Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Sality, Swf.Exploit.Kit, Nimda, etc... mouse keepsmovingoff screen


  • Please log in to reply
19 replies to this topic

#16 Android8888

Android8888

  • Malware Response Team
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:07:42 AM

Posted 06 December 2018 - 10:11 AM

temphemp986,
 
 
Follow the instructions below to download and execute a scan on your system with FRST, and provide the two logs in your next reply.

  • Please download FRST 64-bit and save it to the Desktop.
  • Right-click on FRST64.exe file and select Run as Administrator.
  • Accept the disclaimer by clicking on Yes, and FRST will then do a back-up of your Registry which should take a few seconds.[/background]
  • Make sure the Addition.txt box is checked.
  • Click on the Scan button.
  • On completion, two message box will open, saying that the results were saved to FRST.txt and Addition.txt, then open two Notepad files.
  • Please attach both FRST.txt and Addition.txt in your next reply for my review.

 

Let me see the content in both logs and wait for further instructions.
 
Android8888


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


BC AdBot (Login to Remove)

 


#17 temphemp986

temphemp986
  • Topic Starter

  • Members
  • 16 posts
  • ONLINE
  •  

Posted 06 December 2018 - 11:31 AM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.12.2018 01
Ran by ross (administrator) on BB-8 (06-12-2018 08:21:06)
Running from C:\Users\ross\Desktop
Loaded Profiles: ross (Available Profiles: ross)
Platform: Windows 10 Home Version 1803 17134.407 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a725d1c5e2a76f9f\igfxCUIService.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository̨933.inf_amd64_5542df152d4a721c\B328563\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a725d1c5e2a76f9f\IntelCpHDCPSvc.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\FBCF\FBControlSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel Corporation) C:\Windows\System32\jhi_service.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Samsung Pen Service\SamsungPenService.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\SamsungSecurityLauncher.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\sService\sServiceAgentLauncherSvc.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
(Samsung Electronics Co., Ltd.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a725d1c5e2a76f9f\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\rempl\sedsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AMD) C:\Windows\System32\DriverStore\FileRepository̨933.inf_amd64_5542df152d4a721c\B328563\atieclxx.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a725d1c5e2a76f9f\igfxEM.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\sService\sServiceKeyMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsCmdServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\SamsungSecurityCmdServer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\SamsungSecurityEventHandler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsEventHandler.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a725d1c5e2a76f9f\igfxext.exe
(Samsung) C:\Program Files (x86)\Samsung\Settings\CmdServer\WlanAniControl64_intel.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Evan Wondrasek) C:\Users\ross\AppData\Local\Apps\2.0\DYBG7GHO.432\4Y1BJR6P.42L\brea..tion_e7369cda7d90144f_0001.0002_65757ec795878852\BreakTaker.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\ColorEngine\ColorEngine.exe
(alch) C:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a725d1c5e2a76f9f\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Show Window\Show Window.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\EP64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\SamsungPCCleaner\SamsungPCCleanerService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-11] (Microsoft Corporation)
HKLM-x32\...\Run: [ClamWin] => C:\Program Files (x86)\ClamWin\bin\ClamTray.exe [86016 2018-03-03] (alch)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Samsung\Settings\CmdServer\WlanAniControl64_intel.exe [4141296 2018-04-05] (Samsung)
HKU\S-1-5-18\...\RunOnce: [Application Restart #1] => C:\Program Files (x86)\Samsung\Settings\CmdServer\WlanAniControl64_intel.exe [4141296 2018-04-05] (Samsung)
HKU\S-1-5-18\...\RunOnce: [Application Restart #2] => C:\Program Files (x86)\Samsung\Settings\CmdServer\WlanAniControl64_intel.exe [4141296 2018-04-05] (Samsung)
Startup: C:\Users\ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BreakTaker.appref-ms [2018-12-03] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 127.0.0.1 cryptomator-vault
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{7dc0d544-3667-401e-80cf-ce8f6271f2a1}: [DhcpNameServer] 192.168.43.1

Internet Explorer:
==================
HKU\S-1-5-21-3667807937-3850922285-4182402911-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung17win10.msn.com/?pc=SMTE
HKU\S-1-5-21-3667807937-3850922285-4182402911-1003\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung17win10.msn.com/?pc=SMTE
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2018-12-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2018-12-04] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2018-12-04] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2018-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2018-12-04] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 6qth0486.default
FF ProfilePath: C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\6qth0486.default [2018-12-06]
FF Extension: (OneTab) - C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\6qth0486.default\Extensions\extension@one-tab.com.xpi [2018-12-03]
FF Extension: (HTTPS Everywhere) - C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\6qth0486.default\Extensions\https-everywhere@eff.org.xpi [2018-12-03]
FF Extension: (Privacy Badger) - C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\6qth0486.default\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2018-12-06]
FF Extension: (Evernote Web Clipper) - C:\Users\ross\AppData\Roaming\Mozilla\Firefox\Profiles\6qth0486.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2018-12-03]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2018-12-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2018-12-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-12-03] (Google Inc.)

Chrome:
=======
CHR Profile: C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default [2018-12-04]
CHR Extension: (Slides) - C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-12-03]
CHR Extension: (Docs) - C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-12-04]
CHR Extension: (Google Drive) - C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2018-12-03]
CHR Extension: (YouTube) - C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2018-12-04]
CHR Extension: (Google Docs Offline) - C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-12-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-12-04]
CHR Extension: (Gmail) - C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2018-12-04]
CHR Extension: (Chrome Media Router) - C:\Users\ross\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository̨933.inf_amd64_5542df152d4a721c\B328563\atiesrxx.exe [489832 2018-05-21] (AMD)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [9646240 2018-11-20] (Microsoft Corporation)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-09] (Intel Corporation)
R2 FBControlSvc; C:\Program Files (x86)\Samsung\FBCF\FBControlSvc.exe [159904 2018-07-24] (Samsung Electronics Co., Ltd.)
R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [541896 2018-05-15] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\WINDOWS\System32\Intel\iCLS Client\lib\SocketHeciServer.exe [765112 2018-04-25] (Intel® Corporation)
S2 Intel® TPM Provisioning Service; C:\WINDOWS\System32\Intel\iCLS Client\lib\TPMProvisioningService.exe [731832 2018-04-25] (Intel® Corporation)
S2 IntelAudioService; C:\WINDOWS\system32\cAVS\Intel® Audio Service\IntelAudioService.exe [205384 2018-01-03] (Intel)
R2 jhi_service; C:\WINDOWS\System32\jhi_service.exe [576560 2018-05-23] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [310880 2018-09-05] ()
R2 Samsung Pen Service; C:\Program Files (x86)\Samsung\Samsung Pen Service\SamsungPenService.exe [37720 2017-04-12] (Samsung Electronics Co., Ltd.)
R2 SamsungSecurity Launcher; C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\SamsungSecurityLauncher.exe [2013424 2018-05-28] (Samsung Electronics Co., Ltd.)
R2 Settings Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe [2009328 2018-04-05] (Samsung Electronics Co., Ltd.)
R2 sService Agent Launcher; C:\Program Files\Samsung\sService\sServiceAgentLauncherSvc.exe [398040 2017-04-18] (Samsung Electronics Co., Ltd.)
S3 sServiceLoopBack; C:\Program Files\Samsung\sService\sServiceLoopBackSvc.exe [46808 2017-04-16] (Samsung Electronics Co., Ltd.)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 ss_conn_service; C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe [752224 2017-01-15] (DEVGURU Co., LTD.)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3302648 2018-08-16] (Samsung Electronics Co., Ltd.)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe [3917016 2018-12-03] (Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe [114208 2018-12-03] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [4059744 2018-09-05] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository̨933.inf_amd64_5542df152d4a721c\B328563\atikmdag.sys [41607528 2018-05-21] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository̨933.inf_amd64_5542df152d4a721c\B328563\atikmpag.sys [555368 2018-05-21] (Advanced Micro Devices, Inc.)
S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131712 2017-01-15] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-09] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69536 2017-11-09] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [382880 2017-11-09] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [33920 2018-05-13] (Intel)
R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-15] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136728 2018-05-15] (Intel Corporation)
R3 IntcDAud; C:\WINDOWS\System32\DriverStore\FileRepository\intcdaud.inf_amd64_ad5691824a5386fe\IntcDAud.sys [630800 2018-10-26] (Intel® Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [155264 2018-05-13] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [89728 2018-05-13] (Intel)
U5 Netwtw04; C:\Windows\System32\Drivers\Netwtw04.sys [7617792 2017-02-25] (Intel Corporation)
R3 Netwtw06; C:\WINDOWS\System32\drivers\Netwtw06.sys [8822392 2018-09-26] (Intel Corporation)
R3 PenS2Helper; C:\WINDOWS\System32\drivers\PenS2Helper.sys [52384 2017-02-15] ()
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [421312 2017-10-18] (Realsil Semiconductor Corporation)
R3 SamsungEventController; C:\WINDOWS\System32\drivers\SamsungEventController.sys [41648 2017-10-23] (Samsung)
R3 Shci; C:\WINDOWS\System32\drivers\Shci.sys [68096 2016-11-07] (Samsung Electronics Co., Ltd.)
R3 Snscr; C:\WINDOWS\System32\drivers\Snscr.sys [52224 2016-10-30] (Samsung Electronics Co., Ltd.)
S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64640 2017-01-15] (QUALCOMM Incorporated)
S3 ss_conn_usb_driver; C:\WINDOWS\System32\Drivers\ss_conn_usb_driver.sys [43648 2017-01-15] (Samsung Electronics Co., Ltd.)
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [41560 2017-10-17] (Intel Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46184 2018-12-03] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [328696 2018-12-03] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60408 2018-12-03] (Microsoft Corporation)
S3 wdvpnpbus; C:\WINDOWS\System32\drivers\wdvpnpbus.sys [20624 2017-11-21] (Western Digital Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-06 08:21 - 2018-12-06 08:21 - 000018620 _____ C:\Users\ross\Desktop\FRST.txt
2018-12-06 08:20 - 2018-12-06 08:21 - 000000000 ____D C:\FRST
2018-12-06 08:16 - 2018-12-06 08:16 - 002417152 _____ (Farbar) C:\Users\ross\Desktop\FRST64.exe
2018-12-04 18:14 - 2018-12-04 18:14 - 000000000 ____D C:\Program Files\Common Files\Intel
2018-12-04 18:01 - 2018-12-04 18:01 - 000002534 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2018-12-04 18:01 - 2018-12-04 18:01 - 000002498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk
2018-12-04 18:01 - 2018-12-04 18:01 - 000002456 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk
2018-12-04 18:01 - 2018-12-04 18:01 - 000002449 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook.lnk
2018-12-04 18:01 - 2018-12-04 18:01 - 000002443 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk
2018-12-04 18:01 - 2018-12-04 18:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2018-12-04 17:38 - 2018-12-04 17:38 - 000003354 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-3667807937-3850922285-4182402911-1003
2018-12-04 16:18 - 2018-12-04 16:18 - 000003036 _____ C:\WINDOWS\System32\Tasks\DPICustomized
2018-12-04 16:18 - 2018-12-04 16:18 - 000000436 _____ C:\WINDOWS\SysWOW64\dpilog.txt
2018-12-04 16:14 - 2018-12-04 16:15 - 000000000 ____D C:\Users\ross\AppData\Local\Intel
2018-12-04 16:14 - 2016-07-11 11:08 - 001834672 _____ (Samsung Electronics Co., Ltd.) C:\ProgramData\GammaLUTPatch.exe
2018-12-03 23:53 - 2018-12-06 07:23 - 000000000 ____D C:\Users\ross\AppData\Local\Deployment
2018-12-03 23:53 - 2018-12-03 23:53 - 000000340 _____ C:\Users\ross\Desktop\BreakTaker.appref-ms
2018-12-03 23:53 - 2018-12-03 23:53 - 000000000 ____D C:\Users\ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BreakTaker
2018-12-03 23:53 - 2018-12-03 23:53 - 000000000 ____D C:\Users\ross\AppData\Local\Apps\2.0
2018-12-03 23:51 - 2018-12-03 23:51 - 000411568 _____ () C:\Users\ross\Downloads\setup.exe
2018-12-03 23:49 - 2018-12-03 23:49 - 000002377 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-03 23:49 - 2018-12-03 23:49 - 000002336 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-03 23:44 - 2018-12-04 11:20 - 000000000 ____D C:\Users\ross\AppData\Local\Google
2018-12-03 23:44 - 2018-12-03 23:49 - 000000000 ____D C:\Program Files (x86)\Google
2018-12-03 23:44 - 2018-12-03 23:44 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-12-03 23:44 - 2018-12-03 23:44 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-12-03 23:43 - 2018-12-03 23:43 - 001130840 _____ (Google Inc.) C:\Users\ross\Downloads\ChromeSetup.exe
2018-12-03 23:21 - 2018-12-03 23:21 - 000000000 ____D C:\Users\ross\AppData\Local\Samsung
2018-12-03 23:19 - 2018-12-03 23:20 - 000000000 ____D C:\Users\ross\AppData\Roaming\Cryptomator
2018-12-03 23:19 - 2018-12-03 23:19 - 000000000 ____D C:\ProgramData\Oracle
2018-12-03 23:14 - 2018-12-03 23:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cryptomator
2018-12-03 23:14 - 2018-12-03 23:14 - 000000000 ____D C:\Program Files\Cryptomator
2018-12-03 22:33 - 2018-12-03 22:33 - 000000000 ____D C:\Users\ross\AppData\Local\DBG
2018-12-03 21:59 - 2018-12-04 23:15 - 000000000 ____D C:\Users\ross\AppData\Roaming\Signal
2018-12-03 21:59 - 2018-12-03 21:59 - 000002398 _____ C:\Users\ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Signal.lnk
2018-12-03 21:59 - 2018-12-03 21:59 - 000002390 _____ C:\Users\ross\Desktop\Signal.lnk
2018-12-03 21:55 - 2018-12-03 22:06 - 036552184 _____ (cryptomator.org ) C:\Users\ross\Downloads\Cryptomator-1.4.0-x64.exe
2018-12-03 21:52 - 2018-12-03 21:58 - 081102856 _____ (Open Whisper Systems) C:\Users\ross\Downloads\signal-desktop-win-1.18.1.exe
2018-12-03 21:22 - 2018-12-06 08:05 - 000000000 ____D C:\Users\ross\AppData\LocalLow\Mozilla
2018-12-03 21:22 - 2018-12-03 21:28 - 000000000 ____D C:\Users\ross\AppData\Local\Mozilla
2018-12-03 21:22 - 2018-12-03 21:22 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-12-03 21:22 - 2018-12-03 21:22 - 000000993 _____ C:\Users\Public\Desktop\Firefox.lnk
2018-12-03 21:22 - 2018-12-03 21:22 - 000000000 ____D C:\Users\ross\AppData\Roaming\Mozilla
2018-12-03 21:22 - 2018-12-03 21:22 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-12-03 21:22 - 2018-12-03 21:22 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-12-03 17:53 - 2018-12-03 17:54 - 000000000 ____D C:\Users\ross\Documents\Font
2018-12-03 17:46 - 2018-12-03 17:46 - 000000000 ____D C:\Program Files\rempl
2018-12-03 17:42 - 2018-12-03 17:46 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-12-03 17:42 - 2018-12-03 17:42 - 137810048 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-12-03 17:42 - 2018-12-03 17:42 - 000000000 ___HD C:\Users\ross\MicrosoftEdgeBackups
2018-12-03 17:41 - 2018-12-03 00:38 - 000592416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2018-12-03 00:38 - 2018-12-03 22:10 - 000000000 ____D C:\Users\ross\AppData\Local\PlaceholderTileLogoFolder
2018-12-02 22:39 - 2018-12-04 16:14 - 000000000 ____D C:\Users\ross\AppData\Local\D3DSCache
2018-12-02 20:42 - 2018-12-02 20:42 - 000000000 ____D C:\Users\ross\Downloads\FRST64
2018-12-02 20:42 - 2018-12-02 20:42 - 000000000 ____D C:\Users\ross\Downloads\Attachments-docs
2018-12-02 20:42 - 2018-11-19 15:55 - 000000764 _____ C:\Users\ross\Downloads\Documents - Shortcut.lnk
2018-12-02 20:42 - 2018-11-07 12:20 - 172661090 _____ (alch ) C:\Users\ross\Downloads\clamwin-0.99.4-setup.exe
2018-12-02 20:42 - 2018-09-25 10:29 - 001013209 _____ C:\Users\ross\Downloads\DirectActionManual-low-res.pdf
2018-12-02 20:42 - 2018-08-27 08:42 - 001082837 _____ C:\Users\ross\Downloads\Attachments-docs.zip
2018-12-02 20:42 - 2018-08-20 10:08 - 070713344 _____ C:\Users\ross\Downloads\calibre-64bit-3.29.0.msi
2018-12-02 20:42 - 2018-08-12 11:36 - 1178858824 _____ (Esri) C:\Users\ross\Downloads\ArcGISPro_22_163783.exe
2018-12-02 20:42 - 2018-08-09 16:07 - 006639840 _____ C:\Users\ross\Downloads\First of UC ANR SD Urban Ag Workshop Series - LEGAL BASICS OF URBAN FARMING - March 23, 2018.zip
2018-12-02 20:42 - 2018-06-27 19:57 - 000482665 _____ C:\Users\ross\Downloads\4-4-18-1.pdf
2018-12-02 20:42 - 2018-06-11 17:56 - 000001327 _____ C:\Users\ross\Downloads\84.120A - Minority Science and Engineering Improvement Program (MSEIP).kml
2018-12-02 20:42 - 2018-03-27 08:49 - 025304609 _____ C:\Users\ross\Downloads\DS-PIELC-2018.pdf
2018-12-02 20:42 - 2018-03-10 22:42 - 000949539 _____ ( ) C:\Users\ross\Downloads\actiondvdplayersetup.exe
2018-12-02 20:42 - 2018-03-05 15:33 - 000071901 _____ C:\Users\ross\Downloads\FEB Advisory Committee Call Report.pdf
2018-12-02 20:42 - 2018-02-21 10:53 - 001129816 _____ (Google Inc.) C:\Users\ross\Downloads\GoogleVoiceAndVideoSetup.exe
2018-12-02 20:41 - 2018-11-14 16:29 - 000371868 _____ C:\Users\ross\Downloads\UNR18-19_ ORIENTATION SCRIPT [WEBINAR].pdf
2018-12-02 20:41 - 2018-11-06 11:54 - 005729425 _____ C:\Users\ross\Downloads\The_Real_Food_Standards_2.1_Package.pdf
2018-12-02 20:41 - 2018-11-06 11:53 - 000261532 _____ C:\Users\ross\Downloads\Real_Food_Guide_2.1.pdf
2018-12-02 20:41 - 2018-10-30 00:41 - 000694128 _____ C:\Users\ross\Downloads\past-read.pdf
2018-12-02 20:41 - 2018-10-22 19:58 - 002798880 _____ C:\Users\ross\Downloads\TSNE_PowerPoint_Presentation.pptx
2018-12-02 20:41 - 2018-09-25 11:12 - 000144986 _____ C:\Users\ross\Downloads\Student+Engagement+Coordinator+Posting.pdf
2018-12-02 20:41 - 2018-09-18 10:10 - 016895064 _____ (Windscribe Limited ) C:\Users\ross\Downloads\Windscribe(3).exe
2018-12-02 20:41 - 2018-08-31 15:04 - 000066825 _____ C:\Users\ross\Downloads\PEP_2017_PEPANNRES.zip
2018-12-02 20:41 - 2018-08-31 11:00 - 004589702 _____ C:\Users\ross\Downloads\LGUs & MSIs MASTERFILE.xlsx
2018-12-02 20:41 - 2018-08-31 09:16 - 004588186 _____ C:\Users\ross\Downloads\LGUs & MSIs MASTERFILE(1).xlsx
2018-12-02 20:41 - 2018-08-22 10:06 - 047224568 _____ (Microsoft Corporation) C:\Users\ross\Downloads\MouseKeyboardCenter_64bit_ENG_10.4.0.exe
2018-12-02 20:41 - 2018-08-10 14:18 - 000065705 _____ C:\Users\ross\Downloads\RFC National Map  to share with FRN.zip
2018-12-02 20:41 - 2018-07-26 11:50 - 000539620 _____ (Windscribe Limited ) C:\Users\ross\Downloads\Windscribe(1).exe.part
2018-12-02 20:41 - 2018-07-14 17:02 - 497096544 _____ C:\Users\ross\Downloads\QGIS-OSGeo4W-3.2.0-1-Setup-x86_64.exe
2018-12-02 20:41 - 2018-06-12 19:12 - 000011269 _____ C:\Users\ross\Downloads\Student Power Attendees.xlsx
2018-12-02 20:41 - 2018-06-02 18:36 - 000294486 _____ C:\Users\ross\Downloads\participant_directory_pw.03.pdf
2018-12-02 20:41 - 2018-05-07 09:38 - 000031879 _____ C:\Users\ross\Downloads\MyStudentData.txt
2018-12-02 20:41 - 2018-05-02 15:05 - 000058670 _____ C:\Users\ross\Downloads\PastedGraphic-3.tiff
2018-12-02 20:41 - 2018-05-02 10:37 - 046213384 _____ (Microsoft Corporation) C:\Users\ross\Downloads\MouseKeyboardCenter_64bit_ENG_3.2.116.exe
2018-12-02 20:41 - 2018-04-30 22:46 - 139611752 _____ (WhatsApp) C:\Users\ross\Downloads\WhatsAppSetup.exe
2018-12-02 20:41 - 2018-04-29 22:37 - 000331593 _____ C:\Users\ross\Downloads\syllabus_paint2_s.2018.pdf
2018-12-02 20:41 - 2018-04-25 20:08 - 003964943 _____ C:\Users\ross\Downloads\issue # 5 colonization and expansion of U.S politics and economic power.pdf
2018-12-02 20:41 - 2018-04-24 18:22 - 009799612 _____ C:\Users\ross\Downloads\Web_Report_Saokio Heritage.pdf
2018-12-02 20:41 - 2018-04-16 00:33 - 000032665 _____ C:\Users\ross\Downloads\Student Organization Roster.xlsx
2018-12-02 20:41 - 2018-04-16 00:33 - 000009907 _____ C:\Users\ross\Downloads\susforgsyncrostersep17.xlsx
2018-12-02 20:41 - 2018-03-11 23:05 - 019953006 _____ C:\Users\ross\Downloads\tv-armeabi-v7a-release-0.1.4.apk
2018-12-02 20:41 - 2018-03-11 18:09 - 038905920 _____ C:\Users\ross\Downloads\vlc-3.0.1-win32.exe
2018-12-02 20:41 - 2018-03-08 11:49 - 000067581 _____ C:\Users\ross\Downloads\TSNE 501©(3) Letter 2013 (2).pdf
2018-12-02 20:41 - 2018-03-05 15:06 - 017952360 _____ C:\Users\ross\Downloads\InstallScreencastOMatic-v2-1.8.exe
2018-12-02 20:41 - 2018-03-04 22:54 - 000048285 _____ C:\Users\ross\Downloads\tyranny.pdf
2018-12-02 20:41 - 2018-03-04 15:35 - 000226330 _____ C:\Users\ross\Downloads\provider_for_google_calendar-3.3-sm+tb.xpi
2018-12-02 20:41 - 2018-03-04 15:05 - 051725936 _____ (Safer-Networking Ltd. ) C:\Users\ross\Downloads\spybotsd-2.6.46.exe
2018-12-02 20:41 - 2018-02-22 11:57 - 083953792 _____ (Wire) C:\Users\ross\Downloads\WireSetup.exe
2018-12-02 20:41 - 2018-02-22 11:46 - 000037852 _____ C:\Users\ross\Downloads\RVCLIN92_Contacts_2.22.18.csv
2018-12-02 20:41 - 2018-02-08 08:14 - 008102064 _____ (Microsoft Corporation) C:\Users\ross\Downloads\ZoomInstaller.exe
2018-12-02 20:41 - 2018-01-31 14:15 - 000000162 ____H C:\Users\ross\Downloads\~$SF leaflet inside Final.pdf
2018-12-02 20:41 - 2018-01-31 14:14 - 000000162 ____H C:\Users\ross\Downloads\~$aflet cover.pdf
2018-12-02 20:33 - 2018-12-02 20:41 - 000000000 ____D C:\Users\ross\Zotero
2018-12-02 20:18 - 2018-12-03 23:30 - 000000000 ____D C:\Users\ross\Documents\Virus
2018-12-02 20:08 - 2018-12-02 20:18 - 000000000 ____D C:\Users\ross\Documents\Adobe
2018-12-02 20:08 - 2018-12-02 20:08 - 000000000 ____D C:\Users\ross\Documents\ArcGIS
2018-12-02 20:07 - 2018-12-02 20:07 - 000000000 ____D C:\Users\ross\Documents\Loan
2018-12-02 20:07 - 2018-12-02 20:07 - 000000000 ____D C:\Users\ross\Documents\Job Applications
2018-12-02 20:07 - 2018-12-02 20:07 - 000000000 ____D C:\Users\ross\Documents\HpReg_Backup
2018-12-02 20:07 - 2018-12-02 20:07 - 000000000 ____D C:\Users\ross\Documents\Housing
2018-12-02 20:07 - 2018-12-02 20:07 - 000000000 ____D C:\Users\ross\Documents\Health
2018-12-02 20:07 - 2018-12-02 20:07 - 000000000 ____D C:\Users\ross\Documents\Financial
2018-12-02 20:07 - 2018-12-02 20:07 - 000000000 ____D C:\Users\ross\Documents\Calibre Library
2018-12-02 20:07 - 2018-12-02 20:07 - 000000000 ____D C:\Users\ross\Documents\ArcGIS Pro 2.2
2018-12-02 20:06 - 2018-12-02 20:07 - 000000000 ____D C:\Users\ross\Documents\Luca
2018-12-02 20:06 - 2018-12-02 20:06 - 000000000 ____D C:\Users\ross\Documents\Resume
2018-12-02 20:06 - 2018-12-02 20:06 - 000000000 ____D C:\Users\ross\Documents\OneNote Notebooks
2018-12-02 20:06 - 2018-12-02 20:06 - 000000000 ____D C:\Users\ross\Documents\Mom
2018-12-02 20:06 - 2018-12-02 20:06 - 000000000 ____D C:\Users\ross\Documents\Microsoft Hardware
2018-12-02 20:02 - 2018-12-02 20:06 - 000000000 ____D C:\Users\ross\Documents\RFC
2018-12-02 20:02 - 2018-12-02 20:02 - 000000000 ____D C:\Users\ross\Documents\Zoom
2018-12-02 20:02 - 2018-12-02 20:02 - 000000000 ____D C:\Users\ross\Documents\UNR
2018-12-02 20:02 - 2018-12-02 20:02 - 000000000 ____D C:\Users\ross\Documents\SUSF
2018-12-02 20:02 - 2018-12-02 20:02 - 000000000 ____D C:\Users\ross\Documents\Screencast-O-Matic
2018-12-02 20:02 - 2018-11-06 15:03 - 000011355 _____ C:\Users\ross\Documents\Chores Check off list.xlsx
2018-12-02 20:02 - 2018-08-08 16:35 - 000517294 _____ C:\Users\ross\Documents\Scan0003.pdf
2018-12-02 20:02 - 2018-05-01 16:41 - 000210751 _____ C:\Users\ross\Documents\InvitationLettertoUSA_GDiazCisneros.pdf
2018-12-02 20:02 - 2018-04-26 18:52 - 000253361 _____ C:\Users\ross\Documents\Scan0002.pdf
2018-12-02 20:02 - 2018-04-22 12:31 - 000298687 _____ C:\Users\ross\Documents\SFMTA_Ticket_4.22.18.pdf
2018-12-02 20:02 - 2018-03-17 08:13 - 003160629 _____ C:\Users\ross\Documents\First Time Home Buyers Education Workshop (6 Hr).zip
2018-12-02 20:02 - 2018-03-07 19:56 - 000689683 _____ C:\Users\ross\Documents\Scan0001.pdf
2018-12-02 20:02 - 2018-03-07 19:54 - 000949183 _____ C:\Users\ross\Documents\Scan.pdf
2018-12-02 19:55 - 2018-12-02 19:55 - 000000000 ____D C:\Users\ross\AppData\Local\keepassx
2018-12-02 19:38 - 2018-12-02 19:38 - 000000000 ____D C:\Users\ross\AppData\Local\Comms
2018-12-02 19:36 - 2018-12-03 17:42 - 000000000 ____D C:\Users\ross\AppData\Local\MicrosoftEdge
2018-12-02 19:35 - 2018-12-04 17:38 - 000000000 ___RD C:\Users\ross\OneDrive
2018-12-02 19:34 - 2018-12-02 19:34 - 000000000 ____D C:\Users\ross\AppData\Roaming\Samsung
2018-12-02 19:34 - 2018-12-02 19:34 - 000000000 ____D C:\Users\ross\AppData\Roaming\.clamwin
2018-12-02 19:33 - 2018-12-06 07:23 - 000000000 __SHD C:\Users\ross\IntelGraphicsProfiles
2018-12-02 19:33 - 2018-12-04 18:14 - 000000000 ____D C:\Users\ross
2018-12-02 19:33 - 2018-12-04 17:38 - 000002364 _____ C:\Users\ross\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-12-02 19:33 - 2018-12-03 22:10 - 000000000 ____D C:\Users\ross\AppData\Local\Publishers
2018-12-02 19:33 - 2018-12-03 22:10 - 000000000 ____D C:\Users\ross\AppData\Local\Packages
2018-12-02 19:33 - 2018-12-03 00:35 - 000000000 ____D C:\Users\ross\AppData\Local\AMD
2018-12-02 19:33 - 2018-12-02 22:28 - 000000000 ____D C:\Users\ross\AppData\Local\ConnectedDevicesPlatform
2018-12-02 19:33 - 2018-12-02 19:33 - 000001417 _____ C:\Users\ross\Desktop\Microsoft Edge.lnk
2018-12-02 19:33 - 2018-12-02 19:33 - 000000020 ___SH C:\Users\ross\ntuser.ini
2018-12-02 19:33 - 2018-12-02 19:33 - 000000000 ___RD C:\Users\ross\3D Objects
2018-12-02 19:33 - 2018-12-02 19:33 - 000000000 ____D C:\Users\ross\AppData\Roaming\Intel
2018-12-02 19:33 - 2018-12-02 19:33 - 000000000 ____D C:\Users\ross\AppData\Roaming\Adobe
2018-12-02 19:33 - 2018-12-02 19:33 - 000000000 ____D C:\Users\ross\AppData\Local\VirtualStore
2018-12-02 19:12 - 2018-12-02 19:12 - 000000000 ____D C:\Users\~rosie~\AppData\Local\DBG
2018-11-30 05:33 - 2018-11-30 05:33 - 000000000 ____D C:\Users\~rosie~\AppData\Local\D3DSCache
2018-11-27 18:40 - 2018-11-27 18:40 - 000001194 _____ C:\Users\Public\Desktop\ClamWin Antivirus.lnk
2018-11-27 18:40 - 2018-11-27 18:40 - 000000000 ____D C:\Users\~rosie~\AppData\Roaming\.clamwin
2018-11-27 18:40 - 2018-11-27 18:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClamWin Antivirus
2018-11-27 18:39 - 2018-11-27 18:39 - 000000000 ____D C:\ProgramData\.clamwin
2018-11-27 18:39 - 2018-11-27 18:39 - 000000000 ____D C:\Program Files (x86)\ClamWin
2018-11-27 17:42 - 2018-11-27 17:42 - 000000000 ___HD C:\Users\~rosie~\MicrosoftEdgeBackups
2018-11-27 17:41 - 2018-11-27 17:41 - 000000000 ____D C:\Users\~rosie~\AppData\Local\keepassx
2018-11-27 17:38 - 2018-11-27 17:38 - 000000000 ____D C:\Users\~rosie~\AppData\Local\Comms
2018-11-27 17:22 - 2018-11-27 17:22 - 000000000 ___RD C:\Users\~rosie~\OneDrive
2018-11-27 17:21 - 2018-12-04 18:14 - 000000000 ____D C:\Users\~rosie~
2018-11-27 17:21 - 2018-12-02 19:35 - 000000000 __SHD C:\Users\~rosie~\IntelGraphicsProfiles
2018-11-27 17:21 - 2018-11-30 05:33 - 000000000 ____D C:\Users\~rosie~\AppData\Local\AMD
2018-11-27 17:21 - 2018-11-27 18:12 - 000000000 ____D C:\Users\~rosie~\AppData\Local\ConnectedDevicesPlatform
2018-11-27 17:21 - 2018-11-27 17:40 - 000000000 ____D C:\Users\~rosie~\AppData\Local\Packages
2018-11-27 17:21 - 2018-11-27 17:37 - 000000000 ____D C:\Users\~rosie~\AppData\Local\Publishers
2018-11-27 17:21 - 2018-11-27 17:22 - 000002373 _____ C:\Users\~rosie~\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-27 17:21 - 2018-11-27 17:21 - 000001417 _____ C:\Users\~rosie~\Desktop\Microsoft Edge.lnk
2018-11-27 17:21 - 2018-11-27 17:21 - 000000020 ___SH C:\Users\~rosie~\ntuser.ini
2018-11-27 17:21 - 2018-11-27 17:21 - 000000000 ___RD C:\Users\~rosie~\3D Objects
2018-11-27 17:21 - 2018-11-27 17:21 - 000000000 ____D C:\Users\~rosie~\AppData\Roaming\Samsung
2018-11-27 17:21 - 2018-11-27 17:21 - 000000000 ____D C:\Users\~rosie~\AppData\Roaming\Intel
2018-11-27 17:21 - 2018-11-27 17:21 - 000000000 ____D C:\Users\~rosie~\AppData\Roaming\Adobe
2018-11-27 17:21 - 2018-11-27 17:21 - 000000000 ____D C:\Users\~rosie~\AppData\Local\VirtualStore
2018-11-27 17:21 - 2018-11-27 17:21 - 000000000 ____D C:\Users\~rosie~\AppData\Local\MicrosoftEdge
2018-11-26 18:33 - 2018-11-26 18:33 - 000000000 ____D C:\Users\ROSIE\AppData\Local\keepassx
2018-11-26 17:18 - 2018-11-26 17:18 - 000000000 ____D C:\WINDOWS\sec
2018-11-26 17:17 - 2018-11-26 17:17 - 000000000 ____D C:\WINDOWS\InfusedApps
2018-11-26 17:17 - 2018-11-26 00:57 - 000000000 ____D C:\WINDOWS\Panther
2018-11-26 17:16 - 2018-11-26 17:17 - 000000000 ____D C:\WINDOWS\system32\cAVS
2018-11-26 17:16 - 2018-11-26 00:52 - 000000000 ____D C:\WINDOWS\system32\Intel
2018-11-26 17:16 - 2018-11-26 00:51 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-11-26 17:15 - 2018-11-26 17:15 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
2018-11-26 17:15 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\Setup
2018-11-26 17:13 - 2018-12-04 11:15 - 000000000 ____D C:\WINDOWS\OCR
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-11-26 17:13 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\WINDOWS\SysWOW64\hi-IN
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\WINDOWS\SysWOW64\gl-ES
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\WINDOWS\SysWOW64\eu-ES
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\WINDOWS\system32\OpenSSH
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\WINDOWS\system32\hi-IN
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\WINDOWS\system32\gl-ES
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\WINDOWS\system32\eu-ES
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\WINDOWS\system32\ca-ES
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\Program Files\MSBuild
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-11-26 17:13 - 2018-11-26 17:13 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-11-26 17:12 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\SysWOW64\winrm
2018-11-26 17:12 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\SysWOW64\WCN
2018-11-26 17:12 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\SysWOW64\slmgr
2018-11-26 17:12 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2018-11-26 17:12 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\system32\winrm
2018-11-26 17:12 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\system32\WCN
2018-11-26 17:12 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\system32\slmgr
2018-11-26 17:12 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2018-11-26 17:12 - 2018-11-26 17:12 - 000000000 ____D C:\WINDOWS\SysWOW64\sysprep
2018-11-26 17:12 - 2018-11-26 17:12 - 000000000 ____D C:\WINDOWS\SysWOW64\0409
2018-11-26 17:12 - 2018-11-26 17:12 - 000000000 ____D C:\WINDOWS\system32\0409
2018-11-26 17:12 - 2018-11-26 17:12 - 000000000 ____D C:\WINDOWS\DigitalLocker
2018-11-26 17:11 - 2018-11-30 20:01 - 000835688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-11-26 17:11 - 2018-11-30 20:01 - 000179808 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2018-11-26 17:10 - 2018-12-06 08:13 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-11-26 17:10 - 2018-12-04 18:05 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-11-26 17:10 - 2018-12-04 10:28 - 000000000 ____D C:\WINDOWS\appcompat
2018-11-26 17:10 - 2018-12-03 23:49 - 000000000 ___RD C:\Program Files (x86)
2018-11-26 17:10 - 2018-12-03 22:01 - 000000000 ___HD C:\Program Files\WindowsApps
2018-11-26 17:10 - 2018-12-03 17:49 - 000000000 ____D C:\Program Files\Windows Defender
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ___SD C:\WINDOWS\system32\dsc
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\SysWOW64\MUI
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\SysWOW64\com
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\system32\Sysprep
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\system32\MUI
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\system32\migwiz
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\system32\com
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\IME
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\Help
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\Program Files\Common Files\system
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-11-26 17:10 - 2018-12-02 21:22 - 000000000 ____D C:\Program Files (x86)\Windows Defender
2018-11-26 17:10 - 2018-11-29 18:12 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-11-26 17:10 - 2018-11-26 17:17 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-11-26 17:10 - 2018-11-26 17:15 - 000000000 ___SD C:\WINDOWS\system32\UNP
2018-11-26 17:10 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\TextInput
2018-11-26 17:10 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-11-26 17:10 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-11-26 17:10 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-11-26 17:10 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2018-11-26 17:10 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\setup
2018-11-26 17:10 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-11-26 17:10 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-11-26 17:10 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-11-26 17:10 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\Provisioning
2018-11-26 17:10 - 2018-11-26 17:15 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 __SHD C:\Program Files\Windows Sidebar
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 __SHD C:\Program Files (x86)\Windows Sidebar
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 __RSD C:\WINDOWS\media
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 __RHD C:\Users\Public\Libraries
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ___SD C:\WINDOWS\SysWOW64\Nui
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ___SD C:\WINDOWS\system32\Nui
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ___SD C:\WINDOWS\system32\Configuration
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ___SD C:\WINDOWS\Downloaded Program Files
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ___RD C:\WINDOWS\Offline Web Pages
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ___HD C:\WINDOWS\LanguageOverlayCache
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\Web
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\WaaS
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\Vss
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\tracing
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\TAPI
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\SMI
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\ras
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\NDF
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Msdtc
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\migwiz
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\IME
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\icsxml
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\downlevel
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SystemResources
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SystemApps
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\winevt
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\ta-lk
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\ras
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\ProximityToast
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\PointOfService
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\my-mm
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\MsDtc
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\Ipmi
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\InputMethod
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\IME
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\icsxml
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\ias
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\hydrogen
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\DriverState
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\Drivers\DriverData
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\downlevel
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\DDFs
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\config\TxR
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\config\systemprofile
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\config\RegBack
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\config\Journal
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\Bthprops
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\System
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SKB
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\ShellComponents
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\ServiceState
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\security
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\schemas
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\SchCache
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\Resources
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\rescache
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\PLA
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\Performance
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\ModemLogs
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\L2Schemas
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\InputMethod
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\IdentityCRL
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\Globalization
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\GameBarPresenceWriter
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\Cursors
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\Branding
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\addins
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\ProgramData\WindowsHolographicDevices
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\ProgramData\USOPrivate
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\Program Files\Windows Security
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\Program Files\Windows Portable Devices
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\Program Files\windows nt
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\Program Files\Windows Multimedia Platform
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\Program Files\Common Files\Services
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\Program Files (x86)\Windows Portable Devices
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\Program Files (x86)\windows nt
2018-11-26 17:10 - 2018-11-26 17:10 - 000000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2018-11-26 17:10 - 2018-11-26 17:09 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2018-11-26 17:10 - 2018-11-26 17:09 - 000215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2018-11-26 17:10 - 2018-11-26 17:09 - 000215943 _____ C:\WINDOWS\system32\dssec.dat
2018-11-26 17:10 - 2018-11-26 17:09 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2018-11-26 17:10 - 2018-11-26 17:09 - 000017346 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2018-11-26 17:10 - 2018-11-26 17:09 - 000003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2018-11-26 17:10 - 2018-11-26 17:09 - 000000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2018-11-26 17:10 - 2018-11-26 17:09 - 000000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2018-11-26 17:10 - 2018-11-26 17:09 - 000000741 _____ C:\WINDOWS\system32\NOISE.DAT
2018-11-26 17:10 - 2018-11-26 00:58 - 000000000 ____D C:\WINDOWS\system32\FxsTmp
2018-11-26 17:10 - 2018-11-26 00:57 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-11-26 17:10 - 2018-11-26 00:57 - 000000000 ____D C:\WINDOWS\Registration
2018-11-26 17:10 - 2018-11-26 00:54 - 000000000 ____D C:\WINDOWS\system32\spool
2018-11-26 17:10 - 2018-11-26 00:54 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-11-26 17:10 - 2018-11-26 00:52 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-11-26 17:09 - 2018-12-04 18:32 - 000000000 ____D C:\WINDOWS\INF
2018-11-26 17:07 - 2018-12-06 08:07 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-11-26 17:06 - 2018-12-04 18:27 - 097517568 _____ C:\WINDOWS\system32\config\SOFTWARE
2018-11-26 17:06 - 2018-12-04 18:27 - 022544384 _____ C:\WINDOWS\system32\config\SYSTEM
2018-11-26 17:06 - 2018-12-04 18:27 - 001310720 _____ C:\WINDOWS\system32\config\BBI
2018-11-26 17:06 - 2018-12-04 18:27 - 000786432 _____ C:\WINDOWS\system32\config\DEFAULT
2018-11-26 17:06 - 2018-12-04 18:27 - 000065536 _____ C:\WINDOWS\system32\config\SECURITY
2018-11-26 17:06 - 2018-12-04 18:27 - 000065536 _____ C:\WINDOWS\system32\config\SAM
2018-11-26 17:06 - 2018-12-03 17:41 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-11-26 17:06 - 2018-12-02 21:22 - 000000000 ____D C:\WINDOWS\servicing
2018-11-26 17:06 - 2018-11-26 17:10 - 000000000 ____D C:\WINDOWS\system32\SMI
2018-11-26 16:59 - 2018-11-26 17:50 - 000000000 ___HD C:\$SysReset
2018-11-26 04:25 - 2018-11-26 04:25 - 000000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2018-11-26 04:24 - 2018-11-26 04:24 - 000000000 ____D C:\ProgramData\Western Digital
2018-11-26 04:10 - 2018-11-26 04:10 - 000000000 ____D C:\Users\ROSIE\AppData\Local\MicrosoftEdge
2018-11-26 03:28 - 2018-11-26 03:28 - 000000000 ____D C:\Users\ROSIE\AppData\Local\DBG
2018-11-26 02:11 - 2018-11-26 02:11 - 000000000 ____D C:\Users\ROSIE\AppData\Local\Comms
2018-11-26 02:10 - 2018-12-03 22:04 - 000000000 ____D C:\ProgramData\Packages
2018-11-26 02:00 - 2018-11-26 02:00 - 000000000 ____D C:\Users\ROSIE\AppData\Local\D3DSCache
2018-11-26 01:56 - 2018-11-26 01:56 - 000000000 ___RD C:\Users\ROSIE\OneDrive
2018-11-26 01:55 - 2018-11-26 02:00 - 000000000 ____D C:\Users\ROSIE\AppData\Local\AMD
2018-11-26 01:55 - 2018-11-26 01:55 - 000001417 _____ C:\Users\ROSIE\Desktop\Microsoft Edge.lnk
2018-11-26 01:55 - 2018-11-26 01:55 - 000000000 ____D C:\Users\ROSIE\AppData\Roaming\Samsung
2018-11-26 01:55 - 2018-11-26 01:55 - 000000000 ____D C:\ProgramData\Microsoft OneDrive
2018-11-26 01:55 - 2018-11-26 01:55 - 000000000 _____ C:\WINDOWS\system32\Drivers\144D_SAMSUNG_na_940X5M_P04A.mrk
2018-11-26 01:54 - 2018-11-26 05:27 - 000000000 ____D C:\Users\ROSIE\AppData\Local\ConnectedDevicesPlatform
2018-11-26 01:54 - 2018-11-26 04:10 - 000000000 __SHD C:\Users\ROSIE\IntelGraphicsProfiles
2018-11-26 01:54 - 2018-11-26 02:11 - 000000000 ____D C:\Users\ROSIE\AppData\Local\Publishers
2018-11-26 01:54 - 2018-11-26 02:11 - 000000000 ____D C:\Users\ROSIE\AppData\Local\Packages
2018-11-26 01:54 - 2018-11-26 01:54 - 000000000 ___RD C:\Users\ROSIE\3D Objects
2018-11-26 01:54 - 2018-11-26 01:54 - 000000000 ____D C:\Users\ROSIE\AppData\Roaming\Intel
2018-11-26 01:54 - 2018-11-26 01:54 - 000000000 ____D C:\Users\ROSIE\AppData\Roaming\Adobe
2018-11-26 01:54 - 2018-11-26 01:54 - 000000000 ____D C:\Users\ROSIE\AppData\Local\VirtualStore
2018-11-26 01:52 - 2018-12-04 18:14 - 000000000 ____D C:\Users\ROSIE
2018-11-26 01:52 - 2018-11-26 01:56 - 000002367 _____ C:\Users\ROSIE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-11-26 01:52 - 2018-11-26 01:52 - 000000020 ___SH C:\Users\ROSIE\ntuser.ini
2018-11-26 01:00 - 2018-12-04 18:32 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-11-26 00:58 - 2018-04-11 15:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-11-26 00:57 - 2018-12-04 18:28 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-11-26 00:57 - 2018-12-04 16:18 - 000003186 _____ C:\WINDOWS\System32\Tasks\ColorEngine
2018-11-26 00:57 - 2018-12-03 17:49 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-11-26 00:57 - 2018-11-26 01:55 - 000000000 ____D C:\WINDOWS\System32\Tasks\Samsung
2018-11-26 00:57 - 2018-11-26 00:57 - 000002770 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2018-11-26 00:57 - 2018-11-26 00:57 - 000002322 _____ C:\WINDOWS\System32\Tasks\SAgent
2018-11-26 00:57 - 2018-11-26 00:57 - 000002302 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2018-11-26 00:57 - 2018-11-26 00:57 - 000002300 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_RUNEP
2018-11-26 00:57 - 2018-11-26 00:57 - 000002300 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_CTPreset
2018-11-26 00:57 - 2018-11-26 00:57 - 000002268 _____ C:\WINDOWS\System32\Tasks\ShowWindow
2018-11-26 00:57 - 2018-11-26 00:57 - 000002146 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-11-26 00:57 - 2018-11-26 00:57 - 000002020 _____ C:\WINDOWS\System32\Tasks\PreferredDPI
2018-11-26 00:57 - 2018-11-26 00:57 - 000000000 _SHDL C:\Users\Default User
2018-11-26 00:57 - 2018-11-26 00:57 - 000000000 _SHDL C:\Users\All Users
2018-11-26 00:57 - 2018-11-26 00:57 - 000000000 _SHDL C:\Documents and Settings
2018-11-26 00:57 - 2018-11-26 00:57 - 000000000 ____D C:\WINDOWS\System32\Tasks\SecTimeSync
2018-11-26 00:56 - 2018-11-26 00:56 - 000022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-11-26 00:55 - 2018-11-26 00:55 - 000001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-11-26 00:53 - 2018-11-26 00:53 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-11-26 00:53 - 2018-11-26 00:53 - 000000000 ____D C:\ProgramData\USOShared
2018-11-26 00:52 - 2018-12-04 18:27 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-11-26 00:52 - 2018-12-04 18:13 - 000000000 ____D C:\Program Files\Intel
2018-11-26 00:52 - 2018-12-04 16:14 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-11-26 00:52 - 2018-11-26 00:53 - 000000000 ____D C:\Program Files\AMD
2018-11-26 00:52 - 2018-11-26 00:53 - 000000000 ____D C:\Intel
2018-11-26 00:52 - 2018-11-26 00:52 - 000000000 ____D C:\WINDOWS\system32\AMD
2018-11-26 00:52 - 2018-11-26 00:52 - 000000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2018-11-26 00:51 - 2018-12-04 23:14 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-11-26 00:51 - 2018-11-26 00:56 - 000234720 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-11-26 00:51 - 2018-11-26 00:51 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-11-26 00:51 - 2018-11-26 00:51 - 000000000 ____D C:\Program Files\Realtek
2018-11-13 16:40 - 2018-11-01 03:46 - 002394960 ____N (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-11-13 16:40 - 2018-11-01 03:45 - 001376672 ____N (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-11-13 16:40 - 2018-11-01 03:29 - 012710400 ____N (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-11-13 16:40 - 2018-11-01 03:28 - 003649024 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-11-13 16:40 - 2018-11-01 03:26 - 001364992 ____N (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-11-13 16:40 - 2018-11-01 03:26 - 000392192 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-11-13 16:40 - 2018-11-01 02:09 - 001027000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-11-13 16:40 - 2018-11-01 01:56 - 011902464 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-11-13 16:40 - 2018-11-01 01:15 - 023861760 ____N (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-11-13 16:40 - 2018-11-01 01:13 - 019525120 ____N (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-11-13 16:40 - 2018-10-31 23:38 - 000269336 ____N (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-11-13 16:40 - 2018-10-31 23:37 - 000272408 ____N (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-11-13 16:40 - 2018-10-31 23:28 - 001221432 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-11-13 16:40 - 2018-10-31 23:28 - 001029944 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-11-13 16:40 - 2018-10-31 23:28 - 000076088 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-11-13 16:40 - 2018-10-31 23:27 - 001017152 ____N (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-11-13 16:40 - 2018-10-31 23:27 - 000491200 ____N (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-11-13 16:40 - 2018-10-31 23:26 - 003291640 ____N (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-11-13 16:40 - 2018-10-31 23:26 - 003180080 ____N (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-11-13 16:40 - 2018-10-31 23:25 - 009089848 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-11-13 16:40 - 2018-10-31 23:25 - 007520088 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-11-13 16:40 - 2018-10-31 23:25 - 004404912 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-11-13 16:40 - 2018-10-31 23:25 - 002822456 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-11-13 16:40 - 2018-10-31 23:25 - 002571320 ____N (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-11-13 16:40 - 2018-10-31 23:25 - 002371296 ____N (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-11-13 16:40 - 2018-10-31 23:25 - 001784680 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-11-13 16:40 - 2018-10-31 23:25 - 001288920 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-11-13 16:40 - 2018-10-31 23:25 - 001209888 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-11-13 16:40 - 2018-10-31 23:25 - 001190248 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-11-13 16:40 - 2018-10-31 23:25 - 000885968 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-11-13 16:40 - 2018-10-31 23:25 - 000793080 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-11-13 16:40 - 2018-10-31 23:25 - 000594224 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-11-13 16:40 - 2018-10-31 23:25 - 000413720 ____N (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-11-13 16:40 - 2018-10-31 23:25 - 000412984 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-11-13 16:40 - 2018-10-31 23:25 - 000375824 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-11-13 16:40 - 2018-10-31 23:25 - 000261000 ____N (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-11-13 16:40 - 2018-10-31 23:09 - 025855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-11-13 16:40 - 2018-10-31 23:03 - 003397120 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-11-13 16:40 - 2018-10-31 23:01 - 022716416 ____N (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-11-13 16:40 - 2018-10-31 23:01 - 009084928 ____N (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-11-13 16:40 - 2018-10-31 23:01 - 007057408 ____N (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-11-13 16:40 - 2018-10-31 23:00 - 008189440 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-11-13 16:40 - 2018-10-31 23:00 - 006031360 ____N (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-11-13 16:40 - 2018-10-31 23:00 - 000433664 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-11-13 16:40 - 2018-10-31 23:00 - 000209408 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-11-13 16:40 - 2018-10-31 22:59 - 000322048 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-11-13 16:40 - 2018-10-31 22:58 - 007573504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-11-13 16:40 - 2018-10-31 22:58 - 004867072 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-11-13 16:40 - 2018-10-31 22:58 - 004383744 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-11-13 16:40 - 2018-10-31 22:58 - 000530432 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2018-11-13 16:40 - 2018-10-31 22:58 - 000273408 ____N (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2018-11-13 16:40 - 2018-10-31 22:58 - 000154112 ____N (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-11-13 16:40 - 2018-10-31 22:57 - 003381248 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-11-13 16:40 - 2018-10-31 22:57 - 002825728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-11-13 16:40 - 2018-10-31 22:57 - 001804288 ____N (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-11-13 16:40 - 2018-10-31 22:57 - 000898560 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-11-13 16:40 - 2018-10-31 22:57 - 000894464 ____N (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-11-13 16:40 - 2018-10-31 22:57 - 000835584 ____N (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-11-13 16:40 - 2018-10-31 22:57 - 000808448 ____N (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-11-13 16:40 - 2018-10-31 22:57 - 000726528 ____N (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-11-13 16:40 - 2018-10-31 22:57 - 000265728 ____N (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-11-13 16:40 - 2018-10-31 22:56 - 002172928 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-11-13 16:40 - 2018-10-31 22:56 - 001768448 ____N (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-11-13 16:40 - 2018-10-31 22:56 - 000506880 ____N (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2018-11-13 16:40 - 2018-10-31 22:55 - 000684544 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-11-13 16:40 - 2018-10-31 22:54 - 001551360 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-11-13 16:40 - 2018-10-31 22:54 - 001264640 ____N (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-11-13 16:40 - 2018-10-31 22:54 - 001225216 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-11-13 16:40 - 2018-10-31 22:54 - 000943616 ____N (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2018-11-13 16:40 - 2018-10-31 22:54 - 000884736 ____N (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-11-13 16:40 - 2018-10-31 22:54 - 000606208 ____N (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-11-13 16:40 - 2018-10-31 22:53 - 002248192 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-11-13 16:40 - 2018-10-31 22:53 - 001373696 ____N (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-11-13 16:40 - 2018-10-31 22:53 - 001159680 ____N (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-11-13 16:40 - 2018-10-31 22:53 - 000889344 ____N (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-11-13 16:40 - 2018-10-31 22:53 - 000542208 ____N (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-11-13 16:40 - 2018-10-31 21:08 - 002417952 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-11-13 16:40 - 2018-10-31 20:50 - 000861712 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-11-13 16:40 - 2018-10-31 20:50 - 000786288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-11-13 16:40 - 2018-10-31 20:48 - 004790184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-11-13 16:40 - 2018-10-31 20:48 - 002478872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-11-13 16:40 - 2018-10-31 20:48 - 002331480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-11-13 16:40 - 2018-10-31 20:48 - 001011872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-11-13 16:40 - 2018-10-31 20:47 - 006570368 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-11-13 16:40 - 2018-10-31 20:47 - 001980776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-11-13 16:40 - 2018-10-31 20:47 - 001379792 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-11-13 16:40 - 2018-10-31 20:47 - 001020064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-11-13 16:40 - 2018-10-31 20:47 - 000567256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-11-13 16:40 - 2018-10-31 20:47 - 000129304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2018-11-13 16:40 - 2018-10-31 20:40 - 022015488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-11-13 16:40 - 2018-10-31 20:35 - 019403776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-11-13 16:40 - 2018-10-31 20:33 - 006661632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-11-13 16:40 - 2018-10-31 20:32 - 006647296 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-11-13 16:40 - 2018-10-31 20:31 - 005307904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-11-13 16:40 - 2018-10-31 20:30 - 005883904 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-11-13 16:40 - 2018-10-31 20:30 - 002449408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-11-13 16:40 - 2018-10-31 20:30 - 000392704 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2018-11-13 16:40 - 2018-10-31 20:29 - 001986560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-11-13 16:40 - 2018-10-31 20:29 - 000608768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-11-13 16:40 - 2018-10-31 20:29 - 000578560 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-11-13 16:40 - 2018-10-31 20:28 - 000978944 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-11-13 16:40 - 2018-10-31 20:27 - 001627648 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-11-13 16:40 - 2018-10-31 20:27 - 000713216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2018-11-13 16:40 - 2018-10-21 04:46 - 013572096 ____N (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-11-13 16:40 - 2018-10-21 04:45 - 000123392 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-11-13 16:40 - 2018-10-21 04:44 - 000085504 ____N (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2018-11-13 16:40 - 2018-10-21 04:43 - 000345600 ____N (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-11-13 16:40 - 2018-10-21 03:28 - 012501504 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-11-13 16:40 - 2018-10-21 03:28 - 000084992 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2018-11-13 16:40 - 2018-10-21 03:22 - 002405888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-11-13 16:40 - 2018-10-20 23:46 - 000709936 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-11-13 16:40 - 2018-10-20 23:46 - 000560136 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2018-11-13 16:40 - 2018-10-20 23:46 - 000171024 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-11-13 16:40 - 2018-10-20 23:45 - 003283512 ____N (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-11-13 16:40 - 2018-10-20 23:45 - 002719032 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-11-13 16:40 - 2018-10-20 23:45 - 000607136 ____N (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-11-13 16:40 - 2018-10-20 23:28 - 016592384 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-11-13 16:40 - 2018-10-20 23:20 - 000050688 ____N (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-11-13 16:40 - 2018-10-20 23:19 - 002487088 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-11-13 16:40 - 2018-10-20 23:19 - 000228864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-11-13 16:40 - 2018-10-20 23:17 - 000787456 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-11-13 16:40 - 2018-10-20 23:17 - 000625152 ____N (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-11-13 16:40 - 2018-10-20 23:17 - 000473600 ____N (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2018-11-13 16:40 - 2018-10-20 23:17 - 000271872 ____N (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2018-11-13 16:40 - 2018-10-20 23:16 - 002584576 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-11-13 16:40 - 2018-10-20 23:16 - 002368512 ____N (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-11-13 16:40 - 2018-10-20 23:16 - 001535488 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-11-13 16:40 - 2018-10-20 23:16 - 000847360 ____N (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-11-13 16:40 - 2018-10-20 23:15 - 002904064 ____N (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-11-13 16:40 - 2018-10-20 23:15 - 000401920 ____N (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-11-13 16:40 - 2018-10-20 23:14 - 002224640 ____N (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-11-13 16:40 - 2018-10-20 23:14 - 001097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-11-13 16:40 - 2018-10-20 23:14 - 001034752 ____N (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-11-13 16:40 - 2018-10-20 23:09 - 013873664 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-11-13 16:40 - 2018-04-27 20:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-11-13 16:39 - 2018-11-01 03:49 - 000348160 ____N (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2018-11-13 16:39 - 2018-11-01 03:45 - 004527776 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-11-13 16:39 - 2018-11-01 03:45 - 001617320 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2018-11-13 16:39 - 2018-11-01 03:32 - 000064000 ____N (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-11-13 16:39 - 2018-11-01 03:31 - 006602240 ____N (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-11-13 16:39 - 2018-11-01 03:30 - 000122368 ____N (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2018-11-13 16:39 - 2018-11-01 03:30 - 000029696 ____N (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2018-11-13 16:39 - 2018-11-01 03:29 - 000073728 ____N (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2018-11-13 16:39 - 2018-11-01 03:28 - 004491264 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-11-13 16:39 - 2018-11-01 03:28 - 000253952 ____N (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2018-11-13 16:39 - 2018-11-01 03:27 - 001121792 ____N (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-11-13 16:39 - 2018-11-01 03:27 - 000878592 ____N (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-11-13 16:39 - 2018-11-01 03:26 - 000503296 ____N (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-11-13 16:39 - 2018-11-01 03:25 - 000577024 ____N (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-11-13 16:39 - 2018-11-01 01:59 - 005669888 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-11-13 16:39 - 2018-11-01 01:56 - 000226304 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2018-11-13 16:39 - 2018-11-01 01:56 - 000024576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msisip.dll
2018-11-13 16:39 - 2018-11-01 01:54 - 003397632 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-11-13 16:39 - 2018-11-01 01:54 - 000344576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-11-13 16:39 - 2018-11-01 01:53 - 000908288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-11-13 16:39 - 2018-11-01 01:52 - 002892800 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-11-13 16:39 - 2018-10-31 23:39 - 001035256 ____N (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-11-13 16:39 - 2018-10-31 23:28 - 001062712 ____N (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-11-13 16:39 - 2018-10-31 23:28 - 000566568 ____N (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-11-13 16:39 - 2018-10-31 23:28 - 000134968 ____N (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-11-13 16:39 - 2018-10-31 23:26 - 007432120 ____N (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-11-13 16:39 - 2018-10-31 23:26 - 001363536 ____N (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-11-13 16:39 - 2018-10-31 23:25 - 001934808 ____N (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-11-13 16:39 - 2018-10-31 23:25 - 001456728 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-11-13 16:39 - 2018-10-31 23:25 - 001257880 ____N (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-11-13 16:39 - 2018-10-31 23:25 - 001140672 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-11-13 16:39 - 2018-10-31 23:25 - 000982592 ____N (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-11-13 16:39 - 2018-10-31 23:25 - 000713472 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-11-13 16:39 - 2018-10-31 23:25 - 000463672 ____N (Microsoft Corporation) C:\WINDOWS\system32\coml2.dll
2018-11-13 16:39 - 2018-10-31 23:25 - 000268088 ____N (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-11-13 16:39 - 2018-10-31 23:03 - 000034816 ____N (Microsoft Corporation) C:\WINDOWS\system32\dusmtask.exe
2018-11-13 16:39 - 2018-10-31 23:02 - 000047104 ____N (Microsoft Corporation) C:\WINDOWS\system32\dusmapi.dll
2018-11-13 16:39 - 2018-10-31 23:02 - 000023552 ____N (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2018-11-13 16:39 - 2018-10-31 23:00 - 003392000 ____N (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-11-13 16:39 - 2018-10-31 22:59 - 000241152 ____N (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-11-13 16:39 - 2018-10-31 22:59 - 000192000 ____N (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2018-11-13 16:39 - 2018-10-31 22:59 - 000176128 ____N (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-11-13 16:39 - 2018-10-31 22:59 - 000107520 ____N (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2018-11-13 16:39 - 2018-10-31 22:58 - 000149504 ____N (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-11-13 16:39 - 2018-10-31 22:57 - 002364928 ____N (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-11-13 16:39 - 2018-10-31 22:57 - 001708544 ____N (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-11-13 16:39 - 2018-10-31 22:57 - 000356352 ____N (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-11-13 16:39 - 2018-10-31 22:57 - 000281600 ____N (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-11-13 16:39 - 2018-10-31 22:56 - 002929664 ____N (Microsoft Corporation) C:\WINDOWS\system32\xpsservices.dll
2018-11-13 16:39 - 2018-10-31 22:56 - 001395200 ____N (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-11-13 16:39 - 2018-10-31 22:55 - 002738688 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2018-11-13 16:39 - 2018-10-31 22:55 - 001058304 ____N (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2018-11-13 16:39 - 2018-10-31 22:54 - 001679360 ____N (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-11-13 16:39 - 2018-10-31 22:54 - 001023488 ____N (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2018-11-13 16:39 - 2018-10-31 22:54 - 000916480 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-11-13 16:39 - 2018-10-31 22:54 - 000895488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2018-11-13 16:39 - 2018-10-31 22:54 - 000796672 ____N (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2018-11-13 16:39 - 2018-10-31 22:53 - 000406528 ____N (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2018-11-13 16:39 - 2018-10-31 21:39 - 000001310 ____N C:\WINDOWS\system32\tcbres.wim
2018-11-13 16:39 - 2018-10-31 20:48 - 006039064 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-11-13 16:39 - 2018-10-31 20:48 - 001805656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-11-13 16:39 - 2018-10-31 20:48 - 000880248 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-11-13 16:39 - 2018-10-31 20:48 - 000384520 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\coml2.dll
2018-11-13 16:39 - 2018-10-31 20:47 - 000581600 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2018-11-13 16:39 - 2018-10-31 20:34 - 002700288 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-11-13 16:39 - 2018-10-31 20:33 - 003711488 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-11-13 16:39 - 2018-10-31 20:31 - 000288768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2018-11-13 16:39 - 2018-10-31 20:30 - 005775872 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-11-13 16:39 - 2018-10-31 20:30 - 001361408 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-11-13 16:39 - 2018-10-31 20:30 - 000561152 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-11-13 16:39 - 2018-10-31 20:30 - 000310272 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-11-13 16:39 - 2018-10-31 20:29 - 002258944 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2018-11-13 16:39 - 2018-10-31 20:29 - 001862656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsservices.dll
2018-11-13 16:39 - 2018-10-31 20:29 - 000848384 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2018-11-13 16:39 - 2018-10-31 20:29 - 000165376 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2018-11-13 16:39 - 2018-10-31 20:28 - 001348096 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-11-13 16:39 - 2018-10-31 20:28 - 001000448 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-11-13 16:39 - 2018-10-31 20:27 - 000856576 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2018-11-13 16:39 - 2018-10-31 20:27 - 000678400 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-11-13 16:39 - 2018-10-31 20:27 - 000534016 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-11-13 16:39 - 2018-10-31 20:26 - 000795648 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2018-11-13 16:39 - 2018-10-31 20:26 - 000735744 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2018-11-13 16:39 - 2018-10-31 20:26 - 000345088 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2018-11-13 16:39 - 2018-10-21 05:00 - 021386368 ____N (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-11-13 16:39 - 2018-10-21 05:00 - 001639560 ____N (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2018-11-13 16:39 - 2018-10-21 05:00 - 001516120 ____N (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2018-11-13 16:39 - 2018-10-21 05:00 - 000790416 ____N (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-11-13 16:39 - 2018-10-21 05:00 - 000396304 ____N (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-11-13 16:39 - 2018-10-21 04:59 - 000766480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-11-13 16:39 - 2018-10-21 04:59 - 000236728 ____N (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2018-11-13 16:39 - 2018-10-21 04:46 - 004393472 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-11-13 16:39 - 2018-10-21 04:44 - 000623104 ____N (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2018-11-13 16:39 - 2018-10-21 04:43 - 000276992 ____N (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2018-11-13 16:39 - 2018-10-21 04:43 - 000182784 ____N (Microsoft Corporation) C:\WINDOWS\system32\LanguageComponentsInstaller.dll
2018-11-13 16:39 - 2018-10-21 04:42 - 001127936 ____N (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2018-11-13 16:39 - 2018-10-21 04:42 - 000765440 ____N (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2018-11-13 16:39 - 2018-10-21 04:42 - 000592896 ____N (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2018-11-13 16:39 - 2018-10-21 04:42 - 000181248 ____N (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2018-11-13 16:39 - 2018-10-21 04:41 - 001180672 ____N (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-11-13 16:39 - 2018-10-21 03:38 - 001322376 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2018-11-13 16:39 - 2018-10-21 03:38 - 000662312 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-11-13 16:39 - 2018-10-21 03:38 - 000660480 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-11-13 16:39 - 2018-10-21 03:38 - 000221216 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll
2018-11-13 16:39 - 2018-10-21 03:37 - 020381808 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-11-13 16:39 - 2018-10-21 03:37 - 001626656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2018-11-13 16:39 - 2018-10-21 03:23 - 000622080 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2018-11-13 16:39 - 2018-10-21 03:23 - 000523264 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2018-11-13 16:39 - 2018-10-21 03:22 - 000224256 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2018-11-13 16:39 - 2018-10-21 01:29 - 001008640 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-11-13 16:39 - 2018-10-21 00:44 - 000868864 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-11-13 16:39 - 2018-10-20 23:48 - 005602456 ____N (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-11-13 16:39 - 2018-10-20 23:47 - 000368440 ____N (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2018-11-13 16:39 - 2018-10-20 23:46 - 000717112 ____N (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2018-11-13 16:39 - 2018-10-20 23:46 - 000611640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-11-13 16:39 - 2018-10-20 23:46 - 000497864 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2018-11-13 16:39 - 2018-10-20 23:45 - 001946208 ____N (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-11-13 16:39 - 2018-10-20 23:45 - 001098064 ____N (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-11-13 16:39 - 2018-10-20 23:45 - 000185120 ____N (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-11-13 16:39 - 2018-10-20 23:45 - 000175624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spacedump.sys
2018-11-13 16:39 - 2018-10-20 23:45 - 000139792 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-11-13 16:39 - 2018-10-20 23:45 - 000058088 ____N (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2018-11-13 16:39 - 2018-10-20 23:22 - 004710912 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-11-13 16:39 - 2018-10-20 23:21 - 001589248 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2018-11-13 16:39 - 2018-10-20 23:21 - 000123424 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-11-13 16:39 - 2018-10-20 23:20 - 000424000 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2018-11-13 16:39 - 2018-10-20 23:20 - 000295224 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2018-11-13 16:39 - 2018-10-20 23:20 - 000161792 ____N (Microsoft Corporation) C:\WINDOWS\system32\spacebridge.dll
2018-11-13 16:39 - 2018-10-20 23:20 - 000141312 ____N C:\WINDOWS\system32\DataStoreCacheDumpTool.exe
2018-11-13 16:39 - 2018-10-20 23:19 - 001620776 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-11-13 16:39 - 2018-10-20 23:19 - 001130768 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-11-13 16:39 - 2018-10-20 23:19 - 000514560 ____N (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2018-11-13 16:39 - 2018-10-20 23:19 - 000505616 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2018-11-13 16:39 - 2018-10-20 23:19 - 000463360 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-11-13 16:39 - 2018-10-20 23:19 - 000409088 ____N (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2018-11-13 16:39 - 2018-10-20 23:19 - 000228352 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2018-11-13 16:39 - 2018-10-20 23:19 - 000137728 ____N (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-11-13 16:39 - 2018-10-20 23:19 - 000112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2018-11-13 16:39 - 2018-10-20 23:19 - 000086528 ____N (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2018-11-13 16:39 - 2018-10-20 23:19 - 000060928 ____N (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcpAppSvc.dll
2018-11-13 16:39 - 2018-10-20 23:19 - 000036352 ____N (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2018-11-13 16:39 - 2018-10-20 23:19 - 000028672 ____N (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2018-11-13 16:39 - 2018-10-20 23:18 - 000761344 ____N (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2018-11-13 16:39 - 2018-10-20 23:18 - 000461824 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Activities.dll
2018-11-13 16:39 - 2018-10-20 23:18 - 000395264 ____N (Microsoft Corporation) C:\WINDOWS\system32\BthAvctpSvc.dll
2018-11-13 16:39 - 2018-10-20 23:18 - 000275456 ____N (Microsoft Corporation) C:\WINDOWS\system32\scecli.dll
2018-11-13 16:39 - 2018-10-20 23:18 - 000274432 ____N (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2018-11-13 16:39 - 2018-10-20 23:18 - 000130048 ____N (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2018-11-13 16:39 - 2018-10-20 23:18 - 000030720 ____N (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2018-11-13 16:39 - 2018-10-20 23:17 - 001826816 ____N (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-11-13 16:39 - 2018-10-20 23:17 - 001668096 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdprt.dll
2018-11-13 16:39 - 2018-10-20 23:17 - 000311296 ____N (Microsoft Corporation) C:\WINDOWS\system32\BthAvrcp.dll
2018-11-13 16:39 - 2018-10-20 23:16 - 000514048 ____N (Microsoft Corporation) C:\WINDOWS\system32\BTAGService.dll
2018-11-13 16:39 - 2018-10-20 23:16 - 000323584 ____N (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2018-11-13 16:39 - 2018-10-20 23:15 - 003212800 ____N (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-11-13 16:39 - 2018-10-20 23:15 - 000743936 ____N (Microsoft Corporation) C:\WINDOWS\system32\PrintRenderAPIHost.DLL
2018-11-13 16:39 - 2018-10-20 23:14 - 001919488 ____N (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-11-13 16:39 - 2018-10-20 23:14 - 001854976 ____N (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-11-13 16:39 - 2018-10-20 23:14 - 000932352 ____N (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-11-13 16:39 - 2018-10-20 23:14 - 000632320 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2018-11-13 16:39 - 2018-10-20 23:14 - 000453632 ____N (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2018-11-13 16:39 - 2018-10-20 23:14 - 000311296 ____N (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2018-11-13 16:39 - 2018-10-20 23:02 - 002966528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-11-13 16:39 - 2018-10-20 23:02 - 000157184 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\spacebridge.dll
2018-11-13 16:39 - 2018-10-20 23:01 - 001189376 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2018-11-13 16:39 - 2018-10-20 23:01 - 000168448 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2018-11-13 16:39 - 2018-10-20 23:00 - 000214528 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\scecli.dll
2018-11-13 16:39 - 2018-10-20 22:59 - 000602112 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2018-11-13 16:39 - 2018-10-20 22:58 - 001124352 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdprt.dll
2018-11-13 16:39 - 2018-10-20 22:58 - 000415744 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2018-11-13 16:39 - 2018-10-20 22:58 - 000230912 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2018-11-13 16:39 - 2018-10-20 22:57 - 002611200 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-11-13 16:39 - 2018-10-20 21:59 - 000806320 ____N C:\WINDOWS\SysWOW64\locale.nls
2018-11-13 16:39 - 2018-10-20 21:59 - 000806320 ____N C:\WINDOWS\system32\locale.nls
2018-11-07 12:44 - 2017-11-21 12:03 - 000020624 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\Drivers\wdvpnpbus.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-12-04 18:14 - 2017-05-14 19:20 - 000000000 ____D C:\ProgramData\Intel
2018-12-04 18:14 - 2017-05-14 19:19 - 000000000 ____D C:\Program Files (x86)\Intel
2018-12-04 18:14 - 2017-05-14 19:17 - 000000000 ____D C:\ProgramData\Package Cache
2018-12-04 18:05 - 2017-05-14 19:19 - 000017894 _____ C:\WINDOWS\system32\results.xml
2018-12-04 18:01 - 2017-05-14 19:42 - 000002493 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word.lnk
2018-12-04 18:01 - 2017-05-14 19:42 - 000002492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk
2018-12-04 18:01 - 2017-05-14 19:42 - 000002455 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk
2018-12-04 18:01 - 2017-05-14 19:42 - 000002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2018-12-04 18:01 - 2017-05-14 19:42 - 000000000 ____D C:\Program Files (x86)\Microsoft Office
2018-12-04 16:19 - 2017-05-14 19:17 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2018-12-04 16:19 - 2017-05-14 19:17 - 000000000 ____D C:\Program Files (x86)\Samsung
2018-12-04 16:18 - 2017-05-14 19:17 - 000000000 ____D C:\Program Files\Samsung
2018-12-02 19:40 - 2017-05-15 11:12 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-11-26 17:15 - 2018-07-17 19:20 - 000287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2018-11-26 17:08 - 2018-04-11 15:33 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2018-11-26 01:55 - 2017-05-14 19:22 - 000000000 ____D C:\ProgramData\ColorMode
2018-11-26 01:54 - 2017-05-15 11:50 - 000000000 ____D C:\WINDOWS\MSetup
2018-11-26 00:56 - 2017-03-18 13:03 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-11-26 00:54 - 2017-05-14 19:42 - 000000000 ____D C:\Program Files\Microsoft Office 15
2018-11-26 00:54 - 2017-05-14 19:35 - 000000000 ____D C:\Program Files (x86)\Show Window
2018-11-26 00:54 - 2017-05-14 19:22 - 000000000 ____D C:\WINDOWS\SysWOW64\sda
2018-11-26 00:54 - 2017-05-14 19:22 - 000000000 ____D C:\WINDOWS\RSTLog
2018-11-26 00:54 - 2017-05-14 19:21 - 000000000 ___HD C:\WINDOWS\system32\WLANProfiles
2018-11-26 00:54 - 2017-05-14 19:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-11-26 00:54 - 2017-05-14 19:20 - 000000000 ____D C:\Program Files (x86)\AMD
2018-11-26 00:54 - 2017-05-14 19:19 - 000000000 ____D C:\Program Files (x86)\ATI Technologies
2018-11-26 00:54 - 2017-05-14 19:17 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-11-26 00:54 - 2017-05-14 19:17 - 000000000 ____D C:\ProgramData\Samsung
2018-11-26 00:54 - 2017-05-14 19:17 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-11-26 00:54 - 2017-03-18 18:32 - 000000000 ____D C:\WINDOWS\HoloShell
2018-11-26 00:53 - 2017-05-14 19:20 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-11-13 16:40 - 2018-04-11 15:34 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2018-11-13 16:40 - 2018-04-11 15:34 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll

==================== Files in the root of some directories =======

2018-12-04 16:14 - 2016-07-11 11:08 - 001834672 _____ (Samsung Electronics Co., Ltd.) C:\ProgramData\GammaLUTPatch.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-11-26 00:51

==================== End of FRST.txt ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01.12.2018 01
Ran by ross (06-12-2018 08:21:46)
Running from C:\Users\ross\Desktop
Windows 10 Home Version 1803 17134.407 (X64) (2018-11-26 08:57:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3667807937-3850922285-4182402911-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3667807937-3850922285-4182402911-503 - Limited - Disabled)
Guest (S-1-5-21-3667807937-3850922285-4182402911-501 - Limited - Disabled)
ross (S-1-5-21-3667807937-3850922285-4182402911-1003 - Administrator - Enabled) => C:\Users\ross
WDAGUtilityAccount (S-1-5-21-3667807937-3850922285-4182402911-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Air Command (HKLM-x32\...\{3D465F5C-757D-4519-8428-0F608FEDEADF}) (Version: 1.0.27 - Samsung Electronics Co., Ltd.)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Beauty Camera (HKLM-x32\...\{2ED5732A-ACF1-49B4-ABB6-DEC10DC5609C}) (Version: 2.0 - Samsung Electronics Co., Ltd.)
BreakTaker (HKU\S-1-5-21-3667807937-3850922285-4182402911-1003\...\8844479488605395) (Version: 1.2.0.3 - BreakTaker)
Catalyst Control Center Next Localization BR (HKLM\...\{B5588A9D-95DE-BE44-254F-1D6FC6CEC678}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{67710DC9-FF4F-177E-2CF5-36232A996163}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{23D1FD25-EF36-C8DF-6B7E-0E7E93E03EA8}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{96F50490-7867-3E24-D684-61E952AEDBD3}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{A064FBC3-1166-4D7A-7648-B9AE8543174E}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{F4C2CBFA-EA3C-152B-A6BA-48D7BF35C31C}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{1154CBE3-A394-3937-4BE1-04211DEEE87F}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{BC816FCF-A6F4-8CDB-7775-85F1F0E64713}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{482E43DC-3EC6-313C-13B1-D9F1B49DD4B7}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{CE721C01-070A-C750-2DDD-BCC067CB2431}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{6F68E307-228A-7A39-4758-BD16F9A411A2}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{ABF2C62D-8678-1107-158F-8D3A6BE23D5E}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{7AD1B4D8-4D2E-AD7C-D51F-4CA502DC137F}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{5BFC00C5-C16B-F635-7690-1AD559096749}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{46B1E253-0231-DAA4-6C72-56B261075D40}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{2D20EE20-84AC-B33A-B059-BB9C7F9FC12F}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{51E7E3B8-B065-02E7-4536-9AE26354E6FF}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{7599CAB3-4870-C41B-F83C-30C6A16445B6}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{47076665-4419-B285-2CE1-5645FEEE41AE}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{F8119434-2C51-95CF-0D97-CC09D8A8D5BA}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{ACD03AA9-47A2-E6FD-0C23-A48658F72AA0}) (Version: 2017.0413.1040.19176 - Advanced Micro Devices, Inc.) Hidden
ClamWin Free Antivirus 0.99.4 (HKLM-x32\...\ClamWin Free Antivirus_is1) (Version:  - alch)
ColorEngine (HKLM\...\{0B48E952-494A-408B-8D9D-5F3331F96659}) (Version: 4.4 - Samsung Electronics Co., Ltd.)
Cryptomator (HKLM\...\{Cryptomator}}_is1) (Version: 1.4.0 - cryptomator.org)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 70.0.3538.110 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{bb0592a7-5772-4736-9d55-2402740085db}) (Version: 10.1.1.38 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.11003.3588 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 24.20.100.6344 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.9.0.1015 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{7B11A2EA-168E-442A-809E-5F8908A7504F}) (Version: 19.50.1 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{b3782b53-1b6c-436a-b0f0-f65d83ae74d9}) (Version: 3.0.30.1119 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{f8c930bd-0a68-425f-8c11-87723d1e2c97}) (Version: 20.90.0 - Intel Corporation)
ISS_Drivers_x64 (HKLM\...\{6F91DCD1-30DB-449C-AE79-6948BEB15825}) (Version: 3.0.30.1119 - Intel Corporation) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.11029.20079 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3667807937-3850922285-4182402911-1003\...\OneDriveSetup.exe) (Version: 18.212.1021.0008 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.11.25325 (HKLM-x32\...\{6c6356fe-cbfa-4944-9bed-a9e99f45cb7a}) (Version: 14.11.25325.0 - Microsoft Corporation)
Mozilla Firefox 63.0.3 (x64 en-US) (HKLM\...\Mozilla Firefox 63.0.3 (x64 en-US)) (Version: 63.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 63.0.3 - Mozilla)
OEM Application Profile (HKLM-x32\...\{C6D87295-79C5-FB7D-04F1-41EC66F05409}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.11029.20079 - Microsoft Corporation) Hidden
Online Support(S Service) Agent (HKLM\...\{7A99E1BE-45C4-4D08-920C-8416545F9E79}) (Version: 2.2.0 - Samsung Electronics Co., Ltd.)
PX Profile Update (HKLM-x32\...\{1C83420C-150B-6917-DB49-1F2B526697C8}) (Version: 1.00.1. - AMD) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.15063.31235 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8366 - Realtek Semiconductor Corp.)
Realtek PC Camera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.15063.20002 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{04201224-2B34-4EE7-862B-B7BBF89DB3AB}) (Version: 10.16.321.2017 - Realtek)
S Agent (HKLM\...\{061881E0-653B-41CA-839E-2BA6569B5FEE}) (Version: 1.1.69 - Samsung Electronics Co., Ltd.) Hidden
Samsung DPI Configuration (HKLM-x32\...\{E76A4AA2-A91E-4887-BF4F-47A763CE1203}) (Version: 1.0.16 - Samsung Electronics Co., Ltd.)
Samsung PC Cleaner Service (HKLM-x32\...\{BB9DD51C-4ACD-4551-9B42-BA8A34321162}) (Version: 1.0.12 - Samsung Electronics Co., Ltd.)
Samsung Pen Service (HKLM-x32\...\{AF540C1F-6D49-4535-89DF-4F5BECB6E352}) (Version: 1.1.19 - Samsung Electronics Co., Ltd.)
Samsung Power Plan (HKLM-x32\...\{996EC895-5B1B-4A80-917F-85723A204C64}) (Version: 1.0.0 - Samsung Electronics Co., Ltd.)
Samsung Recovery (HKLM\...\{D21EED26-59C0-4315-BDCC-D682496465E9}) (Version: 7.3.0 - Samsung Electronics Co., Ltd.)
Samsung Security (HKLM-x32\...\{9E050681-B812-4A27-A753-A97CE90AAF38}) (Version: 1.00.29 - Samsung Electronics Co., Ltd.)
Samsung Settings (HKLM-x32\...\{D706BAD8-1A03-411B-9A93-F758CE7296A4}) (Version: 3.2.0 - Samsung Electronics Co., Ltd.)
Samsung SideSync (HKLM-x32\...\Samsung SideSync) (Version: 4.7.5.48 - Samsung Electronics Co., Ltd.)
Samsung Update (HKLM-x32\...\{0F8B5C9A-2B91-44BB-8A71-70B4D88D7EB7}) (Version: 2.2.54 - Samsung Electronics Co., Ltd.)
Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.63.0 - Samsung Electronics Co., Ltd.)
Show Window (HKLM-x32\...\{C504FD52-1E12-45FE-B992-3C14D728005E}) (Version: 1.0.0.28 - Samsung Electronics Co., Ltd.)
Signal 1.18.1 (only current user) (HKU\S-1-5-21-3667807937-3850922285-4182402911-1003\...\7d96caee-06e6-597c-9f2f-c7bb2e0948b4) (Version: 1.18.1 - Open Whisper Systems)
teamPL (HKLM\...\{09B0CD9C-5058-4D17-AC2C-6B4737900A08}) (Version: 1.0.15 - Samsung Electronics Co., Ltd.)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}) (Version: 2.51.0.0 - Microsoft Corporation)
User Manual (HKLM-x32\...\{DA11CC4A-5E90-4EA9-8E7B-29D5328E35F0}) (Version: 1.0.00 - Samsung Electronics Co., Ltd.)
Vulkan Run Time Libraries 1.0.33.0 (HKLM\...\VulkanRT1.0.33.0) (Version: 1.0.33.0 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.61.0 (HKLM\...\VulkanRT1.0.61.0) (Version: 1.0.61.0 - LunarG, Inc.) Hidden
Wi-Fi Camera (HKLM\...\{EF3E6EB4-DCD9-4EBC-9889-17AF4DDB0A50}) (Version: 1.0 - Samsung Electronics Co., Ltd)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ContextMenuHandlers1: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a725d1c5e2a76f9f\igfxDTCM.dll [2018-10-26] (Intel Corporation)
ContextMenuHandlers6: [ClamWin] -> {65713842-C410-4f44-8383-BFE01A398C90} => C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll [2008-04-19] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {005DC31E-D800-476B-ADD1-A992D461B07C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-12-03] (Microsoft Corporation)
Task: {006C2648-695F-478D-B44E-6FFDF5DE1640} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-11] ()
Task: {02D92196-10C5-46C7-AA30-BDB949FE9F92} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-04] (Microsoft Corporation)
Task: {053E7EED-E7BA-493E-8CB7-5B9B563314DA} - System32\Tasks\Samsung\SRS\SRS Logon => C:\Program Files\Samsung\Recovery\SRSMessages.exe [2016-12-15] (Samsung Electronics)
Task: {16EA4DB3-FE45-41FD-B167-AB4E5BAEC3CB} - System32\Tasks\ColorEngine => C:\Program Files\Samsung\ColorEngine\ColorEngine.exe [2018-02-14] (Samsung Electronics Co., Ltd.)
Task: {201E2F35-0F48-44EE-A4D4-08AD3D4FF24A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-04] (Microsoft Corporation)
Task: {2184872D-5A5F-4359-AEB6-25FAA05F186A} - System32\Tasks\Samsung\Settings\LaunchSettings => C:\Program Files (x86)\Samsung\Settings\Settings.exe [2018-04-05] (Samsung Electronics Co., Ltd.)
Task: {2FC86D75-427E-45A5-ACB1-CEAF4A232901} - System32\Tasks\RtHDVBg_RUNEP => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-02-08] (Realtek Semiconductor)
Task: {31E6B534-BFF8-464A-A84F-73E9E92205F1} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-12-03] (Microsoft Corporation)
Task: {32352AD2-57A0-4997-9A6A-5E7A7C2F7AC8} - System32\Tasks\Samsung\SamsungPCCleaner\SamsungPCCleanerService => C:\Program Files (x86)\Samsung\SamsungPCCleaner\SamsungPCCleanerService.exe [2017-04-12] (Samsung Electronics Co., Ltd.)
Task: {359AAC8C-83FD-40CA-966E-56B19564592A} - System32\Tasks\PreferredDPI => C:\ProgramData\Samsung\DPICustomizing\FontCustomizing.exe [2017-04-23] (TODO: <Company name>)
Task: {4111E235-6CE7-453B-9329-111BD0BC69AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-03] (Google Inc.)
Task: {45E535E4-6977-4954-A600-8DAB9175602C} - System32\Tasks\Samsung\SamsungSecurity\SamsungSecurityPatternLoginAccountMonitor => C:\Program Files (x86)\Samsung\SamsungSecurity\SMessage.exe [2018-05-28] (Samsung Electronics Co., Ltd.)
Task: {4668AE17-6656-4DD7-8B07-44D9C6C2FA88} - System32\Tasks\Samsung\Settings\SettingsHibernateMonitor => C:\Program Files (x86)\Samsung\Settings\SettingsHibernateMonitor.exe [2018-04-05] (Samsung Electronics Co., Ltd.)
Task: {5B4900BD-94D1-46FB-BB46-1BD469EF5A5B} - System32\Tasks\DPICustomized => C:\ProgramData\Samsung\DPICustomizing\FontCustomizing.exe [2017-04-23] (TODO: <Company name>)
Task: {68B54792-1E7C-4982-B1E9-ED70B26711F3} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-15] (Microsoft Corporation)
Task: {6D48C032-8E07-4E5B-87AF-9DF1D5C3035A} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-04-12] (Advanced Micro Devices, Inc.)
Task: {6D541D66-868B-408B-9528-FE8B2E91FE47} - System32\Tasks\Samsung\SamsungSecurity\SecurityAppMoniter => C:\Program Files (x86)\Samsung\SamsungSecurity\SecurityAppChecker.exe [2018-05-28] (Samsung Electronics Co., Ltd.)
Task: {6D74264F-13CC-4748-8E52-9E67006D3D84} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-12-04] (Microsoft Corporation)
Task: {6D8D0586-8C74-431F-8CD5-510F6F6CF815} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2017-04-26] (Samsung Electronics Co., Ltd.)
Task: {71988ADD-2BD3-4041-898F-FD5851FF82C8} - System32\Tasks\SecTimeSync\TimeSyncInit => C:\Windows\SecTimeSync.exe [2013-08-22] (Samsung Electronics CO., LTD.)
Task: {790F755D-BCD7-4080-8F9C-DF0B3D000D8B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-12-03] (Microsoft Corporation)
Task: {7F56CD24-DADF-4040-B0AD-A64C8746B9C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-12-03] (Google Inc.)
Task: {818BF262-0370-44BA-A2EF-638A4E31C591} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe [2018-12-04] (Microsoft Corporation)
Task: {911E4ED1-DFBA-4F23-B503-CF0AF6D82904} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe [2018-12-03] (Microsoft Corporation)
Task: {9E8E7B26-FFF9-419E-A55B-E92DD2026FF8} - System32\Tasks\ShowWindow => C:\Program Files (x86)\Show Window\Show Window.exe [2017-04-09] (Samsung Electronics Co., Ltd.)
Task: {B5BC801D-02C2-4E79-A477-3FE6211011D9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2018-12-04] (Microsoft Corporation)
Task: {B84BDCFA-68EE-402D-A414-E1E7CE85ABC4} - System32\Tasks\Samsung\Wifi Camera\WiFi Camera Agent => C:\Program Files\Samsung\WiFiCamera\WiFiCameraAgent.exe [2016-11-07] (Samsung Electronics Co., Ltd)
Task: {C36B22E7-E250-4BA2-8206-B008EBB526D1} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2018-12-04] (Microsoft Corporation)
Task: {D2781FA3-0D85-4495-BD55-5CBF8A8F9BD6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2018-12-04] (Microsoft Corporation)
Task: {DE352658-9584-4417-8574-E785937F8055} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2018-11-15] (Microsoft Corporation)
Task: {E9151E15-42BA-4481-BA95-2A82FE8D57A7} - System32\Tasks\Samsung\SamsungSecurity\SamsungSecurityPatternLoginMonitor => C:\Program Files (x86)\Samsung\SamsungSecurity\SMessage.exe [2018-05-28] (Samsung Electronics Co., Ltd.)
Task: {F3168F6B-73B3-44F7-96B5-C55A2A4093C5} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-02-08] (Realtek Semiconductor)
Task: {FEFC791B-EA80-45F4-BDC8-9A1567E845D7} - System32\Tasks\RtHDVBg_CTPreset => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2018-02-08] (Realtek Semiconductor)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-04-11 15:34 - 2018-04-11 15:34 - 000491744 ____N () C:\Windows\System32\InputHost.dll
2017-05-14 19:42 - 2018-12-04 11:11 - 008936256 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2018-04-11 15:34 - 2018-04-11 15:34 - 000472064 ____N () C:\Windows\ShellExperiences\TileControl.dll
2018-04-11 15:34 - 2018-04-11 15:34 - 002759168 ____N () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-11-27 18:39 - 2008-04-19 17:35 - 000080384 _____ () C:\Program Files (x86)\ClamWin\bin\ExpShell64.dll
2018-11-13 16:39 - 2018-10-31 22:55 - 002185216 ____N () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-12-03 17:51 - 2018-12-03 17:52 - 000183808 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
2016-09-12 09:51 - 2016-09-12 09:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-12 09:51 - 2016-09-12 09:51 - 000739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-12 09:51 - 2016-09-12 09:51 - 000014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-12 09:51 - 2016-09-12 09:51 - 000071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-12 09:50 - 2016-09-12 09:50 - 000011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-12 09:50 - 2016-09-12 09:50 - 002013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-12 09:51 - 2016-09-12 09:51 - 000191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2018-10-25 22:53 - 2018-10-25 22:53 - 000151944 _____ () C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_a725d1c5e2a76f9f\igdinfo64.dll
2018-02-14 15:28 - 2018-02-14 15:28 - 000067744 _____ () C:\Program Files\Samsung\ColorEngine\WinMove.dll
2018-12-03 18:00 - 2018-12-03 18:00 - 004183040 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Calculator.exe
2018-12-03 17:43 - 2018-12-03 17:44 - 004472952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1809.2731.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-12-03 17:51 - 2018-12-03 17:52 - 000009216 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ImagePipelineNative.dll
2018-12-03 17:51 - 2018-12-03 17:52 - 000060416 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\ChakraBridge.dll
2017-01-24 14:26 - 2017-01-24 14:26 - 000032432 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WSABI.dll
2018-05-28 11:07 - 2018-05-28 11:07 - 000059632 _____ () C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\ModuleSecureFolder.dll
2018-11-27 18:39 - 2005-02-08 17:23 - 000979005 _____ () C:\Program Files (x86)\ClamWin\bin\python23.dll
2018-11-27 18:39 - 2004-11-20 03:27 - 000069632 _____ () C:\Program Files (x86)\ClamWin\lib\win32api.pyd
2018-11-27 18:39 - 2004-10-11 20:21 - 000094208 _____ () C:\Program Files (x86)\ClamWin\lib\pywintypes23.dll
2018-11-27 18:39 - 2004-05-25 21:18 - 000057401 _____ () C:\Program Files (x86)\ClamWin\lib\_sre.pyd
2018-11-27 18:39 - 2004-11-20 03:27 - 000086016 _____ () C:\Program Files (x86)\ClamWin\lib\win32gui.pyd
2018-11-27 18:39 - 2004-11-20 03:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32event.pyd
2018-11-27 18:39 - 2004-11-20 03:27 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\win32process.pyd
2018-11-27 18:39 - 2004-05-25 21:18 - 000049212 _____ () C:\Program Files (x86)\ClamWin\lib\_socket.pyd
2018-11-27 18:39 - 2004-05-25 21:18 - 000495616 _____ () C:\Program Files (x86)\ClamWin\lib\_ssl.pyd
2018-11-27 18:39 - 2004-05-25 21:20 - 000036864 _____ () C:\Program Files (x86)\ClamWin\lib\_winreg.pyd
2018-11-27 18:39 - 2004-10-11 20:22 - 000315392 _____ () C:\Program Files (x86)\ClamWin\lib\pythoncom23.dll
2018-11-27 18:39 - 2004-11-20 03:27 - 000106496 _____ () C:\Program Files (x86)\ClamWin\lib\shell.pyd
2018-11-27 18:39 - 2004-11-20 03:27 - 000065536 _____ () C:\Program Files (x86)\ClamWin\lib\win32security.pyd
2018-11-27 18:39 - 2004-01-15 14:45 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\_ctypes.pyd
2018-11-27 18:39 - 2004-11-20 03:27 - 000077824 _____ () C:\Program Files (x86)\ClamWin\lib\win32file.pyd
2018-11-27 18:39 - 2004-11-20 03:27 - 000024576 _____ () C:\Program Files (x86)\ClamWin\lib\win32pipe.pyd
2018-11-27 18:39 - 2003-10-01 13:40 - 002240512 _____ () C:\Program Files (x86)\ClamWin\lib\wxc.pyd
2018-11-27 18:39 - 2003-10-01 11:43 - 003239936 _____ () C:\Program Files (x86)\ClamWin\lib\wxmsw24h.dll
2018-11-27 18:39 - 2003-08-10 09:14 - 000061440 _____ () C:\Program Files (x86)\ClamWin\lib\mxDateTime.pyd
2018-11-27 18:39 - 2004-05-25 21:17 - 000622651 _____ () C:\Program Files (x86)\ClamWin\lib\_bsddb.pyd
2018-11-27 18:39 - 2004-05-25 21:19 - 000045117 _____ () C:\Program Files (x86)\ClamWin\lib\datetime.pyd

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3667807937-3850922285-4182402911-1003\...\sharepoint.com -> hxxps://mailccsf-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-18 13:03 - 2018-12-03 23:14 - 000000853 _____ C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 cryptomator-vault

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3667807937-3850922285-4182402911-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Samsung\Samsung_wallpaper.jpg
DNS Servers: 192.168.43.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7A1DE343-ED62-4341-A87B-F2F41D77DABC}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{72247E91-06F4-4979-98DF-35ACBF7A4905}] => (Allow) C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe
FirewallRules: [{14BB5E07-D173-4600-8E64-276CF137F9D9}] => (Allow) C:\Program Files\Samsung\WiFiCamera\WiFiCameraAgent.exe
FirewallRules: [{2C413881-D0F4-4B12-B4BA-252F2E2C3B13}] => (Allow) C:\Program Files\Samsung\WiFiCamera\WiFiCameraAgent.exe
FirewallRules: [{4A97DD41-E7A6-43BF-926E-E3E0A0BAC550}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{8F05DD1C-A3B7-46F4-B907-09EE5AEEC879}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{773750A6-9CB6-4290-8DA9-4EB1F23D8EE7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{AFE45B5C-5679-4713-A94E-B96DACDCA005}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{671431BC-983E-4037-B643-5CF09306AA30}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{ED098899-55F5-4C29-A76F-80A3A91C2EE7}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{084FC9B6-38A9-459D-B9B7-D2A9C37E462E}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{9F6A1D2A-0BB0-41C9-9893-17FCD2473ECB}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{53F943FC-5DE2-48F9-A56E-8AF807E8DD86}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [{69C26A4E-9DDC-4C73-A451-2BD80C272905}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.94.262.0_x86__zpdnekdrzrea0\Spotify.exe
FirewallRules: [TCP Query User{9090DCAE-8F42-4812-9DA6-E5A0E6CB7E51}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [UDP Query User{550FE123-3567-4C28-B021-CB7F8591ECAE}C:\program files\cryptomator\cryptomator.exe] => (Allow) C:\program files\cryptomator\cryptomator.exe
FirewallRules: [{299810D1-738A-4180-BAA3-67B5E182DC98}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{5FB157F7-7874-4361-B259-BDAD11FECA0D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2A3A3134-69F5-44ED-AB1F-D902CD8D294E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{529F1FD3-3F92-4E36-8CEC-5540F2D93ACA}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{0E0C118E-372C-483D-BFD9-B36B74FAF6E4}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{2D7A9168-5D68-4F2B-AF1E-2F2BED3FA35C}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{6A48A511-FDD0-4E31-9C2C-C97565176FC4}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

==================== Restore Points =========================

30-11-2018 05:35:21 before zapping the registry to disable autorun
02-12-2018 21:21:29 Language Pack Removal
03-12-2018 23:18:14 Installed Samsung Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/06/2018 08:04:56 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (12/06/2018 07:48:01 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x80070057; CorrelationId: {6E4F0EB8-CFD5-4F5F-B4D4-2CDA2506C897}

Error: (12/06/2018 07:47:27 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x80070057; CorrelationId: {BD256BF0-B530-4802-860D-41447A3097A8}

Error: (12/06/2018 07:47:26 AM) (Source: Microsoft Office 16) (EventID: 2011) (User: )
Description: Office Subscription licensing exception: Error Code: 0x80070057; CorrelationId: {BD256BF0-B530-4802-860D-41447A3097A8}

Error: (12/06/2018 07:23:37 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.407_none_fb449d63306391e9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.407_none_42f1d43a44dfbaef.manifest.

Error: (12/04/2018 07:51:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.407_none_fb449d63306391e9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.407_none_42f1d43a44dfbaef.manifest.

Error: (12/04/2018 06:05:51 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (12/04/2018 06:05:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Samsung\SideSync4\SideSync.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.407_none_fb449d63306391e9.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.407_none_42f1d43a44dfbaef.manifest.


System errors:
=============
Error: (12/06/2018 07:26:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/06/2018 07:26:00 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR4.

Error: (12/06/2018 07:23:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/06/2018 07:23:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/06/2018 07:23:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/04/2018 07:51:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/04/2018 07:51:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/04/2018 07:51:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


Windows Defender:
===================================
Date: 2018-12-06 07:42:27.233
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.281.1389.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.15400.5
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-11-26 01:47:03.670
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x8024402c
Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.

Date: 2018-11-26 01:22:03.491
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-26 01:22:03.491
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiSpyware
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-11-26 01:22:03.491
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 0.0.0.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-12-03 17:50:35.786
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

Date: 2018-12-03 17:41:41.398
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\win32kbase.sys that did not meet the Microsoft signing level requirements.

==================== Memory info ===========================

Processor: Intel® Core™ i7-7500U CPU @ 2.70GHz
Percentage of memory in use: 25%
Total physical RAM: 16299.67 MB
Available physical RAM: 12076.56 MB
Total Virtual: 18731.67 MB
Available Virtual: 14171.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.84 GB) (Free:96.76 GB) NTFS
Drive d: (WD Unlocker) (CDROM) (Total:0.01 GB) (Free:0 GB) UDF
Drive e: (My Passport) (Fixed) (Total:3725.99 GB) (Free:3625.72 GB) NTFS
Drive f: () (Removable) (Total:114.53 GB) (Free:80.56 GB) FAT32

\\?\Volume{39d19e8d-63a0-4e72-9b82-af9f7e2d2190}\ (Windows RE tools) (Fixed) (Total:0.49 GB) (Free:0.09 GB) NTFS
\\?\Volume{978d3236-bf16-43b4-b9eb-ad56540050d6}\ (SAMSUNG_REC2) (Fixed) (Total:12.92 GB) (Free:1.7 GB) NTFS
\\?\Volume{3321ae0a-f2b7-481c-4173-636c65706975}\ (SAMSUNG_REC) (Fixed) (Total:1 GB) (Free:0.23 GB) FAT32
\\?\Volume{68d6d3ae-0466-4eb2-8210-b44bdbff60ad}\ (SYSTEM) (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 238.5 GB) (Disk ID: 26EA9241)

Partition: GPT.

========================================================
Disk: 1 (Protective MBR) (Size: 114.6 GB) (Disk ID: 00000000)

Partition: GPT.

========================================================
Disk: 2 (Size: 3726 GB) (Disk ID: 16F2A91F)

Partition: GPT.

==================== End of Addition.txt ============================



#18 Android8888

Android8888

  • Malware Response Team
  • 185 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:07:42 AM

Posted 09 December 2018 - 06:14 AM

Hello temphemp986.
 
I do not see signs of malware in the logs.
 
Let's see what we can find out with RogueKiller.
 
Please download RogueKiller_portable64.exe by Tigzy and save it to your computer Desktop.

  • Now close all programs and Internet browsers and disconnect any USB or external drives from the computer before you run this scan!
  • Right-click on the file RogueKiller_portable64.exe and select Run as administrator to start the tool.
  • Click Yes to accept the User Account Control security warning that may appear.
  • Once the tool is open, click the 'Scan' tab menu and the click the Start Scan button.
  • Wait until the scan has finished. Note: This scan may take some time to complete;
  • Warning: Do NOT remove any entry it found. They may not all be malicious and need to be carefully analyzed.
  • Once finished the results will be displayed. Click on the Open Report button. It will open a new window.
  • Click Export TXT to export the report as a text file, give a name to the file such as RKlog.txt and save it to your computer Desktop.
  • Close RogueKiller.

Please attach the RKlog.txt to your next reply for my review.

 

Thank you.

 

Android8888


Proud graduate of SpywareInfo

Member of UNITE - Unified Network of Instructors and Trusted Eliminators

Website: http://android8888.comlu.com

Tavira - Here's where I live!


#19 temphemp986

temphemp986
  • Topic Starter

  • Members
  • 16 posts
  • ONLINE
  •  

Posted Today, 02:11 AM

Hello Android888,

Attached is the RKlog.txt file.  Thank you!

 

Rosie



#20 temphemp986

temphemp986
  • Topic Starter

  • Members
  • 16 posts
  • ONLINE
  •  

Posted Today, 02:13 AM

Not sure if the attachment went through but here is text from the file:

 

 

 

RogueKiller Anti-Malware V13.0.16.0 (x64) [Dec 10 2018] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 10 (10.0.17134) 64 bits
Started in : Normal mode
User : ross [Administrator]
Started from : C:\Users\ross\Desktop\RogueKiller_portable64.exe
Mode : Standard Scan, Scan -- Date : 2018/12/11 22:34:03 (Duration : 00:06:49)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Process Modules ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Tasks ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Suspicious.Path (Potentially Malicious)] (Samsung Electronics CO., LTD.) \SecTimeSync\TimeSyncInit -- C:\Windows\SecTimeSync.exe [/TASK] -> Found

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ WMI ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Hosts File ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Files ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Web browsers ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
 






2 user(s) are reading this topic

1 members, 1 guests, 0 anonymous users


    temphemp986