Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01.09.2018 03 Ran by pc666 (administrator) on 7090FRT (03-09-2018 23:40:35) Running from C:\Users\pc666\Downloads Loaded Profiles: pc666 (Available Profiles: pc666 & me333) Platform: Windows 10 Home Version 1803 17134.254 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\LsaIso.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel Corporation) C:\Windows\System32\ibtsiva.exe (Microsoft Corporation) C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe () C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\IntelCpHDCPSvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe () C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe (Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe (Intel Corporation) C:\Windows\System32\Intel\DPTF\dptf_helper.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\k127153.inf_amd64_3f3936d8dec668b8\igfxEM.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18071.11811.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (ExpressVPN) C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVPN.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\cmd.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (The OpenVPN Project) C:\Program Files (x86)\ExpressVPN\xvpnd\windows\openvpn.exe (Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_67efe445e1ece117\aesm_service.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Brave Software) C:\Users\pc666\AppData\Local\Brave\app-0.23.105\Brave.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Farbar) C:\Users\pc666\Downloads\fbra64.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9080848 2016-11-22] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-07-06] (Apple Inc.) HKU\S-1-5-21-854904512-2378485669-3065290004-1001\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [18630056 2018-08-25] (Piriform Ltd) HKU\S-1-5-21-854904512-2378485669-3065290004-1001\...\Run: [ExpressVPN4] => C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVPN.exe [810624 2018-07-03] (ExpressVPN) GroupPolicy: Restriction ? <==== ATTENTION GroupPolicy\User: Restriction ? <==== ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 114.108.195.1 114.108.193.201 Tcpip\..\Interfaces\{03e35017-ac32-44d9-b236-c2d2c3e52f92}: [DhcpNameServer] 10.147.0.1 Tcpip\..\Interfaces\{6a7c1f6f-e9d0-41a8-9a4e-9864e75e8219}: [DhcpNameServer] 114.108.195.1 114.108.193.201 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2018-08-29] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2018-08-29] (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2018-08-29] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: ekbwcdjg.Default User FF ProfilePath: C:\Users\pc666\AppData\Roaming\Mozilla\Firefox\Profiles\1n3boaez.default [2018-09-03] FF ProfilePath: C:\Users\pc666\AppData\Roaming\Mozilla\Firefox\Profiles\ekbwcdjg.Default User [2018-09-03] FF Extension: (Control the ExpressVPN app for Windows and Mac from your browser: Connect and check your VPN status.) - C:\Users\pc666\AppData\Roaming\Mozilla\Firefox\Profiles\ekbwcdjg.Default User\Extensions\firefox-addon@expressvpn.com.xpi [2018-07-28] FF Extension: (Privacy Badger) - C:\Users\pc666\AppData\Roaming\Mozilla\Firefox\Profiles\ekbwcdjg.Default User\Extensions\jid1-MnnxcxisBPnSXQ@jetpack.xpi [2018-08-26] FF Extension: (uBlock Origin) - C:\Users\pc666\AppData\Roaming\Mozilla\Firefox\Profiles\ekbwcdjg.Default User\Extensions\uBlock0@raymondhill.net.xpi [2018-08-27] FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2018-08-29] (Microsoft Corporation) ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AESMService; C:\WINDOWS\System32\DriverStore\FileRepository\sgx_psw.inf_amd64_67efe445e1ece117\aesm_service.exe [3255240 2018-04-27] (Intel Corporation) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-07-05] (Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3058392 2017-12-12] (Microsoft Corporation) R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1705040 2017-11-21] (Intel Corporation) R2 ExpressVpnService; C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe [339168 2018-07-03] () R2 ibtsiva; C:\WINDOWS\system32\ibtsiva.exe [542320 2018-01-10] (Intel Corporation) R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6541008 2018-05-09] (Malwarebytes) S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [329736 2016-11-22] (Realtek Semiconductor) S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-11] () S3 sshd; C:\WINDOWS\System32\OpenSSH\sshd.exe [970240 2018-05-20] () S3 SshdBroker; C:\WINDOWS\System32\SshdBroker.dll [286208 2018-08-09] (Microsoft Corporation) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe [3905952 2018-08-22] (Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe [110944 2018-08-22] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [41608 2018-02-10] (Dell Inc.) S3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [41208 2018-02-10] (Dell Computer Corporation) S3 dg_ssudbus; C:\WINDOWS\System32\drivers\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd.) R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [74144 2017-11-08] (Intel Corporation) R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [69536 2017-11-21] (Intel Corporation) R3 esif_lf; C:\WINDOWS\System32\drivers\esif_lf.sys [382880 2017-11-21] (Intel Corporation) R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [152688 2018-07-12] (Malwarebytes) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys [28160 2018-07-03] () R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54816 2016-10-29] (Intel Corporation) S3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [31328 2016-08-10] (Intel) R3 iaLPSS2_GPIO2; C:\WINDOWS\System32\drivers\iaLPSS2_GPIO2.sys [98968 2017-10-15] (Intel Corporation) R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [136128 2018-01-10] (Intel Corporation) S4 IObitUnlocker; C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.sys [66824 2017-06-15] (IObit) R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [143984 2016-09-18] (Intel) S3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [80496 2016-08-18] (Intel) R3 kmloop; C:\WINDOWS\System32\drivers\loop.sys [16896 2018-04-12] (Microsoft Corporation) R0 MBAMChameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [193256 2018-09-03] (Malwarebytes) R3 MBAMFarflt; C:\WINDOWS\System32\DRIVERS\farflt.sys [117472 2018-09-03] (Malwarebytes) R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [52328 2018-09-03] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [259360 2018-09-03] (Malwarebytes) R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [109872 2018-09-03] (Malwarebytes) S3 Microsoft_Bluetooth_AvrcpTransport; C:\WINDOWS\system32\DRIVERS\Microsoft.Bluetooth.AvrcpTransport.sys [46592 2018-04-12] (Microsoft Corporation) S3 netr28ux; C:\WINDOWS\System32\drivers\netr28ux.sys [2224128 2018-04-12] (MediaTek Inc.) R3 Netwtw04; C:\WINDOWS\system32\DRIVERS\Netwtw04.sys [8623128 2018-04-04] (Intel Corporation) R1 npcap; C:\WINDOWS\system32\DRIVERS\npcap.sys [81688 2018-03-03] (Insecure.Com LLC.) S3 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R0 pwdrvio; C:\WINDOWS\System32\pwdrvio.sys [19152 2013-09-30] () S3 pwdspio; C:\WINDOWS\system32\pwdspio.sys [12504 2013-09-30] () S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [424384 2018-02-27] (Realsil Semiconductor Corporation) R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3224576 2017-03-29] (Realtek Semiconductor Corp.) S3 ssudqcfilter; C:\WINDOWS\System32\drivers\ssudqcfilter.sys [64912 2017-05-18] (QUALCOMM Incorporated) R3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [45024 2018-07-03] (The OpenVPN Project) S3 TRLNDISMON; C:\WINDOWS\system32\DRIVERS\TRLNDISMON.sys [31392 2017-02-14] (Tarlogic) R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [40008 2015-06-25] (Intel Corporation) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [46584 2018-08-22] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [340008 2018-08-22] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61992 2018-08-22] (Microsoft Corporation) U4 npcap_wifi; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-03 23:40 - 2018-09-03 23:40 - 000014440 _____ C:\Users\pc666\Downloads\FRST.txt 2018-09-03 23:40 - 2018-09-03 23:40 - 000000000 ____D C:\FRST 2018-09-03 23:27 - 2018-09-03 23:28 - 000109872 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys 2018-09-03 23:27 - 2018-09-03 23:27 - 000193256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MbamChameleon.sys 2018-09-03 23:27 - 2018-09-03 23:27 - 000117472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys 2018-09-03 23:27 - 2018-09-03 23:27 - 000052328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys 2018-09-03 23:27 - 2018-09-03 23:27 - 000000000 ____D C:\Users\pc666\AppData\Local\mbam 2018-09-03 23:26 - 2018-09-03 23:26 - 000259360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys 2018-09-03 23:26 - 2018-09-03 23:26 - 000001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2018-09-03 23:26 - 2018-09-03 23:26 - 000000000 ____D C:\ProgramData\Malwarebytes 2018-09-03 23:26 - 2018-09-03 23:26 - 000000000 ____D C:\Program Files\Malwarebytes 2018-09-03 23:26 - 2018-07-12 08:42 - 000152688 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbae64.sys 2018-09-03 23:25 - 2018-09-03 23:25 - 002413056 _____ (Farbar) C:\Users\pc666\Downloads\fbra64.exe 2018-09-03 23:23 - 2018-09-03 23:25 - 079348832 _____ (Malwarebytes ) C:\Users\pc666\Downloads\mb3-setup-consumer-3.5.1.2522-1.0.441-1.0.6609.exe 2018-09-03 22:54 - 2018-09-03 22:54 - 000032768 _____ C:\Users\pc666\Documents\EasyBCD Backup (2018-09-03).bcd 2018-09-03 22:54 - 2018-09-03 22:54 - 000000000 ____D C:\Users\pc666\AppData\Local\NeoSmart_Technologies 2018-09-03 22:54 - 2018-09-03 22:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies 2018-09-03 22:54 - 2018-09-03 22:54 - 000000000 ____D C:\Program Files (x86)\NeoSmart Technologies 2018-09-03 22:53 - 2018-09-03 22:53 - 001923704 _____ C:\Users\pc666\Downloads\EasyBCD 2.3.exe 2018-09-03 22:44 - 2018-09-03 22:44 - 000000000 ____D C:\EFI 2018-09-03 13:11 - 2018-09-03 13:11 - 000001317 _____ C:\WINDOWS\PWCMDLST.BAK 2018-09-03 11:58 - 2018-09-03 11:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Unlocker 2018-09-03 11:57 - 2018-09-03 11:58 - 000001255 _____ C:\Users\Public\Desktop\IObit Unlocker.lnk 2018-09-03 11:57 - 2018-09-03 11:57 - 000000000 ____D C:\ProgramData\IObit 2018-09-03 11:57 - 2018-09-03 11:57 - 000000000 ____D C:\Program Files (x86)\IObit 2018-09-03 11:55 - 2018-09-03 11:56 - 006521336 _____ C:\Users\pc666\Downloads\a31aabe6-ee9d-40fa-839f-b3550e01a6c9.tmp 2018-09-03 09:40 - 2018-09-03 11:32 - 000000000 ____D C:\ProgramData\PCDr 2018-09-03 09:38 - 2018-09-03 11:32 - 000000000 ____D C:\ProgramData\SupportAssist 2018-09-03 09:38 - 2018-09-03 11:32 - 000000000 ____D C:\Program Files\Dell 2018-09-03 09:38 - 2018-09-03 09:38 - 000000000 ____D C:\ProgramData\Dell Inc 2018-09-02 22:12 - 2018-09-02 22:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard 10 2018-09-02 22:12 - 2018-09-02 22:12 - 000000000 ____D C:\Program Files\MiniTool Partition Wizard 10 2018-09-02 22:12 - 2018-08-14 10:07 - 003550720 _____ C:\WINDOWS\system32\pwNative.exe 2018-09-02 22:12 - 2013-09-30 15:26 - 000019152 _____ C:\WINDOWS\system32\pwdrvio.sys 2018-09-02 22:12 - 2013-09-30 15:26 - 000012504 _____ C:\WINDOWS\system32\pwdspio.sys 2018-09-02 22:08 - 2018-09-02 22:10 - 081089488 _____ (MiniTool Solution Ltd. ) C:\Users\pc666\Downloads\pw102-free.exe 2018-09-02 21:09 - 2018-09-02 21:10 - 000000000 ____D C:\WINDOWS\SysWOW64\rufus_files 2018-09-02 21:03 - 2018-09-02 21:03 - 001018424 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\WINDOWS\SysWOW64\rufus-3.1.exe 2018-09-02 20:54 - 2018-09-02 21:27 - 000000258 __RSH C:\ProgramData\ntuser.pol 2018-09-02 20:32 - 2018-09-02 20:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Writer 2018-09-02 20:32 - 2018-09-02 20:32 - 000000000 ____D C:\Program Files (x86)\ImageWriter 2018-09-02 20:22 - 2018-09-02 20:22 - 000000071 _____ C:\Users\pc666\Downloads\md5sum.txt 2018-09-02 20:08 - 2018-09-02 20:09 - 000000000 ____D C:\Users\pc666\Documents\pgp Key 2018-09-02 20:03 - 2018-09-02 20:15 - 000000982 _____ C:\Users\pc666\Downloads\SHA256SUMS.txt 2018-09-02 19:59 - 2018-09-02 19:59 - 000000982 _____ C:\Users\pc666\Downloads\SHA256SUMS 2018-09-02 19:59 - 2018-09-02 19:59 - 000000833 _____ C:\Users\pc666\Downloads\SHA256SUMS.gpg 2018-09-02 19:55 - 2018-09-02 19:55 - 000000000 ____D C:\Users\pc666\AppData\Local\Microsoft_Corporation 2018-09-02 19:47 - 2018-09-02 20:38 - 000000000 ____D C:\Users\pc666\AppData\Roaming\kleopatra 2018-09-02 19:47 - 2018-09-02 20:09 - 000000000 ____D C:\Users\pc666\AppData\Roaming\gnupg 2018-09-02 19:47 - 2018-09-02 19:47 - 000002118 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kleopatra.lnk 2018-09-02 19:47 - 2018-09-02 19:47 - 000002106 _____ C:\Users\Public\Desktop\Kleopatra.lnk 2018-09-02 19:47 - 2018-09-02 19:47 - 000000000 ____D C:\Program Files (x86)\Gpg4win 2018-09-02 19:47 - 2018-09-02 19:47 - 000000000 ____D C:\Program Files (x86)\GnuPG 2018-09-02 19:46 - 2018-09-02 19:46 - 028355272 _____ (Intevation GmbH) C:\Users\pc666\Downloads\gpg4win-3.1.3.exe 2018-09-02 19:26 - 2018-09-02 19:26 - 000119600 _____ (Microsoft Corporation) C:\Users\pc666\Downloads\Windows-KB841290-x86-ENU.exe 2018-09-02 18:40 - 2018-09-02 19:39 - 3188391936 _____ C:\Users\pc666\Downloads\kali-linux-2018.3-amd64.iso 2018-09-02 17:53 - 2018-09-02 17:53 - 000000974 _____ C:\Users\pc666\Desktop\Acrylic Wi-Fi Professional.lnk 2018-09-02 17:53 - 2018-09-02 17:53 - 000000000 ____D C:\Users\pc666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acrylic Wi-Fi Professional 2018-09-02 05:57 - 2018-09-02 05:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2018-09-02 05:57 - 2018-09-02 05:57 - 000000000 ____D C:\Program Files (x86)\WinPcap 2018-09-02 04:20 - 2018-09-02 04:52 - 000000000 ____D C:\Users\pc666\Documents\MY LOGS 2018-09-01 23:19 - 2018-09-01 23:19 - 000465276 _____ C:\Users\pc666\Documents\g2nd one.pcapng 2018-09-01 23:02 - 2018-09-01 23:02 - 006310676 _____ C:\Users\pc666\Documents\ftyyu.pcapng 2018-09-01 22:16 - 2018-09-01 22:16 - 000262168 _____ C:\Users\pc666\Documents\44t3.pcapng 2018-09-01 15:34 - 2018-09-01 15:34 - 000001829 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk 2018-09-01 12:14 - 2018-09-01 12:15 - 000007605 _____ C:\Users\pc666\AppData\Local\Resmon.ResmonCfg 2018-09-01 10:02 - 2018-09-01 10:02 - 000003242 _____ C:\Users\pc666\AppData\Local\recently-used.xbel 2018-09-01 04:31 - 2018-08-09 17:32 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2018-09-01 04:31 - 2018-08-09 17:31 - 001617728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2018-09-01 04:31 - 2018-08-09 17:31 - 000766872 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll 2018-09-01 04:31 - 2018-08-09 17:31 - 000253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2018-09-01 04:31 - 2018-08-09 17:31 - 000236624 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2018-09-01 04:31 - 2018-08-09 17:17 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll 2018-09-01 04:31 - 2018-08-09 17:14 - 012709376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2018-09-01 04:31 - 2018-08-09 17:14 - 000466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2018-09-01 04:31 - 2018-08-09 17:14 - 000326144 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollUI.dll 2018-09-01 04:31 - 2018-08-09 17:14 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll 2018-09-01 04:31 - 2018-08-09 17:13 - 000521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv 2018-09-01 04:31 - 2018-08-09 17:13 - 000517120 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe 2018-09-01 04:31 - 2018-08-09 17:13 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2018-09-01 04:31 - 2018-08-09 17:13 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll 2018-09-01 04:31 - 2018-08-09 17:13 - 000223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll 2018-09-01 04:31 - 2018-08-09 17:12 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2018-09-01 04:31 - 2018-08-09 17:12 - 001787392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2018-09-01 04:31 - 2018-08-09 17:12 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2018-09-01 04:31 - 2018-08-09 17:11 - 003652608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2018-09-01 04:31 - 2018-08-09 17:11 - 002051584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2018-09-01 04:31 - 2018-08-09 17:11 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll 2018-09-01 04:31 - 2018-08-09 17:11 - 001004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2018-09-01 04:31 - 2018-08-09 17:11 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2018-09-01 04:31 - 2018-08-09 17:11 - 000181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2018-09-01 04:31 - 2018-08-09 17:10 - 001557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe 2018-09-01 04:31 - 2018-08-09 17:10 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2018-09-01 04:31 - 2018-08-09 17:10 - 000757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2018-09-01 04:31 - 2018-08-09 17:09 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput8.dll 2018-09-01 04:31 - 2018-08-09 17:09 - 000165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\dinput.dll 2018-09-01 04:31 - 2018-08-09 17:09 - 000091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcbuilder.exe 2018-09-01 04:31 - 2018-08-09 16:36 - 000660896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll 2018-09-01 04:31 - 2018-08-09 16:36 - 000221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditionUpgradeManagerObj.dll 2018-09-01 04:31 - 2018-08-09 16:24 - 011901952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2018-09-01 04:31 - 2018-08-09 16:24 - 000131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll 2018-09-01 04:31 - 2018-08-09 16:23 - 001308160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2018-09-01 04:31 - 2018-08-09 16:23 - 000291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollUI.dll 2018-09-01 04:31 - 2018-08-09 16:22 - 001452544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2018-09-01 04:31 - 2018-08-09 16:22 - 000668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2018-09-01 04:31 - 2018-08-09 16:22 - 000485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2018-09-01 04:31 - 2018-08-09 16:22 - 000429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe 2018-09-01 04:31 - 2018-08-09 16:22 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2018-09-01 04:31 - 2018-08-09 16:21 - 002894848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2018-09-01 04:31 - 2018-08-09 16:21 - 002016768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2018-09-01 04:31 - 2018-08-09 16:21 - 001274368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe 2018-09-01 04:31 - 2018-08-09 16:21 - 000775168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2018-09-01 04:31 - 2018-08-09 16:20 - 002401792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll 2018-09-01 04:31 - 2018-08-09 16:20 - 000423424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv 2018-09-01 04:31 - 2018-08-09 16:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput8.dll 2018-09-01 04:31 - 2018-08-09 16:20 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dinput.dll 2018-09-01 04:31 - 2018-08-09 16:19 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mcbuilder.exe 2018-09-01 04:31 - 2018-08-09 14:34 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll 2018-09-01 04:31 - 2018-08-09 13:44 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll 2018-09-01 04:31 - 2018-08-09 13:02 - 001035144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe 2018-09-01 04:31 - 2018-08-09 13:01 - 000777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\pkeyhelper.dll 2018-09-01 04:31 - 2018-08-09 13:01 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll 2018-09-01 04:31 - 2018-08-09 13:01 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll 2018-09-01 04:31 - 2018-08-09 12:55 - 001222440 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2018-09-01 04:31 - 2018-08-09 12:55 - 001030952 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2018-09-01 04:31 - 2018-08-09 12:55 - 000568600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe 2018-09-01 04:31 - 2018-08-09 12:55 - 000230304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2018-09-01 04:31 - 2018-08-09 12:55 - 000136488 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll 2018-09-01 04:31 - 2018-08-09 12:55 - 000077608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2018-09-01 04:31 - 2018-08-09 12:54 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2018-09-01 04:31 - 2018-08-09 12:54 - 001019016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll 2018-09-01 04:31 - 2018-08-09 12:54 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2018-09-01 04:31 - 2018-08-09 12:54 - 000375704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2018-09-01 04:31 - 2018-08-09 12:54 - 000203568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2018-09-01 04:31 - 2018-08-09 12:54 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2018-09-01 04:31 - 2018-08-09 12:53 - 009092904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2018-09-01 04:31 - 2018-08-09 12:53 - 002765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2018-09-01 04:31 - 2018-08-09 12:53 - 001947720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2018-09-01 04:31 - 2018-08-09 12:53 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll 2018-09-01 04:31 - 2018-08-09 12:53 - 001026456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2018-09-01 04:31 - 2018-08-09 12:53 - 000932136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2018-09-01 04:31 - 2018-08-09 12:53 - 000887280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2018-09-01 04:31 - 2018-08-09 12:53 - 000714792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll 2018-09-01 04:31 - 2018-08-09 12:53 - 000482480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll 2018-09-01 04:31 - 2018-08-09 12:53 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll 2018-09-01 04:31 - 2018-08-09 12:53 - 000125600 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptxml.dll 2018-09-01 04:31 - 2018-08-09 12:37 - 025847296 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2018-09-01 04:31 - 2018-08-09 12:32 - 022715392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2018-09-01 04:31 - 2018-08-09 12:30 - 000829856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2018-09-01 04:31 - 2018-08-09 12:30 - 000183992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2018-09-01 04:31 - 2018-08-09 12:29 - 006567872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2018-09-01 04:31 - 2018-08-09 12:29 - 002253584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2018-09-01 04:31 - 2018-08-09 12:29 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2018-09-01 04:31 - 2018-08-09 12:29 - 001174552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll 2018-09-01 04:31 - 2018-08-09 12:29 - 001129640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll 2018-09-01 04:31 - 2018-08-09 12:29 - 000581696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll 2018-09-01 04:31 - 2018-08-09 12:29 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2018-09-01 04:31 - 2018-08-09 12:29 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2018-09-01 04:31 - 2018-08-09 12:29 - 000099208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptxml.dll 2018-09-01 04:31 - 2018-08-09 12:28 - 003395072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2018-09-01 04:31 - 2018-08-09 12:28 - 001589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll 2018-09-01 04:31 - 2018-08-09 12:28 - 000108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdPinAuthLsa.dll 2018-09-01 04:31 - 2018-08-09 12:27 - 000449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSftp.exe 2018-09-01 04:31 - 2018-08-09 12:27 - 000428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2018-09-01 04:31 - 2018-08-09 12:27 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshdBroker.dll 2018-09-01 04:31 - 2018-08-09 12:27 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\eShims.dll 2018-09-01 04:31 - 2018-08-09 12:27 - 000051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe 2018-09-01 04:31 - 2018-08-09 12:26 - 007577088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2018-09-01 04:31 - 2018-08-09 12:26 - 000990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2018-09-01 04:31 - 2018-08-09 12:26 - 000572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll 2018-09-01 04:31 - 2018-08-09 12:26 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2018-09-01 04:31 - 2018-08-09 12:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshSession.exe 2018-09-01 04:31 - 2018-08-09 12:26 - 000382976 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshBroker.dll 2018-09-01 04:31 - 2018-08-09 12:26 - 000319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe 2018-09-01 04:31 - 2018-08-09 12:26 - 000264192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SshProxy.dll 2018-09-01 04:31 - 2018-08-09 12:26 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll 2018-09-01 04:31 - 2018-08-09 12:26 - 000221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll 2018-09-01 04:31 - 2018-08-09 12:26 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2018-09-01 04:31 - 2018-08-09 12:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2018-09-01 04:31 - 2018-08-09 12:25 - 004380160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll 2018-09-01 04:31 - 2018-08-09 12:25 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2018-09-01 04:31 - 2018-08-09 12:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll 2018-09-01 04:31 - 2018-08-09 12:25 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2018-09-01 04:31 - 2018-08-09 12:25 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll 2018-09-01 04:31 - 2018-08-09 12:25 - 000797184 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll 2018-09-01 04:31 - 2018-08-09 12:25 - 000596992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll 2018-09-01 04:31 - 2018-08-09 12:25 - 000460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2018-09-01 04:31 - 2018-08-09 12:25 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSMedicSvc.dll 2018-09-01 04:31 - 2018-08-09 12:25 - 000145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2018-09-01 04:31 - 2018-08-09 12:24 - 002368512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll 2018-09-01 04:31 - 2018-08-09 12:24 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll 2018-09-01 04:31 - 2018-08-09 12:24 - 001535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2018-09-01 04:31 - 2018-08-09 12:24 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll 2018-09-01 04:31 - 2018-08-09 12:23 - 003148288 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll 2018-09-01 04:31 - 2018-08-09 12:23 - 002904064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2018-09-01 04:31 - 2018-08-09 12:23 - 002172928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2018-09-01 04:31 - 2018-08-09 12:23 - 001803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2018-09-01 04:31 - 2018-08-09 12:23 - 000916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2018-09-01 04:31 - 2018-08-09 12:22 - 022007808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2018-09-01 04:31 - 2018-08-09 12:22 - 004615680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2018-09-01 04:31 - 2018-08-09 12:22 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2018-09-01 04:31 - 2018-08-09 12:22 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2018-09-01 04:31 - 2018-08-09 12:22 - 001551360 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2018-09-01 04:31 - 2018-08-09 12:22 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll 2018-09-01 04:31 - 2018-08-09 12:22 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll 2018-09-01 04:31 - 2018-08-09 12:21 - 001375744 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2018-09-01 04:31 - 2018-08-09 12:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll 2018-09-01 04:31 - 2018-08-09 12:16 - 019403776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2018-09-01 04:31 - 2018-08-09 12:13 - 001189376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll 2018-09-01 04:31 - 2018-08-09 12:13 - 000608768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll 2018-09-01 04:31 - 2018-08-09 12:13 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnrollCtrl.exe 2018-09-01 04:31 - 2018-08-09 12:12 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll 2018-09-01 04:31 - 2018-08-09 12:12 - 000652288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll 2018-09-01 04:31 - 2018-08-09 12:11 - 005777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2018-09-01 04:31 - 2018-08-09 12:11 - 002900992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2018-09-01 04:31 - 2018-08-09 12:11 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll 2018-09-01 04:31 - 2018-08-09 12:11 - 000471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TileDataRepository.dll 2018-09-01 04:31 - 2018-08-09 12:11 - 000350208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2018-09-01 04:31 - 2018-08-09 12:11 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll 2018-09-01 04:31 - 2018-08-09 12:11 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsAuth.dll 2018-09-01 04:31 - 2018-08-09 12:11 - 000164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll 2018-09-01 04:31 - 2018-08-09 12:11 - 000122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2018-09-01 04:31 - 2018-08-09 12:10 - 002893824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll 2018-09-01 04:31 - 2018-08-09 12:10 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2018-09-01 04:31 - 2018-08-09 12:10 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll 2018-09-01 04:31 - 2018-08-09 12:10 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll 2018-09-01 04:31 - 2018-08-09 12:09 - 004191232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2018-09-01 04:31 - 2018-08-09 12:09 - 001626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2018-09-01 04:31 - 2018-08-09 12:09 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2018-09-01 04:31 - 2018-08-09 12:08 - 000195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll 2018-09-01 04:31 - 2018-08-09 11:08 - 000806416 _____ C:\WINDOWS\SysWOW64\locale.nls 2018-09-01 04:31 - 2018-08-09 11:08 - 000806416 _____ C:\WINDOWS\system32\locale.nls 2018-09-01 04:31 - 2018-08-09 11:08 - 000001314 _____ C:\WINDOWS\system32\tcbres.wim 2018-09-01 04:31 - 2018-06-09 02:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll 2018-09-01 04:26 - 2018-09-02 03:29 - 000000000 ____D C:\Users\pc666\AppData\Roaming\Wireshark 2018-09-01 04:05 - 2018-09-01 15:34 - 000000000 ____D C:\Program Files\Wireshark 2018-09-01 03:14 - 2016-03-17 19:30 - 000097064 _____ (Tarlogic) C:\WINDOWS\system32\airpcap.dll 2018-09-01 03:14 - 2016-03-17 19:30 - 000078632 _____ (Tarlogic) C:\WINDOWS\SysWOW64\airpcap.dll 2018-09-01 03:14 - 2015-03-23 11:00 - 000875472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr110.dll 2018-09-01 03:14 - 2015-03-23 11:00 - 000849360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr110.dll 2018-09-01 03:14 - 2015-03-23 11:00 - 000661456 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110.dll 2018-09-01 03:14 - 2015-03-23 11:00 - 000535008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110.dll 2018-09-01 03:13 - 2018-09-02 17:53 - 000000000 ____D C:\Users\pc666\AppData\Roaming\Acrylic Wi-Fi Professional 2018-09-01 03:13 - 2018-09-02 17:53 - 000000000 ____D C:\Program Files\Acrylic Wi-Fi Professional 2018-09-01 03:13 - 2017-02-14 18:12 - 000031392 _____ (Tarlogic) C:\WINDOWS\system32\Drivers\TRLNDISMON.sys 2018-09-01 03:11 - 2018-09-01 03:11 - 009696048 _____ (Tarlogic Research S.L. ) C:\Users\pc666\Downloads\Acrylic_WiFi_Professional_v4.0.6758.25558-Setup.exe 2018-09-01 02:50 - 2018-09-01 02:50 - 000000000 ____D C:\Users\pc666\AppData\Roaming\Macromedia 2018-09-01 02:50 - 2018-09-01 02:50 - 000000000 ____D C:\Users\pc666\AppData\Roaming\Adobe 2018-08-31 16:44 - 2018-02-11 09:14 - 000183992 _____ C:\g2ldr 2018-08-31 16:44 - 2018-02-11 09:14 - 000008192 _____ C:\g2ldr.mbr 2018-08-31 16:43 - 2018-08-31 16:44 - 000000000 ____D C:\win32-loader 2018-08-31 11:54 - 2018-08-31 11:54 - 000005174 _____ C:\Users\pc666\Documents\.xml half 2018-08-31 08:12 - 2018-08-31 08:12 - 000000000 ____D C:\WINDOWS\Panther 2018-08-31 08:07 - 2018-08-31 08:08 - 006521336 _____ C:\Users\pc666\Downloads\Inspiron_5378_7378_5578_7579_7779_1.26.0 (1).exe 2018-08-31 08:06 - 2018-08-31 08:06 - 006521336 _____ C:\Users\pc666\Downloads\Inspiron_5378_7378_5578_7579_7779_1.26.0.exe 2018-08-31 05:56 - 2018-08-31 05:56 - 000000000 ___RD C:\Users\pc666\Documents\Scanned Documents 2018-08-31 05:56 - 2018-08-31 05:56 - 000000000 ____D C:\Users\pc666\Documents\Fax 2018-08-30 23:34 - 2018-08-30 23:34 - 000000000 ____D C:\Users\pc666\Downloads\latest 2018-08-30 23:33 - 2018-08-30 23:33 - 000165266 _____ C:\Users\pc666\Downloads\latest.zip 2018-08-30 20:14 - 2018-08-30 20:15 - 000000000 ____D C:\Users\pc666\AppData\Local\Intel 2018-08-30 20:14 - 2018-08-30 20:14 - 000000000 ____D C:\Program Files (x86)\Intel 2018-08-30 16:38 - 2018-08-30 16:38 - 000000000 ____D C:\Users\pc666\AppData\Local\__SHARED 2018-08-30 10:01 - 2018-08-30 12:22 - 000000000 ____D C:\WINDOWS\Minidump 2018-08-30 08:58 - 2018-08-30 08:58 - 000000475 _____ C:\Users\pc666\Downloads\brave_wallet_recovery.txt 2018-08-30 03:48 - 2018-08-30 03:48 - 000098170 _____ C:\Users\pc666\Documents\.xml 2018-08-30 00:39 - 2018-08-30 00:39 - 000097421 _____ C:\Users\pc666\.xml 2018-08-29 05:12 - 2018-08-29 05:12 - 002615527 _____ C:\Users\pc666\Downloads\paris shooting fake.mp4 2018-08-28 21:20 - 2018-08-30 23:32 - 000000258 __RSH C:\Users\pc666\ntuser.pol 2018-08-28 00:30 - 2018-07-11 12:52 - 001471384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll 2018-08-27 20:55 - 2018-08-27 21:09 - 028694547 _____ C:\Users\pc666\Downloads\xhamster.com_7519844_indonesian_maid_sucking_white_dick_480p.mp4 2018-08-26 20:12 - 2018-08-26 20:13 - 006274514 _____ C:\Users\pc666\Downloads\xhamster.com_10055489_teensloveanal_analyzing_girl_in_hijab_480p.mp4 2018-08-22 23:53 - 2018-08-03 16:39 - 021389368 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2018-08-22 23:53 - 2018-08-03 16:22 - 001127936 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll 2018-08-22 23:53 - 2018-08-03 16:21 - 000765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll 2018-08-22 23:53 - 2018-08-03 16:20 - 004049408 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2018-08-22 23:53 - 2018-08-03 16:19 - 001661440 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2018-08-22 23:53 - 2018-08-03 15:45 - 000663128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2018-08-22 23:53 - 2018-08-03 15:43 - 020383720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2018-08-22 23:53 - 2018-08-03 15:29 - 000621568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll 2018-08-22 23:53 - 2018-08-03 15:27 - 004050432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2018-08-22 23:53 - 2018-08-03 15:27 - 001469952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2018-08-22 23:53 - 2018-08-03 11:39 - 007436120 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2018-08-22 23:53 - 2018-08-03 11:39 - 002829216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2018-08-22 23:53 - 2018-08-03 11:39 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2018-08-22 23:53 - 2018-08-03 11:39 - 000692240 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2018-08-22 23:53 - 2018-08-03 11:38 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2018-08-22 23:53 - 2018-08-03 11:38 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2018-08-22 23:53 - 2018-08-03 11:38 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2018-08-22 23:53 - 2018-08-03 11:38 - 000604576 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe 2018-08-22 23:53 - 2018-08-03 11:26 - 006043600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2018-08-22 23:53 - 2018-08-03 11:25 - 000539168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2018-08-22 23:53 - 2018-08-03 11:15 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2018-08-22 23:53 - 2018-08-03 11:14 - 004867584 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2018-08-22 23:53 - 2018-08-03 11:13 - 006661632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2018-08-22 23:53 - 2018-08-03 11:12 - 003392000 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll 2018-08-22 23:53 - 2018-08-03 11:12 - 002738688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll 2018-08-22 23:53 - 2018-08-03 11:12 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdp.dll 2018-08-22 23:53 - 2018-08-03 11:11 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2018-08-22 23:53 - 2018-08-03 11:11 - 002700288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll 2018-08-22 23:53 - 2018-08-03 11:11 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll 2018-08-22 23:53 - 2018-08-03 11:10 - 001264640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebManagement.exe 2018-08-22 23:53 - 2018-08-03 11:09 - 001932288 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeangle.dll 2018-08-22 23:53 - 2018-08-03 11:09 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2018-08-22 23:53 - 2018-08-03 11:09 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2018-08-22 23:53 - 2018-08-03 11:09 - 001057792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe 2018-08-22 23:53 - 2018-08-03 11:09 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2018-08-22 23:53 - 2018-08-03 11:08 - 002258944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll 2018-08-22 23:53 - 2018-08-03 11:08 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2018-08-22 23:53 - 2018-08-03 11:08 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2018-08-22 23:53 - 2018-08-03 11:07 - 000627200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdp.dll 2018-08-22 23:53 - 2018-08-03 11:06 - 001000448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2018-08-22 23:53 - 2018-08-03 11:06 - 000678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2018-08-22 23:53 - 2018-08-03 11:05 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2018-08-22 23:53 - 2018-08-03 11:05 - 000534016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2018-08-22 23:52 - 2018-08-03 16:39 - 000790304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2018-08-22 23:52 - 2018-08-03 16:25 - 000178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll 2018-08-22 23:52 - 2018-08-03 16:25 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2018-08-22 23:52 - 2018-08-03 16:24 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2018-08-22 23:52 - 2018-08-03 16:24 - 000066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe 2018-08-22 23:52 - 2018-08-03 16:24 - 000046592 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2018-08-22 23:52 - 2018-08-03 15:33 - 000138752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll 2018-08-22 23:52 - 2018-08-03 15:33 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2018-08-22 23:52 - 2018-08-03 15:32 - 000060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe 2018-08-22 23:52 - 2018-08-03 15:30 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2018-08-22 23:52 - 2018-08-03 13:36 - 000260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationREST.dll 2018-08-22 23:52 - 2018-08-03 11:47 - 000128920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys 2018-08-22 23:52 - 2018-08-03 11:41 - 000061736 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll 2018-08-22 23:52 - 2018-08-03 11:40 - 001064744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2018-08-22 23:52 - 2018-08-03 11:40 - 000566568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2018-08-22 23:52 - 2018-08-03 11:40 - 000228136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys 2018-08-22 23:52 - 2018-08-03 11:40 - 000072800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll 2018-08-22 23:52 - 2018-08-03 11:39 - 000114080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys 2018-08-22 23:52 - 2018-08-03 11:39 - 000075160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys 2018-08-22 23:52 - 2018-08-03 11:39 - 000031648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys 2018-08-22 23:52 - 2018-08-03 11:38 - 001285536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2018-08-22 23:52 - 2018-08-03 11:38 - 000115640 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll 2018-08-22 23:52 - 2018-08-03 11:27 - 000061032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll 2018-08-22 23:52 - 2018-08-03 11:17 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys 2018-08-22 23:52 - 2018-08-03 11:16 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll 2018-08-22 23:52 - 2018-08-03 11:16 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll 2018-08-22 23:52 - 2018-08-03 11:15 - 000068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys 2018-08-22 23:52 - 2018-08-03 11:14 - 000514560 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe 2018-08-22 23:52 - 2018-08-03 11:14 - 000113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WaaSAssessment.dll 2018-08-22 23:52 - 2018-08-03 11:13 - 000395776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll 2018-08-22 23:52 - 2018-08-03 11:12 - 000761344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2018-08-22 23:52 - 2018-08-03 11:12 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2018-08-22 23:52 - 2018-08-03 11:12 - 000311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2018-08-22 23:52 - 2018-08-03 11:10 - 000015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll 2018-08-22 23:52 - 2018-08-03 11:08 - 000796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll 2018-08-22 23:52 - 2018-08-03 11:08 - 000602112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2018-08-22 23:52 - 2018-08-03 11:08 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2018-08-22 23:52 - 2018-08-03 11:08 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe 2018-08-22 23:52 - 2018-08-03 11:08 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll 2018-08-22 23:52 - 2018-08-03 11:07 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll 2018-08-22 23:52 - 2018-08-03 11:06 - 000856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe 2018-08-22 23:52 - 2018-08-03 11:05 - 000735744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll 2018-08-22 23:52 - 2018-08-03 11:04 - 000345088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-09-03 23:38 - 2018-07-24 23:52 - 000000000 ____D C:\Users\pc666\AppData\Roaming\brave 2018-09-03 23:34 - 2017-12-09 00:05 - 000000000 ____D C:\Users\pc666\AppData\LocalLow\Mozilla 2018-09-03 23:26 - 2018-02-09 09:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2018-09-03 23:06 - 2018-07-25 15:17 - 000000000 ____D C:\WINDOWS\INF 2018-09-03 23:06 - 2018-07-24 23:35 - 001070368 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2018-09-03 23:01 - 2018-07-25 15:17 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2018-09-03 23:01 - 2018-07-25 03:17 - 000001134 _____ C:\WINDOWS\system32\config\VSMIDK 2018-09-03 23:01 - 2018-07-24 23:30 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2018-09-03 23:01 - 2017-12-07 15:08 - 000000000 __SHD C:\Users\pc666\IntelGraphicsProfiles 2018-09-03 22:59 - 2018-07-25 15:14 - 000786432 _____ C:\WINDOWS\system32\config\BBI 2018-09-03 22:44 - 2018-07-25 15:18 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template 2018-09-03 21:16 - 2016-04-26 05:41 - 000000000 ____D C:\DELL 2018-09-03 20:22 - 2018-07-24 23:28 - 000000000 ____D C:\Users\pc666 2018-09-03 20:10 - 2018-07-24 23:25 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2018-09-03 19:58 - 2018-07-25 15:17 - 000000000 ____D C:\WINDOWS\AppReadiness 2018-09-03 12:08 - 2018-07-24 23:25 - 000280032 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2018-09-03 11:38 - 2018-07-27 00:04 - 000004210 _____ C:\WINDOWS\System32\Tasks\CCleaner Update 2018-09-03 11:32 - 2018-07-25 15:17 - 000000000 ___HD C:\Program Files\WindowsApps 2018-09-03 11:32 - 2018-07-24 23:38 - 000000000 ____D C:\Users\pc666\AppData\Local\Packages 2018-09-03 11:32 - 2018-03-09 09:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell 2018-09-03 10:59 - 2018-07-27 03:18 - 000000000 ____D C:\Users\pc666\AppData\Local\ElevatedDiagnostics 2018-09-03 09:50 - 2018-07-25 15:14 - 000000000 ____D C:\WINDOWS\CbsTemp 2018-09-03 09:50 - 2018-07-24 23:38 - 000000000 ____D C:\Users\pc666\AppData\Local\VirtualStore 2018-09-03 09:40 - 2018-07-25 03:00 - 000000000 ____D C:\ProgramData\Packages 2018-09-03 09:05 - 2018-07-25 15:17 - 000000000 ____D C:\WINDOWS\LiveKernelReports 2018-09-03 06:06 - 2018-07-25 15:17 - 000000000 ____D C:\WINDOWS\system32\NDF 2018-09-02 20:54 - 2018-07-25 15:17 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy 2018-09-02 00:29 - 2018-07-27 03:12 - 000000502 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics 2018-09-01 23:42 - 2017-12-09 16:28 - 000000000 ____D C:\Users\pc666\.zenmap 2018-09-01 12:08 - 2018-07-25 05:01 - 000000000 ____D C:\Users\pc666\AppData\Local\D3DSCache 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\zu-ZA 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\yo-NG 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\xh-ZA 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\wo-SN 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\tn-ZA 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\ti-ET 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\rw-RW 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\nso-ZA 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\ig-NG 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA 2018-09-01 04:53 - 2018-07-25 15:21 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ 2018-09-01 04:53 - 2018-07-25 15:17 - 000000000 ____D C:\WINDOWS\TextInput 2018-09-01 04:53 - 2018-07-25 15:17 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism 2018-09-01 04:53 - 2018-07-25 15:17 - 000000000 ____D C:\WINDOWS\system32\oobe 2018-09-01 04:53 - 2018-07-25 15:17 - 000000000 ____D C:\WINDOWS\system32\Dism 2018-09-01 04:53 - 2018-07-25 15:17 - 000000000 ____D C:\WINDOWS\bcastdvr 2018-09-01 04:50 - 2018-07-27 00:54 - 000000000 ____D C:\ProgramData\Package Cache 2018-09-01 04:32 - 2018-04-12 07:34 - 000134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2018-09-01 04:32 - 2018-04-12 07:34 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2018-09-01 03:07 - 2018-02-12 07:35 - 000000000 ____D C:\Users\pc666\Documents\latest 2018-09-01 01:06 - 2017-12-07 15:30 - 000000000 ____D C:\Users\pc666\Documents\FreshStart 2018-08-31 08:20 - 2018-07-27 00:04 - 000000865 _____ C:\Users\Public\Desktop\CCleaner.lnk 2018-08-31 07:29 - 2018-07-24 23:51 - 000000000 ____D C:\Users\pc666\AppData\Roaming\Mozilla 2018-08-31 06:23 - 2018-07-25 02:51 - 000000000 ____D C:\Users\pc666\AppData\Roaming\Spotify 2018-08-31 06:23 - 2018-07-25 02:49 - 000000000 ____D C:\Users\pc666\AppData\Local\Spotify 2018-08-30 20:31 - 2018-07-24 23:39 - 000000000 ____D C:\Users\pc666\AppData\Local\PlaceholderTileLogoFolder 2018-08-30 20:14 - 2018-07-24 23:26 - 000000000 ____D C:\ProgramData\Intel 2018-08-30 20:14 - 2018-07-24 23:26 - 000000000 ____D C:\Program Files\Intel 2018-08-30 20:14 - 2018-07-24 23:26 - 000000000 ____D C:\Program Files (x86)\VulkanRT 2018-08-30 19:28 - 2018-07-26 02:40 - 000001818 _____ C:\Users\Public\Desktop\iTunes.lnk 2018-08-30 19:28 - 2018-07-26 02:40 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2018-08-30 19:14 - 2018-07-24 23:25 - 000000000 ____D C:\Program Files\Realtek 2018-08-30 18:55 - 2018-07-24 23:55 - 000000000 ____D C:\Users\pc666\AppData\Local\Comms 2018-08-30 13:04 - 2018-07-24 23:51 - 000000000 ____D C:\Users\pc666\AppData\Local\Brave 2018-08-30 10:37 - 2018-07-28 06:13 - 000000000 ____D C:\Users\pc666\AppData\Local\Wide Angle Software 2018-08-29 03:48 - 2018-07-28 00:19 - 000000000 ____D C:\Program Files\Microsoft Office 15 2018-08-28 21:20 - 2018-07-25 15:17 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy 2018-08-28 04:51 - 2018-07-25 02:11 - 000000000 ____D C:\Users\pc666\AppData\Roaming\Apple Computer 2018-08-28 01:42 - 2018-07-27 00:04 - 000000000 ____D C:\Program Files\CCleaner 2018-08-28 00:38 - 2018-07-24 23:51 - 000000000 ____D C:\Program Files\Mozilla Firefox 2018-08-28 00:38 - 2018-07-24 23:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2018-08-27 20:51 - 2018-07-24 23:51 - 000001007 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk 2018-08-26 18:44 - 2017-12-09 00:43 - 000000000 ___RD C:\Users\pc666\3D Objects 2018-08-26 18:44 - 2016-04-26 04:36 - 000000000 __RHD C:\Users\Public\AccountPictures 2018-08-23 09:07 - 2018-07-25 15:17 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12 2018-08-23 09:07 - 2018-07-25 15:17 - 000000000 ___SD C:\WINDOWS\system32\F12 2018-08-23 09:07 - 2018-07-25 15:17 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs 2018-08-23 09:07 - 2018-07-25 15:17 - 000000000 ___RD C:\Program Files\Windows Defender 2018-08-23 09:07 - 2018-07-25 15:17 - 000000000 ____D C:\WINDOWS\ShellExperiences 2018-08-23 09:07 - 2018-07-25 15:17 - 000000000 ____D C:\Program Files (x86)\Windows Defender 2018-08-23 08:04 - 2018-07-25 00:51 - 000000000 ____D C:\WINDOWS\system32\MRT 2018-08-22 23:56 - 2018-07-25 00:51 - 137343192 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2018-08-22 23:47 - 2018-07-24 23:41 - 000003360 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-854904512-2378485669-3065290004-1001 2018-08-22 23:47 - 2018-07-24 23:28 - 000002365 _____ C:\Users\pc666\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2018-08-22 23:47 - 2017-12-07 15:10 - 000000000 ___RD C:\Users\pc666\OneDrive 2018-08-22 23:46 - 2018-07-24 23:30 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2018-08-06 23:19 - 2018-07-25 15:19 - 000836480 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2018-08-06 23:19 - 2018-07-25 15:19 - 000181120 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl ==================== Files in the root of some directories ======= 2018-07-27 10:17 - 2018-07-27 10:17 - 027530328 _____ (Insecure.org) C:\ProgramData\nmap-7.70-setup.exe 2018-06-15 11:05 - 2018-06-15 11:08 - 094334216 _____ (Dell Inc.) C:\Users\pc666\Dell-Update-Application_JD7FD_WIN_3.0.0_A00 (1).EXE 2018-06-15 08:26 - 2018-06-15 08:27 - 006515752 _____ () C:\Users\pc666\Inspiron_5378_7378_5578_7579_7779_1.25.0.exe 2018-06-15 08:27 - 2018-06-15 08:30 - 083843128 _____ (Dell Inc.) C:\Users\pc666\Intel-Management-Engine-Interface-Driver_VMWCC_WIN_11.7.0.1058_A05_03.EXE 2018-09-01 10:02 - 2018-09-01 10:02 - 000003242 _____ () C:\Users\pc666\AppData\Local\recently-used.xbel 2018-09-01 12:14 - 2018-09-01 12:15 - 000007605 _____ () C:\Users\pc666\AppData\Local\Resmon.ResmonCfg 2018-07-27 10:19 - 2018-08-30 23:59 - 000000794 _____ () C:\Users\pc666\AppData\Local\zenmap.exe.log ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== BCD ================================ Firmware Boot Manager --------------------- identifier {fwbootmgr} displayorder {bootmgr} {04986eee-af36-11e8-abed-806e6f6e6963} {04986eef-af36-11e8-abed-806e6f6e6963} {04986ef0-af36-11e8-abed-806e6f6e6963} timeout 0 Windows Boot Manager -------------------- identifier {bootmgr} device partition=\Device\HarddiskVolume1 path \EFI\Microsoft\Boot\bootmgfw.efi description Windows Boot Manager locale en-US inherit {globalsettings} badmemoryaccess Yes default {current} resumeobject {ac90282e-8fdb-11e8-b6a3-9faf9f728b66} displayorder {current} toolsdisplayorder {memdiag} timeout 0 Firmware Application (101fffff) ------------------------------- identifier {04986eee-af36-11e8-abed-806e6f6e6963} description UEFI:CD/DVD Drive badmemoryaccess Yes Firmware Application (101fffff) ------------------------------- identifier {04986eef-af36-11e8-abed-806e6f6e6963} description UEFI:Removable Device badmemoryaccess Yes Firmware Application (101fffff) ------------------------------- identifier {04986ef0-af36-11e8-abed-806e6f6e6963} description UEFI:Network Device badmemoryaccess Yes Windows Boot Loader ------------------- identifier {0db14be4-4e23-11e8-a524-bfd2530e75c2} device ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{0db14be5-4e23-11e8-a524-bfd2530e75c2} path \windows\system32\winload.efi description Windows Recovery Environment locale en-US inherit {bootloadersettings} displaymessage Recovery badmemoryaccess Yes osdevice ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{0db14be5-4e23-11e8-a524-bfd2530e75c2} systemroot \windows nx OptIn bootmenupolicy Standard winpe Yes Windows Boot Loader ------------------- identifier {current} device partition=C: path \WINDOWS\system32\winload.efi description Windows 10 locale en-US inherit {bootloadersettings} recoverysequence {0db14be4-4e23-11e8-a524-bfd2530e75c2} displaymessageoverride SystemImageRecovery recoveryenabled Yes badmemoryaccess Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 osdevice partition=C: systemroot \WINDOWS resumeobject {ac90282e-8fdb-11e8-b6a3-9faf9f728b66} nx OptIn bootmenupolicy Standard Resume from Hibernate --------------------- identifier {ac90282e-8fdb-11e8-b6a3-9faf9f728b66} device partition=C: path \WINDOWS\system32\winresume.efi description Windows Resume Application locale en-US inherit {resumeloadersettings} recoverysequence {0db14be4-4e23-11e8-a524-bfd2530e75c2} recoveryenabled Yes badmemoryaccess Yes isolatedcontext Yes allowedinmemorysettings 0x15000075 filedevice partition=C: filepath \hiberfil.sys bootmenupolicy Standard debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=\Device\HarddiskVolume1 path \EFI\Microsoft\Boot\memtest.efi description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} badmemoryaccess Yes bootems No Debugger Settings ----------------- identifier {dbgsettings} debugtype Local badmemoryaccess Yes RAM Defects ----------- identifier {badmemory} badmemoryaccess Yes Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} badmemoryaccess Yes Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} badmemoryaccess Yes Hypervisor Settings ------------------- identifier {hypervisorsettings} badmemoryaccess Yes hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} badmemoryaccess Yes Device options -------------- identifier {0db14be5-4e23-11e8-a524-bfd2530e75c2} description Windows Recovery badmemoryaccess Yes ramdisksdidevice partition=\Device\HarddiskVolume3 ramdisksdipath \Recovery\WindowsRE\boot.sdi LastRegBack: 2018-07-24 23:25 ==================== End of FRST.txt ============================