072800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2018-09-17 18:44 - 2018-08-03 04:39 - 000114080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-09-17 18:44 - 2018-08-03 04:39 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-09-17 18:44 - 2018-08-03 04:39 - 000031648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-09-17 18:44 - 2018-08-03 04:38 - 000115640 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2018-09-17 18:44 - 2018-08-03 04:27 - 000061032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2018-09-17 18:44 - 2018-08-03 04:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-09-17 18:44 - 2018-08-03 04:14 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll
2018-09-17 18:44 - 2018-08-03 04:12 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-09-17 18:44 - 2018-08-03 04:12 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-09-17 18:43 - 2018-08-31 08:25 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2018-09-17 18:43 - 2018-08-31 04:17 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-09-17 18:43 - 2018-08-31 04:17 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\netevent.dll
2018-09-17 18:43 - 2018-08-31 04:14 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-09-17 18:43 - 2018-08-31 04:12 - 000020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netevent.dll
2018-09-17 18:43 - 2018-08-31 04:10 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-09-17 18:43 - 2018-08-31 04:10 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-09-17 18:43 - 2018-08-31 02:57 - 000001308 _____ C:\WINDOWS\system32\tcbres.wim
2018-09-17 18:43 - 2018-08-09 10:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-09-17 18:43 - 2018-08-09 10:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2018-09-17 18:43 - 2018-08-09 10:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-09-17 18:43 - 2018-08-09 10:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-09-17 18:43 - 2018-08-09 09:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2018-09-17 18:43 - 2018-08-09 09:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll
2018-09-17 18:43 - 2018-08-09 05:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-09-17 18:43 - 2018-08-09 05:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2018-09-17 18:43 - 2018-08-09 05:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-09-17 18:43 - 2018-08-09 05:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2018-09-17 18:43 - 2018-08-03 09:24 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2018-09-17 18:43 - 2018-08-03 04:17 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-09-17 18:43 - 2018-08-03 04:10 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2018-09-17 18:34 - 2018-09-18 19:33 - 000000000 ____D C:\Program Files (x86)\uTorrent
2018-09-17 18:33 - 2018-09-17 18:33 - 000399224 _____ (BitTorrent, Inc.) C:\Users\ADMIN\Downloads\utorrent_2.2.1.exe
2018-09-15 17:24 - 2018-09-15 17:26 - 000000000 ____D C:\Users\ADMIN\Downloads\www.scenetime.com - Fear.The.Walking.Dead.S04E12.WEB.x264-eSc
2018-09-15 17:20 - 2018-09-15 17:24 - 000000000 ____D C:\Users\ADMIN\Downloads\Fear.the.Walking.Dead.S04E10.HDTV.x264-SVA[ettv]
2018-09-15 17:14 - 2018-09-15 17:18 - 000000000 ____D C:\Users\ADMIN\Downloads\Fear.the.Walking.Dead.S04E09.HDTV.x264-SVA[ettv]
2018-09-15 17:09 - 2018-09-15 17:09 - 000000000 ____D C:\Users\ADMIN\Downloads\Fear.the.Walking.Dead.S04E11.HDTV.x264-SVA[ettv]
2018-09-15 15:38 - 2018-09-15 15:39 - 000000000 ____D C:\Users\ADMIN\AppData\LocalLow\BitTorrent
2018-09-15 14:43 - 2018-09-15 15:41 - 000000000 ____D C:\Users\ADMIN\AppData\Roaming\BitTorrent
2018-09-15 14:37 - 2018-09-15 14:37 - 000000000 ____D C:\Users\ADMIN\AppData\LocalLow\uTorrent
2018-09-15 14:07 - 2018-09-15 14:10 - 322011926 _____ C:\Users\ADMIN\Downloads\Fear.The.Walking.Dead.S04E13.WEBRip.x264-ETRG[eztv].mkv
2018-09-15 13:27 - 2018-09-15 13:23 - 000379608 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-09-14 22:31 - 2018-09-14 22:48 - 000000000 ____D C:\Users\ADMIN\AppData\Roaming\BitComet
2018-09-14 20:32 - 2018-09-14 20:32 - 000000000 ____D C:\Users\ADMIN\AppData\Local\mbam
2018-09-14 18:22 - 2018-09-14 18:28 - 1165232732 _____ C:\Users\ADMIN\Downloads\American.Horror.Story.S08E01.720p.HDTV.x264-AVS[eztv].mkv
2018-09-14 18:18 - 2018-09-14 18:18 - 000000000 ___HD C:\$AV_ASW

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-09-19 19:31 - 2018-06-23 17:06 - 000000000 ____D C:\Users\ADMIN\AppData\Local\CrashDumps
2018-09-19 19:23 - 2016-11-21 19:57 - 000000000 ____D C:\Users\ADMIN\AppData\LocalLow\Mozilla
2018-09-19 19:04 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-09-19 19:03 - 2018-05-07 00:06 - 000000000 ____D C:\Users\ADMIN\AppData\Local\AVAST Software
2018-09-19 19:03 - 2013-12-29 03:14 - 000000000 ____D C:\Users\ADMIN\Documents\Outlook Files
2018-09-18 21:05 - 2013-12-22 01:29 - 000000000 ____D C:\Users\ADMIN\AppData\Roaming\vlc
2018-09-18 20:54 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-09-18 20:45 - 2018-05-06 23:23 - 000000000 ____D C:\Users\ADMIN\AppData\Local\ElevatedDiagnostics
2018-09-18 20:11 - 2014-01-31 21:56 - 000000000 ____D C:\Users\ADMIN\AppData\Local\Downloaded Installations
2018-09-18 07:30 - 2018-06-10 21:55 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-09-18 01:58 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-09-18 01:54 - 2018-06-10 22:26 - 000774004 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-09-18 01:50 - 2018-06-10 21:55 - 000426600 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-09-18 01:49 - 2018-06-10 22:54 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-09-18 01:49 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-09-17 23:09 - 2013-11-26 12:34 - 000000000 ____D C:\Users\ADMIN\Documents\Jims SD Card stuff
2018-09-17 22:24 - 2017-09-30 17:41 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-09-17 21:03 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-09-17 20:13 - 2015-10-01 21:45 - 000000000 ___RD C:\Users\ADMIN\3D Objects
2018-09-17 20:13 - 2013-10-23 08:49 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-09-17 20:09 - 2016-04-18 21:17 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-09-17 20:09 - 2015-12-14 00:32 - 000000000 ____D C:\Users\ADMIN\AppData\Local\FlickrUploadrWindows
2018-09-17 20:09 - 2014-02-04 23:08 - 000000000 ____D C:\Program Files\SUPERAntiSpyware
2018-09-17 20:09 - 2013-10-22 18:32 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-09-17 20:06 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-09-17 20:06 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-09-17 20:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-09-17 20:05 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-09-17 20:05 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-09-17 20:05 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-09-17 20:05 - 2018-04-12 00:38 - 000000000 ___RD C:\Program Files\Windows Defender
2018-09-17 20:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-09-17 20:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-09-17 20:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-09-17 20:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-09-17 20:05 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-09-17 20:05 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-09-17 20:02 - 2018-04-12 00:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-09-17 20:02 - 2018-04-11 22:04 - 000065536 _____ C:\WINDOWS\system32\config\ELAM
2018-09-17 19:43 - 2018-06-10 22:03 - 000002411 _____ C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-09-17 19:43 - 2013-11-08 01:07 - 000000000 __RDO C:\Users\ADMIN\SkyDrive
2018-09-17 19:41 - 2013-10-26 22:05 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-09-17 19:16 - 2013-10-26 22:05 - 139184408 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-09-17 19:04 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-09-15 18:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-09-15 18:14 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-09-15 15:16 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-09-15 13:58 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-09-15 13:55 - 2018-03-06 02:27 - 000000000 ____D C:\Users\ADMIN\AppData\Local\Packages
2018-09-15 13:54 - 2018-06-19 18:47 - 000000000 ____D C:\Users\ADMIN\AppData\Local\D3DSCache
2018-09-15 13:47 - 2018-04-05 15:37 - 000215920 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-09-15 13:47 - 2018-04-05 15:37 - 000163392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-09-15 13:46 - 2018-04-05 15:37 - 000467320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-09-15 13:44 - 2018-04-05 15:37 - 000087904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-09-15 13:31 - 2018-05-27 22:09 - 000000000 ____D C:\Users\ADMIN\Downloads\µTorrent Pro v3.4.2 build v38397 Incl. Crack [TechTools.net]
2018-09-15 13:23 - 2018-04-05 15:37 - 000381560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-09-15 13:23 - 2018-04-05 15:37 - 000199712 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-09-15 13:23 - 2018-04-05 15:37 - 000111864 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-09-15 13:23 - 2018-04-05 15:37 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-09-15 13:23 - 2013-10-22 18:32 - 000001170 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-09-15 13:21 - 2018-04-05 15:37 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-09-15 13:21 - 2018-04-05 15:37 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-09-15 13:21 - 2018-04-05 15:37 - 000249016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-09-15 13:21 - 2018-04-05 15:37 - 000229384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-09-15 13:21 - 2018-04-05 15:37 - 000201320 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-09-15 13:21 - 2018-04-05 15:37 - 000059568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-09-15 03:15 - 2018-04-05 17:05 - 000001990 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-09-15 02:24 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-09-15 02:24 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-09-15 02:24 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-09-15 02:20 - 2013-10-22 18:43 - 000563832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-09-15 02:19 - 2018-06-10 22:03 - 000000000 ____D C:\Users\smcle_000
2018-09-15 02:19 - 2018-06-10 22:03 - 000000000 ____D C:\Users\Administrator
2018-09-15 02:19 - 2018-06-10 22:03 - 000000000 ____D C:\Users\ADMIN
2018-09-15 02:18 - 2016-06-09 19:38 - 000000000 ____D C:\Program Files\CCleaner
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-09-15 02:05 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-09-15 02:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-09-15 02:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-09-15 02:05 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-09-15 02:04 - 2018-04-12 10:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-09-15 02:04 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-09-15 02:03 - 2018-06-10 22:54 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-09-15 02:03 - 2018-04-12 10:15 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-09-15 02:03 - 2018-04-12 10:15 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-09-15 02:03 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SystemResources
2018-09-15 02:03 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\schemas
2018-09-15 02:03 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-09-15 02:03 - 2018-04-11 22:04 - 000000000 ____D C:\WINDOWS\servicing
2018-09-15 02:02 - 2018-08-05 21:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-09-15 02:02 - 2017-09-30 18:42 - 000000000 ____D C:\Users\ADMIN\AppData\Local\ConnectedDevicesPlatform
2018-09-15 02:02 - 2015-12-14 00:32 - 000000000 ____D C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flickr
2018-09-15 02:02 - 2015-10-01 21:24 - 000000000 ____D C:\Users\ADMIN\AppData\LocalLow\Oracle
2018-09-15 02:02 - 2013-08-25 18:11 - 000000000 ____D C:\Program Files\Lenovo
2018-09-15 00:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-09-14 23:46 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\registration
2018-09-14 23:27 - 2015-10-01 21:33 - 000000000 ____D C:\Users\ADMIN\AppData\LocalLow\Sun
2018-09-14 23:26 - 2014-09-07 18:29 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-09-14 23:26 - 2013-08-25 18:22 - 000000000 ____D C:\ProgramData\Lenovo
2018-09-14 23:22 - 2018-08-11 14:28 - 000000000 __RHD C:\MSOCache

==================== Files in the root of some directories =======

2018-06-03 14:20 - 2018-06-03 14:20 - 000000096 _____ () C:\Users\ADMIN\AppData\Roaming\settings.xml
2017-12-05 00:14 - 2017-12-05 00:14 - 000489948 _____ () C:\Users\ADMIN\AppData\Local\ars.cache
2017-12-05 00:17 - 2017-12-05 00:17 - 000691411 _____ () C:\Users\ADMIN\AppData\Local\census.cache
2017-12-04 22:46 - 2017-12-04 22:46 - 000000036 _____ () C:\Users\ADMIN\AppData\Local\housecall.guid.cache
2013-11-14 15:48 - 2014-06-04 18:41 - 000000369 _____ () C:\Users\ADMIN\AppData\Local\RegisteredPackageInformation.xml
2013-12-18 00:48 - 2018-06-08 21:36 - 000007623 _____ () C:\Users\ADMIN\AppData\Local\resmon.resmoncfg
2017-12-04 23:25 - 2017-12-04 23:25 - 000000010 _____ () C:\Users\ADMIN\AppData\Local\sponge.last.runtime.cache

Some files in TEMP:
====================
2018-09-18 19:27 - 2018-09-17 19:09 - 001536592 _____ (Symantec Corporation) C:\Users\ADMIN\AppData\Local\Temp\{397E31AA-0D78-4649-A01C-339D73A2ED35}_NSS__{1173AF84-2216-49BC-B2DE-ABFA168809DC}.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-10 21:55

==================== End of FRST.txt ============================

 

 

ADDITION.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
Ran by ADMIN (19-09-2018 19:46:43)
Running from C:\Users\ADMIN\Downloads
Windows 10 Home Version 1803 17134.285 (X64) (2018-06-10 21:56:28)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

ADMIN (S-1-5-21-1606855114-3203990875-874764488-1002 - Administrator - Enabled) => C:\Users\ADMIN
Administrator (S-1-5-21-1606855114-3203990875-874764488-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1606855114-3203990875-874764488-503 - Limited - Disabled)
Guest (S-1-5-21-1606855114-3203990875-874764488-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1606855114-3203990875-874764488-1014 - Limited - Enabled)
smcle_000 (S-1-5-21-1606855114-3203990875-874764488-1005 - Limited - Enabled) => C:\Users\smcle_000
WDAGUtilityAccount (S-1-5-21-1606855114-3203990875-874764488-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20058 - Adobe Systems Incorporated)
Adobe Flash Player 31 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 31.0.0.108 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 2.1 64-bit (HKLM\...\{38FA7C5F-914D-4725-ACF2-2FD940AD0BF9}) (Version: 2.1.1 - Adobe)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{02054CB4-661A-C582-0F83-E966ADFB8289}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.6.2349 - AVAST Software)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MG3100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3100_series) (Version:  - Canon Inc.)
Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)
Conexant SmartAudio (HKLM\...\SAII) (Version: 6.0.224.0 - Conexant Systems)
Dependency Package Update (HKLM\...\{FFED38DF-94DC-4FF9-96C1-A6990EDA6B03}) (Version: 1.6.25.00 - Lenovo Inc.) Hidden
Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.11 - Lenovo)
Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.25.00 - Lenovo Group Limited)
Lenovo Dependency Package (HKLM-x32\...\Lenovo Dependency Package_is1) (Version: 1.6.17.0 - Lenovo Group Limited)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10236 - Realtek Semiconductor Corp.)
Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 6.3.9600.11105 - Realtek Semiconductor Corp.)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1519 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1519 - CyberLink Corp.)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)
Lenovo Solution Center (HKLM\...\{06913C0C-88EB-42AF-9D94-3E9136CEE9BC}) (Version: 3.6.002.003 - Lenovo)
Malwarebytes version 3.5.1.2522 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.5.1.2522 - Malwarebytes)
Metric Collection SDK (HKLM-x32\...\{DDAA788F-52E6-44EA-ADB8-92837B11BF26}) (Version: 1.1.0005.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\OneDriveSetup.exe) (Version: 18.151.0729.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\OneDriveSetup.exe) (Version: 18.151.0729.0006 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1606855114-3203990875-874764488-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190423082\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 62.0 (x64 en-US) (HKLM\...\Mozilla Firefox 62.0 (x64 en-US)) (Version: 62.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 62.0.0.6816 - Mozilla)
MSVC80_x64_v2 (HKLM\...\{4D668D4F-FAA2-4726-834C-31F4614F312E}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (HKLM-x32\...\{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}) (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (HKLM\...\{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}) (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (HKLM-x32\...\{AF111648-99A1-453E-81DD-80DBBF6DAD0D}) (Version: 1.0.1.2 - Nokia) Hidden
OEM Application Profile (HKLM-x32\...\{C89A97B6-F991-EBB5-77B7-927BCF420EBE}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Port Forward Network Utilities (HKLM-x32\...\{4C345FED-92FF-4F24-AD0E-F114F4216DC7}) (Version: 3.0.36 - Portforward, LLC)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.220 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.16 - Qualcomm Atheros Communications Inc.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1224 - SUPERAntiSpyware.com)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 4.1.1 - Tweaking.com)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{E345A108-D9E8-456B-9550-435132D5C9CE}) (Version: 2.13.0.0 - Microsoft Corporation)
UpdateAssistant (HKLM-x32\...\{035FFC43-55D6-4F5C-BCC5-21FED122C8B4}) (Version: 1.11.0.0 - Microsoft Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.4 - VideoLAN)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22391 - Microsoft Corporation)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
Windows Setup Remediations (x64) (KB4023057) (HKLM\...\{5534e02f-0f5d-40dd-ba92-bea38d22384d}.sdb) (Version:  - )
WinZip 18.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DF}) (Version: 18.0.10661 - WinZip Computing, S.L. )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-09-15] (AVAST Software)
ShellIconOverlayIdentifiers: [SugarSyncBackedUp] -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncPending] -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncRoot] -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ShellIconOverlayIdentifiers: [SugarSyncShared] -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-09-15] (AVAST Software)
ContextMenuHandlers1: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-09-15] (AVAST Software)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-10-23] (WinZip Computing, S.L.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\atiacm64.dll [2015-07-28] (Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-09-15] (AVAST Software)
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2018-05-09] (Malwarebytes)
ContextMenuHandlers6: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [SugarSync] -> {305BC11B-5175-492B-B569-866547FCDA40} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll [2012-05-14] (SugarSync, Inc.)
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2013-10-23] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {109EEBB5-32C8-40CC-A45E-29D3D2D389D9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1AB1C6FC-9BE5-4A6C-8287-07F42284C23B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {1B5DFBDE-1212-4C0C-9B8D-5E41F9AD3ECE} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 => C:\Program Files (x86)\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2015-07-01] (Lenovo)
Task: {2A2741AA-F211-4B95-A64F-405D8EDFF6B2} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\Lenovo\Lenovo Solution Center\App\LSC.Services.UpdateStatusService.exe [2017-06-09] ()
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3B96AEA7-F94A-4316-9D5E-1559EA19E8C0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {40741D9C-D73E-42BA-AF31-4F0A10E3EDF8} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-09-17] (AVAST Software)
Task: {57B4B489-D3AD-48FF-937C-CCD4E757A45F} - System32\Tasks\AdobeGCInvoker-1.0-MicrosoftAccount-jmcleod01@blueyonder.co.uk => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [2018-05-11] (Adobe Systems, Incorporated)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6853C19E-A91C-4EEF-81EB-798435A3EEE0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {6B692A34-D3ED-4B9F-B24F-720CF34F68C5} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe
Task: {79C69EB9-DB84-4365-B0DB-1CBA1D3A46A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {86624D4C-94BB-4DB8-B98A-EC39254C98F2} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2017-06-09] (Lenovo)
Task: {A188C018-70F5-43B4-9676-C57A14199EAA} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"
Task: {A997339F-60C7-4F8F-8307-7DFF79FF1CAF} - System32\Tasks\Microsoft\Windows\PLA\CPU QUAD => C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "CPU QUAD" "$(Arg0)"
Task: {B740DBCE-9335-4298-851D-BC952F02B7A0} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {B7D49614-F80F-4DDC-B587-4C8787D6E647} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C171A2FA-598D-4C0D-97D6-37FFC741424D} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe
Task: {C5A5BF3C-7836-4E7A-AFA7-7B10E6FB0143} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D4ED31D2-A4C1-4266-98F4-CEE5C8231970} - System32\Tasks\Lenovo\LSC\Lenovo Solution Center Notifications => C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe [2017-06-09] (Lenovo)
Task: {DD09B7C9-2C1B-4AD4-B227-10FD08165A71} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DD493669-74D1-495F-9E27-67302CA2F451} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E9D969F1-5161-48CB-85BC-1CF45E9E1EB1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EECF1F65-EF0A-44A0-B4C5-64A0DACFE2F2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F2D58789-5C59-400D-B10D-376E992CB4A6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2015-07-28 22:45 - 2015-07-28 22:45 - 000127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2018-08-05 21:12 - 2018-06-18 13:32 - 002433744 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2013-04-25 01:11 - 2013-04-25 01:11 - 000103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2010-01-21 01:40 - 2010-01-21 01:40 - 008794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 004254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2018-09-17 18:45 - 2018-08-31 04:12 - 002185728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-05 15:36 - 2018-04-05 15:36 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-09-15 13:22 - 2018-09-15 13:22 - 000575704 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:AF4CCAAD [282]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\camsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\dps => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\lfsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\semgrsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\shellhwdetection => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TokenBroker => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2018-09-19 19:05 - 000000856 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190405451\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190406998\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\Control Panel\Desktop\\Wallpaper -> C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
HKU\S-1-5-21-1606855114-3203990875-874764488-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190414050\Control Panel\Desktop\\Wallpaper -> C:\windows\Web\Wallpaper\Lenovo\LenovoWallPaper.jpg
HKU\S-1-5-21-1606855114-3203990875-874764488-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190423082\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 77.234.40.79 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "RtsFT"
HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"
HKLM\...\StartupApproved\Run: => "EnergyUtility"
HKLM\...\StartupApproved\Run: => "Energy Management"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "WinZip UN"
HKLM\...\StartupApproved\Run: => "WinZip PreLoader"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "UpdateP2GShortCut"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "RestartNeroSetup"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "RtsFT"
HKLM\...\StartupApproved\Run32: => "ETDCtrl"
HKLM\...\StartupApproved\Run32: => "AdobeGCInvoker-1.0"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "NokiaSuite.exe"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "Power2GoExpress"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "Amazon Cloud Player"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "KiesPreload"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "KiesAirMessage"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "NokiaSuite.exe"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "Power2GoExpress"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "AppEx Accelerator UI"
HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{C668C1F4-3626-4FFF-8384-4C6C04F84F27}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{59D1CAE0-BCEC-438B-BB65-D2D108C155DC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2A6EF941-BF28-413E-B8E2-17B42A2DEA3E}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{0162A83D-847B-486D-91ED-96331709C9A9}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [TCP Query User{C00C0607-9C84-4D7D-8490-43180A1BD4F2}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{B2EE5BD1-96FC-41AE-96FB-AEE061C35FC2}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Allow) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{24BA19E0-6149-4409-BDE7-32584FF44B57}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{D42CBCB3-C074-43C9-8F9B-A6EF43A3C080}] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{ABE24984-33A3-4B90-94C7-0311A03A8878}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{4F6D12CC-72DC-4582-B8FF-1BA52E44654F}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{861F5618-D6BE-47F6-8162-AACD7DECDC89}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{2AD630C5-B3BE-4E22-A5AE-234DFA2EB6DE}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{99D416BA-E2E3-42A8-833A-BF00A6EDB178}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{AA09AB5B-7F68-4DB9-A1DE-59566D05E6FE}] => (Allow) C:\Program Files\qBittorrent\qbittorrent.exe
FirewallRules: [{A3EB6909-16B5-4C29-A61E-A74C98BD758A}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{946FC454-B42F-4867-A3DF-427F72ADA57F}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{93833FB8-4FAA-43D8-B061-33DF52E232A7}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{92BD682C-F19D-4689-BECC-1DBC22127BCD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe

==================== Restore Points =========================

14-09-2018 19:15:46 Windows Update
14-09-2018 23:02:11 Restore Operation

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/19/2018 07:31:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uTorrent.exe, version: 2.2.1.25110, time stamp: 0x4d78393f
Faulting module name: GDI32.dll, version: 10.0.17134.285, time stamp: 0x40f0d4bd
Exception code: 0xc000041d
Fault offset: 0x000063d7
Faulting process id: 0x1088
Faulting application start time: 0x01d45046da88a688
Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe
Faulting module path: C:\WINDOWS\System32\GDI32.dll
Report Id: e1b997a8-b5c1-410b-be05-8ef8481b9211
Faulting package full name:
Faulting package-relative application ID:

Error: (09/19/2018 07:28:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uTorrent.exe, version: 2.2.1.25110, time stamp: 0x4d78393f
Faulting module name: GDI32.dll, version: 10.0.17134.285, time stamp: 0x40f0d4bd
Exception code: 0xc000041d
Fault offset: 0x000063d7
Faulting process id: 0x23d0
Faulting application start time: 0x01d45046133f3be4
Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe
Faulting module path: C:\WINDOWS\System32\GDI32.dll
Report Id: 25eac490-eac2-4199-8b92-7338ef9f0b3f
Faulting package full name:
Faulting package-relative application ID:

Error: (09/19/2018 07:22:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uTorrent.exe, version: 2.2.1.25110, time stamp: 0x4d78393f
Faulting module name: GDI32.dll, version: 10.0.17134.285, time stamp: 0x40f0d4bd
Exception code: 0xc000041d
Fault offset: 0x000063d7
Faulting process id: 0x1ffc
Faulting application start time: 0x01d450437fa657f9
Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe
Faulting module path: C:\WINDOWS\System32\GDI32.dll
Report Id: 8dc4c625-fa74-49b8-aaa2-4b1a6601f3e3
Faulting package full name:
Faulting package-relative application ID:

Error: (09/18/2018 08:50:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uTorrent.exe, version: 2.2.1.25110, time stamp: 0x4d78393f
Faulting module name: GDI32.dll, version: 10.0.17134.285, time stamp: 0x40f0d4bd
Exception code: 0xc000041d
Fault offset: 0x000063d7
Faulting process id: 0x1c5c
Faulting application start time: 0x01d44f83bd2aa64a
Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe
Faulting module path: C:\WINDOWS\System32\GDI32.dll
Report Id: c23ff53f-0092-48e1-86e0-3f8f6bf87024
Faulting package full name:
Faulting package-relative application ID:

Error: (09/18/2018 08:13:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uTorrent.exe, version: 2.2.1.25110, time stamp: 0x4d78393f
Faulting module name: GDI32.dll, version: 10.0.17134.285, time stamp: 0x40f0d4bd
Exception code: 0xc000041d
Fault offset: 0x000063d7
Faulting process id: 0x1dd0
Faulting application start time: 0x01d44f8291c0374d
Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe
Faulting module path: C:\WINDOWS\System32\GDI32.dll
Report Id: 23e8116b-5d97-4635-8e59-6cceb620715b
Faulting package full name:
Faulting package-relative application ID:

Error: (09/18/2018 07:57:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: uTorrent.exe, version: 2.2.1.25110, time stamp: 0x4d78393f
Faulting module name: GDI32.dll, version: 10.0.17134.285, time stamp: 0x40f0d4bd
Exception code: 0xc000041d
Fault offset: 0x000063d7
Faulting process id: 0xd8c
Faulting application start time: 0x01d44f7e19ff9f07
Faulting application path: C:\Program Files (x86)\uTorrent\uTorrent.exe
Faulting module path: C:\WINDOWS\System32\GDI32.dll
Report Id: c239c859-ba60-4d2e-b6e5-75ebc44e42ff
Faulting package full name:
Faulting package-relative application ID:

Error: (09/18/2018 12:41:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: 3L60BX)
Description: Installing the performance counter strings for service .NET CLR Data () failed. The first DWORD in the Data section contains the error code.

Error: (09/18/2018 12:41:45 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3009) (User: 3L60BX)
Description: Installing the performance counter strings for service .NET CLR Networking () failed. The first DWORD in the Data section contains the error code.


System errors:
=============
Error: (09/19/2018 07:07:49 PM) (Source: DCOM) (EventID: 10016) (User: 3L60BX)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user 3L60BX\ADMIN SID (S-1-5-21-1606855114-3203990875-874764488-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (09/19/2018 07:03:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/19/2018 07:02:15 PM) (Source: DCOM) (EventID: 10016) (User: 3L60BX)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user 3L60BX\ADMIN SID (S-1-5-21-1606855114-3203990875-874764488-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (09/19/2018 07:01:48 PM) (Source: DCOM) (EventID: 10016) (User: 3L60BX)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 and APPID
{8BC3F05E-D86B-11D0-A075-00C04FB68820}
 to the user 3L60BX\ADMIN SID (S-1-5-21-1606855114-3203990875-874764488-1002) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.ContentDeliveryManager_10.0.17134.1_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-350187224-1905355452-1037786396-3028148496-2624191407-3283318427-1255436723). This security permission can be modified using the Component Services administrative tool.

Error: (09/19/2018 07:01:27 PM) (Source: DCOM) (EventID: 10010) (User: 3L60BX)
Description: The server {58598185-CF77-4407-B011-0C8282EF681F} did not register with DCOM within the required timeout.

Error: (09/19/2018 07:01:09 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (09/19/2018 06:59:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (09/19/2018 06:59:09 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-09-15 02:26:07.090
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.103.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80240022
Error description: The program can't check for definition updates.

Date: 2018-09-15 02:26:07.089
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.265.103.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14700.5
Error code: 0x80240022
Error description: The program can't check for definition updates.

CodeIntegrity:
===================================

Date: 2018-09-15 02:08:18.306
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\drivers\netbt.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: AMD A6-5200 APU with Radeon™ HD Graphics
Percentage of memory in use: 77%
Total physical RAM: 3529.26 MB
Available physical RAM: 799.06 MB
Total Virtual: 4866.26 MB
Available Virtual: 1710.88 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:890.79 GB) (Free:627.94 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.26 GB) NTFS

\\?\Volume{40bac718-c979-4f6b-ae25-57bf0ff67c66}\ (WINRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.68 GB) NTFS
\\?\Volume{efb560e7-7576-477a-89da-7d677088511f}\ () (Fixed) (Total:0.97 GB) (Free:0.45 GB) NTFS
\\?\Volume{bfbe35e9-2054-4d52-8fc3-1deb53882de1}\ () (Fixed) (Total:0.34 GB) (Free:0.31 GB) NTFS
\\?\Volume{abeb5ad1-ae60-41df-8a23-90ebd4a4a705}\ (PBR_DRV) (Fixed) (Total:12.08 GB) (Free:1.04 GB) NTFS
\\?\Volume{ec518033-b7b7-4b6b-b38d-6ebf696af75f}\ (SYSTEM_DRV) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 1FF27199)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

 

 

Cheers,

 

Jim



#6 polskamachina

polskamachina

  • Malware Response Team
  • 4,004 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 19 September 2018 - 05:57 PM

Hi Jim,
 
Good job posting your logs. :thumbup2:

What follows is some important information that you need to review:

Going over your logs I noticed that you have μTorrent installed.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again. I would recommend that you uninstall μTorrent, however that choice is up to you. Directions for removal are below.

  • Open Computer and click on the Computer tab, then click on Uninstall or Change a Program.
  • A list of programs installed will be populated (this may take a bit of time).
  • Click on µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - ) and select Remove:
  • Additional instructions can be found here if needed.

Next:

 

Highlight the text below in its entirety with your mouse and press Ctrl-C to copy it to your clipboard:

Start::
CreateRestorePoint:
CloseProcesses:
Task: {1AB1C6FC-9BE5-4A6C-8287-07F42284C23B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3B96AEA7-F94A-4316-9D5E-1559EA19E8C0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6853C19E-A91C-4EEF-81EB-798435A3EEE0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {79C69EB9-DB84-4365-B0DB-1CBA1D3A46A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B7D49614-F80F-4DDC-B587-4C8787D6E647} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C5A5BF3C-7836-4E7A-AFA7-7B10E6FB0143} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DD09B7C9-2C1B-4AD4-B227-10FD08165A71} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DD493669-74D1-495F-9E27-67302CA2F451} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E9D969F1-5161-48CB-85BC-1CF45E9E1EB1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EECF1F65-EF0A-44A0-B4C5-64A0DACFE2F2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F2D58789-5C59-400D-B10D-376E992CB4A6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin HKU\S-1-5-21-1606855114-3203990875-874764488-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
FF Plugin HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
Folder: C:\Users\ADMIN\Downloads\µTorrent Pro v3.4.2 build v38397 Incl. Crack [TechTools.net]
Task: {109EEBB5-32C8-40CC-A45E-29D3D2D389D9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:AF4CCAAD [282]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20180917.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20180917.002\EX64.SYS [X]
EmptyTemp:
End::
  • Run FRST64
  • Click on Fix
  • When the fix has completed, please allow your computer to restart
  • After you computer has restarted, the file Fixlog.txt will be created and placed into your Downloads folder
  • Please copy and paste the contents of Fixlog.txt into your next reply to me

Next:

 

Please download AdwCleaner and save it to your Desktop.

  • Right-click AdwCleaner.exe and select Run As Administrator
  • The tool will start to update the database if one is required
  • Click on the Scan button
  • AdwCleaner will begin...be patient as the scan may take some time to complete
  • After the scan has finished, click on the Logfile button
  • A window will open which lists the logs of your scans
  • Click on the Scan tab
  • Double-click the most recent scan which will be at the top of the list....the log will appear
  • Review the results...see note below
  • After reviewing the log, click on the Clean button
  • Press OK when asked to close all programs and follow the onscreen prompts
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report)
  • To open a Cleaning log, launch AdwCleaner, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list
  • Copy and paste the contents of AdwCleaner[CX].txt into your next reply to me
  • A copy of all logfiles are saved to C:\AdwCleaner.
  • -- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep

In summary I will need from you:

  • Whether or not you uninstalled your torrent software
  • Fixlog.txt
  • AdwCleaner[CX].txt
  • How is your computer performing now?

Let me know if you have any questions.

 

polskamachina



#7 Arbedark

Arbedark
  • Topic Starter

  • Members
  • 6 posts
  • ONLINE
  •  
  • Local time:07:54 AM

Posted 19 September 2018 - 06:17 PM

Thank you for the swift reply. It's after midnight here so I will run through your last post tomorrow after work.
I only use uTorrent for tv episodes and the odd film which I get from a single source that I know is safe (not 100% but a lot safer than some) and never use software or games from even here. However I will remove it as you have suggested, I have an old tablet I can install it on that isn't as precious as my laptop.
I will post again tomorrow after everything has been run as noted.
Again thanks for your time in sorting this for me.

Jim

#8 polskamachina

polskamachina

  • Malware Response Team
  • 4,004 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted 19 September 2018 - 10:24 PM

Hi Jim,
 
Thanks for the update and you're welcome for the help. :)
 
Regards,
 
polskamachina



#9 Arbedark

Arbedark
  • Topic Starter

  • Members
  • 6 posts
  • ONLINE
  •  
  • Local time:07:54 AM

Posted 21 September 2018 - 04:27 PM

Hi,

Another late finish at the office !

 

I did not uninstall UTorrent - I started the repair and then realised I had not done this so proceeded without removal.

 

FIXLOG

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15.09.2018
Ran by ADMIN (21-09-2018 21:44:34) Run:1
Running from C:\Users\ADMIN\Downloads\Laptop repair stuff
Loaded Profiles: ADMIN &  (Available Profiles: ADMIN & smcle_000 & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {1AB1C6FC-9BE5-4A6C-8287-07F42284C23B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3B96AEA7-F94A-4316-9D5E-1559EA19E8C0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {6853C19E-A91C-4EEF-81EB-798435A3EEE0} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {79C69EB9-DB84-4365-B0DB-1CBA1D3A46A8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B7D49614-F80F-4DDC-B587-4C8787D6E647} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C5A5BF3C-7836-4E7A-AFA7-7B10E6FB0143} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DD09B7C9-2C1B-4AD4-B227-10FD08165A71} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DD493669-74D1-495F-9E27-67302CA2F451} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E9D969F1-5161-48CB-85BC-1CF45E9E1EB1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EECF1F65-EF0A-44A0-B4C5-64A0DACFE2F2} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F2D58789-5C59-400D-B10D-376E992CB4A6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin HKU\S-1-5-21-1606855114-3203990875-874764488-1002: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
FF Plugin HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File]
ContextMenuHandlers4: [Offline Files] -> {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} =>  -> No File
ContextMenuHandlers6: [BriefcaseMenu] -> {85BBD920-42A0-1069-A2E4-08002B30309D} =>  -> No File
Folder: C:\Users\ADMIN\Downloads\µTorrent Pro v3.4.2 build v38397 Incl. Crack [TechTools.net]
Task: {109EEBB5-32C8-40CC-A45E-29D3D2D389D9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxlctlfudivq`qsp`28hfm [0]
AlternateDataStreams: C:\ProgramData\Temp:AF4CCAAD [282]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20180917.002\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20180917.002\EX64.SYS [X]
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1AB1C6FC-9BE5-4A6C-8287-07F42284C23B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1AB1C6FC-9BE5-4A6C-8287-07F42284C23B}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B96AEA7-F94A-4316-9D5E-1559EA19E8C0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B96AEA7-F94A-4316-9D5E-1559EA19E8C0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6853C19E-A91C-4EEF-81EB-798435A3EEE0}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6853C19E-A91C-4EEF-81EB-798435A3EEE0}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => not found
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{79C69EB9-DB84-4365-B0DB-1CBA1D3A46A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{79C69EB9-DB84-4365-B0DB-1CBA1D3A46A8}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7D49614-F80F-4DDC-B587-4C8787D6E647}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7D49614-F80F-4DDC-B587-4C8787D6E647}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5A5BF3C-7836-4E7A-AFA7-7B10E6FB0143}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5A5BF3C-7836-4E7A-AFA7-7B10E6FB0143}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD09B7C9-2C1B-4AD4-B227-10FD08165A71}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD09B7C9-2C1B-4AD4-B227-10FD08165A71}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD493669-74D1-495F-9E27-67302CA2F451}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD493669-74D1-495F-9E27-67302CA2F451}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9D969F1-5161-48CB-85BC-1CF45E9E1EB1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9D969F1-5161-48CB-85BC-1CF45E9E1EB1}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EECF1F65-EF0A-44A0-B4C5-64A0DACFE2F2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EECF1F65-EF0A-44A0-B4C5-64A0DACFE2F2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F2D58789-5C59-400D-B10D-376E992CB4A6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2D58789-5C59-400D-B10D-376E992CB4A6}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => removed successfully
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => removed successfully
"HKU\S-1-5-21-1606855114-3203990875-874764488-1002\Software\MozillaPlugins\intel.com/AppUp" => removed successfully
"C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll" => not found
FF Plugin HKU\S-1-5-21-1606855114-3203990875-874764488-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-09192018190411347: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [No File] => Error: No automatic fix found for this entry.
"HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\Offline Files" => removed successfully
HKLM\Software\Classes\CLSID\{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => not found
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\BriefcaseMenu" => removed successfully
"HKLM\Software\Classes\CLSID\{85BBD920-42A0-1069-A2E4-08002B30309D}" => removed successfully

========================= Folder: C:\Users\ADMIN\Downloads\µTorrent Pro v3.4.2 build v38397 Incl. Crack [TechTools.net] ========================

2018-09-15 03:10 - 2018-09-15 03:10 - 003502169 ____A [C891340513E25245166C3C101AD90863] () C:\Users\ADMIN\Downloads\µTorrent Pro v3.4.2 build v38397 Incl. Crack [TechTools.net]\µTorrent Pro v3.4.2 build v38397 Incl. Crack [TechTools.net].rar
2018-05-27 22:12 - 2018-09-15 13:33 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\ADMIN\Downloads\µTorrent Pro v3.4.2 build v38397 Incl. Crack [TechTools.net]\µTorrent Pro v3.4.2 build v38397 Incl. Crack [TechTools.net]
2015-01-30 20:08 - 2015-01-30 20:08 - 000000265 ____A [A1BD8AA79AD93CFB1CFF8D027162BE79] () C:\Users\ADMIN\Downloads\µTorrent Pro v3.4.2 build v38397 Incl. Crack [TechTools.net]\µTorrent Pro v3.4.2 build v38397 Incl. Crack [TechTools.net]\_Readme.txt
2015-01-30 20:02 - 2015-01-30 20:02 - 001724752 ____A [F890D485304D73DD8F8753523E25B7E6] (BitTorrent Inc.) C:\Users\ADMIN\Downloads\µTorrent Pro v3.4.2 build v38397 Incl. Crack [TechTools.net]\µTorrent Pro v3.4.2 build v38397 Incl. Crack [TechTools.net]\uTorrent.exe

====== End of Folder: ======

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{109EEBB5-32C8-40CC-A45E-29D3D2D389D9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{109EEBB5-32C8-40CC-A45E-29D3D2D389D9}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => removed successfully
C:\ProgramData\Reprise => ":wupeogjxlctlfudivq`qsp`28hfm" ADS removed successfully
C:\ProgramData\Temp => ":AF4CCAAD" ADS removed successfully
"HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com" => removed successfully
"HKLM\System\CurrentControlSet\Services\NAVENG" => removed successfully
NAVENG => service removed successfully
"HKLM\System\CurrentControlSet\Services\NAVEX15" => removed successfully
NAVEX15 => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14579323 B
Java, Flash, Steam htmlcache => 7783364 B
Windows/system/drivers => 363924 B
Edge => 3779 B
Chrome => 0 B
Firefox => 150569626 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 12262 B
LocalService => 0 B
NetworkService => 79458376 B
NetworkService => 0 B
ADMIN => 23515522 B
smcle_000 => 210154 B
Administrator => 16682 B

RecycleBin => 73075073 B
EmptyTemp: => 340.4 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 21:48:28 ====

 

 

 

AdwCleaner log

 

# -------------------------------
# Malwarebytes AdwCleaner 7.2.3.0
# -------------------------------
# Build:    08-30-2018
# Database:  (Cloud)
# Support:  https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    09-21-2018
# Duration: 00:00:04
# OS:       Windows 10 Home
# Cleaned:  9
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Program Files (x86)\ISAVERA
Deleted       C:\Users\Public\Documents\Downloaded Installers
Deleted       C:\Users\ADMIN\AppData\Local\slimware utilities inc

***** [ Files ] *****

Deleted       C:\Windows\System32\drivers\swdumon.sys

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run|Web Companion
Deleted       HKLM\Software\Wow6432Node\SlimWare Utilities Inc
Deleted       HKCU\Software\Lavasoft\Web Companion
Deleted       HKLM\Software\Wow6432Node\Lavasoft\Web Companion
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1935 octets] - [21/09/2018 22:02:54]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

 

Start up after running cleaner was about 15 seconds faster than before.

Firefox startup was faster by a few seconds

Fan on laptop is not running at max speed

 

Over all I'm happy.

 

Can I ask what was on it that had to be removed or repaired?

 

Cheers again,

 

Jim



#10 polskamachina

polskamachina

  • Malware Response Team
  • 4,004 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted Yesterday, 03:25 PM

Hi Jim :)

Over all I'm happy.
 
Can I ask what was on it that had to be removed or repaired?

It's good to hear that your system is running more efficiently now. :thumbsup:
 
The removed items listed in the AdwCleaner log are usually the ones that can slow down your system. They are objects that usually get installed without your knowledge and can rob you of processing power. Other items I removed were objects pointing to missing files and tasks.
 
One other important point:
 
Your logs show there is evidence of pirated products installed in your system. These pirated programs are a good source of malware infection as you do not know what was included when the original product was patched/pirated.
 
Please perform the following so that I may more accurately assess what threats may remain in your system:

  • Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
  • Important - Save it to your Desktop
  • Right Click CKScanner.exe and select, Run as administrator
  • Give permission if necessary, and click Search For Files
  • After a very short time, when the cursor hourglass disappears, click Save List To File
  • A message box will verify that the file was saved. Please run the program only once
  • Double-click the CKFiles.txt icon on your desktop
  • Copy and paste the contents of the logfile into your next reply to me

In summary I will need from you:

  • CKFiles.txt

Let me know if you have any questions.

 

polskamachina



#11 Arbedark

Arbedark
  • Topic Starter

  • Members
  • 6 posts
  • ONLINE
  •  
  • Local time:07:54 AM

Posted Today, 01:08 AM

Thank you for your quick reply.
Sadly I think we are all guilty of having some pirated material in our lives and although I fully understand your comments about potential unwanted additions, I try to obtain software from sources I know to be "reliable".
I am away from home now until 3rd October so will not be able to run the next scan until I return, however my laptop will not be coming with me so will be unchanged from when I closed it down after the last scan.
I will run the next stage when I return.
Again thank you for taking the time to assist me.

Jim

#12 polskamachina

polskamachina

  • Malware Response Team
  • 4,004 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:11:54 PM

Posted Today, 01:27 AM

Hi Jim :)

 

Thanks for letting me know about your upcoming absence. We'll continue our discussion when you're back home and have time to deal with your computing issues.

 

polskamachina






4 user(s) are reading this topic

2 members, 2 guests, 0 anonymous users


    polskamachina, Arbedark