Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Webcam - took a photo of me - mysterious ...

suspected RAT ?

  • Please log in to reply

#1
Ricky_22

Ricky_22

    Member

  • Member
  • PipPipPip
  • 328 posts
 
 
I was on facebook chatting to my step-family in the Philippines, when the webcam took a picture of me - how can someone do that remotely? .... how did 'whoever' do that? and how can I prevent it happening in the future please, and is it possible to track who took it? - thank you so much for your time and expertise :)
 
 
 
 
 
Ricky
 
 
(from Free Booter) 
 
Hi Ricky_22
 
Mostly a remote administration tool (RAT), is use to infect and control computers, please ask for malware infection checkup at below forum.
 
 
 
Virus, Spyware, Malware Removal 

  • 0

Advertisements


#2
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 328 posts

 Can anyone help me with this please :)


  • 0

#3
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,145 posts
  • MVP

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


 


  • 0

#4
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 328 posts
Thank you so much, this is the result from scan :)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.05.2018
Ran by grand (administrator) on ERIC (04-05-2018 06:45:12)
Running from C:\Users\grand\Desktop
Loaded Profiles: grand (Available Profiles: grand)
Platform: Windows 10 Home Version 1709 16299.371 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(IncrediMail Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(IncrediMail Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\Antivirus\AVGUI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
() C:\Program Files\WindowsApps\Microsoft.BingNews_4.23.10923.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [630168 2017-09-29] (Microsoft Corporation)
HKLM\...\Run: [AVGUI.exe] => C:\Program Files\AVG\Antivirus\AvLaunch.exe [291056 2018-04-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [239192 2018-04-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [YouCam Service7] => C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe [466712 2016-11-16] (CyberLink Corp.)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1313408 2017-07-05] (CANON INC.)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-2419748366-3010618436-1684785940-1002\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [444424 2017-12-26] (IncrediMail Ltd.)
HKU\S-1-5-21-2419748366-3010618436-1684785940-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [18334528 2018-04-13] (Piriform Ltd)
IFEO\cnqmmain.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\onedrive.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\scanutility.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{3f56ea3e-2cbd-4565-9705-15d42f92a43c}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKU\S-1-5-21-2419748366-3010618436-1684785940-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com.au/
HKU\S-1-5-21-2419748366-3010618436-1684785940-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com.au/
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)
Toolbar: HKU\S-1-5-21-2419748366-3010618436-1684785940-1002 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2016-02-23] (CANON INC.)

FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2016-04-14] (CANON INC.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-25] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll [2018-01-25] (Google Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://search.totalav.com/search/web?fcoid=417&fcop=topnav&fpid=27&q={searchTerms}
CHR DefaultSearchKeyword: Default -> safesearch
CHR Profile: C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default [2018-05-04]
CHR Extension: (Slides) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-14]
CHR Extension: (Docs) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-14]
CHR Extension: (Google Drive) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-10-14]
CHR Extension: (YouTube) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-10-14]
CHR Extension: (Sheets) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-14]
CHR Extension: (Google Docs Offline) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-10-14]
CHR Extension: (AVG SafePrice) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbckjcfnjmoiinpgddefodcighgikkgn [2018-04-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-10-14]
CHR Extension: (Chrome Media Router) - C:\Users\grand\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-05-02]
CHR HKLM\...\Chrome\Extension: [looohgelibjoplmkhecmalapkgadkfcc] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mbckjcfnjmoiinpgddefodcighgikkgn] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVG Antivirus; C:\Program Files\AVG\Antivirus\AVGSvc.exe [314688 2018-04-18] (AVG Technologies CZ, s.r.o.)
R3 avgbIDSAgent; C:\Program Files\AVG\Antivirus\x64\aswidsagenta.exe [7653992 2018-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1428264 2018-04-17] (AVG Technologies CZ, s.r.o.)
S4 CIJSRegister; C:\Program Files (x86)\Canon\IJ Scan Utility\SETEVENT.exe [144464 2015-02-19] (CANON INC.)
S4 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [391744 2017-07-11] ()
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [5614592 2018-01-22] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\NisSrv.exe [4633248 2018-04-13] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17613.18039-0\MsMpEng.exe [104680 2018-04-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 avgArPot; C:\WINDOWS\System32\drivers\avgArPot.sys [189032 2018-04-18] (AVG Technologies CZ, s.r.o.)
R1 avgbdisk; C:\WINDOWS\System32\drivers\avgbdiska.sys [166064 2018-04-18] (AVG Technologies CZ, s.r.o.)
R1 avgbidsdriver; C:\WINDOWS\System32\drivers\avgbidsdrivera.sys [220600 2018-04-18] (AVG Technologies CZ, s.r.o.)
R0 avgbidsh; C:\WINDOWS\System32\drivers\avgbidsha.sys [192536 2018-04-18] (AVG Technologies CZ, s.r.o.)
R0 avgblog; C:\WINDOWS\System32\drivers\avgbloga.sys [336848 2018-04-18] (AVG Technologies CZ, s.r.o.)
R0 avgbuniv; C:\WINDOWS\System32\drivers\avgbuniva.sys [50776 2018-04-18] (AVG Technologies CZ, s.r.o.)
S3 avgHwid; C:\WINDOWS\System32\drivers\avgHwid.sys [39352 2018-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgMonFlt; C:\WINDOWS\System32\drivers\avgMonFlt.sys [139608 2018-04-18] (AVG Technologies CZ, s.r.o.)
R1 avgRdr; C:\WINDOWS\System32\drivers\avgRdr2.sys [103744 2018-04-18] (AVG Technologies CZ, s.r.o.)
R0 avgRvrt; C:\WINDOWS\System32\drivers\avgRvrt.sys [76760 2018-04-18] (AVG Technologies CZ, s.r.o.)
R1 avgSnx; C:\WINDOWS\System32\drivers\avgSnx.sys [1019088 2018-04-18] (AVG Technologies CZ, s.r.o.)
R1 avgSP; C:\WINDOWS\System32\drivers\avgSP.sys [452904 2018-04-18] (AVG Technologies CZ, s.r.o.)
R2 avgStm; C:\WINDOWS\System32\drivers\avgStm.sys [198368 2018-04-18] (AVG Technologies CZ, s.r.o.)
R0 avgVmm; C:\WINDOWS\System32\drivers\avgVmm.sys [372920 2018-04-18] (AVG Technologies CZ, s.r.o.)
R3 clwvd7; C:\WINDOWS\system32\DRIVERS\clwvd7.sys [49944 2016-06-02] (CyberLink Corporation)
S3 clwvdPFC; C:\WINDOWS\system32\DRIVERS\clwvdPFC.sys [61696 2017-10-05] (CyberLink Corporation)
R3 ITECIRfilter; C:\WINDOWS\system32\DRIVERS\ITECIRfilter.sys [36560 2015-11-24] (ITE Tech. Inc. )
R3 LifeCamTrueColor; C:\WINDOWS\system32\DRIVERS\LifeCamTrueColor.sys [37928 2016-07-27] (Microsoft Corporation)
R3 netr28x; C:\WINDOWS\System32\drivers\netr28x.sys [2537984 2017-09-29] (MediaTek Inc.)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [1849752 2017-09-29] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-09-29] (Realtek )
R3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2017-08-22] (Anchorfree Inc.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2018-01-22] (AVG Netherlands B.V.)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-04-13] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [311848 2018-04-13] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [60456 2018-04-13] (Microsoft Corporation)
U3 DfSdkS; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-04 06:45 - 2018-05-04 06:45 - 000012174 _____ C:\Users\grand\Desktop\FRST.txt
2018-05-04 06:45 - 2018-05-04 06:45 - 000000000 ____D C:\FRST
2018-05-04 06:43 - 2018-05-04 06:43 - 002405376 _____ (Farbar) C:\Users\grand\Desktop\FRST64.exe
2018-05-03 16:49 - 2018-05-03 16:49 - 000000315 _____ C:\Users\grand\OneDrive\Documents\Geek Police.txt
2018-05-03 07:15 - 2018-05-03 07:15 - 005658624 _____ C:\Users\grand\Desktop\Eric 27th January 2016_mpeg2video.mpg
2018-05-03 07:01 - 2018-05-03 07:01 - 001001943 _____ C:\Users\grand\Downloads\video-1524494790 (1).mp4
2018-05-02 23:55 - 2018-05-03 06:50 - 000001283 _____ C:\Users\grand\Desktop\Any Video Converter.lnk
2018-05-02 23:55 - 2018-05-03 06:50 - 000000000 ____D C:\Users\grand\AppData\Roaming\Anvsoft
2018-05-02 23:55 - 2018-05-02 23:55 - 000000000 ____D C:\Users\grand\OneDrive\Documents\Any Video Converter
2018-05-02 23:49 - 2018-05-02 23:49 - 000000000 ____D C:\Program Files (x86)\Anvsoft
2018-05-02 23:31 - 2016-01-27 19:14 - 000877047 _____ C:\Users\grand\Desktop\Eric 27th January 2016.MOV
2018-05-01 23:43 - 2018-05-03 07:56 - 000000059 _____ C:\Users\grand\OneDrive\Documents\May ID name.txt
2018-05-01 09:20 - 2018-05-01 09:20 - 000000127 _____ C:\Users\grand\OneDrive\Documents\Geeks to go.txt
2018-05-01 08:02 - 2018-05-01 08:02 - 000231096 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-04-30 20:32 - 2018-04-30 20:32 - 000002904 _____ C:\WINDOWS\System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance
2018-04-29 10:53 - 2018-04-29 10:53 - 000877047 _____ C:\Users\grand\Downloads\Eric-27th-January-2016.MOV
2018-04-29 10:53 - 2018-04-29 10:53 - 000877047 _____ C:\Users\grand\Downloads\Eric-27th-January-2016 (1).MOV
2018-04-28 22:51 - 2018-04-28 22:51 - 012977234 _____ C:\Users\grand\Downloads\video-1524917658.mp4
2018-04-28 13:01 - 2018-04-28 13:01 - 000002928 _____ C:\Users\grand\OneDrive\Documents\cc_20180428_130133.reg
2018-04-25 22:21 - 2018-04-25 22:21 - 000002591 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2018-04-25 22:21 - 2018-04-25 22:21 - 000002579 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2018-04-25 22:21 - 2018-01-22 14:52 - 000045568 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2018-04-25 22:17 - 2018-05-02 21:21 - 000003668 _____ C:\WINDOWS\System32\Tasks\AVG EUpdate Task
2018-04-25 22:17 - 2018-04-25 22:21 - 000000000 ____D C:\Program Files (x86)\AVG
2018-04-25 22:15 - 2018-04-25 22:20 - 000000000 ____D C:\Users\grand\AppData\Local\AvgSetupLog
2018-04-25 09:50 - 2018-04-25 09:50 - 000000896 ____L C:\Users\grand\OneDrive\Documents\cc_20180425_095028.reg
2018-04-24 23:59 - 2018-04-24 23:59 - 000000013 ____L C:\Users\grand\OneDrive\Documents\Sheldon Riley.txt
2018-04-23 22:48 - 2018-04-23 22:48 - 001001943 _____ C:\Users\grand\Downloads\video-1524494790.mp4
2018-04-23 22:25 - 2018-04-23 22:25 - 000000212 ____L C:\Users\grand\OneDrive\Documents\gordons money.txt
2018-04-21 09:47 - 2018-04-21 09:47 - 000000028 ____L C:\Users\grand\OneDrive\Documents\saturday lotto price.txt
2018-04-18 09:08 - 2018-04-18 09:08 - 000000123 ____L C:\Users\grand\OneDrive\Documents\gordon.txt
2018-04-18 07:54 - 2018-04-18 07:55 - 000000486 ____L C:\Users\grand\OneDrive\Documents\cc_20180418_075457.reg
2018-04-18 00:51 - 2018-04-25 22:21 - 000000000 ____D C:\Users\grand\AppData\Local\AVG
2018-04-18 00:51 - 2018-04-18 00:51 - 000000000 ____D C:\Users\grand\AppData\Roaming\AVG
2018-04-18 00:50 - 2018-04-30 19:10 - 000004266 _____ C:\WINDOWS\System32\Tasks\Antivirus Emergency Update
2018-04-18 00:50 - 2018-04-18 00:50 - 000001857 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG AntiVirus FREE.lnk
2018-04-18 00:50 - 2018-04-18 00:50 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVG
2018-04-18 00:49 - 2018-04-18 00:50 - 000139608 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgMonFlt.sys
2018-04-18 00:49 - 2018-04-18 00:49 - 001019088 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSnx.sys
2018-04-18 00:49 - 2018-04-18 00:49 - 000452904 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgSP.sys
2018-04-18 00:49 - 2018-04-18 00:49 - 000377584 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\avgBoot.exe
2018-04-18 00:49 - 2018-04-18 00:49 - 000372920 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgVmm.sys
2018-04-18 00:49 - 2018-04-18 00:49 - 000198368 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgStm.sys
2018-04-18 00:49 - 2018-04-18 00:49 - 000189032 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgArPot.sys
2018-04-18 00:49 - 2018-04-18 00:49 - 000103744 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRdr2.sys
2018-04-18 00:49 - 2018-04-18 00:49 - 000076760 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgRvrt.sys
2018-04-18 00:49 - 2018-04-18 00:49 - 000039352 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgHwid.sys
2018-04-18 00:49 - 2018-04-18 00:49 - 000000000 ____D C:\Program Files\Common Files\AVG
2018-04-18 00:49 - 2018-04-18 00:48 - 000336848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbloga.sys
2018-04-18 00:49 - 2018-04-18 00:48 - 000220600 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsdrivera.sys
2018-04-18 00:49 - 2018-04-18 00:48 - 000192536 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbidsha.sys
2018-04-18 00:49 - 2018-04-18 00:48 - 000166064 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbdiska.sys
2018-04-18 00:49 - 2018-04-18 00:48 - 000050776 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgbuniva.sys
2018-04-18 00:46 - 2018-04-18 00:46 - 000000000 ____D C:\Program Files\AVG
2018-04-18 00:43 - 2018-04-25 22:22 - 000000000 ____D C:\ProgramData\AVG
2018-04-18 00:42 - 2018-04-18 00:42 - 007387624 _____ (AVG Technologies CZ, s.r.o.) C:\Users\grand\Downloads\avg_antivirus_free_setup.exe
2018-04-14 06:41 - 2018-04-28 23:37 - 000000000 ____D C:\Users\grand\Desktop\Pelly's party
2018-04-11 01:54 - 2018-03-30 13:03 - 000022400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2018-04-11 01:54 - 2018-03-30 12:54 - 000408992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-04-11 01:54 - 2018-03-30 12:27 - 000481464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2018-04-11 01:54 - 2018-03-30 11:46 - 018925056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-04-11 01:54 - 2018-03-30 11:45 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-04-11 01:54 - 2018-03-30 11:45 - 000162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IndexedDbLegacy.dll
2018-04-11 01:54 - 2018-03-30 11:43 - 000155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-04-11 01:54 - 2018-03-30 11:43 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2018-04-11 01:54 - 2018-03-30 11:42 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2018-04-11 01:54 - 2018-03-30 11:41 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-04-11 01:54 - 2018-03-30 11:41 - 000430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2018-04-11 01:54 - 2018-03-30 11:41 - 000369152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-04-11 01:54 - 2018-03-30 11:41 - 000365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2018-04-11 01:54 - 2018-03-30 11:40 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-04-11 01:54 - 2018-03-30 11:40 - 000261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2018-04-11 01:54 - 2018-03-30 11:39 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpserverbase.dll
2018-04-11 01:54 - 2018-03-30 11:39 - 000559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-04-11 01:54 - 2018-03-30 11:38 - 000956928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-04-11 01:54 - 2018-03-30 11:38 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-04-11 01:54 - 2018-03-30 11:38 - 000665088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-04-11 01:54 - 2018-03-30 11:38 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-04-11 01:54 - 2018-03-30 11:36 - 002014720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-04-11 01:54 - 2018-03-30 11:36 - 001560064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-04-11 01:54 - 2018-03-30 11:35 - 000080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2018-04-11 01:54 - 2018-03-30 11:32 - 000075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcnfs.sys
2018-04-11 01:54 - 2018-03-30 11:30 - 000392704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-04-11 01:54 - 2018-03-30 11:29 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2018-04-11 01:54 - 2018-03-30 11:27 - 001657856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpserverbase.dll
2018-04-11 01:54 - 2018-03-30 11:27 - 001097728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-04-11 01:54 - 2018-03-30 11:25 - 001822720 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-04-11 01:54 - 2018-03-13 13:19 - 001615712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-04-11 01:54 - 2018-03-13 12:43 - 000096256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2018-04-11 01:53 - 2018-03-30 20:34 - 000956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-04-11 01:53 - 2018-03-30 13:12 - 000599448 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-04-11 01:53 - 2018-03-30 13:08 - 002513920 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-04-11 01:53 - 2018-03-30 13:06 - 000166304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2018-04-11 01:53 - 2018-03-30 13:05 - 001206688 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-04-11 01:53 - 2018-03-30 13:05 - 001056152 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-04-11 01:53 - 2018-03-30 13:05 - 000066720 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumcrypt.dll
2018-04-11 01:53 - 2018-03-30 13:05 - 000015632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2018-04-11 01:53 - 2018-03-30 13:04 - 002002336 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2018-04-11 01:53 - 2018-03-30 13:03 - 001277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2018-04-11 01:53 - 2018-03-30 13:03 - 000319864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2018-04-11 01:53 - 2018-03-30 13:03 - 000077216 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-04-11 01:53 - 2018-03-30 13:03 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bam.sys
2018-04-11 01:53 - 2018-03-30 13:01 - 008600480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-04-11 01:53 - 2018-03-30 13:01 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2018-04-11 01:53 - 2018-03-30 13:01 - 000571288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2018-04-11 01:53 - 2018-03-30 13:01 - 000471968 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2018-04-11 01:53 - 2018-03-30 13:00 - 002395040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-04-11 01:53 - 2018-03-30 12:59 - 000398744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2018-04-11 01:53 - 2018-03-30 12:59 - 000082840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys
2018-04-11 01:53 - 2018-03-30 12:58 - 000898216 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-04-11 01:53 - 2018-03-30 12:58 - 000129432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-04-11 01:53 - 2018-03-30 12:57 - 001173576 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-04-11 01:53 - 2018-03-30 12:57 - 000109976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbus.sys
2018-04-11 01:53 - 2018-03-30 12:57 - 000081304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2018-04-11 01:53 - 2018-03-30 12:55 - 000367344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2018-04-11 01:53 - 2018-03-30 12:55 - 000062880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2018-04-11 01:53 - 2018-03-30 12:54 - 002574240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-04-11 01:53 - 2018-03-30 12:54 - 000749984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-04-11 01:53 - 2018-03-30 12:54 - 000461728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2018-04-11 01:53 - 2018-03-30 12:53 - 007676304 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-04-11 01:53 - 2018-03-30 12:53 - 002710736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-04-11 01:53 - 2018-03-30 12:53 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-04-11 01:53 - 2018-03-30 12:53 - 000549552 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2018-04-11 01:53 - 2018-03-30 12:53 - 000246176 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-04-11 01:53 - 2018-03-30 12:53 - 000163744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-04-11 01:53 - 2018-03-30 12:52 - 021351632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-04-11 01:53 - 2018-03-30 12:52 - 002457504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-04-11 01:53 - 2018-03-30 12:52 - 000727456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2018-04-11 01:53 - 2018-03-30 12:52 - 000428960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2018-04-11 01:53 - 2018-03-30 12:51 - 000902928 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2018-04-11 01:53 - 2018-03-30 12:51 - 000147872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2018-04-11 01:53 - 2018-03-30 12:50 - 001336344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2018-04-11 01:53 - 2018-03-30 12:50 - 000057760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbios.sys
2018-04-11 01:53 - 2018-03-30 12:48 - 001101728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-04-11 01:53 - 2018-03-30 12:48 - 000614304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2018-04-11 01:53 - 2018-03-30 12:28 - 001929712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-04-11 01:53 - 2018-03-30 12:28 - 000777912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-04-11 01:53 - 2018-03-30 12:23 - 000566664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-04-11 01:53 - 2018-03-30 12:19 - 006092152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-04-11 01:53 - 2018-03-30 12:16 - 000289824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2018-04-11 01:53 - 2018-03-30 12:13 - 002193176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-04-11 01:53 - 2018-03-30 12:13 - 000450936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2018-04-11 01:53 - 2018-03-30 12:10 - 000704080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2018-04-11 01:53 - 2018-03-30 12:09 - 020286120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-04-11 01:53 - 2018-03-30 12:07 - 001003160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2018-04-11 01:53 - 2018-03-30 11:55 - 025253888 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-04-11 01:53 - 2018-03-30 11:46 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-04-11 01:53 - 2018-03-30 11:46 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\t2embed.dll
2018-04-11 01:53 - 2018-03-30 11:43 - 019355136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-04-11 01:53 - 2018-03-30 11:43 - 006576128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-04-11 01:53 - 2018-03-30 11:42 - 000397824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2018-04-11 01:53 - 2018-03-30 11:42 - 000268288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2018-04-11 01:53 - 2018-03-30 11:42 - 000133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2018-04-11 01:53 - 2018-03-30 11:41 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2018-04-11 01:53 - 2018-03-30 11:40 - 011924992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-04-11 01:53 - 2018-03-30 11:38 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-04-11 01:53 - 2018-03-30 11:38 - 000966656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2018-04-11 01:53 - 2018-03-30 11:38 - 000235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2018-04-11 01:53 - 2018-03-30 11:37 - 003677184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-04-11 01:53 - 2018-03-30 11:36 - 003664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-04-11 01:53 - 2018-03-30 11:36 - 002869760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-04-11 01:53 - 2018-03-30 11:36 - 001474560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-04-11 01:53 - 2018-03-30 11:36 - 000897024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2018-04-11 01:53 - 2018-03-30 11:36 - 000825856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-04-11 01:53 - 2018-03-30 11:36 - 000098304 _____ C:\WINDOWS\system32\runexehelper.exe
2018-04-11 01:53 - 2018-03-30 11:35 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-04-11 01:53 - 2018-03-30 11:35 - 000232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\convertvhd.exe
2018-04-11 01:53 - 2018-03-30 11:35 - 000206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IndexedDbLegacy.dll
2018-04-11 01:53 - 2018-03-30 11:35 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\t2embed.dll
2018-04-11 01:53 - 2018-03-30 11:33 - 008031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-04-11 01:53 - 2018-03-30 11:33 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-04-11 01:53 - 2018-03-30 11:33 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2018-04-11 01:53 - 2018-03-30 11:33 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2018-04-11 01:53 - 2018-03-30 11:33 - 000017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2018-04-11 01:53 - 2018-03-30 11:32 - 023674880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-04-11 01:53 - 2018-03-30 11:32 - 000225792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winnat.sys
2018-04-11 01:53 - 2018-03-30 11:32 - 000212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2018-04-11 01:53 - 2018-03-30 11:32 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-04-11 01:53 - 2018-03-30 11:32 - 000192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2018-04-11 01:53 - 2018-03-30 11:32 - 000186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2018-04-11 01:53 - 2018-03-30 11:32 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2018-04-11 01:53 - 2018-03-30 11:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2018-04-11 01:53 - 2018-03-30 11:32 - 000043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RfxVmt.sys
2018-04-11 01:53 - 2018-03-30 11:31 - 000795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalAuth.dll
2018-04-11 01:53 - 2018-03-30 11:31 - 000675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-04-11 01:53 - 2018-03-30 11:31 - 000416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2018-04-11 01:53 - 2018-03-30 11:31 - 000334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dusmsvc.dll
2018-04-11 01:53 - 2018-03-30 11:31 - 000316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2018-04-11 01:53 - 2018-03-30 11:31 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2018-04-11 01:53 - 2018-03-30 11:31 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2018-04-11 01:53 - 2018-03-30 11:30 - 012833280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-04-11 01:53 - 2018-03-30 11:30 - 001498112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-04-11 01:53 - 2018-03-30 11:30 - 000748032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2018-04-11 01:53 - 2018-03-30 11:30 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2018-04-11 01:53 - 2018-03-30 11:30 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2018-04-11 01:53 - 2018-03-30 11:30 - 000431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2018-04-11 01:53 - 2018-03-30 11:30 - 000369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2018-04-11 01:53 - 2018-03-30 11:30 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2018-04-11 01:53 - 2018-03-30 11:30 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2018-04-11 01:53 - 2018-03-30 11:30 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2018-04-11 01:53 - 2018-03-30 11:29 - 001495552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-04-11 01:53 - 2018-03-30 11:29 - 000791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-04-11 01:53 - 2018-03-30 11:29 - 000708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-04-11 01:53 - 2018-03-30 11:29 - 000616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2018-04-11 01:53 - 2018-03-30 11:29 - 000555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2018-04-11 01:53 - 2018-03-30 11:29 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2018-04-11 01:53 - 2018-03-30 11:29 - 000436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-04-11 01:53 - 2018-03-30 11:29 - 000423936 _____ (Microsoft Corporation) C:\WINDOWS\system32\p2psvc.dll
2018-04-11 01:53 - 2018-03-30 11:29 - 000341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2018-04-11 01:53 - 2018-03-30 11:28 - 003121664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2018-04-11 01:53 - 2018-03-30 11:28 - 001245184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2018-04-11 01:53 - 2018-03-30 11:28 - 000970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2018-04-11 01:53 - 2018-03-30 11:28 - 000951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2018-04-11 01:53 - 2018-03-30 11:28 - 000815616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2018-04-11 01:53 - 2018-03-30 11:28 - 000757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-04-11 01:53 - 2018-03-30 11:28 - 000721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2018-04-11 01:53 - 2018-03-30 11:28 - 000624128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2018-04-11 01:53 - 2018-03-30 11:28 - 000595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-04-11 01:53 - 2018-03-30 11:28 - 000403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2018-04-11 01:53 - 2018-03-30 11:28 - 000366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2018-04-11 01:53 - 2018-03-30 11:27 - 008104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-04-11 01:53 - 2018-03-30 11:27 - 003170816 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-04-11 01:53 - 2018-03-30 11:27 - 001002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-04-11 01:53 - 2018-03-30 11:27 - 000985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2018-04-11 01:53 - 2018-03-30 11:27 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-04-11 01:53 - 2018-03-30 11:27 - 000588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2018-04-11 01:53 - 2018-03-30 11:27 - 000258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2018-04-11 01:53 - 2018-03-30 11:26 - 004747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-04-11 01:53 - 2018-03-30 11:26 - 003334144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-04-11 01:53 - 2018-03-30 11:26 - 002209280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-04-11 01:53 - 2018-03-30 11:26 - 002086400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-04-11 01:53 - 2018-03-30 11:26 - 001816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-04-11 01:53 - 2018-03-30 11:26 - 001573376 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2018-04-11 01:53 - 2018-03-30 11:26 - 001343488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2018-04-11 01:53 - 2018-03-30 11:26 - 000716288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2018-04-11 01:53 - 2018-03-30 11:25 - 002628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-04-11 01:53 - 2018-03-30 11:25 - 002528256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2018-04-11 01:53 - 2018-03-30 11:25 - 002083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-04-11 01:53 - 2018-03-30 11:25 - 001597952 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-04-11 01:53 - 2018-03-30 11:25 - 001548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-04-11 01:53 - 2018-03-30 11:25 - 001424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2018-04-11 01:53 - 2018-03-30 11:25 - 001055744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-04-11 01:53 - 2018-03-30 11:25 - 000880640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2018-04-11 01:53 - 2018-03-30 11:25 - 000808448 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-04-11 01:53 - 2018-03-30 11:25 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-04-11 01:53 - 2018-03-30 11:24 - 000925184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2018-04-11 01:53 - 2018-03-30 11:24 - 000462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-04-11 01:53 - 2018-03-30 11:23 - 000963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-04-11 01:53 - 2018-03-30 11:23 - 000726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2018-04-11 01:53 - 2018-03-30 11:23 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskcomp.dll
2018-04-11 01:53 - 2018-03-30 11:20 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npfs.sys
2018-04-11 01:53 - 2018-03-13 15:03 - 005907288 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2018-04-11 01:53 - 2018-03-13 15:03 - 000739696 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2018-04-11 01:53 - 2018-03-13 15:03 - 000279960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2018-04-11 01:53 - 2018-03-13 15:02 - 001954048 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-04-11 01:53 - 2018-03-13 14:59 - 000535968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2018-04-11 01:53 - 2018-03-13 14:58 - 000377760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-04-11 01:53 - 2018-03-13 14:58 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-04-11 01:53 - 2018-03-13 14:55 - 000979352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2018-04-11 01:53 - 2018-03-13 14:54 - 000555936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-04-11 01:53 - 2018-03-13 14:53 - 001054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-04-11 01:53 - 2018-03-13 14:53 - 000113568 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2018-04-11 01:53 - 2018-03-13 14:52 - 007384576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-04-11 01:53 - 2018-03-13 14:51 - 002773408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2018-04-11 01:53 - 2018-03-13 14:50 - 000617312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2018-04-11 01:53 - 2018-03-13 13:40 - 000121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2018-04-11 01:53 - 2018-03-13 13:36 - 000216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2018-04-11 01:53 - 2018-03-13 13:35 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2018-04-11 01:53 - 2018-03-13 13:33 - 007544832 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2018-04-11 01:53 - 2018-03-13 13:33 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2018-04-11 01:53 - 2018-03-13 13:33 - 000542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2018-04-11 01:53 - 2018-03-13 13:32 - 005195776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-04-11 01:53 - 2018-03-13 13:32 - 000286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2018-04-11 01:53 - 2018-03-13 13:29 - 003211776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2018-04-11 01:53 - 2018-03-13 13:28 - 002857984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-04-11 01:53 - 2018-03-13 13:28 - 001157632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2018-04-11 01:53 - 2018-03-13 13:28 - 000939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-04-11 01:53 - 2018-03-13 13:28 - 000508928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2018-04-11 01:53 - 2018-03-13 13:27 - 003125760 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2018-04-11 01:53 - 2018-03-13 13:27 - 000197632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2018-04-11 01:53 - 2018-03-13 13:23 - 001556992 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2018-04-11 01:53 - 2018-03-13 13:23 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2018-04-11 01:53 - 2018-03-13 13:23 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2018-04-11 01:53 - 2018-03-13 13:22 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2018-04-11 01:53 - 2018-03-13 13:15 - 000597160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2018-04-11 01:53 - 2018-03-13 13:08 - 000747416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2018-04-11 01:53 - 2018-03-13 13:04 - 006481096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-04-11 01:53 - 2018-03-13 13:04 - 001057824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-04-11 01:53 - 2018-03-13 12:39 - 000176128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2018-04-11 01:53 - 2018-03-13 12:38 - 006466560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2018-04-11 01:53 - 2018-03-13 12:37 - 003181568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-04-11 01:53 - 2018-03-13 12:37 - 000374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2018-04-11 01:53 - 2018-03-13 12:33 - 002464768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-04-11 01:53 - 2018-03-13 12:31 - 000862208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-04-11 01:53 - 2018-03-13 12:31 - 000402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2018-04-11 01:53 - 2018-03-13 12:30 - 002349568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2018-04-11 01:53 - 2018-03-13 12:27 - 000190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2018-04-11 01:53 - 2018-03-13 12:27 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2018-04-11 01:52 - 2018-03-30 13:18 - 001092008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-04-11 01:52 - 2018-03-30 13:14 - 000423320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2018-04-11 01:52 - 2018-03-30 13:12 - 000270208 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2018-04-11 01:52 - 2018-03-30 13:12 - 000075168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2018-04-11 01:52 - 2018-03-30 13:10 - 000924648 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-04-11 01:52 - 2018-03-30 13:08 - 001568160 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2018-04-11 01:52 - 2018-03-30 13:08 - 001415296 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-04-11 01:52 - 2018-03-30 13:08 - 000137112 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2018-04-11 01:52 - 2018-03-30 13:07 - 000300448 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-04-11 01:52 - 2018-03-30 13:07 - 000069528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32appinventorycsp.dll
2018-04-11 01:52 - 2018-03-30 13:06 - 000053152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pcw.sys
2018-04-11 01:52 - 2018-03-30 13:05 - 000748448 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2018-04-11 01:52 - 2018-03-30 13:05 - 000191824 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-04-11 01:52 - 2018-03-30 13:05 - 000073120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2018-04-11 01:52 - 2018-03-30 13:05 - 000059808 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvhostsvc.dll
2018-04-11 01:52 - 2018-03-30 13:05 - 000035744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SDFHost.dll
2018-04-11 01:52 - 2018-03-30 13:05 - 000022800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2018-04-11 01:52 - 2018-03-30 13:05 - 000022208 _____ (Microsoft Corporation) C:\WINDOWS\system32\IumSdk.dll
2018-04-11 01:52 - 2018-03-30 13:05 - 000020888 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2018-04-11 01:52 - 2018-03-30 13:04 - 000608160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2018-04-11 01:52 - 2018-03-30 13:04 - 000035224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2018-04-11 01:52 - 2018-03-30 13:03 - 000664992 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2018-04-11 01:52 - 2018-03-30 13:03 - 000508272 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-04-11 01:52 - 2018-03-30 13:03 - 000479920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase_enclave.dll
2018-04-11 01:52 - 2018-03-30 13:03 - 000460704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-04-11 01:52 - 2018-03-30 13:03 - 000292384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2018-04-11 01:52 - 2018-03-30 13:03 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2018-04-11 01:52 - 2018-03-30 13:03 - 000157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-04-11 01:52 - 2018-03-30 13:03 - 000139680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2018-04-11 01:52 - 2018-03-30 13:02 - 000128416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2018-04-11 01:52 - 2018-03-30 13:01 - 001209760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-04-11 01:52 - 2018-03-30 13:01 - 000034208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fs_rec.sys
2018-04-11 01:52 - 2018-03-30 13:00 - 000103320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2018-04-11 01:52 - 2018-03-30 13:00 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2018-04-11 01:52 - 2018-03-30 12:58 - 000039328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2018-04-11 01:52 - 2018-03-30 12:57 - 000711944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-04-11 01:52 - 2018-03-30 12:57 - 000540064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2018-04-11 01:52 - 2018-03-30 12:57 - 000121248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2018-04-11 01:52 - 2018-03-30 12:57 - 000031640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2018-04-11 01:52 - 2018-03-30 12:56 - 000018680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2018-04-11 01:52 - 2018-03-30 12:53 - 000094080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2018-04-11 01:52 - 2018-03-30 12:52 - 000677280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-04-11 01:52 - 2018-03-30 12:52 - 000282528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2018-04-11 01:52 - 2018-03-30 12:52 - 000247480 _____ (Microsoft Corporation) C:\WINDOWS\system32\logoncli.dll
2018-04-11 01:52 - 2018-03-30 12:52 - 000192416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2018-04-11 01:52 - 2018-03-30 12:52 - 000054688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vdrvroot.sys
2018-04-11 01:52 - 2018-03-30 12:52 - 000047512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmstorfl.sys
2018-04-11 01:52 - 2018-03-30 12:52 - 000028520 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2018-04-11 01:52 - 2018-03-30 12:51 - 000125568 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-04-11 01:52 - 2018-03-30 12:51 - 000123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2018-04-11 01:52 - 2018-03-30 12:51 - 000071208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys
2018-04-11 01:52 - 2018-03-30 12:49 - 000204184 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2018-04-11 01:52 - 2018-03-30 12:48 - 000586800 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp110_win.dll
2018-04-11 01:52 - 2018-03-30 12:24 - 000212896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2018-04-11 01:52 - 2018-03-30 12:18 - 000016600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshhyperv.dll
2018-04-11 01:52 - 2018-03-30 12:13 - 000073896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2018-04-11 01:52 - 2018-03-30 12:12 - 000186520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\logoncli.dll
2018-04-11 01:52 - 2018-03-30 12:10 - 000099240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-04-11 01:52 - 2018-03-30 12:06 - 000180632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2018-04-11 01:52 - 2018-03-30 12:04 - 000417368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp110_win.dll
2018-04-11 01:52 - 2018-03-30 11:46 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll
2018-04-11 01:52 - 2018-03-30 11:45 - 000058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2018-04-11 01:52 - 2018-03-30 11:44 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2018-04-11 01:52 - 2018-03-30 11:44 - 000030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2018-04-11 01:52 - 2018-03-30 11:44 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\url.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iexpress.exe
2018-04-11 01:52 - 2018-03-30 11:43 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wextract.exe
2018-04-11 01:52 - 2018-03-30 11:43 - 000120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IEAdvpack.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2018-04-11 01:52 - 2018-03-30 11:43 - 000072704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000070144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pngfilt.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsnmp32.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2018-04-11 01:52 - 2018-03-30 11:43 - 000013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedssync.exe
2018-04-11 01:52 - 2018-03-30 11:43 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshta.exe
2018-04-11 01:52 - 2018-03-30 11:43 - 000010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2018-04-11 01:52 - 2018-03-30 11:42 - 000253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2018-04-11 01:52 - 2018-03-30 11:42 - 000123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2018-04-11 01:52 - 2018-03-30 11:42 - 000099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2018-04-11 01:52 - 2018-03-30 11:42 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inseng.dll
2018-04-11 01:52 - 2018-03-30 11:42 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imgutil.dll
2018-04-11 01:52 - 2018-03-30 11:42 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licmgr10.dll
2018-04-11 01:52 - 2018-03-30 11:41 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2018-04-11 01:52 - 2018-03-30 11:41 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2018-04-11 01:52 - 2018-03-30 11:41 - 000126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\occache.dll
2018-04-11 01:52 - 2018-03-30 11:40 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2018-04-11 01:52 - 2018-03-30 11:40 - 000314880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2018-04-11 01:52 - 2018-03-30 11:40 - 000257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2018-04-11 01:52 - 2018-03-30 11:40 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\keyiso.dll
2018-04-11 01:52 - 2018-03-30 11:40 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeedsbs.dll
2018-04-11 01:52 - 2018-03-30 11:39 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2018-04-11 01:52 - 2018-03-30 11:37 - 001298944 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-04-11 01:52 - 2018-03-30 11:36 - 000276992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2018-04-11 01:52 - 2018-03-30 11:35 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2018-04-11 01:52 - 2018-03-30 11:35 - 000561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2018-04-11 01:52 - 2018-03-30 11:35 - 000496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-04-11 01:52 - 2018-03-30 11:35 - 000400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2018-04-11 01:52 - 2018-03-30 11:35 - 000371200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskcomp.dll
2018-04-11 01:52 - 2018-03-30 11:35 - 000249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2018-04-11 01:52 - 2018-03-30 11:35 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2018-04-11 01:52 - 2018-03-30 11:35 - 000079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2018-04-11 01:52 - 2018-03-30 11:35 - 000062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2018-04-11 01:52 - 2018-03-30 11:34 - 000339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000707584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irda.sys
2018-04-11 01:52 - 2018-03-30 11:33 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2018-04-11 01:52 - 2018-03-30 11:33 - 000084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storqosflt.sys
2018-04-11 01:52 - 2018-03-30 11:33 - 000072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2018-04-11 01:52 - 2018-03-30 11:33 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmictimeprovider.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2018-04-11 01:52 - 2018-03-30 11:33 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HyperVideo.sys
2018-04-11 01:52 - 2018-03-30 11:33 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2018-04-11 01:52 - 2018-03-30 11:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysntfy.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidtel.exe
2018-04-11 01:52 - 2018-03-30 11:33 - 000018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2018-04-11 01:52 - 2018-03-30 11:33 - 000016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2018-04-11 01:52 - 2018-03-30 11:33 - 000013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2018-04-11 01:52 - 2018-03-30 11:33 - 000012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2018-04-11 01:52 - 2018-03-30 11:33 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgid.sys
2018-04-11 01:52 - 2018-03-30 11:33 - 000009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2018-04-11 01:52 - 2018-03-30 11:33 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iexpress.exe
2018-04-11 01:52 - 2018-03-30 11:32 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2018-04-11 01:52 - 2018-03-30 11:32 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wextract.exe
2018-04-11 01:52 - 2018-03-30 11:32 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\efslsaext.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndisuio.sys
2018-04-11 01:52 - 2018-03-30 11:32 - 000065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\lltdio.sys
2018-04-11 01:52 - 2018-03-30 11:32 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Synth3dVsc.sys
2018-04-11 01:52 - 2018-03-30 11:32 - 000062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsnmp32.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000061440 _____ (Microsoft Corporation) C:\WINDOWS\system32\pngfilt.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\efssvc.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdPnp.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nsiproxy.sys
2018-04-11 01:52 - 2018-03-30 11:32 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmiprop.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWNet.dll
2018-04-11 01:52 - 2018-03-30 11:32 - 000021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfhost.exe
2018-04-11 01:52 - 2018-03-30 11:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshta.exe
2018-04-11 01:52 - 2018-03-30 11:32 - 000014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedssync.exe
2018-04-11 01:52 - 2018-03-30 11:32 - 000008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2018-04-11 01:52 - 2018-03-30 11:31 - 000306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2018-04-11 01:52 - 2018-03-30 11:31 - 000293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2018-04-11 01:52 - 2018-03-30 11:31 - 000286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2018-04-11 01:52 - 2018-03-30 11:31 - 000175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2018-04-11 01:52 - 2018-03-30 11:31 - 000172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPTaskScheduler.dll
2018-04-11 01:52 - 2018-03-30 11:31 - 000151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-04-11 01:52 - 2018-03-30 11:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2018-04-11 01:52 - 2018-03-30 11:31 - 000151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2018-04-11 01:52 - 2018-03-30 11:31 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\IEAdvpack.dll
2018-04-11 01:52 - 2018-03-30 11:31 - 000115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\inseng.dll
2018-04-11 01:52 - 2018-03-30 11:31 - 000099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2018-04-11 01:52 - 2018-03-30 11:31 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\keyiso.dll
2018-04-11 01:52 - 2018-03-30 11:31 - 000087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2018-04-11 01:52 - 2018-03-30 11:31 - 000073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2018-04-11 01:52 - 2018-03-30 11:31 - 000055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\imgutil.dll
2018-04-11 01:52 - 2018-03-30 11:31 - 000030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\nsisvc.dll
2018-04-11 01:52 - 2018-03-30 11:30 - 000425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2018-04-11 01:52 - 2018-03-30 11:30 - 000309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2018-04-11 01:52 - 2018-03-30 11:30 - 000284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2018-04-11 01:52 - 2018-03-30 11:30 - 000262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2018-04-11 01:52 - 2018-03-30 11:30 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2018-04-11 01:52 - 2018-03-30 11:30 - 000188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2018-04-11 01:52 - 2018-03-30 11:29 - 000723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2018-04-11 01:52 - 2018-03-30 11:29 - 000379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2018-04-11 01:52 - 2018-03-30 11:29 - 000298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2018-04-11 01:52 - 2018-03-30 11:29 - 000253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3svc.dll
2018-04-11 01:52 - 2018-03-30 11:28 - 000984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2018-04-11 01:52 - 2018-03-30 11:28 - 000820224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2018-04-11 01:52 - 2018-03-30 11:28 - 000147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2018-04-11 01:52 - 2018-03-30 11:27 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2018-04-11 01:52 - 2018-03-30 11:27 - 000889856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2018-04-11 01:52 - 2018-03-30 11:27 - 000332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2018-04-11 01:52 - 2018-03-30 11:27 - 000228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ssdpsrv.dll
2018-04-11 01:52 - 2018-03-30 11:26 - 000765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2018-04-11 01:52 - 2018-03-30 11:25 - 000841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-04-11 01:52 - 2018-03-30 11:25 - 000374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2018-04-11 01:52 - 2018-03-30 11:25 - 000276480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2018-04-11 01:52 - 2018-03-30 11:25 - 000270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2018-04-11 01:52 - 2018-03-30 11:23 - 000387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2018-04-11 01:52 - 2018-03-30 11:23 - 000246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2018-04-11 01:52 - 2018-03-30 11:23 - 000182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpdr.sys
2018-04-11 01:52 - 2018-03-30 11:22 - 000826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2018-04-11 01:52 - 2018-03-30 11:22 - 000027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpbus.sys
2018-04-11 01:52 - 2018-03-30 11:22 - 000010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\beep.sys
2018-04-11 01:52 - 2018-03-30 11:21 - 002511360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-04-11 01:52 - 2018-03-30 11:21 - 001160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-04-11 01:52 - 2018-03-30 11:20 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2018-04-11 01:52 - 2018-03-30 11:20 - 000199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2018-04-11 01:52 - 2018-03-30 11:20 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2018-04-11 01:52 - 2018-03-30 11:20 - 000178688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2018-04-11 01:52 - 2018-03-30 11:20 - 000177664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2018-04-11 01:52 - 2018-03-30 11:20 - 000101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2018-04-11 01:52 - 2018-03-30 11:20 - 000058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPnp.dll
2018-04-11 01:52 - 2018-03-30 11:20 - 000031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msfs.sys
2018-04-11 01:52 - 2018-03-30 11:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2018-04-11 01:52 - 2018-03-30 11:20 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2018-04-11 01:52 - 2018-03-30 11:20 - 000007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\null.sys
2018-04-11 01:52 - 2018-03-29 03:54 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-04-11 01:52 - 2018-03-13 15:03 - 000779960 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2018-04-11 01:52 - 2018-03-13 15:03 - 000382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2018-04-11 01:52 - 2018-03-13 14:58 - 000441248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2018-04-11 01:52 - 2018-03-13 14:55 - 001778360 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-04-11 01:52 - 2018-03-13 14:55 - 000417440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2018-04-11 01:52 - 2018-03-13 14:55 - 000334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2018-04-11 01:52 - 2018-03-13 14:54 - 000128928 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2018-04-11 01:52 - 2018-03-13 14:53 - 000774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2018-04-11 01:52 - 2018-03-13 14:53 - 000143264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2018-04-11 01:52 - 2018-03-13 14:53 - 000091152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2018-04-11 01:52 - 2018-03-13 14:52 - 000172112 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2018-04-11 01:52 - 2018-03-13 14:52 - 000127136 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2018-04-11 01:52 - 2018-03-13 13:41 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-04-11 01:52 - 2018-03-13 13:40 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-04-11 01:52 - 2018-03-13 13:38 - 000071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2018-04-11 01:52 - 2018-03-13 13:38 - 000041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2018-04-11 01:52 - 2018-03-13 13:38 - 000040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2018-04-11 01:52 - 2018-03-13 13:37 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetDriverInstall.dll
2018-04-11 01:52 - 2018-03-13 13:37 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2018-04-11 01:52 - 2018-03-13 13:37 - 000045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelineprxy.dll
2018-04-11 01:52 - 2018-03-13 13:36 - 000297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2018-04-11 01:52 - 2018-03-13 13:35 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-04-11 01:52 - 2018-03-13 13:35 - 000308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2018-04-11 01:52 - 2018-03-13 13:35 - 000245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\icm32.dll
2018-04-11 01:52 - 2018-03-13 13:35 - 000240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsAuth.dll
2018-04-11 01:52 - 2018-03-13 13:35 - 000219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsCfg.dll
2018-04-11 01:52 - 2018-03-13 13:35 - 000117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlgpclnt.dll
2018-04-11 01:52 - 2018-03-13 13:34 - 008727552 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2018-04-11 01:52 - 2018-03-13 13:34 - 000309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2018-04-11 01:52 - 2018-03-13 13:34 - 000222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2018-04-11 01:52 - 2018-03-13 13:34 - 000153600 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2018-04-11 01:52 - 2018-03-13 13:34 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2018-04-11 01:52 - 2018-03-13 13:33 - 001574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2018-04-11 01:52 - 2018-03-13 13:33 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2018-04-11 01:52 - 2018-03-13 13:33 - 000278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2018-04-11 01:52 - 2018-03-13 13:33 - 000243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2018-04-11 01:52 - 2018-03-13 13:33 - 000217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2018-04-11 01:52 - 2018-03-13 13:32 - 000689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2018-04-11 01:52 - 2018-03-13 13:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2018-04-11 01:52 - 2018-03-13 13:32 - 000568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2018-04-11 01:52 - 2018-03-13 13:32 - 000200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2018-04-11 01:52 - 2018-03-13 13:31 - 002849792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2018-04-11 01:52 - 2018-03-13 13:31 - 001263104 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2018-04-11 01:52 - 2018-03-13 13:31 - 001173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2018-04-11 01:52 - 2018-03-13 13:31 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2018-04-11 01:52 - 2018-03-13 13:31 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2018-04-11 01:52 - 2018-03-13 13:30 - 007145472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2018-04-11 01:52 - 2018-03-13 13:30 - 003400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2018-04-11 01:52 - 2018-03-13 13:30 - 000893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2018-04-11 01:52 - 2018-03-13 13:30 - 000863744 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2018-04-11 01:52 - 2018-03-13 13:30 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\printfilterpipelinesvc.exe
2018-04-11 01:52 - 2018-03-13 13:30 - 000459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2018-04-11 01:52 - 2018-03-13 13:28 - 003160576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2018-04-11 01:52 - 2018-03-13 13:28 - 001967104 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2018-04-11 01:52 - 2018-03-13 13:28 - 000886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2018-04-11 01:52 - 2018-03-13 13:28 - 000837120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2018-04-11 01:52 - 2018-03-13 13:27 - 000599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2018-04-11 01:52 - 2018-03-13 13:26 - 001737728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-04-11 01:52 - 2018-03-13 13:26 - 000134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2018-04-11 01:52 - 2018-03-13 13:25 - 001346560 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2018-04-11 01:52 - 2018-03-13 13:25 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2018-04-11 01:52 - 2018-03-13 13:24 - 001275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2018-04-11 01:52 - 2018-03-13 13:24 - 000389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ninput.dll
2018-04-11 01:52 - 2018-03-13 13:24 - 000205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2018-04-11 01:52 - 2018-03-13 13:22 - 000568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msra.exe
2018-04-11 01:52 - 2018-03-13 13:22 - 000513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2018-04-11 01:52 - 2018-03-13 13:22 - 000128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2018-04-11 01:52 - 2018-03-13 13:19 - 000649304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2018-04-11 01:52 - 2018-03-13 13:19 - 000311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2018-04-11 01:52 - 2018-03-13 13:08 - 001555784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-04-11 01:52 - 2018-03-13 13:07 - 000115104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2018-04-11 01:52 - 2018-03-13 13:06 - 000564640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2018-04-11 01:52 - 2018-03-13 13:04 - 000140592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2018-04-11 01:52 - 2018-03-13 12:44 - 003490816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-04-11 01:52 - 2018-03-13 12:44 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2018-04-11 01:52 - 2018-03-13 12:40 - 006118400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2018-04-11 01:52 - 2018-03-13 12:40 - 000288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\compstui.dll
2018-04-11 01:52 - 2018-03-13 12:40 - 000201728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2018-04-11 01:52 - 2018-03-13 12:39 - 000230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\icm32.dll
2018-04-11 01:52 - 2018-03-13 12:39 - 000180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2018-04-11 01:52 - 2018-03-13 12:39 - 000164352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TtlsCfg.dll
2018-04-11 01:52 - 2018-03-13 12:38 - 000098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlgpclnt.dll
2018-04-11 01:52 - 2018-03-13 12:37 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2018-04-11 01:52 - 2018-03-13 12:37 - 000537088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2018-04-11 01:52 - 2018-03-13 12:37 - 000381440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2018-04-11 01:52 - 2018-03-13 12:37 - 000233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2018-04-11 01:52 - 2018-03-13 12:37 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2018-04-11 01:52 - 2018-03-13 12:37 - 000091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2018-04-11 01:52 - 2018-03-13 12:36 - 000380416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2018-04-11 01:52 - 2018-03-13 12:36 - 000175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2018-04-11 01:52 - 2018-03-13 12:36 - 000124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2018-04-11 01:52 - 2018-03-13 12:35 - 006204416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2018-04-11 01:52 - 2018-03-13 12:34 - 002409984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2018-04-11 01:52 - 2018-03-13 12:34 - 000706048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2018-04-11 01:52 - 2018-03-13 12:33 - 000981504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2018-04-11 01:52 - 2018-03-13 12:32 - 002577408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2018-04-11 01:52 - 2018-03-13 12:32 - 001948672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2018-04-11 01:52 - 2018-03-13 12:31 - 001348608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-04-11 01:52 - 2018-03-13 12:31 - 000713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2018-04-11 01:52 - 2018-03-13 12:30 - 000464384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2018-04-11 01:52 - 2018-03-13 12:28 - 000328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ninput.dll
2018-04-11 01:52 - 2018-03-13 12:26 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2018-04-11 01:52 - 2017-11-26 21:32 - 000184984 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2018-04-11 01:52 - 2017-11-26 19:12 - 000123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2018-04-11 01:40 - 2018-04-11 01:41 - 002935191 _____ C:\Users\grand\Downloads\video-1523320602.mp4
2018-04-09 07:27 - 2018-04-09 07:27 - 000000551 ____L C:\Users\grand\OneDrive\Documents\alinter pay.txt
2018-04-08 23:01 - 2018-04-08 23:01 - 000000868 ____L C:\Users\grand\OneDrive\Documents\cc_20180408_230109.reg
2018-04-04 05:50 - 2018-04-04 05:50 - 000000500 ____L C:\Users\grand\OneDrive\Documents\cc_20180404_055050.reg

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-05-04 06:43 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\DeliveryOptimization
2018-05-04 06:42 - 2017-09-29 21:46 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-04 06:42 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-05-04 06:36 - 2017-09-29 21:44 - 000000000 ____D C:\WINDOWS\INF
2018-05-04 06:35 - 2018-01-24 13:20 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-03 15:59 - 2018-02-05 22:25 - 000000000 ___DL C:\Users\grand\OneDrive\Documents\YouCam
2018-05-03 12:23 - 2018-01-24 13:22 - 000000000 ____D C:\Users\grand
2018-05-03 10:34 - 2018-01-24 13:41 - 000004288 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-03 10:28 - 2018-01-24 13:42 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-03 08:29 - 2018-02-09 08:49 - 000000000 ____D C:\ProgramData\CanonIJPLM
2018-05-03 07:18 - 2018-02-04 23:17 - 000000000 ____D C:\ProgramData\boost_interprocess
2018-05-03 00:13 - 2017-11-08 08:00 - 000000000 ____D C:\Users\grand\Desktop\Old photographs
2018-05-02 18:04 - 2018-03-27 01:13 - 000000000 ____D C:\Users\grand\Desktop\photos for posting
2018-05-02 05:26 - 2018-01-25 17:16 - 000002308 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-05-02 05:26 - 2018-01-25 17:16 - 000002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-29 10:59 - 2018-03-10 16:40 - 000000000 ____D C:\Users\grand\Desktop\Latest Family
2018-04-29 07:52 - 2018-01-25 17:15 - 000003344 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-29 07:52 - 2018-01-25 17:15 - 000003120 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-28 23:31 - 2017-11-08 08:17 - 000000000 ____D C:\Users\grand\Desktop\New folder
2018-04-28 23:29 - 2018-02-09 20:08 - 000000000 ____D C:\Users\grand\Desktop\New folder (2)
2018-04-27 01:15 - 2018-02-04 07:38 - 000001948 _____ C:\WINDOWS\System32\Tasks\Launch BitComet
2018-04-26 01:36 - 2017-09-29 16:45 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-04-25 22:48 - 2018-01-24 13:42 - 000002920 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2419748366-3010618436-1684785940-1002
2018-04-25 22:45 - 2018-01-24 05:12 - 000000000 ___DC C:\WINDOWS\Panther
2018-04-25 22:45 - 2017-12-08 02:41 - 000000000 ____D C:\ProgramData\Temp
2018-04-25 19:05 - 2017-10-14 23:30 - 000000000 __RDL C:\Users\grand\OneDrive
2018-04-25 09:48 - 2018-01-25 17:16 - 000003938 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-04-25 09:48 - 2018-01-25 17:16 - 000000000 ____D C:\Program Files\CCleaner
2018-04-24 10:40 - 2017-10-14 23:30 - 000002374 _____ C:\Users\grand\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-04-21 16:56 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-04-16 13:43 - 2017-10-20 00:41 - 000001089 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2018-04-16 13:43 - 2017-10-20 00:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2018-04-13 21:58 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\rescache
2018-04-13 07:26 - 2018-03-02 10:00 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-04-11 08:11 - 2018-01-24 13:42 - 000004578 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2018-04-11 08:11 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-04-11 08:11 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-04-11 07:25 - 2018-01-16 08:23 - 000000000 ___RD C:\Users\grand\3D Objects
2018-04-11 07:25 - 2017-10-14 23:03 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-04-11 04:04 - 2017-09-29 21:46 - 000000000 ___SD C:\WINDOWS\SysWOW64\F12
2018-04-11 04:03 - 2017-09-29 21:46 - 000000000 ___SD C:\WINDOWS\system32\F12
2018-04-11 04:03 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-04-11 04:03 - 2017-09-29 21:46 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-04-11 02:17 - 2017-10-15 01:48 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-04-11 02:13 - 2017-10-15 01:47 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-04-11 02:13 - 2017-10-15 01:47 - 136971704 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-04-11 02:13 - 2017-09-29 21:37 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-04-11 02:00 - 2017-12-14 09:33 - 000169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-04-04 03:37 - 2018-03-15 12:23 - 000835064 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2018-04-04 03:37 - 2018-03-15 12:23 - 000179704 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2018-03-05 08:59 - 2018-03-05 08:59 - 000005632 _____ () C:\Users\grand\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-04-30 20:42

==================== End of FRST.txt ============================




)))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))))

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.05.2018
Ran by grand (04-05-2018 06:46:51)
Running from C:\Users\grand\Desktop
Windows 10 Home Version 1709 16299.371 (X64) (2018-01-24 05:45:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2419748366-3010618436-1684785940-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2419748366-3010618436-1684785940-503 - Limited - Disabled)
grand (S-1-5-21-2419748366-3010618436-1684785940-1002 - Administrator - Enabled) => C:\Users\grand
Guest (S-1-5-21-2419748366-3010618436-1684785940-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2419748366-3010618436-1684785940-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG Antivirus (Enabled - Up to date) {C50510DE-367A-330C-FD5C-556ACFB11243}
AS: AVG Antivirus (Enabled - Up to date) {7E64F13A-1040-3C82-C7EC-6E18B43658FE}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 29 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 29.0.0.140 - Adobe Systems Incorporated)
Any Video Converter 6.2.3 (HKLM-x32\...\Any Video Converter) (Version: 6.2.3 - Anvsoft)
Ashampoo WinOptimizer 15 (HKLM-x32\...\{4209F371-C86E-DC46-5245-9E069261137B}_is1) (Version: 15.00.05 - Ashampoo GmbH & Co. KG)
AVG (HKLM\...\{136B57DF-DA9E-4361-A165-09AB4422BCD1}) (Version: 1.231.3 - AVG Technologies) Hidden
AVG AntiVirus FREE (HKLM-x32\...\AVG Antivirus) (Version: 18.3.3051 - AVG Technologies)
AVG PC TuneUp (HKLM-x32\...\{9C775BB6-1453-45EB-8C78-A5CC5199113D}) (Version: 16.77.3 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.77.3.23060 - AVG Technologies)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: 4.7.0 - Canon Inc.)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.7.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.20.13 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 5.5.0 - Canon Inc.)
Canon MG5700 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5700_series) (Version: 1.00 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.6.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.6.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.8.5 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.42 - Piriform)
CyberLink Holiday Pack Vol.6 for YouCam (HKLM-x32\...\InstallShield_{B17D6DAB-FA82-4e06-AB92-001D4F76869B}) (Version: Holiday Pack 6 for YouCam - CyberLink Corp.)
CyberLink YouCam 7 (HKLM-x32\...\{0078CD4D-B146-4D77-8CF0-268B36C1A3EC}) (Version: 7.0.2316.0 - CyberLink Corp.)
FMW 1 (HKLM\...\{DFA0CE4A-C162-40C1-A977-12E60098EB72}) (Version: 1.227.11 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 66.0.3359.139 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.7 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
IncrediMail (HKLM-x32\...\{35505AE1-27E2-4206-B3BF-58771803B8D0}) (Version: 6.6.0.5328 - IncrediMail) Hidden
IncrediMail 2.5 (HKLM-x32\...\IncrediMail) (Version: 6.6.0.5328 - IncrediMail Ltd.)
Microsoft OneDrive (HKU\S-1-5-21-2419748366-3010618436-1684785940-1002\...\OneDriveSetup.exe) (Version: 18.065.0329.0002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
MpcStar 5.4 (HKLM-x32\...\MpcStar) (Version: 5.4 - www.mpcstar.com)
Revo Uninstaller Pro 3.2.1 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.2.1 - VS Revo Group, Ltd.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{EC5A6438-850E-4AD1-9169-DD071C8EFFEF}) (Version: 2.10.0.0 - Microsoft Corporation)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22334 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-04-18] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers1: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Disk Space Explorer Shell Extension] -> {4838CD50-7E5D-4811-9B17-C47A85539F28} => C:\Program Files (x86)\AVG\AVG PC TuneUp\DseShExt-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers4: [AVG Shredder Shell Extension] -> {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} => C:\Program Files (x86)\AVG\AVG PC TuneUp\SDShelEx-x64.dll [2018-01-22] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [AVG] -> {472083B1-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVG\Antivirus\ashShA64.dll [2018-04-18] (AVG Technologies CZ, s.r.o.)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02693BC6-38E7-4A74-8F1C-291A4C19E5A9} - System32\Tasks\Launch BitComet => C:\Program Files\BitComet\BitComet.exe
Task: {06B894B4-E79D-4690-A120-AE487C13B816} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {623BDC6A-3C4A-4014-8FDF-4245F16A782D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-25] (Google Inc.)
Task: {6328AEC1-F1F8-4116-B648-30E135E55BAF} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_140_pepper.exe [2018-04-11] (Adobe Systems Incorporated)
Task: {A65BD504-3A5E-4DD0-B356-EF45A5EE553B} - System32\Tasks\Antivirus Emergency Update => C:\Program Files\AVG\Antivirus\AvEmUpdate.exe [2018-04-18] (AVG Technologies CZ, s.r.o.)
Task: {BE961004-0C6A-48B4-A161-2E8ABD85A11F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-03-23] (AVAST Software)
Task: {D3BFA811-47AA-4939-AC23-726A426492A1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-04-13] (Piriform Ltd)
Task: {D705B6F3-0216-4ABD-BF38-7AC37ECCA6C0} - System32\Tasks\AVGPCTuneUp_Task_BkGndMaintenance => C:\Program Files (x86)\AVG\AVG PC TuneUp\tuscanx.exe [2018-01-22] (AVG Technologies CZ, s.r.o.)
Task: {F25F0D55-BE99-458E-A7C2-8B8A38ACC35D} - System32\Tasks\AVG EUpdate Task => avgsetupx.exe
Task: {F294A43C-6CE5-4268-B1F3-B87A6FD4FEBB} - System32\Tasks\AVG\Overseer => C:\Program Files\AVG\Antivirus\setup\overseer.exe [2018-04-25] (AVG Technologies CZ, s.r.o.)
Task: {FE64FBC1-15CA-4417-8959-67A6502CD099} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-25] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-29 21:41 - 2017-09-29 21:41 - 000184432 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-03-15 00:32 - 2018-02-22 08:26 - 011044864 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2018-03-15 00:32 - 2018-02-22 08:21 - 001804288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-27 11:52 - 2018-04-27 11:54 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-04-27 11:52 - 2018-04-27 11:54 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-04-27 11:52 - 2018-04-27 11:54 - 022320128 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-04-27 11:52 - 2018-04-27 11:54 - 002603008 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\skypert.dll
2018-04-27 11:52 - 2018-04-27 11:54 - 000657408 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1813.286.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-04-09 18:48 - 2018-04-09 18:48 - 000061408 _____ () C:\Program Files\CCleaner\branding.dll
2018-04-04 19:50 - 2018-04-04 19:50 - 000017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.23.10923.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.exe
2018-04-04 19:50 - 2018-04-04 19:50 - 016893440 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.23.10923.0_x64__8wekyb3d8bbwe\Microsoft.Msn.News.dll
2018-04-27 11:52 - 2018-04-27 11:52 - 005358472 _____ () C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1804.3.0_x64__8wekyb3d8bbwe\Microsoft.Advertising.dll
2017-03-19 10:33 - 2017-03-19 10:33 - 000291328 _____ () C:\Program Files\WindowsApps\Microsoft.BingNews_4.23.10923.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2018-02-22 08:15 - 2018-02-22 08:16 - 027139072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Video.UI.exe
2018-02-22 08:15 - 2018-02-22 08:16 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\SharedUI.dll
2018-02-22 08:15 - 2018-02-22 08:16 - 006687744 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntCommon.dll
2018-04-07 14:28 - 2018-04-07 14:28 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-02-22 08:15 - 2018-02-22 08:16 - 009283072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17122.16211.1000_x64__8wekyb3d8bbwe\EntPlat.dll
2018-04-25 22:17 - 2018-04-25 22:16 - 048920064 _____ () C:\Program Files (x86)\AVG\UiDll\2623\libcef.dll
2018-04-18 00:49 - 2018-04-18 00:49 - 000283888 _____ () C:\Program Files\AVG\Antivirus\tasks_core.dll
2018-04-18 00:49 - 2018-04-18 00:49 - 067127976 _____ () C:\Program Files\AVG\Antivirus\libcef.dll
2018-04-18 00:49 - 2018-04-18 00:49 - 000348400 _____ () C:\Program Files\AVG\Antivirus\streamback_avast.dll
2018-04-18 00:49 - 2018-04-18 00:49 - 000296688 _____ () C:\Program Files\AVG\Antivirus\streamback.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-03-19 05:03 - 2017-10-18 13:53 - 000000853 _____ C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2419748366-3010618436-1684785940-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\grand\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\RJ at the falls.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-2419748366-3010618436-1684785940-1002\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B5F33269-DD42-455D-912A-DB00066850B7}] => (Allow) LPort=15626
FirewallRules: [{9D971A22-32CC-4312-A218-014F321AC2AC}] => (Allow) LPort=15626
FirewallRules: [{4159257A-8BC6-4127-9F23-3A6CBC31FFAC}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{8724FD60-2856-4A19-8C91-215B1E1CB57D}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{86FF86DF-A091-4C4A-BF6D-119107EBF0C7}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{363BEAAA-CFB2-454F-A546-CD3C499AF13E}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{31CE62D4-0138-459C-B208-2E933AF86C34}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{644B09C2-7114-4032-8D49-BF1414982A20}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{92FC638A-EDED-4D86-BD71-73C12C372727}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{6D2473B6-ED20-411E-8CE5-65CD4928D78F}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{98A260B3-59DD-4145-96F4-EE375DB2F5A2}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{1814EFF7-974E-40A9-9ECB-AE231A000B86}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{BE952679-0666-497B-B117-5291F21A2607}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{4D76A03A-D0EC-4180-91A9-C1D2D5888B41}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImpCnt.exe
FirewallRules: [{0153AEFD-AFF2-435F-A7F0-0E0C1D7FB97C}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{14F29131-4271-4682-9B3C-900C0EFC8865}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
FirewallRules: [{57A43600-C415-4917-AF57-EB2707996100}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{B2BD935D-75F1-40F0-8477-10B25E0E6FDD}] => (Allow) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
FirewallRules: [{A0741D1B-7BDC-4563-8365-B0A334B6267A}] => (Allow) LPort=13399
FirewallRules: [{327BA59F-1F20-4BDC-90C3-36FF00FB9113}] => (Allow) LPort=13399
FirewallRules: [{3EBBA96D-EB18-4344-B402-85FE18C71678}] => (Allow) LPort=12969
FirewallRules: [{6BD364A1-7554-455C-9B9C-031C1C0A587D}] => (Allow) LPort=12969
FirewallRules: [{374C948B-1844-4AEC-B9F3-28B708CC178D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-04-2018 22:17:43 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Base System Device
Description: Base System Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/03/2018 10:00:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2018.18031.15040.0, time stamp: 0x5ad8dffa
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x1600
Faulting application start time: 0x01d3e2e71bb97831
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15040.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
Report Id: d5e19516-d932-47d8-a187-240495edf39d
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15040.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (05/03/2018 09:53:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2018.18031.15040.0, time stamp: 0x5ad8dffa
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x9c
Faulting application start time: 0x01d3e2e6119b669e
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15040.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
Report Id: 271f9736-383f-4b98-84ce-f46df7ed26a7
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15040.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (05/03/2018 09:46:22 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected

Error: (05/03/2018 09:46:22 PM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected

Error: (05/03/2018 09:44:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2018.18031.15040.0, time stamp: 0x5ad8dffa
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x600
Faulting application start time: 0x01d3e2e4d4444981
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15040.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
Report Id: 42ea3d2c-3146-42ed-a83f-9e48ff97690b
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15040.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (05/03/2018 01:10:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.Photos.exe, version: 2018.18031.15040.0, time stamp: 0x5ad8dffa
Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36
Exception code: 0xc000027b
Fault offset: 0x0000000000094ef5
Faulting process id: 0x778
Faulting application start time: 0x01d3e2387787aa33
Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15040.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
Faulting module path: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll
Report Id: d4e05f36-2cd3-42d9-ae50-86f7f4f00c93
Faulting package full name: Microsoft.Windows.Photos_2018.18031.15040.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App

Error: (05/02/2018 11:45:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: avc-free.exe, version: 0.0.0.0, time stamp: 0x4f47e2df
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00001a5
Fault offset: 0x0c2f44e9
Faulting process id: 0x2248
Faulting application start time: 0x01d3e22c8e5263b1
Faulting application path: C:\Users\grand\Desktop\avc-free.exe
Faulting module path: unknown
Report Id: 0c90aa84-15f4-411f-9949-6d490eb0b85f
Faulting package full name:
Faulting package-relative application ID:

Error: (05/02/2018 11:24:57 AM) (Source: COM) (EventID: 10031) (User: )
Description: An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected


System errors:
=============
Error: (05/03/2018 10:24:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/03/2018 10:12:54 PM) (Source: DCOM) (EventID: 10016) (User: ERIC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user ERIC\grand SID (S-1-5-21-2419748366-3010618436-1684785940-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/03/2018 10:02:53 PM) (Source: DCOM) (EventID: 10016) (User: ERIC)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user ERIC\grand SID (S-1-5-21-2419748366-3010618436-1684785940-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (05/03/2018 10:00:48 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/03/2018 10:00:46 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/03/2018 10:00:43 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/03/2018 10:00:41 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

Error: (05/03/2018 10:00:38 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.


Windows Defender:
===================================
Date: 2018-04-15 11:24:10.438
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {35B7538F-10A1-493E-A410-1E561CF1A26F}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-14 12:37:39.959
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {FC80262A-92E6-4895-B532-75DFEB8A781B}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-12 04:57:58.566
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {FEAD4FC5-BF3B-4F7A-A591-88046B1063F0}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-09 12:14:41.929
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {66E07253-8858-475A-B9D0-901311AEB24E}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-04-09 12:02:45.861
Description:
Windows Defender Antivirus scan has been stopped before completion.
Scan ID: {BFF3C599-88B2-4377-AC0C-0B9212784575}
Scan Type: Antimalware
Scan Parameters: Quick Scan

Date: 2018-03-22 06:33:18.293
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.828.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2018-03-22 01:26:23.506
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.828.0
Update Source: Microsoft Update Server
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee2
Error description: The operation timed out

Date: 2018-03-18 16:54:43.452
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.652.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-18 16:54:43.452
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 118.5.0.0
Update Source: Microsoft Malware Protection Center
Signature Type: Network Inspection System
Update Type: Full
Current Engine Version:
Previous Engine Version: 2.1.14202.0
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

Date: 2018-03-18 16:54:43.438
Description:
Windows Defender Antivirus has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 1.263.652.0
Update Source: Microsoft Malware Protection Center
Signature Type: AntiVirus
Update Type: Full
Current Engine Version:
Previous Engine Version: 1.1.14600.4
Error code: 0x80072ee7
Error description: The server name or address could not be resolved

CodeIntegrity:
===================================

Date: 2018-04-14 07:20:05.751
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-14 07:20:04.648
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-14 07:19:50.480
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-14 07:19:45.398
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-14 07:19:32.673
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-14 07:19:31.797
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-09 08:27:51.128
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

Date: 2018-04-09 08:27:50.698
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.

==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 58%
Total physical RAM: 4060.09 MB
Available physical RAM: 1682.96 MB
Total Virtual: 4764.09 MB
Available Virtual: 2190.42 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:576.19 GB) (Free:530.05 GB) NTFS

\\?\Volume{97be5b6a-0000-0000-0000-70cc04000000}\ (SYSTEM RESERVED) (Fixed) (Total:0.35 GB) (Free:0.31 GB) NTFS
\\?\Volume{97be5b6a-0000-0000-0000-100000000000}\ (PQSERVICE) (Fixed) (Total:19.19 GB) (Free:7.99 GB) NTFS
\\?\Volume{97be5b6a-0000-0000-0000-d0ee94000000}\ () (Fixed) (Total:0.44 GB) (Free:0.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 596.2 GB) (Disk ID: 97BE5B6A)
Partition 1: (Not Active) - (Size=19.2 GB) - (Type=27)
Partition 2: (Active) - (Size=356 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=576.2 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt =======================
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,145 posts
  • MVP

I don't see any malware.  Expect your YouCam 7 software took your picture as part of its setup.  It has a feature where it can prevent the PC from working if it doesn't see your face in the camera.

https://www.cyberlin...ures_en_US.html

 

You do have a problem with your hard drive.
 

Error: (05/03/2018 10:00:46 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.

 

 

Usually if you force a disk check of C: it will fix the problem.

https://www.tekrevue...dsk-windows-10/

 

After you run the check it's a good idea to run dism & sfc:

 

Open an elevated command prompt:

http://www.howtogeek...-in-windows-10/
http://www.eightforu...indows-8-a.html

(If you open an elevated Command Prompt properly it will say Administrator: Command Prompt in the margin at the top of the window)


Once you have an elevated command prompt:

Type:

 DISM  /Online  /Cleanup-Image  /RestoreHealth

 (I use two spaces so you can be sure to see where one space goes.)
Hit Enter.  This will take a while (10-20 minutes) to complete.  Once the prompt returns:

Reboot.  Open an elevated Command Prompt again and type (with an Enter after the line):

sfc  /scannow



This will also take a few minutes.  

When it finishes it will say one of the following:

Windows did not find any integrity violations (a good thing)
Windows Resource Protection found corrupt files and repaired them (a good thing)
Windows Resource Protection found corrupt files but was unable to fix some (or all) of them (not a good thing)

If you get the last result then type:
findstr  /c:"[SR]"  \windows\logs\cbs\cbs.log  >  %UserProfile%\desktop\junk.txt


Hit Enter.  Then type::


notepad %UserProfile%\desktop\junk.txt

Hit Enter.

 Copy the text from notepad and paste it into a reply.


After you finish SFC, regardless of the result:



1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.  (Each time you run VEW it overwrites the log so copy the first one to a Reply or rename it before running it a second time.)

 

Let's make sure I am not missing something:

 

Let's run Rogue Killer

http://www.adlice.co...iller/#download

Portable 64 bits <==Use this one

Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.
 


  • 0

#6
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 328 posts

Firstly, thank you so much for helping me, I'm an 82yr old guy who relies on computer for many needs - shopping, banking, facebook/messenger etc: though I'm hopeless at anything technical :)

 

first scan took 1hr 45 mins lolz so it must have had many problems :) anyhow followed all of your directions ..... here are the results (corrupt files found and repaired)

 

************************************************************

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 04/05/2018 11:21:40 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/05/2018 6:58:48 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/05/2018 6:23:50 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/05/2018 5:47:27 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/05/2018 5:39:29 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/05/2018 2:28:07 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 01/05/2018 12:02:26 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/04/2018 11:57:04 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/04/2018 9:46:23 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 08/04/2018 2:52:16 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 01/04/2018 8:53:26 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 24/03/2018 5:42:07 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/03/2018 11:31:58 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/03/2018 8:58:24 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/03/2018 4:22:23 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/03/2018 2:14:46 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 02/03/2018 2:00:18 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 28/02/2018 6:31:22 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/02/2018 7:03:13 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/02/2018 1:18:32 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 10/02/2018 1:12:55 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/05/2018 3:14:34 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user ERIC\grand SID (S-1-5-21-2419748366-3010618436-1684785940-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/05/2018 3:11:22 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 04/05/2018 3:11:19 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 04/05/2018 2:45:16 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/05/2018 2:44:18 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {D63B10C5-BB46-4990-A94F-E40B9D520160}  and APPID  {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/05/2018 2:44:15 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/05/2018 2:44:15 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/05/2018 2:44:15 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/05/2018 2:44:15 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/05/2018 2:44:15 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/05/2018 2:44:15 PM
Type: Error Category: 0
Event: 10016 Source: Microsoft-Windows-DistributedCOM
The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID  {6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}  and APPID  {4839DDB7-58C2-48F5-8283-E1D1807D0D7D}  to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Log: 'System' Date/Time: 04/05/2018 1:54:41 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 04/05/2018 1:54:39 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 04/05/2018 1:54:37 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 04/05/2018 1:54:34 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 04/05/2018 1:54:32 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 04/05/2018 1:54:06 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 04/05/2018 1:54:03 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 04/05/2018 1:54:01 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 04/05/2018 1:53:58 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 04/05/2018 2:44:10 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 04/05/2018 2:43:32 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 04/05/2018 1:04:42 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _nos._tcp.nos-avg.cz timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/05/2018 1:03:35 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 04/05/2018 6:59:24 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _nos._tcp.nos-avg.cz timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/05/2018 6:59:10 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 00-17-C4-F9-72-91 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 04/05/2018 6:59:10 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 00-17-C4-F9-72-91 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 04/05/2018 6:58:59 AM
Type: Warning Category: 0
Event: 28 Source: BTHUSB
The local adapter does not support Bluetooth Low Energy.

Log: 'System' Date/Time: 04/05/2018 6:24:28 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _nos._tcp.nos-avg.cz timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/05/2018 6:24:14 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 00-17-C4-F9-72-91 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 04/05/2018 6:24:14 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 00-17-C4-F9-72-91 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 04/05/2018 6:23:55 AM
Type: Warning Category: 0
Event: 28 Source: BTHUSB
The local adapter does not support Bluetooth Low Energy.

Log: 'System' Date/Time: 04/05/2018 5:51:26 AM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 04/05/2018 5:48:24 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _nos._tcp.nos-avg.cz timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/05/2018 5:47:56 AM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 04/05/2018 5:47:54 AM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 04/05/2018 5:47:49 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 00-17-C4-F9-72-91 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 04/05/2018 5:47:49 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 00-17-C4-F9-72-91 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 04/05/2018 5:47:30 AM
Type: Warning Category: 0
Event: 28 Source: BTHUSB
The local adapter does not support Bluetooth Low Energy.

Log: 'System' Date/Time: 04/05/2018 5:40:07 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _nos._tcp.nos-avg.cz timed out after none of the configured DNS servers responded.

 

*************************

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 04/05/2018 11:27:14 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/05/2018 3:10:41 PM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected

Log: 'Application' Date/Time: 04/05/2018 3:10:41 PM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected

Log: 'Application' Date/Time: 04/05/2018 1:57:15 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Microsoft.Photos.exe, version: 2018.18031.15820.0, time stamp: 0x5ae35cce Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36 Exception code: 0xc000027b Fault offset: 0x0000000000094ef5 Faulting process id: 0xddc Faulting application start time: 0x01d3e3af78ea5866 Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Faulting module path: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll Report Id: c62168df-d1f8-4ee9-8a54-7b320f71c289 Faulting package full name: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App

Log: 'Application' Date/Time: 04/05/2018 6:34:55 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:54 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:53 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:52 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:52 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:51 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:50 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:49 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:48 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:47 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:46 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:45 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:44 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:44 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:43 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:42 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

Log: 'Application' Date/Time: 04/05/2018 6:34:40 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 04/05/2018 7:06:47 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c with error -2147024891 returned Error Code: -2147009279

Log: 'Application' Date/Time: 04/05/2018 7:06:47 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c hit error -2147024891.

Log: 'Application' Date/Time: 04/05/2018 7:06:07 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c with error -2147024891 returned Error Code: -2147009279

Log: 'Application' Date/Time: 04/05/2018 7:06:07 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c hit error -2147024891.

Log: 'Application' Date/Time: 04/05/2018 7:04:07 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c with error -2147024891 returned Error Code: -2147009279

Log: 'Application' Date/Time: 04/05/2018 7:04:07 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c hit error -2147024891.

Log: 'Application' Date/Time: 04/05/2018 7:04:06 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c with error -2147024891 returned Error Code: -2147009279

Log: 'Application' Date/Time: 04/05/2018 7:03:57 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c hit error -2147024891.

Log: 'Application' Date/Time: 04/05/2018 6:34:55 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe with error -2147009096 returned Error Code: -2147009279

Log: 'Application' Date/Time: 04/05/2018 6:34:55 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe hit error -2147009096.

Log: 'Application' Date/Time: 04/05/2018 6:34:54 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe with error -2147009096 returned Error Code: -2147009279

Log: 'Application' Date/Time: 04/05/2018 6:34:54 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe hit error -2147009096.

Log: 'Application' Date/Time: 04/05/2018 6:34:54 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe with error -2147009096 returned Error Code: -2147009279

Log: 'Application' Date/Time: 04/05/2018 6:34:53 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe hit error -2147009096.

Log: 'Application' Date/Time: 04/05/2018 6:34:53 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe with error -2147009096 returned Error Code: -2147009279

Log: 'Application' Date/Time: 04/05/2018 6:34:53 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe hit error -2147009096.

Log: 'Application' Date/Time: 04/05/2018 6:34:52 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe with error -2147009096 returned Error Code: -2147009279

Log: 'Application' Date/Time: 04/05/2018 6:34:52 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe hit error -2147009096.

Log: 'Application' Date/Time: 04/05/2018 6:34:51 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe with error -2147009096 returned Error Code: -2147009279

Log: 'Application' Date/Time: 04/05/2018 6:34:51 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe hit error -2147009096.

 

 

***************************************

 

RogueKiller V12.12.16.0 (x64) [May  4 2018] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : https://forum.adlice.com
Website : http://www.adlice.co...ad/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.16299) 64 bits version
Started in : Normal mode
User : grand [Administrator]
Started from : C:\Users\grand\Desktop\RogueKiller_portable64.exe
Mode : Scan -- Date : 05/04/2018 23:50:27 (Duration : 00:39:39)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUP.Gen1] (X64) HKEY_USERS\S-1-5-21-2419748366-3010618436-1684785940-1002\Software\IM -> Found
[PUP.Gen1] (X86) HKEY_USERS\S-1-5-21-2419748366-3010618436-1684785940-1002\Software\IM -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 +++++
--- User ---
[MBR] d783b554b2c903135100972d8d2798d6
[BSP] 3cfc57663abb2195f66e045b394cdbf0 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 19654 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 40253440 | Size: 356 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 40982528 | Size: 590017 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1249339392 | Size: 450 MB
User = LL1 ... OK
User = LL2 ... OK

 

************************************

 

 (found 2 PUPS)


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,145 posts
  • MVP

The disk check always take a while.   How long depends on the size of the drive and the speed of the CPU & Memory.  1.5 hours is actually pretty fast.  I've seen it take up to 5 hours.

 

I'm still seeing a few of the bad block errors (tho fewer than before) so you should probably run the disk check a second time.

 

What is causing these:

 

 

Log: 'System' Date/Time: 04/05/2018 6:58:48 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

 

 

 

?  Is your power going off, is your battery running out, are you just forcing it to shutdown or is it crashing all by itself?

 

Rogue Killer shows two PUPs but doesn't say what they are.  They don't appear to be active so you can just check them and let Rogue Killer remove them.


  • 0

#8
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 328 posts

No my power is not going off, I am directly connected with power ...   I will now check disk again .... :) thank you 


  • 0

#9
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 328 posts
Well I don't know what is causing those :( I do know that when restarting/rebooting the computer, 
it stops after a few seconds and I have to manually shut the computer down by switching the power off - 
then reconnect and then restart it.
 
On repeat chkdsk many problems were found, told me to chkdsk /scan
which I did, it then corrected all the problems :)  
 
Is there something now that I should do? 

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,145 posts
  • MVP

Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

Advertisements


#11
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 328 posts

Attached File  ERIC.txt   136.96KB   72 downloads

 

 

thank you for the instructions, made it so much easier :)


Edited by Ricky_22, 05 May 2018 - 04:52 AM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,145 posts
  • MVP
C5
                                            Attribute name    Current Pending Sector Count
                                            Real value    56
                                            Current    200
                                            Worst    200
                                            Threshold    0
                                            Raw Value    0000000038
                                            Status    Good

 

 

56 sectors on the hard drive are bad and need to be replaced with good ones.  HD makers expect sectors to fail and put extra ones on the drive.  WD says they have at least 140 available and you have 56 bad so we may be able to save the drive.  Get

Data Lifeguard Diagnostic for Windows

http://downloads.wdc...inDlg_v1_31.zip

 

Download, Save then right click and Extract All, Extract.  Right click on WinDlg.exe and Run As Admin.

  1. Read and accept the license agreement to continue.
  2. On the main program screen, there are two windows. In the top window, you will see the drives in your system that are available for testing. The model number, serial number, capacity, and SMART status of each drive will be displayed. In the bottom window, the partition information for the selected drive will be displayed.
  3. Highlight the drive and select the icon on the top row to test or run SMART status.
  4. When you select the run tests icon, the "DLGDIAG - Select an Option" window appears.
  5. You will see the following options:
    • QUICK TEST - performs SMART drive quick self-test to gather and verify the Data Lifeguard information contained on the drive.
    • EXTENDED TEST - performs a Full Media Scan to detect bad sectors. Test may take several hours to complete depending on the size of the drive. <==Run this test.  It will take a very long time.  You may want to run it while you sleep.
    • ERASE - writes zeros to the drive with options of Full Erase and Quick Erase. File system and data will be lost.<==DO NOT SELECT THIS!!!
    • VIEW TEST RESULT - displays the latest test results.
  6. Select the test you wish to perform and click the Start button.
  7. When the test completes, you will be notified with a pass/fail message. Click the Close button.

Repeat the chkdsk command again and then run vew as before.  Also create a new speccy log.


  • 0

#13
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 328 posts

 

Test found bad sections that maybe repairable
 
Test Option: EXTENDED TEST 
Model Number: WDC WD6400AAKS-22A7B2 
Unit Serial Number: WD-WCASYC887265 
Firmware Number: 01.03B01 
Capacity: 640.13 GB 
SMART Status: PASS 
Test Result: FAIL 
Test Error Code: 08- 
Test Time: 00:16:34, May 06, 2018 

 

 

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 06/05/2018 12:32:30 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2018 4:55:20 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 05/05/2018 4:45:01 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/05/2018 9:43:29 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/05/2018 9:33:05 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/05/2018 9:30:06 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/05/2018 6:58:48 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/05/2018 6:23:50 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/05/2018 5:47:27 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 04/05/2018 5:39:29 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 03/05/2018 2:28:07 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 01/05/2018 12:02:26 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 17/04/2018 11:57:04 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 16/04/2018 9:46:23 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 08/04/2018 2:52:16 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 01/04/2018 8:53:26 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 24/03/2018 5:42:07 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 23/03/2018 11:31:58 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 18/03/2018 8:58:24 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 15/03/2018 4:22:23 AM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

Log: 'System' Date/Time: 07/03/2018 2:14:46 PM
Type: Critical Category: 63
Event: 41 Source: Microsoft-Windows-Kernel-Power
The system has rebooted without cleanly shutting down first. This error could be caused if the system stopped responding, crashed, or lost power unexpectedly.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2018 4:24:48 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 4:24:45 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 4:24:43 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 4:24:40 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 4:24:37 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 4:24:35 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 4:24:33 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:43 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:41 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:38 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:35 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:22 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:20 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:17 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:15 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:12 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:09 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:07 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:04 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

Log: 'System' Date/Time: 05/05/2018 2:12:02 PM
Type: Error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk0\DR0, has a bad block.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 05/05/2018 1:33:04 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _nos._tcp.nos-avg.cz timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 05/05/2018 10:02:00 AM
Type: Warning Category: 0
Event: 130 Source: Ntfs
The file system structure on volume C: has now been repaired.

Log: 'System' Date/Time: 05/05/2018 10:01:57 AM
Type: Warning Category: 0
Event: 130 Source: Ntfs
The file system structure on volume C: has now been repaired.

Log: 'System' Date/Time: 05/05/2018 10:01:57 AM
Type: Warning Category: 0
Event: 130 Source: Ntfs
The file system structure on volume C: has now been repaired.

Log: 'System' Date/Time: 05/05/2018 9:57:11 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _nos._tcp.nos-avg.cz timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 05/05/2018 4:55:57 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _nos._tcp.nos-avg.cz timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 05/05/2018 4:55:44 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 00-17-C4-F9-72-91 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 05/05/2018 4:55:44 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 00-17-C4-F9-72-91 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 05/05/2018 4:55:22 AM
Type: Warning Category: 0
Event: 28 Source: BTHUSB
The local adapter does not support Bluetooth Low Energy.

Log: 'System' Date/Time: 05/05/2018 4:45:40 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _nos._tcp.nos-avg.cz timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 05/05/2018 4:45:27 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 00-17-C4-F9-72-91 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 05/05/2018 4:45:27 AM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 00-17-C4-F9-72-91 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

Log: 'System' Date/Time: 05/05/2018 4:45:10 AM
Type: Warning Category: 0
Event: 28 Source: BTHUSB
The local adapter does not support Bluetooth Low Energy.

Log: 'System' Date/Time: 05/05/2018 4:02:20 AM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _nos._tcp.nos-avg.cz timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 05/05/2018 4:01:30 AM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 04/05/2018 9:44:27 PM
Type: Warning Category: 1014
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name _nos._tcp.nos-avg.cz timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 04/05/2018 9:44:01 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 04/05/2018 9:43:59 PM
Type: Warning Category: 0
Event: 134 Source: Microsoft-Windows-Time-Service
NtpClient was unable to set a manual peer to use as a time source because of DNS resolution error on 'time.windows.com,0x9'. NtpClient will try again in 15 minutes and double the reattempt interval thereafter. The error was: No such host is known. (0x80072AF9)

Log: 'System' Date/Time: 04/05/2018 9:43:54 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 00-17-C4-F9-72-91 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv4 0x00000000).

Log: 'System' Date/Time: 04/05/2018 9:43:54 PM
Type: Warning Category: 0
Event: 4291 Source: Tcpip
The network adapter with hardware address 00-17-C4-F9-72-91 has indicated packet coalescing capability without indicating support for one or more prerequisite receive filter capabilities (IPv6 0x00000000).

 

*************************

 

Vino's Event Viewer v01c run on Windows 7 in English
Report run at 06/05/2018 12:44:09 AM
 
Note: All dates below are in the format dd/mm/yyyy
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/05/2018 2:03:27 PM
Type: Error Category: 2400
Event: 2484 Source: Microsoft-Windows-Immersive-Shell
Package Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.
 
Log: 'Application' Date/Time: 04/05/2018 9:23:12 PM
Type: Error Category: 0
Event: 5000 Source: Microsoft Security Client
The event description cannot be found.
 
Log: 'Application' Date/Time: 04/05/2018 9:23:12 PM
Type: Error Category: 0
Event: 5000 Source: Microsoft Security Client
The event description cannot be found.
 
Log: 'Application' Date/Time: 04/05/2018 9:22:39 PM
Type: Error Category: 0
Event: 5000 Source: Microsoft Security Client
The event description cannot be found.
 
Log: 'Application' Date/Time: 04/05/2018 9:22:39 PM
Type: Error Category: 0
Event: 5000 Source: Microsoft Security Client
The event description cannot be found.
 
Log: 'Application' Date/Time: 04/05/2018 4:29:56 PM
Type: Error Category: 0
Event: 2002 Source: Microsoft Security Client
The event description cannot be found.
 
Log: 'Application' Date/Time: 04/05/2018 4:29:54 PM
Type: Error Category: 0
Event: 5000 Source: Microsoft Security Client
The event description cannot be found.
 
Log: 'Application' Date/Time: 04/05/2018 4:29:54 PM
Type: Error Category: 0
Event: 5000 Source: Microsoft Security Client
The event description cannot be found.
 
Log: 'Application' Date/Time: 04/05/2018 4:29:15 PM
Type: Error Category: 0
Event: 5000 Source: Microsoft Security Client
The event description cannot be found.
 
Log: 'Application' Date/Time: 04/05/2018 4:29:15 PM
Type: Error Category: 0
Event: 5000 Source: Microsoft Security Client
The event description cannot be found.
 
Log: 'Application' Date/Time: 04/05/2018 3:10:41 PM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected
 
Log: 'Application' Date/Time: 04/05/2018 3:10:41 PM
Type: Error Category: 0
Event: 10031 Source: Microsoft-Windows-COMRuntime
An unmarshaling policy check was performed when unmarshaling a custom marshaled object and the class {F6C29334-47DC-4397-9150-F549CF1D4861} was rejected
 
Log: 'Application' Date/Time: 04/05/2018 1:57:15 PM
Type: Error Category: 100
Event: 1000 Source: Application Error
Faulting application name: Microsoft.Photos.exe, version: 2018.18031.15820.0, time stamp: 0x5ae35cce Faulting module name: twinapi.appcore.dll, version: 10.0.16299.19, time stamp: 0x63553d36 Exception code: 0xc000027b Fault offset: 0x0000000000094ef5 Faulting process id: 0xddc Faulting application start time: 0x01d3e3af78ea5866 Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe Faulting module path: C:\WINDOWS\SYSTEM32\twinapi.appcore.dll Report Id: c62168df-d1f8-4ee9-8a54-7b320f71c289 Faulting package full name: Microsoft.Windows.Photos_2018.18031.15820.0_x64__8wekyb3d8bbwe Faulting package-relative application ID: App
 
Log: 'Application' Date/Time: 04/05/2018 6:34:55 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504
 
Log: 'Application' Date/Time: 04/05/2018 6:34:54 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504
 
Log: 'Application' Date/Time: 04/05/2018 6:34:53 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504
 
Log: 'Application' Date/Time: 04/05/2018 6:34:52 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504
 
Log: 'Application' Date/Time: 04/05/2018 6:34:52 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504
 
Log: 'Application' Date/Time: 04/05/2018 6:34:51 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504
 
Log: 'Application' Date/Time: 04/05/2018 6:34:50 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-AppModel-State
Failure to load the application settings for package Microsoft.ZuneVideo_8wekyb3d8bbwe. Error Code: -2147023504
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 05/05/2018 2:13:39 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (7740,D,0) {10114380-0FD3-4340-B20B-5FF25A4A84F6}: A request to write to the file "C:\Users\grand\AppData\Local\Microsoft\Windows\SettingSync\metastore\edb.log" at offset 249856 (0x000000000003d000) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (16 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 05/05/2018 2:13:38 PM
Type: Warning Category: 7
Event: 508 Source: ESENT
SettingSyncHost (7740,D,0) {10114380-0FD3-4340-B20B-5FF25A4A84F6}: A request to write to the file "C:\Users\grand\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" at offset 901120 (0x00000000000dc000) for 16384 (0x00004000) bytes succeeded, but took an abnormally long time (17 seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.
 
Log: 'Application' Date/Time: 05/05/2018 4:45:39 AM
Type: Warning Category: 3
Event: 472 Source: ESENT
taskhostw (4464,R,0) WebCacheLocal: The shadow header page of file C:\Users\grand\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat was damaged. The primary header page (32768 bytes) was used instead.
 
Log: 'Application' Date/Time: 04/05/2018 7:06:47 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c with error -2147024891 returned Error Code: -2147009279
 
Log: 'Application' Date/Time: 04/05/2018 7:06:47 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c hit error -2147024891.
 
Log: 'Application' Date/Time: 04/05/2018 7:06:07 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c with error -2147024891 returned Error Code: -2147009279
 
Log: 'Application' Date/Time: 04/05/2018 7:06:07 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c hit error -2147024891.
 
Log: 'Application' Date/Time: 04/05/2018 7:04:07 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c with error -2147024891 returned Error Code: -2147009279
 
Log: 'Application' Date/Time: 04/05/2018 7:04:07 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c hit error -2147024891.
 
Log: 'Application' Date/Time: 04/05/2018 7:04:06 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c with error -2147024891 returned Error Code: -2147009279
 
Log: 'Application' Date/Time: 04/05/2018 7:03:57 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation Current against package Microsoft.SkypeApp_kzf8qxf38zg5c hit error -2147024891.
 
Log: 'Application' Date/Time: 04/05/2018 6:34:55 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe with error -2147009096 returned Error Code: -2147009279
 
Log: 'Application' Date/Time: 04/05/2018 6:34:55 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe hit error -2147009096.
 
Log: 'Application' Date/Time: 04/05/2018 6:34:54 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe with error -2147009096 returned Error Code: -2147009279
 
Log: 'Application' Date/Time: 04/05/2018 6:34:54 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe hit error -2147009096.
 
Log: 'Application' Date/Time: 04/05/2018 6:34:54 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe with error -2147009096 returned Error Code: -2147009279
 
Log: 'Application' Date/Time: 04/05/2018 6:34:53 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe hit error -2147009096.
 
Log: 'Application' Date/Time: 04/05/2018 6:34:53 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe with error -2147009096 returned Error Code: -2147009279
 
Log: 'Application' Date/Time: 04/05/2018 6:34:53 AM
Type: Warning Category: 0
Event: 20 Source: Microsoft-Windows-AppModel-State
Triggered repair because operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe hit error -2147009096.
 
Log: 'Application' Date/Time: 04/05/2018 6:34:52 AM
Type: Warning Category: 0
Event: 21 Source: Microsoft-Windows-AppModel-State
Repair for operation LocalSettings against package Microsoft.ZuneVideo_8wekyb3d8bbwe with error -2147009096 returned Error Code: -2147009279
 

  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 21,145 posts
  • MVP
Test found bad sections that maybe repairable

 

Did it offer to try and repair them?  I haven't run the WD test lately.  Seagate's test offers to try and repair the drive at the end.
 
Speccy shows even more bad sectors now so I think the drive is probably on its last legs.  Best to clone it before it fails completely.
 
You have an all-in-one so there is probably no extra drive slot available so you will need a USB adapter.  Probably a docking station would be your best bet for a 3.5 inch drive. Something like:
 
Unitek USB 3.0 to SATA External Hard Drive Docking Station for 2.5 3.5 Inch SATA I / II / III HDD SSD, Support UASP SATA 6TB 8TB, 12V2A Power Supply
is available on Amazon for $14.50
+ $5.49 shipping + $0.00 estimated tax
 
or
ezDISK EZ0350 USB3.0 hard drive docking station SATA III 6Gbps support up to 10TB
$16.90 (free shipping if you have Prime)
 
I'd get a 1 TB drive.  Ideally a Western Digital Black as they last longer and have a better warranty:
 
WD Black 1TB Performance Desktop Hard Disk Drive - 7200 RPM SATA 6 Gb/s 64MB Cache 3.5 Inch - WD1003FZEX
by Western Digital
$71.99
or if you want to save some money
Amazon has the blue label
WD Blue 1TB SATA 6 Gb/s 7200 RPM 64MB Cache 3.5 Inch Desktop Hard Drive (WD10EZEX)
for $44
 
Hitachi drives are OK but stay away from Seagate.
 
Once you have the new drive and the docking station you put the drive in the station, turn it on and plug it into a USB port.  Then get
 
The acronis program from WD's website:
http://downloads.wdc.com/acronis/ATI2016WD_build33.zip. It will let you clone your old drive onto your new one.  Just be careful when you do it that you use the old drive as the source and the new as the target.
 
Alternatively you can use the free version of Macrium which is a bit faster:
 
 
Once you have a good clone then shut down the PC, open it up (usually just takes a Phillips screwdriver to remove the screws and a flat blade to pop the plastic apart.  Google your PC and you will usually find a youtube video showing you how to get it apart.) 
 
Remove the hard drive ( just a single screw on my HP All-in-one but perhaps 4 screws worst case) and put the new in.  Put it back together and see if it will boot.  Run the disk check as before with DISM and SFC and you are done.
 
 

 


  • 0

#15
Ricky_22

Ricky_22

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 328 posts

Hello :) yes it did say it could repair, but warned that I could possibly lose data .... personally I'm okay with that - I have nothing important on the computer - I am quite prepared to let it do that ... so before I do the other things that you have suggested - could I do this?

 

 

Ricky


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP