Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DNS keeps changing


  • Please log in to reply
8 replies to this topic

#1 FortyBelow

FortyBelow

  • Members
  • 5 posts
  • ONLINE
  •  

Posted 08 November 2018 - 04:39 PM

Something keeps changing the DNS on my laptop. I discovered this because I subscribe to a streaming service (DAZN) and after initially being able to use it now I can't access it with my laptop. After some back and forth with their support I ended up on a what's my DNS type of site and it didn't match my ISP. One site shows my ISP and some other DNS not related to them. Avast and Malwarebytes didn't stop or find whatever is doing this.

The network is not configured to a specific DNS, I've flushed the DNS cache a few times, reset Firefox and even refreshed Windows 10 but not long after going online the bad DNS comes back. I've looked in the HKEY registry items but the bad DNS addrees doesn't show up anywhere.

I think my router is ok because my mobile phone and tablet return a good DNS (they can access the streaming service, too). I'm looking for some help to remove or stop whatever is doing this. Thank you.

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,464 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:44 PM

Posted 10 November 2018 - 09:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
 
--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED  
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
  • =======
     
    Download the version of this tool for your operating system.
    and save it to a folder on your computer's Desktop.
    Double-click to run it. When the tool opens click Yes to disclaimer.
    Press Scan button.
    It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
     
    How to attach a file to your reply:
    In the Reply section in the bottom of the topic Click the "more reply Options" button.
    attachlogs.png
     
    Attach the file.
    Select the "Choose a File" navigate to the location of the File.
    Click the file you wish to Attach.
    Click Attach this file.
    Click the Add reply button.
    ===
     
    Please post the logs  for my review.
     
    Wait for further instructions


    #3 FortyBelow

    FortyBelow
    • Topic Starter

    • Members
    • 5 posts
    • ONLINE
    •  

    Posted 10 November 2018 - 03:19 PM

    Thank you, nasdaq.

     

    I ran Hitman and TDSS Killer yesterday, too. One of them recommended I delete a couple of suspicious files and that seemed to get rid of the really suspicious DNS, but still switched me to some random one based in Canada. That changed this afternoon to the one below, which is problematic because it's US based. These DNS addresses run contrary to what my system says is being used. The logs from my moden also indicate DNS name resolution failure a lot and for some time:

     

    From whoismydns.com

    DNS Server 69.64.57.69
    Reverse DNS usloft3500.dedicatedpanel.com
    IP Owner (From ARIN) HEG US Inc.

     

    Here is the Rogue Killer text:

    ____________________________________________________________________

     

    RogueKiller Anti-Malware V13.0.8.0 (x64) [Nov  6 2018] (Free) by Adlice Software
    mail : https://adlice.com/contact/
    Website : https://adlice.com/download/roguekiller/
    Operating System : Windows 10 (10.0.17134) 64 bits
    Started in : Normal mode
    User : Dwazzatech [Administrator]
    Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
    Mode : Standard Scan, Scan -- Date : 2018/11/10 14:12:53 (Duration : 00:21:54)
    Switches : -refid 3

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

     

    ____________________________________________________________________________________________________________________

     

    Farbar Log:

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10.11.2018
    Ran by Dwazzatech (administrator) on DESKTOP-4OLSEV4 (10-11-2018 14:45:01)
    Running from C:\Users\Dwazzatech\Desktop\Technical
    Loaded Profiles: Dwazzatech (Available Profiles: Dwazzatech & Visitor)
    Platform: Windows 10 Home Version 1803 17134.345 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxCUIService.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
    (Intel Corporation) C:\Windows\System32\ibtsiva.exe
    (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHDCPSvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\IntelCpHeciSvc.exe
    (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    (Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
    (Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
    (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\ki127176.inf_amd64_86c658cabfb17c9c\igfxEM.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    (Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
    (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
    () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (Dell Inc.) C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
    (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe
    (PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\pcdrwi.exe
    (Microsoft Corporation) C:\Windows\System32\smartscreen.exe
    (Dell Inc.) C:\Program Files\Dell\DellDataVault\nvapiw.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeApp.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.33.41.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe

    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9244152 2017-09-14] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1502712 2017-09-14] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1502712 2017-09-14] (Realtek Semiconductor)
    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-08] (NVIDIA Corporation)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3885616 2016-03-03] (Dell Inc.)
    HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242392 2018-11-07] (AVAST Software)
    HKLM\...\RunOnce: [PC-Doctor for Windows REBOOT] => [X]

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 207.164.234.129
    Tcpip\..\Interfaces\{8d4f45db-ac14-4f00-a13f-20427c6359ae}: [DhcpNameServer] 172.151.1.174
    Tcpip\..\Interfaces\{a4931da5-1b4f-4583-9707-19346986c767}: [DhcpNameServer] 192.168.2.1 207.164.234.129

    Internet Explorer:
    ==================
    HKU\S-1-5-21-3118672849-2424225153-3529149991-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=DCTE
    HKU\S-1-5-21-3118672849-2424225153-3529149991-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-11-08] (Microsoft Corporation)
    Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-08] (Microsoft Corporation)
    Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-08] (Microsoft Corporation)
    Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-08] (Microsoft Corporation)
    Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-11-08] (Microsoft Corporation)

    FireFox:
    ========
    FF DefaultProfile: 0yfrykb7.default-1541733830319
    FF ProfilePath: C:\Users\Dwazzatech\AppData\Roaming\Mozilla\Firefox\Profiles\0yfrykb7.default-1541733830319 [2018-11-10]
    FF Extension: (Adblock Plus) - C:\Users\Dwazzatech\AppData\Roaming\Mozilla\Firefox\Profiles\0yfrykb7.default-1541733830319\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2018-11-08]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-11-08] (Microsoft Corporation)

    Chrome:
    =======
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AESMService; c:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-09-30] (Intel Corporation)
    R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [8188768 2018-11-07] (AVAST Software)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [325024 2018-11-07] (AVAST Software)
    R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [338632 2018-11-07] (AVAST Software)
    S3 AvastWscReporter; C:\Program Files\AVAST Software\Avast\wsc_proxy.exe [57504 2018-11-07] (AVAST Software)
    R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9667872 2018-10-24] (Microsoft Corporation)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-07] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2018-11-07] (Dropbox, Inc.)
    R2 DDVCollectorSvcApi; C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe [209392 2018-10-22] (Dell Inc.)
    R2 DDVDataCollector; C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe [3347440 2018-10-22] (Dell Inc.)
    R2 DDVRulesProcessor; C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe [218096 2018-10-22] (Dell Inc.)
    R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
    R2 Dell Hardware Support; C:\Program Files\Dell\SupportAssistAgent\PCDr\SupportAssist\6.0.6992.1382\DSAPI.exe [1002816 2018-11-10] (PC-Doctor, Inc.)
    R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [36200 2016-01-11] ()
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237016 2018-03-27] (Dell Inc.)
    R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-08] (NVIDIA Corporation)
    R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [136512 2018-11-08] (SurfRight B.V.)
    S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
    R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [190216 2016-10-14] (Intel Corporation)
    S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
    R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-07-06] (Intel Corporation) [File not signed]
    S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
    S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe [169576 2017-09-14] (Intel)
    S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-07-06] () [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2016-01-21] (Intel Corporation)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6347056 2018-09-19] (Malwarebytes)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-12-02] ()
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-08] (NVIDIA Corporation)
    S3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-08] (NVIDIA Corporation)
    S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-08] (NVIDIA Corporation)
    R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [47144 2017-04-06] (Dell)
    R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [333304 2017-09-14] (Realtek Semiconductor)
    S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
    R2 SupportAssistAgent; C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [38872 2018-10-25] (Dell Inc.)
    R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-11] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [107136 2018-09-20] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2015-12-02] (Intel® Corporation)
    S2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [X]
    R2 NVDisplay.ContainerLocalSystem; "C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe" -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [201408 2018-11-07] (AVAST Software)
    R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [230512 2018-11-07] (AVAST Software)
    R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201928 2018-11-07] (AVAST Software)
    R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346760 2018-11-07] (AVAST Software)
    R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59664 2018-11-07] (AVAST Software)
    R0 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-11-07] (AVAST Software)
    S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [47064 2018-11-07] (AVAST Software)
    R1 aswKbd; C:\WINDOWS\System32\drivers\aswKbd.sys [42456 2018-11-07] (AVAST Software)
    R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [163376 2018-11-07] (AVAST Software)
    R1 aswNetSec; C:\WINDOWS\System32\drivers\aswNetSec.sys [483384 2018-11-07] (AVAST Software)
    R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111968 2018-11-07] (AVAST Software)
    R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [88112 2018-11-07] (AVAST Software)
    R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1028840 2018-11-07] (AVAST Software)
    R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [467904 2018-11-07] (AVAST Software)
    R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [208640 2018-11-07] (AVAST Software)
    R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381144 2018-11-07] (AVAST Software)
    R3 DDDriver; C:\WINDOWS\System32\drivers\dddriver64Dcsa.sys [36400 2018-10-20] (Dell Inc.)
    S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.)
    R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
    R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
    R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
    R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-10-18] (Malwarebytes)
    R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54272 2015-09-21] (Intel Corporation)
    R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [47928 2015-11-04] (Intel)
    R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [250624 2016-10-14] (Intel Corporation)
    R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [135992 2015-11-04] (Intel)
    R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [71992 2015-11-09] (Intel)
    R2 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [198000 2018-11-08] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [119136 2018-11-09] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [63768 2018-11-09] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [260480 2018-11-09] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [111152 2018-11-10] (Malwarebytes)
    R3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-11] (Microsoft Corporation)
    R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623128 2018-04-04] (Intel Corporation)
    R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdm.inf_amd64_2c7c773e20d8bcfa\nvlddmkm.sys [17538080 2018-06-12] (NVIDIA Corporation)
    S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-08] (NVIDIA Corporation)
    S3 NVSWCFilter; C:\WINDOWS\System32\drivers\nvswcfilter.sys [26560 2017-10-10] (Windows ® Win 7 DDK provider)
    R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [50624 2017-10-10] (NVIDIA Corporation)
    S3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-10-10] (NVIDIA Corporation)
    S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
    R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3224576 2017-09-11] (Realtek Semiconductor Corp.)
    U5 rtux64w10; C:\Windows\System32\Drivers\rtux64w10.sys [343808 2015-12-22] (Realtek )
    S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (QUALCOMM Incorporated)
    R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41992 2017-03-31] (Intel Corporation)
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-11] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-11] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-11] (Microsoft Corporation)
    U1 aswbdisk; no ImagePath
    S3 mfesapsn; \??\C:\Program Files\McAfee\WebAdvisor\mfesapsn.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-11-10 14:44 - 2018-11-10 14:45 - 000000000 ____D C:\FRST
    2018-11-10 14:38 - 2018-11-10 14:38 - 000003920 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
    2018-11-10 14:37 - 2018-11-10 14:38 - 000000000 ____D C:\ProgramData\SupportAssist
    2018-11-10 14:37 - 2018-11-10 14:37 - 000000000 ____D C:\ProgramData\Dell Inc
    2018-11-10 14:11 - 2018-11-10 14:43 - 000000000 ____D C:\ProgramData\RogueKiller
    2018-11-10 14:11 - 2018-11-10 14:40 - 000000000 ____D C:\Program Files\RogueKiller
    2018-11-10 14:11 - 2018-11-10 14:11 - 000000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
    2018-11-10 14:11 - 2018-11-10 14:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
    2018-11-10 14:08 - 2018-11-10 14:45 - 000000000 ____D C:\Users\Dwazzatech\Desktop\Technical
    2018-11-10 09:52 - 2018-11-10 09:52 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\CrashDumps
    2018-11-09 15:23 - 2018-11-10 13:59 - 000111152 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2018-11-09 15:23 - 2018-11-09 15:23 - 000260480 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
    2018-11-09 15:23 - 2018-11-09 15:23 - 000119136 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2018-11-09 15:23 - 2018-11-09 15:23 - 000063768 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2018-11-08 22:53 - 2018-11-08 22:53 - 000002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
    2018-11-08 22:53 - 2018-11-08 22:53 - 000002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
    2018-11-08 22:53 - 2018-11-08 22:53 - 000002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
    2018-11-08 22:53 - 2018-11-08 22:53 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
    2018-11-08 22:53 - 2018-11-08 22:53 - 000002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
    2018-11-08 22:53 - 2018-11-08 22:53 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
    2018-11-08 22:53 - 2018-11-08 22:53 - 000002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
    2018-11-08 22:53 - 2018-11-08 22:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
    2018-11-08 22:27 - 2018-11-08 22:27 - 000000000 ____D C:\Program Files (x86)\Dell Customer Connect
    2018-11-08 22:23 - 2018-11-08 22:23 - 000000000 ____D C:\Users\Dwazzatech\Desktop\Old Firefox Data
    2018-11-08 22:14 - 2018-11-08 22:14 - 000002188 _____ C:\WINDOWS\system32\.crusader
    2018-11-08 21:30 - 2018-11-08 21:30 - 000001968 _____ C:\Users\Public\Desktop\HitmanPro.lnk
    2018-11-08 21:30 - 2018-11-08 21:30 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2018-11-08 21:30 - 2018-11-08 21:30 - 000000000 ____D C:\Program Files\HitmanPro
    2018-11-08 21:29 - 2018-11-08 22:14 - 000000000 ____D C:\ProgramData\HitmanPro
    2018-11-08 21:27 - 2018-11-08 21:53 - 000181246 _____ C:\TDSSKiller.3.1.0.17_08.11.2018_21.27.34_log.txt
    2018-11-08 21:26 - 2018-11-08 21:27 - 004949824 _____ (AO Kaspersky Lab) C:\Users\Dwazzatech\Downloads\tdsskiller.exe
    2018-11-08 21:25 - 2018-11-08 21:25 - 011576808 _____ (SurfRight B.V.) C:\Users\Dwazzatech\Downloads\hitmanpro_x64.exe
    2018-11-08 20:53 - 2018-11-08 20:55 - 000000000 ____D C:\WINDOWS\system32\MRT
    2018-11-08 20:53 - 2018-11-08 20:53 - 136745976 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2018-11-08 20:47 - 2018-11-08 20:47 - 000000000 ___HD C:\OneDriveTemp
    2018-11-08 00:46 - 2018-11-08 00:47 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\ElevatedDiagnostics
    2018-11-08 00:18 - 2018-11-08 00:18 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2018-11-08 00:09 - 2018-11-08 00:46 - 000313018 _____ C:\WINDOWS\ntbtlog.txt
    2018-11-07 22:51 - 2018-11-07 22:51 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\mbam
    2018-11-07 22:50 - 2018-11-08 00:10 - 000198000 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys
    2018-11-07 22:50 - 2018-11-07 22:50 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2018-11-07 22:50 - 2018-11-07 22:50 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\mbamtray
    2018-11-07 22:50 - 2018-11-07 22:50 - 000000000 ____D C:\ProgramData\Malwarebytes
    2018-11-07 22:50 - 2018-11-07 22:50 - 000000000 ____D C:\Program Files\Malwarebytes
    2018-11-07 22:50 - 2018-10-18 08:44 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys
    2018-11-07 22:49 - 2018-11-07 22:49 - 079270144 _____ (Malwarebytes ) C:\Users\Dwazzatech\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7735.exe
    2018-11-07 22:20 - 2018-11-10 14:40 - 000000000 ____D C:\Users\Dwazzatech\AppData\Roaming\PCDr
    2018-11-07 21:35 - 2018-11-07 21:43 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\D3DSCache
    2018-11-07 21:29 - 2018-11-07 21:29 - 000000000 ____D C:\WINDOWS\InfusedApps
    2018-11-07 21:29 - 2018-11-07 21:29 - 000000000 ____D C:\Windows.old
    2018-11-07 21:28 - 2018-11-07 21:28 - 000000000 ____D C:\WINDOWS\ServiceProfiles
    2018-11-07 21:27 - 2018-11-07 21:27 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
    2018-11-07 21:27 - 2018-11-07 21:27 - 000000000 ____D C:\WINDOWS\system32\cAVS
    2018-11-07 21:26 - 2018-11-07 21:27 - 000000000 ____D C:\WINDOWS\system32\Intel
    2018-11-07 21:24 - 2018-11-07 21:24 - 000000000 ____D C:\WINDOWS\Firmware
    2018-11-07 21:21 - 2018-11-07 21:21 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
    2018-11-07 21:20 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\Setup
    2018-11-07 21:19 - 2018-11-07 21:19 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\DBG
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\yo-NG
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\wo-SN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\vi-VN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ur-PK
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ug-CN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\tt-RU
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\tk-TM
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ti-ET
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\te-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\sw-KE
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\sq-AL
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\rw-RW
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\quz-PE
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\prs-AF
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\pa-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\or-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\nn-NO
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ne-NP
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\mt-MT
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\mr-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\mn-MN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ml-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\mk-MK
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\lo-LA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\lb-LU
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ky-KG
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\kok-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\kn-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\km-KH
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ka-GE
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\is-IS
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ig-NG
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\id-ID
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\hy-AM
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\gu-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\gd-GB
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ga-IE
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\fil-PH
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\fa-IR
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\cy-GB
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\bn-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\bn-BD
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\be-BY
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\as-IN
    2018-11-07 21:16 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\af-ZA
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\WINDOWS\system32\hi-IN
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\WINDOWS\system32\gl-ES
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\WINDOWS\system32\eu-ES
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\WINDOWS\system32\ca-ES
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\Program Files\Reference Assemblies
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\Program Files\MSBuild
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
    2018-11-07 21:16 - 2018-11-07 21:16 - 000000000 ____D C:\Program Files (x86)\MSBuild
    2018-11-07 21:16 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\OCR
    2018-11-07 21:15 - 2018-11-07 21:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
    2018-11-07 21:15 - 2018-11-07 21:15 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
    2018-11-07 21:15 - 2018-11-07 21:15 - 000000000 ____D C:\WINDOWS\system32\0409
    2018-11-07 21:15 - 2018-11-07 21:15 - 000000000 ____D C:\WINDOWS\DigitalLocker
    2018-11-07 21:15 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
    2018-11-07 21:15 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
    2018-11-07 21:15 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
    2018-11-07 21:15 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
    2018-11-07 21:15 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\system32\winrm
    2018-11-07 21:15 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\system32\WCN
    2018-11-07 21:15 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\system32\slmgr
    2018-11-07 21:15 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
    2018-11-07 21:12 - 2018-10-02 15:13 - 000835152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2018-11-07 21:12 - 2018-10-02 15:13 - 000179792 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2018-11-07 21:10 - 2018-11-07 21:29 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2018-11-07 21:10 - 2018-11-07 21:07 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
    2018-11-07 21:10 - 2018-11-07 21:07 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
    2018-11-07 21:10 - 2018-11-07 21:07 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
    2018-11-07 21:10 - 2018-11-07 21:07 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
    2018-11-07 21:09 - 2018-11-10 14:40 - 000000000 ____D C:\WINDOWS\AppReadiness
    2018-11-07 21:09 - 2018-11-10 14:39 - 000000000 ___HD C:\Program Files\WindowsApps
    2018-11-07 21:09 - 2018-11-10 14:39 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2018-11-07 21:09 - 2018-11-08 22:27 - 000000000 ___RD C:\Program Files (x86)
    2018-11-07 21:09 - 2018-11-08 20:44 - 000000000 ____D C:\WINDOWS\appcompat
    2018-11-07 21:09 - 2018-11-07 21:29 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2018-11-07 21:09 - 2018-11-07 21:25 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
    2018-11-07 21:09 - 2018-11-07 21:20 - 000000000 ___SD C:\WINDOWS\system32\UNP
    2018-11-07 21:09 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\TextInput
    2018-11-07 21:09 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
    2018-11-07 21:09 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2018-11-07 21:09 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ta-in
    2018-11-07 21:09 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\si-lk
    2018-11-07 21:09 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
    2018-11-07 21:09 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\setup
    2018-11-07 21:09 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\appraiser
    2018-11-07 21:09 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\system32\am-et
    2018-11-07 21:09 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\ShellExperiences
    2018-11-07 21:09 - 2018-11-07 21:20 - 000000000 ____D C:\WINDOWS\Provisioning
    2018-11-07 21:09 - 2018-11-07 21:19 - 000000000 ____D C:\WINDOWS\bcastdvr
    2018-11-07 21:09 - 2018-11-07 21:19 - 000000000 ____D C:\Program Files\Windows Defender
    2018-11-07 21:09 - 2018-11-07 21:19 - 000000000 ____D C:\Program Files (x86)\Windows Defender
    2018-11-07 21:09 - 2018-11-07 21:15 - 000000000 ____D C:\WINDOWS\SysWOW64\com
    2018-11-07 21:09 - 2018-11-07 21:15 - 000000000 ____D C:\WINDOWS\system32\Sysprep
    2018-11-07 21:09 - 2018-11-07 21:15 - 000000000 ____D C:\WINDOWS\system32\migwiz
    2018-11-07 21:09 - 2018-11-07 21:15 - 000000000 ____D C:\WINDOWS\system32\com
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ___SD C:\WINDOWS\system32\Nui
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\system32\ta-lk
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\system32\my-mm
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\system32\icsxml
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\system32\ias
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\system32\downlevel
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\system32\DDFs
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\system32\Bthprops
    2018-11-07 21:09 - 2018-11-07 21:10 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 __SHD C:\Program Files\Windows Sidebar
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 __RSD C:\WINDOWS\media
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ___SD C:\WINDOWS\system32\Configuration
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\Web
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\WaaS
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\Vss
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\tracing
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\TAPI
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SystemResources
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SystemApps
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\winevt
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\ras
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\PointOfService
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\NDF
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\Macromed
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\Ipmi
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\InputMethod
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\inetsrv
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\IME
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\hydrogen
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\GroupPolicy
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\DriverState
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\config\TxR
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\config\Journal
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\AppLocker
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\System
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SKB
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\ShellComponents
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\ServiceState
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\security
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\schemas
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\SchCache
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\Resources
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\rescache
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\PLA
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\Performance
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\ModemLogs
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\LiveKernelReports
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\L2Schemas
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\InputMethod
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\IdentityCRL
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\Globalization
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\Cursors
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\Branding
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\addins
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\Program Files\Windows Security
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\Program Files\Windows Portable Devices
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\Program Files\windows nt
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\Program Files\Common Files\Services
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\Program Files (x86)\windows nt
    2018-11-07 21:09 - 2018-11-07 21:09 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2018-11-07 21:09 - 2018-11-07 21:07 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
    2018-11-07 21:09 - 2018-11-07 21:07 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
    2018-11-07 21:09 - 2018-11-07 21:07 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2018-11-07 21:09 - 2018-11-07 21:07 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
    2018-11-07 21:09 - 2018-11-07 21:07 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
    2018-11-07 21:09 - 2018-11-07 19:07 - 000000000 ____D C:\WINDOWS\Registration
    2018-11-07 21:09 - 2018-11-07 19:01 - 000000000 __RHD C:\Users\Public\Libraries
    2018-11-07 21:09 - 2018-11-07 19:00 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ___SD C:\WINDOWS\system32\F12
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ___SD C:\WINDOWS\system32\dsc
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\system32\spool
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\system32\oobe
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\system32\MUI
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\system32\Dism
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\IME
    2018-11-07 21:09 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\Help
    2018-11-07 21:09 - 2018-11-07 18:51 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2018-11-07 21:09 - 2018-11-07 18:49 - 000000000 ____D C:\Program Files\Windows Photo Viewer
    2018-11-07 21:09 - 2018-11-07 18:48 - 000000000 ____D C:\Program Files\Common Files\system
    2018-11-07 21:09 - 2018-11-07 18:48 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
    2018-11-07 21:09 - 2018-11-07 18:41 - 000000000 ___RD C:\WINDOWS\PrintDialog
    2018-11-07 21:09 - 2018-11-07 18:41 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2018-11-07 21:09 - 2018-11-07 18:36 - 000000000 ____D C:\ProgramData\USOPrivate
    2018-11-07 21:08 - 2018-11-10 14:41 - 000000000 ____D C:\WINDOWS\INF
    2018-11-07 21:05 - 2018-11-07 21:05 - 000001981 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Premier.lnk
    2018-11-07 21:05 - 2018-11-07 21:05 - 000001969 _____ C:\Users\Public\Desktop\Avast Premier.lnk
    2018-11-07 21:03 - 2018-11-07 21:03 - 000483384 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
    2018-11-07 21:03 - 2018-11-07 19:17 - 000378584 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2018-11-07 21:00 - 2018-11-07 19:29 - 000000000 ____D C:\WINDOWS\CbsTemp
    2018-11-07 20:50 - 2018-11-09 15:21 - 098304000 _____ C:\WINDOWS\system32\config\SOFTWARE
    2018-11-07 20:50 - 2018-11-09 15:21 - 024903680 _____ C:\WINDOWS\system32\config\SYSTEM
    2018-11-07 20:50 - 2018-11-09 15:21 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT
    2018-11-07 20:50 - 2018-11-09 15:21 - 000524288 _____ C:\WINDOWS\system32\config\BBI
    2018-11-07 20:50 - 2018-11-09 15:21 - 000065536 _____ C:\WINDOWS\system32\config\SAM
    2018-11-07 20:50 - 2018-11-09 15:21 - 000057344 _____ C:\WINDOWS\system32\config\SECURITY
    2018-11-07 20:50 - 2018-11-07 21:25 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
    2018-11-07 20:50 - 2018-11-07 21:15 - 000000000 ____D C:\WINDOWS\servicing
    2018-11-07 20:50 - 2018-11-07 21:09 - 000000000 ____D C:\WINDOWS\system32\SMI
    2018-11-07 19:27 - 2018-11-10 14:39 - 000000000 ____D C:\ProgramData\Packages
    2018-11-07 19:25 - 2018-11-07 19:32 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\Mozilla
    2018-11-07 19:25 - 2018-11-07 19:25 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
    2018-11-07 19:25 - 2018-11-07 19:25 - 000000995 _____ C:\Users\Public\Desktop\Firefox.lnk
    2018-11-07 19:25 - 2018-11-07 19:25 - 000000000 ____D C:\Users\Dwazzatech\AppData\Roaming\Mozilla
    2018-11-07 19:25 - 2018-11-07 19:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
    2018-11-07 19:25 - 2018-11-07 19:25 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2018-11-07 19:22 - 2018-11-07 19:24 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\Comms
    2018-11-07 19:19 - 2018-11-07 21:43 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\AVAST Software
    2018-11-07 19:19 - 2018-11-07 21:04 - 000000000 ____D C:\Program Files (x86)\Google
    2018-11-07 19:19 - 2018-11-07 19:19 - 000000000 ____D C:\Users\Dwazzatech\AppData\Roaming\AVAST Software
    2018-11-07 19:19 - 2018-11-07 19:19 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\CEF
    2018-11-07 19:18 - 2018-11-10 09:55 - 000002860 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3118672849-2424225153-3529149991-1001
    2018-11-07 19:18 - 2018-11-10 09:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
    2018-11-07 19:18 - 2018-11-10 01:09 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
    2018-11-07 19:18 - 2018-11-07 19:17 - 001028840 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000467904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000381144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000346760 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000230512 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000208640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000201928 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000201408 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000163376 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000111968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000088112 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000059664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000047064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000042456 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
    2018-11-07 19:18 - 2018-11-07 19:17 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
    2018-11-07 19:17 - 2018-11-07 19:17 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
    2018-11-07 19:16 - 2018-11-10 09:55 - 000003042 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
    2018-11-07 19:16 - 2018-11-07 22:24 - 000000000 ____D C:\ProgramData\AVAST Software
    2018-11-07 19:16 - 2018-11-07 19:16 - 000000000 ____D C:\Program Files\AVAST Software
    2018-11-07 19:16 - 2018-11-07 19:16 - 000000000 ____D C:\Program Files (x86)\Dell Update
    2018-11-07 19:14 - 2018-11-07 19:14 - 000000000 ____D C:\Users\Dwazzatech\AppData\Roaming\Macromedia
    2018-11-07 19:13 - 2018-11-07 19:49 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\PlaceholderTileLogoFolder
    2018-11-07 19:13 - 2018-11-07 19:13 - 000000000 ____D C:\Users\Dwazzatech\AppData\Roaming\Intel Corporation
    2018-11-07 19:12 - 2018-11-07 19:13 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\MicrosoftEdge
    2018-11-07 19:12 - 2018-11-07 19:12 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\NVIDIA
    2018-11-07 19:10 - 2018-11-07 19:49 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\Publishers
    2018-11-07 19:10 - 2018-11-07 19:21 - 000000000 ____D C:\Users\Dwazzatech\AppData\Roaming\DropboxOEM
    2018-11-07 19:10 - 2018-11-07 19:10 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\DropboxOEM
    2018-11-07 19:09 - 2018-11-10 14:39 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\Packages
    2018-11-07 19:09 - 2018-11-07 21:13 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\ConnectedDevicesPlatform
    2018-11-07 19:09 - 2018-11-07 19:10 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\Intel
    2018-11-07 19:09 - 2018-11-07 19:09 - 000000020 ___SH C:\Users\Dwazzatech\ntuser.ini
    2018-11-07 19:09 - 2018-11-07 19:09 - 000000000 ____D C:\Users\Dwazzatech\AppData\Roaming\Intel
    2018-11-07 19:09 - 2018-11-07 19:09 - 000000000 ____D C:\Users\Dwazzatech\AppData\Roaming\Adobe
    2018-11-07 19:09 - 2018-11-07 19:09 - 000000000 ____D C:\Users\Dwazzatech\AppData\Local\VirtualStore
    2018-11-07 19:05 - 2018-11-07 19:05 - 000000000 _SHDL C:\Users\Default User
    2018-11-07 19:05 - 2018-11-07 19:05 - 000000000 _SHDL C:\Users\All Users
    2018-11-07 19:04 - 2018-11-10 09:55 - 000003448 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
    2018-11-07 19:04 - 2018-11-10 09:55 - 000003224 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
    2018-11-07 19:04 - 2018-11-10 09:55 - 000003040 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec
    2018-11-07 19:04 - 2018-11-10 09:55 - 000002674 _____ C:\WINDOWS\System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon
    2018-11-07 19:04 - 2018-11-10 09:55 - 000002462 _____ C:\WINDOWS\System32\Tasks\WRUStartup
    2018-11-07 19:04 - 2018-11-10 09:55 - 000002444 _____ C:\WINDOWS\System32\Tasks\WRU
    2018-11-07 19:04 - 2018-11-10 09:55 - 000002304 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
    2018-11-07 19:04 - 2018-11-10 09:55 - 000002262 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
    2018-11-07 19:04 - 2018-11-09 15:21 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2018-11-07 19:04 - 2018-11-07 21:24 - 000000000 ____D C:\WINDOWS\System32\Tasks\McAfee
    2018-11-07 19:04 - 2018-11-07 19:04 - 000000000 ____D C:\WINDOWS\System32\Tasks\Intel
    2018-11-07 19:04 - 2018-11-07 19:04 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
    2018-11-07 19:03 - 2018-11-07 19:03 - 000013674 _____ C:\Users\Dwazzatech\Desktop\Removed Apps.html
    2018-11-07 19:03 - 2018-11-07 19:03 - 000013670 _____ C:\Users\Visitor\Desktop\Removed Apps.html
    2018-11-07 19:01 - 2018-11-07 19:01 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
    2018-11-07 18:55 - 2018-11-07 19:09 - 000000000 ____D C:\Users\Dwazzatech
    2018-11-07 18:55 - 2018-11-07 19:03 - 000000000 ____D C:\Users\Visitor
    2018-11-07 18:54 - 2018-11-07 18:54 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2018-11-07 18:47 - 2018-11-07 18:47 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2018-11-07 18:38 - 2018-11-09 15:22 - 000000000 ____D C:\ProgramData\NVIDIA
    2018-11-07 18:38 - 2018-11-07 18:51 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2018-11-07 18:38 - 2018-11-07 18:49 - 000000000 ____D C:\Program Files\NVIDIA Corporation
    2018-11-07 18:38 - 2018-11-07 18:38 - 000000000 ____D C:\WINDOWS\system32\Drivers\NVIDIA Corporation
    2018-11-07 18:38 - 2018-03-16 03:44 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
    2018-11-07 18:38 - 2018-03-16 02:36 - 008099202 _____ C:\WINDOWS\system32\nvcoproc.bin
    2018-11-07 18:38 - 2018-03-16 02:36 - 005952992 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2018-11-07 18:38 - 2018-03-16 02:36 - 002595776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2018-11-07 18:38 - 2018-03-16 02:36 - 001768008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2018-11-07 18:38 - 2018-03-16 02:36 - 000633792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2018-11-07 18:38 - 2018-03-16 02:36 - 000451144 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2018-11-07 18:38 - 2018-03-16 02:36 - 000124032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2018-11-07 18:38 - 2018-03-16 02:36 - 000083424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2018-11-07 18:38 - 2017-12-08 17:25 - 000798520 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
    2018-11-07 18:38 - 2017-12-08 17:25 - 000490808 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
    2018-11-07 18:38 - 2017-12-08 17:24 - 000591672 _____ C:\WINDOWS\system32\vulkaninfo.exe
    2018-11-07 18:37 - 2018-11-07 19:16 - 000000000 ____D C:\ProgramData\Intel
    2018-11-07 18:37 - 2018-11-07 18:49 - 000000000 ____D C:\Program Files\Intel
    2018-11-07 18:37 - 2018-11-07 18:37 - 000000000 ____D C:\Program Files (x86)\VulkanRT
    2018-11-07 18:37 - 2018-11-07 18:37 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
    2018-11-07 18:37 - 2018-03-22 04:21 - 000144832 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
    2018-11-07 18:37 - 2018-03-22 04:21 - 000119744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
    2018-11-07 18:37 - 2017-12-08 17:24 - 000928568 _____ C:\WINDOWS\system32\vulkan-1.dll
    2018-11-07 18:36 - 2018-11-07 18:52 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2018-11-07 18:36 - 2018-11-07 18:49 - 000000000 ____D C:\Program Files (x86)\Intel
    2018-11-07 18:36 - 2018-11-07 18:39 - 000000000 ____D C:\Program Files\Realtek
    2018-11-07 18:36 - 2018-11-07 18:36 - 000110423 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
    2018-11-07 18:36 - 2018-11-07 18:36 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_esif_umdf2_02_00_00.Wdf
    2018-11-07 18:36 - 2018-11-07 18:36 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_esif_lf_01011.Wdf
    2018-11-07 18:36 - 2018-11-07 18:36 - 000000000 ____D C:\ProgramData\USOShared
    2018-11-07 18:35 - 2018-04-11 18:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2018-11-07 18:31 - 2018-11-10 13:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
    2018-11-07 18:31 - 2018-11-07 18:57 - 000399584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2018-11-07 17:47 - 2018-11-07 21:30 - 000000000 ___HD C:\$SysReset
    2018-11-07 16:56 - 2018-11-07 16:56 - 000000124 ___RH C:\Users\Dwazzatech\Downloads\Stinger.opt
    2018-11-07 16:26 - 2018-11-07 16:28 - 000000000 ____D C:\Users\Dwazzatech\Downloads\backups
    2018-11-07 16:13 - 2018-11-07 16:17 - 000000826 _____ C:\Users\Dwazzatech\Downloads\Stinger_07112018_161335.html
    2018-11-07 16:13 - 2018-11-07 16:13 - 017642304 _____ (McAfee LLC) C:\Users\Dwazzatech\Downloads\stinger32.exe
    2018-11-07 15:49 - 2018-11-07 15:49 - 000388608 _____ (Trend Micro Inc.) C:\Users\Dwazzatech\Downloads\HijackThis.exe
    2018-11-07 15:31 - 2018-11-07 22:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2018-11-07 15:29 - 2018-11-07 15:30 - 079073704 _____ (Malwarebytes ) C:\Users\Dwazzatech\Downloads\mb3-setup-consumer-3.6.1.2711-1.0.482-1.0.7717.exe
    2018-10-24 23:10 - 2018-10-24 23:10 - 000675984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140.dll
    2018-10-24 23:10 - 2018-10-24 23:10 - 000457512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140.dll
    2018-10-24 23:10 - 2018-10-24 23:10 - 000386712 _____ (Microsoft Corporation) C:\WINDOWS\system32\vccorlib140.dll
    2018-10-24 23:10 - 2018-10-24 23:10 - 000343192 _____ (Microsoft Corporation) C:\WINDOWS\system32\concrt140.dll
    2018-10-24 23:10 - 2018-10-24 23:10 - 000274072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vccorlib140.dll
    2018-10-24 23:10 - 2018-10-24 23:10 - 000248624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\concrt140.dll
    2018-10-24 23:10 - 2018-10-24 23:10 - 000089248 _____ (Microsoft Corporation) C:\WINDOWS\system32\vcruntime140.dll
    2018-10-24 23:10 - 2018-10-24 23:10 - 000087352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vcruntime140.dll
    2018-10-24 23:10 - 2018-10-24 23:10 - 000031896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp140_1.dll
    2018-10-24 23:10 - 2018-10-24 23:10 - 000028472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp140_1.dll
    2018-10-23 19:21 - 2018-10-23 19:21 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2018-10-20 16:34 - 2018-10-20 16:34 - 000036400 _____ (Dell Inc.) C:\WINDOWS\system32\Drivers\dddriver64Dcsa.sys


    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2018-11-10 14:40 - 2016-04-25 15:53 - 000000000 ____D C:\ProgramData\PCDr
    2018-11-10 14:38 - 2016-04-25 15:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2018-11-10 14:38 - 2016-04-25 15:52 - 000000000 ____D C:\Program Files\Dell
    2018-11-10 14:12 - 2016-11-16 18:34 - 000000000 ____D C:\Users\Dwazzatech\AppData\LocalLow\Mozilla
    2018-11-10 09:55 - 2016-04-25 16:07 - 000000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
    2018-11-10 09:55 - 2016-04-25 16:07 - 000000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
    2018-11-09 15:30 - 2016-04-25 15:58 - 000840376 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2018-11-09 15:23 - 2016-11-01 18:14 - 000000000 __SHD C:\Users\Dwazzatech\IntelGraphicsProfiles
    2018-11-08 22:52 - 2016-04-25 16:23 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
    2018-11-08 22:51 - 2016-04-25 16:19 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
    2018-11-08 22:40 - 2016-04-25 15:56 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2018-11-08 22:33 - 2016-04-25 15:39 - 000000000 ____D C:\ProgramData\Dell
    2018-11-08 20:47 - 2016-11-01 18:19 - 000000000 ___RD C:\Users\Dwazzatech\OneDrive
    2018-11-08 20:47 - 2016-11-01 18:12 - 000002138 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB.lnk
    2018-11-08 20:47 - 2016-04-25 16:07 - 000000000 ____D C:\Program Files (x86)\Dropbox
    2018-11-07 23:59 - 2016-04-25 16:08 - 000000000 ____D C:\ProgramData\McAfee
    2018-11-07 21:29 - 2017-10-29 17:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mp3tag
    2018-11-07 21:29 - 2017-02-21 19:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2018-11-07 21:28 - 2018-01-07 12:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firaxis Games
    2018-11-07 19:11 - 2018-06-09 02:29 - 000001417 _____ C:\Users\Dwazzatech\Desktop\Microsoft Edge.lnk
    2018-11-07 19:09 - 2016-11-26 02:19 - 000000000 ___RD C:\Users\Dwazzatech\3D Objects
    2018-11-07 19:09 - 2016-04-25 16:12 - 000000000 __RHD C:\Users\Public\AccountPictures
    2018-11-07 19:05 - 2016-04-25 15:23 - 000000000 ____D C:\WINDOWS\Panther
    2018-11-07 19:03 - 2018-01-07 12:19 - 000000000 ____D C:\Users\Dwazzatech\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games
    2018-11-07 19:01 - 2015-10-30 02:24 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
    2018-11-07 18:52 - 2016-04-25 16:00 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
    2018-11-07 18:52 - 2016-04-25 15:57 - 000000000 ____D C:\WINDOWS\system32\RTCOM
    2018-11-07 18:52 - 2016-04-25 15:55 - 000000000 ____D C:\ProgramData\Package Cache
    2018-11-07 18:52 - 2016-04-25 15:54 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
    2018-11-07 18:52 - 2015-11-05 17:18 - 000000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
    2018-11-07 18:52 - 2015-10-30 02:24 - 000000000 ___RD C:\WINDOWS\PurchaseDialog
    2018-11-07 18:52 - 2015-10-30 02:24 - 000000000 ___RD C:\WINDOWS\DesktopTileResources
    2018-11-07 18:51 - 2017-05-13 23:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2018-11-07 18:51 - 2017-04-09 19:18 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2018-11-07 18:51 - 2016-04-25 16:31 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
    2018-11-07 18:51 - 2016-04-25 16:07 - 000000000 ____D C:\ProgramData\Dropbox
    2018-11-07 18:51 - 2016-04-25 16:06 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
    2018-11-07 18:51 - 2016-04-25 16:04 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
    2018-11-07 18:51 - 2016-04-25 16:04 - 000000000 ____D C:\ProgramData\Intel Corporation
    2018-11-07 18:51 - 2016-04-25 16:00 - 000000000 ____D C:\ProgramData\Intel.sav
    2018-11-07 18:51 - 2016-04-25 15:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
    2018-11-07 18:51 - 2016-04-25 15:56 - 000000000 ____D C:\Program Files (x86)\Realtek
    2018-11-07 18:49 - 2016-04-25 16:19 - 000000000 ____D C:\Program Files\Microsoft Office 15
    2018-11-07 18:49 - 2016-04-25 16:07 - 000000000 ____D C:\Program Files (x86)\Dell Digital Delivery
    2018-11-07 18:49 - 2016-04-25 16:05 - 000000000 ____D C:\Program Files (x86)\Intel Corporation
    2018-11-07 18:49 - 2016-04-25 16:04 - 000000000 ____D C:\Program Files\Intel Corporation
    2018-11-07 18:49 - 2016-04-25 16:00 - 000000000 ____D C:\Program Files (x86)\Cisco
    2018-11-07 18:49 - 2016-04-25 15:57 - 000000000 ____D C:\Program Files\Waves
    2018-11-07 18:49 - 2015-10-30 04:05 - 000000000 ____D C:\Program Files\Windows Journal
    2018-11-07 18:48 - 2016-04-25 16:36 - 000000000 ____D C:\backup
    2018-11-07 18:48 - 2016-04-25 16:00 - 000000000 ____D C:\Program Files\Common Files\Intel
    2018-11-07 18:48 - 2015-11-05 17:26 - 000000000 ____D C:\langpacks
    2018-11-07 18:38 - 2016-04-25 15:53 - 000000000 ____D C:\Intel

    Some files in TEMP:
    ====================
    2015-10-27 17:07 - 2015-10-27 17:07 - 000120336 _____ (McAfee, Inc.) C:\Users\Dwazzatech\AppData\Local\Temp\McCSPInstall.dll
    2018-11-07 21:24 - 2015-10-27 17:07 - 000123368 _____ (McAfee Inc.) C:\Users\Dwazzatech\AppData\Local\Temp\mccspuninstall.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2018-11-07 18:31

    ==================== End of FRST.txt ============================
     

     



    #4 nasdaq

    nasdaq

    • Malware Response Team
    • 40,464 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:04:44 PM

    Posted 11 November 2018 - 08:22 AM

    Hi,
     
    Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
    Type Notepad and and click the OK key.
     
    Please copy the entire contents of the code box below to a new file.
     
     
    Start
     
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
     
    HKLM\...\RunOnce: [PC-Doctor for Windows REBOOT] => [X]
    FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi => not found
    U1 aswbdisk; no ImagePath
    S3 mfesapsn; \??\C:\Program Files\McAfee\WebAdvisor\mfesapsn.sys [X]
    2018-11-07 15:49 - 2018-11-07 15:49 - 000388608 _____ (Trend Micro Inc.) C:\Users\Dwazzatech\Downloads\HijackThis.exe
     
    cmd: ipconfig /flushdns
    cmd: IPCONFIG /release
    cmd: IPCONFIG /renew
     
    Reboot:
     
    End
    
    Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
    The location is listed in the 3rd line of the Farbar log you have submitted.
     
    Run FRST and click Fix only once and wait.
     
    The tool will create a log (Fixlog.txt) please post it to your reply.
     
    Please let me know what problem persists with this computer.
     
    p.s.
    If the problem persists please post also the Addition.txt log that was created by the Farbar program.


    #5 FortyBelow

    FortyBelow
    • Topic Starter

    • Members
    • 5 posts
    • ONLINE
    •  

    Posted 12 November 2018 - 09:52 AM

    My apologies.. I messed up the file attachment. It should be available now.

     

    The fix above seems to have resolved the US based DNS issue and initially my ISP was the only one listed. Unfortunately, after browsing a couple of pages, it again switched to another DNS server, based locally.

     

    I really don't know enough to say whether this is an issue or not. My ISP is Bell and the new DNS points to a server company called Amanah Tech.

    Attached Files



    #6 nasdaq

    nasdaq

    • Malware Response Team
    • 40,464 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:04:44 PM

    Posted 12 November 2018 - 10:55 AM

    Hi,
     
    The log is clean.
     
    I suspect a FIREFOX SYNCING problem.
    If  you are Syncing it with other Devices remove it.
     
    When all is well you can re-sync your devices.
    <<<>>>
     
    Restart the computer normally.
     
    Let me know if the problem persists.


    #7 FortyBelow

    FortyBelow
    • Topic Starter

    • Members
    • 5 posts
    • ONLINE
    •  

    Posted Today, 10:07 AM

    It seems I have not synced any devices to Firefox.

     

    And am back to a US based DNS.



    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 40,464 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:04:44 PM

    Posted Today, 01:35 PM

    Reset your router. It may be infected.
     
    How to Reset a Router Back to the Factory Default Settings
     
    Then, please reconfigure it back to your preferred setting.. Below is the list of default username and password, should you don't know it ;)
     
    ===
     
    Reset for Linksys, Netgear, D-Link and Belkin Routers
     
    ====
    How to tell if my Wireless is secure.


    #9 FortyBelow

    FortyBelow
    • Topic Starter

    • Members
    • 5 posts
    • ONLINE
    •  

    Posted Today, 04:08 PM

    In my OP it mentions that my mobile phone and tablet return a good DNS (from my ISP) when a lookup is performed on them. Wouldn't an infected router also show unfamiliar DNS server for devices connected to the wifi network?

    I set my laptop to the Google DNS this morning but I still get this DNS on occasion:

    104.254.92.50 (Amanah Tech)

    whatsmydnsserver.com lists the above along with Google's server (74.125.113.145).

    whoismydns.com flips between the two. I can literally hit refresh and one of those two will come up as the owner.

    Once I'm finished work I'll reset the router but I think I did that last week.




    3 user(s) are reading this topic

    1 members, 2 guests, 0 anonymous users


      FortyBelow