Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google search redirected, unable to run Windscribe VPN or TDSSKiller

Malware

  • Please log in to reply

#1
Syncmaster75

Syncmaster75

    Member

  • Member
  • PipPip
  • 48 posts

Hello all,

 

I have a possible malware infection that has appeared on my pc in the last 24hrs, no idea how it was acquired. I'm running Windows 10, version 1803, x64 and Firefox as my browser. The symptoms I have are that Google.co.uk asked for a login (not the usual account sign in, but a password to access the search page itself) - I left the password field blank and hit continue and saw that it tried to redirect before it went back to looking like my normal homepage. This has only happened once and unfortunately I didn't copy either the initial login message or catch the redirect url - it flashed past too quickly.

 

At the same time my Windscribe VPN has failed, unable to connect to any page when it's running, error as below:

 

Secure Connection Failed

The OCSP response contains out-of-date information.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
 

Because this situation looked suspicious, I've run the following scans:

 

Avast antivirus full scan and boot time scan - this picked up some PUPs in the backup files I've got for my rooted Android phone, but nothing on the system. Avast is the only program I have running live, all the rest are on-demand.

 

Malwarebytes - free version, no detections

 

SuperAntiSpyware, no detections

 

Emisoft Emergency Kit Scanner - no detections

 

Kaspersky's TDSSKiller - Failed to run - I've tried downloading it again and the fresh copy fails as well, could this have been disabled by malware?

 

I've also used command prompt to run DISM /Online /Cleanup-Image /RestoreHealth and sfc /scannow in case I had corrupt system files but none of the above symptoms were cured after these commands.

 

I've read the sticky and run FRST64.exe with the following txt files generated:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.06.2018
Ran by Mark (administrator) on DESKTOP-MARK (04-06-2018 11:31:15)
Running from C:\Users\Mark\Desktop
Loaded Profiles: defaultuser0 & Mark & Administrator & DefaultAppPool (Available Profiles: defaultuser0 & Mark & Administrator & DefaultAppPool)
Platform: Windows 10 Home Version 1803 17134.81 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(f.lux Software LLC) C:\Users\Mark\AppData\Local\FluxSoftware\Flux\flux.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\Chrome\fdm_nativehost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-16] (AVAST Software)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe*********\¾**`¾**`Å**0æ**X*O²þÿÿÿöŽ**–Q**`Š**`Š**\€**è‘******ìo&*****C:\P
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1836258222-3966296210-172399888-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-08] (Ruiware)
HKU\S-1-5-21-1836258222-3966296210-172399888-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1a81e780-42d8-4e2c-866e-5332cd559984}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-1836258222-3966296210-172399888-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-05-07] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-07] (Oracle Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-10-28] (FreeDownloadManager.ORG)

FireFox:
========
FF DefaultProfile: s1dtoigf.default
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default [2018-06-04]
FF Homepage: Mozilla\Firefox\Profiles\s1dtoigf.default -> hxxps://www.google.co.uk/
FF Extension: (Windscribe VPN) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\@windscribeff.xpi [2018-02-13]
FF Extension: (Free Download Manager extension) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\[email protected] [2017-12-30]
FF Extension: (HTTPS Everywhere) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\[email protected] [2018-04-16]
FF Extension: (Avast SafePrice) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\[email protected] [2018-05-29]
FF Extension: (uBlock Origin) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\[email protected] [2018-05-27]
FF Extension: (Avast Online Security) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\[email protected] [2018-05-27]
FF Extension: (YouTube High Definition) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2018-01-01]
FF Extension: (Video DownloadHelper) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-05-30]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\features\{d796d067-c00e-46fa-bbe2-4fcb802e38c5}\[email protected] [2018-05-31] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-08] ()
FF Plugin: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-07] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atiesrxx.exe [482280 2018-04-26] (AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-16] (AVAST Software)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S2 ImDiskRD; C:\Program Files\ImDisk\RamDiskUI.exe [66560 2017-07-06] () [File not signed]
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [19552 2015-12-15] (Olof Lagerkvist)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-06-13] (Microsoft Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-03] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-05-07] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-05-07] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atikmdag.sys [44670944 2018-04-26] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atikmpag.sys [553448 2018-04-26] (Advanced Micro Devices, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-05-16] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-05-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-05-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-05-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-05-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [234560 2018-05-16] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-05-16] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159120 2018-05-16] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111360 2018-05-16] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-05-16] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-05-16] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-05-16] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-05-16] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381552 2018-05-16] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Advanced Micro Devices)
R2 AWEAlloc; C:\WINDOWS\system32\DRIVERS\awealloc.sys [21048 2015-12-15] (Olof Lagerkvist)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
R1 HWiNFO; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [55960 2018-05-23] (REALiX™)
R2 ImDisk; C:\WINDOWS\system32\DRIVERS\imdisk.sys [48704 2015-12-15] (Olof Lagerkvist)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-04] (Malwarebytes)
S3 qcusbser; C:\WINDOWS\System32\drivers\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-10-20] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-10-23] (Synaptics Incorporated)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206976 2017-07-27] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-05-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313888 2018-05-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-05-07] (Microsoft Corporation)
S3 WiseUnlock; C:\WINDOWS\WiseUnlock64.sys [33864 2017-12-30] (WiseCleaner.com)
S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-04 11:31 - 2018-06-04 11:31 - 000014960 _____ C:\Users\Mark\Desktop\FRST.txt
2018-06-04 11:28 - 2018-06-04 11:28 - 002413056 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2018-06-03 23:57 - 2018-06-03 23:57 - 000000000 ____D C:\WINDOWS\Panther
2018-06-03 23:13 - 2018-05-20 20:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-03 23:13 - 2018-05-20 20:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-03 23:13 - 2018-05-20 19:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-03 23:13 - 2018-05-20 17:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-03 23:13 - 2018-05-20 12:54 - 001017056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-03 23:13 - 2018-05-20 12:53 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-03 23:13 - 2018-05-20 12:52 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-03 23:13 - 2018-05-20 12:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-03 23:13 - 2018-05-20 12:52 - 001209792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-03 23:13 - 2018-05-20 12:52 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-03 23:13 - 2018-05-20 12:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-03 23:13 - 2018-05-20 12:35 - 025844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-03 23:13 - 2018-05-20 12:35 - 000861608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-03 23:13 - 2018-05-20 12:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-03 23:13 - 2018-05-20 12:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-03 23:13 - 2018-05-20 12:32 - 006567904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-03 23:13 - 2018-05-20 12:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-03 23:13 - 2018-05-20 12:30 - 022709248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-03 23:13 - 2018-05-20 12:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-03 23:13 - 2018-05-20 12:28 - 004372480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-03 23:13 - 2018-05-20 12:25 - 022001664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-03 23:13 - 2018-05-20 12:25 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-03 23:13 - 2018-05-20 12:24 - 007582720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-03 23:13 - 2018-05-20 12:24 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-03 23:13 - 2018-05-20 12:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-03 23:13 - 2018-05-20 12:23 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-03 23:13 - 2018-05-20 12:22 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-03 23:13 - 2018-05-20 12:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-03 23:13 - 2018-05-20 12:18 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-03 23:12 - 2018-05-20 20:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-03 23:12 - 2018-05-20 20:45 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-03 23:12 - 2018-05-20 20:42 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-03 23:12 - 2018-05-20 20:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-03 23:12 - 2018-05-20 20:27 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-03 23:12 - 2018-05-20 20:27 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-03 23:12 - 2018-05-20 20:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-03 23:12 - 2018-05-20 20:24 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-03 23:12 - 2018-05-20 20:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-03 23:12 - 2018-05-20 20:23 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-03 23:12 - 2018-05-20 20:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-03 23:12 - 2018-05-20 20:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-03 23:12 - 2018-05-20 20:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-03 23:12 - 2018-05-20 20:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-03 23:12 - 2018-05-20 20:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-03 23:12 - 2018-05-20 20:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-03 23:12 - 2018-05-20 19:17 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-03 23:12 - 2018-05-20 19:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-03 23:12 - 2018-05-20 19:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-03 23:12 - 2018-05-20 19:03 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-03 23:12 - 2018-05-20 19:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-03 23:12 - 2018-05-20 19:00 - 002896896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-03 23:12 - 2018-05-20 19:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-03 23:12 - 2018-05-20 18:59 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-03 23:12 - 2018-05-20 18:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-03 23:12 - 2018-05-20 18:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-03 23:12 - 2018-05-20 17:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-03 23:12 - 2018-05-20 17:39 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-03 23:12 - 2018-05-20 17:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-03 23:12 - 2018-05-20 17:36 - 003733312 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-03 23:12 - 2018-05-20 17:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-03 23:12 - 2018-05-20 17:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-03 23:12 - 2018-05-20 16:04 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-03 23:12 - 2018-05-20 16:00 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-03 23:12 - 2018-05-20 15:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-03 23:12 - 2018-05-20 13:36 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-03 23:12 - 2018-05-20 13:33 - 000748504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-03 23:12 - 2018-05-20 13:33 - 000707480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-03 23:12 - 2018-05-20 13:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-03 23:12 - 2018-05-20 13:01 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-03 23:12 - 2018-05-20 13:01 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-03 23:12 - 2018-05-20 12:59 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-03 23:12 - 2018-05-20 12:58 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-03 23:12 - 2018-05-20 12:55 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-03 23:12 - 2018-05-20 12:55 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-03 23:12 - 2018-05-20 12:55 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-03 23:12 - 2018-05-20 12:55 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-03 23:12 - 2018-05-20 12:55 - 000193936 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-03 23:12 - 2018-05-20 12:54 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-03 23:12 - 2018-05-20 12:54 - 001800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-03 23:12 - 2018-05-20 12:54 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-03 23:12 - 2018-05-20 12:54 - 000722288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-03 23:12 - 2018-05-20 12:54 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-03 23:12 - 2018-05-20 12:53 - 006816848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 004402768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 002836376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-03 23:12 - 2018-05-20 12:53 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-03 23:12 - 2018-05-20 12:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-03 23:12 - 2018-05-20 12:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-03 23:12 - 2018-05-20 12:52 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-03 23:12 - 2018-05-20 12:52 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 000416120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-03 23:12 - 2018-05-20 12:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-03 23:12 - 2018-05-20 12:34 - 001462288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-03 23:12 - 2018-05-20 12:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-03 23:12 - 2018-05-20 12:33 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-03 23:12 - 2018-05-20 12:33 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-03 23:12 - 2018-05-20 12:33 - 000457144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-03 23:12 - 2018-05-20 12:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 006527568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 004787960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 002536056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 002486984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 000988128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-03 23:12 - 2018-05-20 12:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-03 23:12 - 2018-05-20 12:29 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-03 23:12 - 2018-05-20 12:28 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-03 23:12 - 2018-05-20 12:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-03 23:12 - 2018-05-20 12:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-03 23:12 - 2018-05-20 12:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-03 23:12 - 2018-05-20 12:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-03 23:12 - 2018-05-20 12:27 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-03 23:12 - 2018-05-20 12:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-03 23:12 - 2018-05-20 12:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-03 23:12 - 2018-05-20 12:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-03 23:12 - 2018-05-20 12:25 - 004563968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-03 23:12 - 2018-05-20 12:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-03 23:12 - 2018-05-20 12:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-03 23:12 - 2018-05-20 12:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-03 23:12 - 2018-05-20 12:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-03 23:12 - 2018-05-20 12:23 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-03 23:12 - 2018-05-20 12:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-03 23:12 - 2018-05-20 12:23 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-03 23:12 - 2018-05-20 12:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-03 23:12 - 2018-05-20 12:22 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-03 23:12 - 2018-05-20 12:22 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-03 23:12 - 2018-05-20 12:22 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-03 23:12 - 2018-05-20 12:22 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-03 23:12 - 2018-05-20 12:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-03 23:12 - 2018-05-20 12:17 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-03 23:12 - 2018-05-20 12:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-03 23:12 - 2018-05-20 12:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-03 23:12 - 2018-05-20 12:16 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-03 23:12 - 2018-05-20 12:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-03 23:12 - 2018-05-20 12:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-03 23:12 - 2018-05-20 12:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-03 23:12 - 2018-05-20 12:15 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-03 23:12 - 2018-05-20 12:15 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-03 23:12 - 2018-05-20 12:15 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-03 23:12 - 2018-05-20 12:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-03 23:12 - 2018-05-20 12:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-03 23:12 - 2018-05-20 12:14 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-03 23:12 - 2018-05-20 12:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-03 23:12 - 2018-05-20 12:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-03 23:12 - 2018-05-20 12:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-03 23:12 - 2018-05-20 12:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-03 23:12 - 2018-05-20 12:13 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-03 23:12 - 2018-05-20 12:13 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-03 23:12 - 2018-05-20 12:13 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-03 23:12 - 2018-05-20 12:13 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-03 23:12 - 2018-05-20 12:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-03 23:12 - 2018-05-20 12:12 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-03 23:12 - 2018-05-20 12:12 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-03 23:12 - 2018-05-20 12:12 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-03 23:12 - 2018-05-20 12:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-03 23:12 - 2018-05-20 12:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-03 23:12 - 2018-05-20 12:12 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-03 23:12 - 2018-05-20 12:11 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-03 23:12 - 2018-05-20 12:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-03 23:12 - 2018-05-20 12:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-03 23:12 - 2018-05-20 12:11 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-03 23:12 - 2018-05-20 12:11 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-03 23:12 - 2018-05-20 12:11 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-03 23:12 - 2018-05-20 11:07 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-03 23:12 - 2018-05-20 09:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-03 23:12 - 2018-05-18 18:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-06-03 22:59 - 2018-06-03 22:59 - 000000000 ____D C:\ProgramData\Emsisoft
2018-06-03 18:50 - 2018-06-03 18:50 - 000000000 ____D C:\Users\Mark\AppData\LocalLow\AMD
2018-05-31 19:13 - 2018-05-31 19:13 - 000001179 _____ C:\Users\Public\Desktop\LibreOffice 6.0.lnk
2018-05-31 19:13 - 2018-05-31 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0
2018-05-31 19:13 - 2018-05-31 19:13 - 000000000 ____D C:\Program Files\LibreOffice
2018-05-29 18:42 - 2018-05-29 18:42 - 000000809 _____ C:\Users\Mark\Desktop\Elsie.lnk
2018-05-29 18:42 - 2018-05-29 18:42 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elsie
2018-05-29 18:42 - 2018-05-29 18:42 - 000000000 ____D C:\Program Files\Elsie
2018-05-25 01:30 - 2017-03-04 01:51 - 001300480 _____ C:\Users\Mark\Desktop\mmssms_1.db
2018-05-23 19:02 - 2013-10-31 03:21 - 000015584 _____ (Giga-Byte Technology CO., LTD.) C:\WINDOWS\etocdrv.sys
2018-05-23 09:30 - 2018-05-23 18:28 - 000000159 _____ C:\Users\Mark\Documents\Neighbour 23.5.18.mp4
2018-05-23 08:50 - 2018-05-23 08:50 - 000000000 ____D C:\Users\Mark\AppData\Local\AVAST Software
2018-05-23 08:49 - 2018-05-23 08:49 - 000004536 _____ C:\Users\Mark\AppData\Roaming\CamStudio.cfg
2018-05-23 08:49 - 2018-05-23 08:49 - 000000408 _____ C:\Users\Mark\AppData\Roaming\CamShapes.ini
2018-05-23 08:49 - 2018-05-23 08:49 - 000000408 _____ C:\Users\Mark\AppData\Roaming\CamLayout.ini
2018-05-23 08:49 - 2018-05-23 08:49 - 000000046 _____ C:\Users\Mark\AppData\Roaming\Camdata.ini
2018-05-23 08:47 - 2018-05-23 08:47 - 000000096 _____ C:\Users\Mark\AppData\Roaming\version2.xml
2018-05-22 00:45 - 2018-05-22 00:45 - 000000000 ____D C:\WINDOWS\Vbox
2018-05-22 00:45 - 2018-05-22 00:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2018-05-22 00:44 - 2018-05-22 00:44 - 000000000 ____D C:\Program Files (x86)\Cakewalk
2018-05-22 00:44 - 1999-12-29 09:01 - 000005727 _____ C:\WINDOWS\SysWOW64\VcakeD.vxd
2018-05-16 18:44 - 2018-05-21 11:02 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-05-16 18:44 - 2018-05-16 18:44 - 000000000 ____D C:\Program Files\Realtek
2018-05-16 18:44 - 2017-06-29 18:55 - 003507688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 001347136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2018-05-16 18:44 - 2017-06-29 18:52 - 005826560 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2018-05-16 18:44 - 2017-06-29 18:52 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-05-16 18:44 - 2017-06-29 18:52 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-05-16 18:44 - 2017-06-29 18:51 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 003509256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000914016 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000768808 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000410032 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000074600 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000069920 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll
2018-05-16 18:43 - 2017-06-29 18:54 - 004059960 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2018-05-16 18:43 - 2017-06-29 18:54 - 000330552 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2018-05-16 18:43 - 2017-06-29 18:52 - 000574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2018-05-16 18:43 - 2017-06-29 18:52 - 000118592 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2018-05-16 18:43 - 2017-06-29 18:51 - 002210304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-05-16 18:43 - 2017-06-29 18:51 - 002050176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2018-05-16 18:43 - 2017-06-29 18:50 - 000122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-05-16 18:43 - 2017-06-29 03:05 - 012334923 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-05-16 18:25 - 2018-05-16 18:25 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-05-16 18:20 - 2018-05-21 11:02 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-05-16 18:06 - 2018-05-16 18:06 - 000000000 ____D C:\8336500659725115574
2018-05-16 18:00 - 2018-05-16 18:00 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-05-16 18:00 - 2018-05-16 18:00 - 000003074 _____ C:\WINDOWS\System32\Tasks\StartDVR
2018-05-16 18:00 - 2018-05-16 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-05-16 18:00 - 2018-05-16 18:00 - 000000000 ____D C:\Program Files (x86)\AMD
2018-05-16 17:33 - 2018-05-16 17:33 - 025960000 _____ (AMD Inc.) C:\Users\Mark\Downloads\radeon-software-adrenalin-18.4.1-minimalsetup-180426_64bit.exe
2018-05-09 14:04 - 2018-05-09 14:10 - 000001207 _____ C:\Users\Mark\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2018-05-09 14:04 - 2018-05-09 14:10 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2018-05-09 14:04 - 2018-05-09 14:10 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2018-05-09 13:25 - 2018-05-09 13:27 - 000000176 _____ C:\Users\Mark\Documents\DISM Restore Health Command.txt
2018-05-09 10:53 - 2018-05-09 10:53 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-05-09 10:51 - 2018-05-09 13:10 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-05-08 19:50 - 2018-05-08 20:22 - 000000000 ____D C:\Users\Mark\AppData\Roaming\AccurateRip
2018-05-08 19:50 - 2018-05-08 19:50 - 000001139 _____ C:\Users\Public\Desktop\Exact Audio Copy.lnk
2018-05-08 19:50 - 2018-05-08 19:50 - 000000000 ____D C:\Users\Mark\AppData\Roaming\EAC
2018-05-08 19:50 - 2018-05-08 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2018-05-08 19:50 - 2018-05-08 19:50 - 000000000 ____D C:\Program Files (x86)\Exact Audio Copy
2018-05-08 18:49 - 2018-04-28 14:58 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-08 18:49 - 2018-04-28 12:17 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-08 18:49 - 2018-04-28 05:31 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-08 18:49 - 2018-04-28 05:29 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-08 18:49 - 2018-04-28 05:29 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-08 18:49 - 2018-04-28 05:29 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-08 18:49 - 2018-04-28 05:29 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-08 18:49 - 2018-04-28 05:27 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-08 18:49 - 2018-04-28 05:27 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-08 18:49 - 2018-04-28 04:58 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-08 18:49 - 2018-04-28 04:57 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-08 18:49 - 2018-04-28 04:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-08 18:49 - 2018-04-28 04:55 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-08 18:48 - 2018-04-28 15:03 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-08 18:48 - 2018-04-28 15:03 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-08 18:48 - 2018-04-28 15:03 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-08 18:48 - 2018-04-28 15:02 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-08 18:48 - 2018-04-28 15:01 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-08 18:48 - 2018-04-28 15:00 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-08 18:48 - 2018-04-28 14:59 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-08 18:48 - 2018-04-28 14:58 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-08 18:48 - 2018-04-28 14:18 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-08 18:48 - 2018-04-28 14:17 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-08 18:48 - 2018-04-28 14:16 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-08 18:48 - 2018-04-28 14:14 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-08 18:48 - 2018-04-28 14:14 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-08 18:48 - 2018-04-28 14:14 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-08 18:48 - 2018-04-28 14:13 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-08 18:48 - 2018-04-28 14:12 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-08 18:48 - 2018-04-28 11:58 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-08 18:48 - 2018-04-28 11:58 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-08 18:48 - 2018-04-28 05:37 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-08 18:48 - 2018-04-28 05:29 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-08 18:48 - 2018-04-28 05:29 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-08 18:48 - 2018-04-28 05:27 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-08 18:48 - 2018-04-28 05:14 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-08 18:48 - 2018-04-28 05:13 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-08 18:48 - 2018-04-28 05:13 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-08 18:48 - 2018-04-28 05:13 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-08 18:48 - 2018-04-28 05:12 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-08 18:48 - 2018-04-28 05:03 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-08 18:48 - 2018-04-28 05:03 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-08 18:48 - 2018-04-28 05:03 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-08 18:48 - 2018-04-28 05:03 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-08 18:48 - 2018-04-28 05:02 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-08 18:48 - 2018-04-28 05:02 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-08 18:48 - 2018-04-28 05:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-08 18:48 - 2018-04-28 05:02 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-08 18:48 - 2018-04-28 05:02 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-08 18:48 - 2018-04-28 05:01 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-08 18:48 - 2018-04-28 05:00 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-08 18:48 - 2018-04-28 04:59 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-08 18:48 - 2018-04-28 04:57 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-08 18:48 - 2018-04-28 04:57 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-08 18:48 - 2018-04-28 04:56 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-08 18:48 - 2018-04-28 04:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-08 18:48 - 2018-04-28 04:56 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-08 18:48 - 2018-04-28 04:55 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-08 18:48 - 2018-04-28 04:55 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-08 18:48 - 2018-04-28 04:55 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-08 18:48 - 2018-04-28 04:54 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-08 18:48 - 2018-04-28 04:53 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-08 18:48 - 2018-04-28 04:53 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-08 18:48 - 2018-04-28 04:52 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-08 18:48 - 2018-04-28 04:51 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-08 18:48 - 2018-04-28 04:51 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-08 18:48 - 2018-04-28 03:43 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-07 13:39 - 2018-05-07 13:39 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2018-05-07 13:39 - 2018-05-07 13:39 - 000000000 ____D C:\Users\DefaultAppPool
2018-05-07 13:39 - 2018-04-12 00:34 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-07 13:29 - 2018-05-19 14:28 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-05-07 13:29 - 2018-05-09 10:53 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-05-07 13:29 - 2018-05-07 13:29 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-05-07 13:29 - 2018-05-07 13:29 - 000000000 ____D C:\Users\Mark\AppData\Roaming\AVAST Software
2018-05-07 13:28 - 2018-05-16 18:25 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000381552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000159120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000111360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-05-07 13:28 - 2018-05-16 18:24 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-05-07 13:28 - 2018-05-16 18:24 - 000234560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-05-07 13:28 - 2018-05-07 13:28 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-05-07 13:28 - 2018-05-07 13:26 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-05-07 13:28 - 2018-05-07 13:26 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-05-07 13:28 - 2018-05-07 13:26 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-05-07 13:28 - 2018-05-07 13:26 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-05-07 13:26 - 2018-05-07 13:26 - 000000000 ____D C:\Program Files\AVAST Software
2018-05-07 13:25 - 2018-05-07 14:53 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-07 12:38 - 2018-05-07 12:38 - 000000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2018-05-06 21:57 - 2018-06-03 22:44 - 000000000 ____D C:\Users\Mark\AppData\Roaming\foobar2000
2018-05-06 21:57 - 2018-05-06 21:57 - 000001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2018-05-06 21:57 - 2018-05-06 21:57 - 000001100 _____ C:\Users\Public\Desktop\foobar2000.lnk
2018-05-06 21:57 - 2018-05-06 21:57 - 000000000 ____D C:\Program Files (x86)\foobar2000
2018-05-06 21:36 - 2018-06-04 11:24 - 000000000 ____D C:\Users\Mark\AppData\Local\D3DSCache
2018-05-06 21:35 - 2018-05-06 21:35 - 000000020 ___SH C:\Users\Mark\ntuser.ini
2018-05-06 21:34 - 2018-06-03 23:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-06 21:34 - 2018-05-31 13:37 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-05-06 21:34 - 2018-05-18 00:56 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-06 21:34 - 2018-05-18 00:56 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-06 21:34 - 2018-05-15 15:59 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-06 21:34 - 2018-05-08 18:02 - 000004580 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-06 21:34 - 2018-05-08 18:02 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-05-06 21:34 - 2018-05-06 21:34 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836258222-3966296210-172399888-500
2018-05-06 21:34 - 2018-05-06 21:34 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-05-06 21:33 - 2018-05-06 21:34 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2018-05-06 21:33 - 2018-05-06 21:34 - 000015243 _____ C:\WINDOWS\diagerr.xml
2018-05-06 21:31 - 2018-06-04 00:01 - 000874672 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-06 21:22 - 2018-05-06 21:22 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-06 21:20 - 2018-05-23 19:11 - 000000000 ____D C:\Users\defaultuser0
2018-05-06 21:20 - 2018-05-23 19:11 - 000000000 ____D C:\Users\Administrator
2018-05-06 21:20 - 2018-05-06 21:35 - 000000000 ____D C:\Users\Mark
2018-05-06 21:20 - 2018-04-12 00:34 - 000001105 _____ C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-06 21:20 - 2018-04-12 00:34 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-06 21:19 - 2018-05-06 21:19 - 000000000 ____D C:\ProgramData\USOShared
2018-05-06 21:18 - 2018-04-12 00:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-06 21:16 - 2018-06-04 11:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-06 21:16 - 2018-06-03 23:57 - 000406184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-06 18:45 - 2018-05-06 22:15 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-06 18:41 - 2018-05-06 18:45 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-06 18:37 - 2018-05-06 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2018-05-06 18:37 - 2018-05-06 18:37 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-05-06 18:37 - 2018-05-06 18:37 - 000000000 ____D C:\inetpub
2018-05-06 18:36 - 2018-05-06 18:36 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-06 18:36 - 2018-05-06 18:36 - 000000000 ____D C:\Program Files\MSBuild
2018-05-06 18:36 - 2018-05-06 18:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-06 18:36 - 2018-05-06 18:36 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-06 18:35 - 2018-05-06 18:35 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-06 18:35 - 2018-05-06 18:35 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-06 18:35 - 2018-05-06 18:35 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-06 18:35 - 2018-05-06 18:35 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-06 18:35 - 2018-05-06 18:35 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-06 18:35 - 2018-05-06 18:35 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-06 18:33 - 2018-05-06 18:33 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-06 18:33 - 2018-05-06 18:33 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-06 18:33 - 2018-05-06 18:33 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-06 18:32 - 2018-05-06 18:32 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-06 18:32 - 2018-05-06 18:32 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-06 18:32 - 2018-05-06 18:32 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-06 18:32 - 2018-05-06 18:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-06 18:32 - 2018-05-06 18:32 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-06 18:18 - 2018-05-06 18:18 - 000008192 _____ C:\WINDOWS\system32\config\userdiff

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-04 11:31 - 2017-11-15 15:07 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Free Download Manager
2018-06-04 11:31 - 2017-05-12 00:06 - 000000000 ____D C:\FRST
2018-06-04 11:24 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-06-04 11:24 - 2017-04-03 13:34 - 000000000 ____D C:\Users\Mark\AppData\LocalLow\Mozilla
2018-06-04 10:59 - 2017-11-04 13:13 - 000000000 ____D C:\ProgramData\BOINC
2018-06-04 09:36 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-04 09:27 - 2017-04-05 23:45 - 000000000 ____D C:\Users\Mark\Downloads\Software
2018-06-04 01:26 - 2017-05-14 00:46 - 000000000 ____D C:\EEK
2018-06-04 01:01 - 2018-04-29 01:44 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-04 00:03 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-03 23:57 - 2018-01-02 00:37 - 000000000 ___RD C:\Users\Mark\3D Objects
2018-06-03 23:57 - 2017-12-31 02:28 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-06-03 23:57 - 2017-04-15 13:37 - 000000000 __SHD C:\Users\Mark\IntelGraphicsProfiles
2018-06-03 23:57 - 2016-11-23 00:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-03 23:56 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-03 23:56 - 2017-10-31 17:43 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-03 23:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-03 21:40 - 2018-02-26 17:06 - 000000000 ____D C:\Users\Mark\Documents\Audacity
2018-06-03 21:40 - 2018-02-26 16:46 - 000000000 ____D C:\Users\Mark\AppData\Roaming\audacity
2018-06-03 19:23 - 2017-12-23 00:16 - 000000000 ____D C:\Users\Mark\AppData\Roaming\vlc
2018-06-03 18:59 - 2017-12-23 00:16 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-06-01 00:25 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-31 19:16 - 2017-10-31 17:43 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-31 13:37 - 2017-11-02 11:37 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-05-31 01:08 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-30 22:25 - 2018-02-07 22:12 - 000000000 ____D C:\Users\Mark\AppData\Roaming\MusicBee
2018-05-29 18:59 - 2017-11-01 11:26 - 000000000 ____D C:\Users\Mark\AppData\Local\VirtualStore
2018-05-24 16:12 - 2017-11-20 14:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-24 16:07 - 2017-11-19 15:54 - 000026192 ____N (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2018-05-23 19:00 - 2017-11-20 13:54 - 000000000 ____D C:\Program Files (x86)\Intel
2018-05-23 18:33 - 2017-12-28 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2018-05-23 18:33 - 2017-12-28 23:01 - 000000000 ____D C:\Program Files\HWiNFO64
2018-05-23 18:33 - 2017-12-26 23:09 - 000055960 _____ (REALiX™) C:\WINDOWS\system32\Drivers\HWiNFO64A.SYS
2018-05-21 11:11 - 2017-12-10 14:33 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-05-20 13:04 - 2017-04-03 13:08 - 000000000 ____D C:\AMD
2018-05-20 11:38 - 2017-11-01 11:37 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-20 11:38 - 2017-11-01 11:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-18 00:59 - 2017-04-12 11:04 - 000000000 ____D C:\LG_G3
2018-05-16 18:06 - 2017-11-01 11:26 - 000000000 ____D C:\Users\Mark\AppData\Local\AMD
2018-05-16 17:59 - 2017-10-31 17:43 - 000000000 ____D C:\Program Files\AMD
2018-05-16 17:58 - 2017-12-26 23:19 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-16 17:34 - 2017-12-28 23:28 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-05-15 15:58 - 2017-11-20 11:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-15 15:03 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-13 23:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-05-12 22:37 - 2015-11-16 15:07 - 000000000 ____D C:\Users\Mark\Documents\Hi-Fi
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-08 23:59 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-08 23:59 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-08 23:59 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-08 23:59 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-08 23:59 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-08 18:48 - 2017-11-01 11:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-08 18:47 - 2017-11-01 11:38 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-08 18:47 - 2017-11-01 11:38 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-08 18:02 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-05-08 18:02 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-05-08 01:12 - 2017-11-01 11:26 - 000000000 ____D C:\Users\Mark\AppData\Local\ConnectedDevicesPlatform
2018-05-07 16:49 - 2018-04-25 23:55 - 000000000 ____D C:\ProgramData\Garmin
2018-05-07 16:49 - 2017-04-03 12:59 - 000000000 ___RD C:\Users\Mark\OneDrive
2018-05-07 13:42 - 2017-12-27 02:03 - 000111048 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-05-07 13:42 - 2017-12-27 02:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-07 13:42 - 2017-12-27 02:02 - 000000000 ____D C:\Program Files\Java
2018-05-07 13:41 - 2017-11-02 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-07 13:41 - 2017-11-02 11:18 - 000000000 ____D C:\Program Files\7-Zip
2018-05-07 13:35 - 2018-01-01 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2018-05-07 13:35 - 2018-01-01 14:46 - 000000000 ____D C:\ProgramData\InstallMate
2018-05-07 13:27 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-07 13:27 - 2018-02-20 15:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-07 12:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-07 12:29 - 2018-02-19 17:32 - 000000000 ____D C:\Users\Mark\AppData\Local\PlaceholderTileLogoFolder
2018-05-06 23:35 - 2018-01-02 00:17 - 000000000 ____D C:\Users\Mark\AppData\Local\Packages
2018-05-06 22:15 - 2018-04-29 01:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-06 22:15 - 2018-04-12 00:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-06 22:15 - 2018-04-12 00:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-06 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-06 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-06 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-05-06 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Help
2018-05-06 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-06 22:15 - 2018-04-09 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery
2018-05-06 22:15 - 2018-04-02 00:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Hearing Test
2018-05-06 22:15 - 2018-02-27 01:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2018-05-06 22:15 - 2018-02-12 14:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
2018-05-06 22:15 - 2018-01-21 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSim
2018-05-06 22:15 - 2017-12-30 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Force Deleter
2018-05-06 22:15 - 2017-12-26 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2018-05-06 22:15 - 2017-12-26 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2018-05-06 22:15 - 2017-12-23 01:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2018-05-06 22:15 - 2017-12-23 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2018-05-06 22:15 - 2017-12-23 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-06 22:15 - 2017-11-15 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2018-05-06 22:15 - 2017-11-15 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-05-06 22:15 - 2017-11-14 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2018-05-06 22:15 - 2017-11-13 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-05-06 22:15 - 2017-11-04 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOINC
2018-05-06 22:15 - 2017-11-04 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-05-06 22:15 - 2017-11-02 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-06 22:15 - 2017-11-01 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot
2018-05-06 22:15 - 2017-11-01 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\ClockworkMod
2018-05-06 22:15 - 2017-11-01 14:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
2018-05-06 22:15 - 2017-11-01 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axantum AxCrypt
2018-05-06 22:15 - 2017-10-31 17:58 - 000000000 ____D C:\WINDOWS\system32\ÿÿo
2018-05-06 22:15 - 2017-10-31 17:58 - 000000000 ____D C:\WINDOWS\system32\14fe4e6e91372817..bin
2018-05-06 22:15 - 2017-10-31 17:58 - 000000000 ____D C:\WINDOWS\system32\
2018-05-06 22:15 - 2017-10-31 17:26 - 000000000 ____D C:\WINDOWS\system32\Catroot2.bak
2018-05-06 22:15 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-06 21:52 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-05-06 21:34 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-06 21:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-06 21:28 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-06 21:28 - 2018-01-02 00:31 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-06 21:22 - 2017-12-23 01:08 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2018-05-06 21:22 - 2017-12-06 20:59 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Notepad 2007
2018-05-06 21:22 - 2017-09-04 01:22 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImDisk
2018-05-06 21:22 - 2017-08-04 09:24 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2018-05-06 21:22 - 2017-05-05 23:45 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2018-05-06 21:21 - 2018-02-07 22:12 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2018-05-06 21:20 - 2018-01-02 00:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-05-06 21:19 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-06 21:18 - 2017-10-31 17:43 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-05-06 18:51 - 2018-04-12 00:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-06 18:45 - 2018-01-07 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2018-05-06 18:45 - 2017-12-30 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2018-05-06 18:45 - 2017-10-31 17:43 - 000000000 ____D C:\Program Files\Intel
2018-05-06 18:45 - 2017-10-31 17:43 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-05-06 18:37 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-05-06 18:37 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\es-MX

==================== Files in the root of some directories =======

2018-05-23 08:49 - 2018-05-23 08:49 - 000000046 _____ () C:\Users\Mark\AppData\Roaming\Camdata.ini
2018-05-23 08:49 - 2018-05-23 08:49 - 000000408 _____ () C:\Users\Mark\AppData\Roaming\CamLayout.ini
2018-05-23 08:49 - 2018-05-23 08:49 - 000000408 _____ () C:\Users\Mark\AppData\Roaming\CamShapes.ini
2018-05-23 08:49 - 2018-05-23 08:49 - 000004536 _____ () C:\Users\Mark\AppData\Roaming\CamStudio.cfg
2018-05-23 08:47 - 2018-05-23 08:47 - 000000096 _____ () C:\Users\Mark\AppData\Roaming\version2.xml

Some files in TEMP:
====================
2018-06-03 18:58 - 2018-06-03 18:58 - 040184976 _____ () C:\Users\Mark\AppData\Local\Temp\vlc-3.0.3-win32.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-05-06 21:16

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by Mark (04-06-2018 11:31:52)
Running from C:\Users\Mark\Desktop
Windows 10 Home Version 1803 17134.81 (X64) (2018-05-06 20:35:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1836258222-3966296210-172399888-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1836258222-3966296210-172399888-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1836258222-3966296210-172399888-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1836258222-3966296210-172399888-501 - Limited - Disabled)
Mark (S-1-5-21-1836258222-3966296210-172399888-1001 - Administrator - Enabled) => C:\Users\Mark
WDAGUtilityAccount (S-1-5-21-1836258222-3966296210-172399888-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.4.1 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Application Verifier x64 External Package (HKLM\...\{2D7C1671-6F3D-2AA7-DAA3-91C96B60B919}) (Version: 10.1.15063.468 - Microsoft) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AxCrypt 1.7.3180.0 (HKLM\...\{302F28C9-8FF9-4941-A8CE-8F35EF7576D6}) (Version: 1.7.3180.0 - Axantum Software AB)
BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
Cakewalk Home Studio 9 (HKLM-x32\...\Cakewalk Home Studio 9) (Version:  - )
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.10.1 - DB Browser for SQLite Team)
Elsie (HKLM\...\Elsie) (Version: 2.82 - Tonne Software)
Exact Audio Copy 1.3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\Flux) (Version:  - f.lux Software LLC)
ffdshow v1.2.4499 [2013-01-04] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4499.0 - )
foobar2000 v1.3.17 (HKLM-x32\...\foobar2000) (Version: 1.3.17 - Peter Pawlowski)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Free Hearing Test (HKLM-x32\...\4633-8653-4363-8867) (Version: 1.0 - Free Hearing Test Software)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)
HWiNFO64 Version 5.84 (HKLM\...\HWiNFO64_is1) (Version: 5.84 - Martin Malík - REALiX)
ImDisk Toolkit (HKLM\...\ImDiskApp) (Version: 20170706 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{955DB066-D013-43F3-908C-CBC851E3D4FF}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{1704C439-1501-3446-7932-33DA822E8597}) (Version: 10.1.15063.468 - Microsoft) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LibreOffice 6.0.4.2 (HKLM\...\{CBC4E8DF-CCBD-4260-A6A5-B682BA706DC4}) (Version: 6.0.4.2 - The Document Foundation)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7 SDK (HKLM-x32\...\{F44081B4-1C8A-49B6-AC6F-2EE5715488AF}) (Version: 4.7.02046 - Microsoft Corporation)
Microsoft .NET Framework 4.7 Targeting Pack (HKLM-x32\...\{CD786942-0D49-4F78-9A04-2EF21175F67E}) (Version: 4.7.02046 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1836258222-3966296210-172399888-500\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg)
MiniTool Power Data Recovery 7.5 (HKLM\...\{E1BCD081-4BF4-4E2F-832A-911EC42EF3C5}_is1) (Version: 7.5 - MiniTool Solution Ltd.)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
MSI Development Tools (HKLM-x32\...\{E45B775D-8842-EC86-ED84-B740D52E6462}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
MusicBee 3.1 (HKLM-x32\...\MusicBee) (Version: 3.1 - Steven Mayall)
Oracle VM VirtualBox 5.1.26 (HKLM\...\{11A88BD5-F059-4743-81D9-1432AC9C3D4E}) (Version: 5.1.26 - Oracle Corporation)
PhotoFiltre 7 (HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\PhotoFiltre 7) (Version:  - )
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
SDK Debuggers (HKLM-x32\...\{8E90E239-34EE-0F5B-24D5-16FA162EF3CB}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Universal CRT Extension SDK (HKLM-x32\...\{D23DC9CD-5870-9D26-5DE9-6273CAC7DD5B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{51523D5B-FC32-CAB4-E54E-E41C0E4C1726}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{573C4B4F-B9B9-28DA-0243-D118DD3EE574}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3C75FFD3-00CF-1974-2935-7BED20381899}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{812954B8-9658-EFE2-FB5F-B422048AA053}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{05086CEC-62C1-B12C-2FEC-C58E166FA7E8}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WinAppDeploy (HKLM-x32\...\{1AD35036-0E71-1C38-E4F8-14F6ED75EA98}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.468 (HKLM-x32\...\{0a829ae9-ca13-4f58-a168-648e80cf6739}) (Version: 10.1.15063.468 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{3E1718A0-E5A4-04EB-E85C-DF94790FCCF4}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{26FD6F7E-30DF-16AB-9F3B-2EC665C36498}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{B3E6FE24-A4E4-0454-5004-D8A3CCC9B0F6}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{CC57D696-D6B5-DB4D-7ABC-C373CF7E6D73}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{891DDA6A-C9D4-9C57-BC4E-B77CE28BAFC3}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{C22B0226-A0C4-B973-C0BF-24A3D66B8C3E}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{F3F1C906-9349-1B25-3680-65015218BD99}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{CB8253BF-62B4-A504-7E06-BA102F48C02B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Wise Force Deleter 1.4.6 (HKLM-x32\...\Wise Force Deleter_is1) (Version: 1.4.6 - WiseCleaner.com, Inc.)
WPT Redistributables (HKLM-x32\...\{B322A5E5-3DF9-06B2-5E44-DE2BBF7BD4A6}) (Version: 10.1.15063.468 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{029676E0-068C-9F4B-429E-A09D9EAB3F1E}) (Version: 10.1.15063.468 - Microsoft) Hidden
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
XSim (HKLM-x32\...\{EE4ED614-4A5B-4D70-81A2-002178CCA5C1}_is1) (Version: 1.2.0 - Liberty Instruments, Inc.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-16] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-16] (AVAST Software)
ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2016-07-04] (Axantum Software AB)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-16] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-04-25] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-16] (AVAST Software)
ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2016-07-04] (Axantum Software AB)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E37733A-C5E9-4115-9A42-98A5B4CBB41A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {1F2AF1CD-ADC3-4AE7-8D95-A1BE8CFD0087} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-31] (AVAST Software)
Task: {31E2D491-90DA-4787-B662-52A8D2C39E84} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-24] (Piriform Ltd)
Task: {46B69529-5B6E-4694-9A88-F6A4B094438C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-03] (Google Inc.)
Task: {5605E432-734E-4053-9217-AE276E879C4C} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-04-25] (Advanced Micro Devices, Inc.)
Task: {575F52EF-B1E9-46A5-97F5-BECBD617994E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {692FEA4D-F9D0-46C9-A356-EEEFEDFB4893} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836258222-3966296210-172399888-500 => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {9CBCB888-9E95-4E5F-B350-E3BAAA79DB4F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-24] (Piriform Ltd)
Task: {B8B49E4D-2986-4269-A283-FB0E7333C5E0} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {D3523937-2792-4CDF-879B-7296DAF6CB23} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-04-25] (Advanced Micro Devices, Inc.)
Task: {EA740AC4-8D12-4DF9-A158-E1D2B1C803C1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-16] (AVAST Software)
Task: {F6CEC753-B0D4-4E0B-A4C2-9E57A2A68583} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-03] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\Mark\Desktop\VideoCleaner - RUN.lnk -> C:\VideoCleaner\Support\VideoCleaner_Reset.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 00:35 - 2018-04-12 17:17 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-24 22:55 - 2018-04-24 22:55 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 22:55 - 2018-04-24 22:55 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2013-10-17 17:48 - 2013-10-17 17:48 - 000106496 _____ () C:\PROGRAM FILES\BOINC\zlib1.dll
2017-11-02 11:01 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-07 13:27 - 2018-05-07 13:27 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-16 18:24 - 2018-05-16 18:24 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-16 18:24 - 2018-05-16 18:24 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Mark\Documents\Windows 10 Service Configurations – Black Viper.pdf:$CmdZnID [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\download.microsoft.com -> hxxp://download.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\update.microsoft.com -> hxxp://update.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\update.microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\windows.com -> hxxp://wustat.windows.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\ws.microsoft.com -> hxxp://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\ws.microsoft.com -> hxxps://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\wustat.windows.com -> hxxp://wustat.windows.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2017-10-31 17:26 - 2017-10-31 17:24 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1836258222-3966296210-172399888-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1836258222-3966296210-172399888-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark\Pictures\LG PC Suite\+447940355250\2017-07-01-02-13-15.jpg
HKU\S-1-5-21-1836258222-3966296210-172399888-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\StartupApproved\Run: => "DriverMax_RESTART"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{33A2B545-AFFD-4167-9C15-3B7E635D675C}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{86D1905C-6F4F-4E60-8B2E-5B0CC39D92CE}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{723F5957-D21B-4D5C-BEE5-5958AE3B52AB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{60A6E42D-6F0D-4B5B-9BF3-75F8154709CE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5626F27E-F0A5-4183-9598-6DF7CAC206A7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{0B3B63BD-3EEA-4050-B555-77E8767F7F30}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{3C7D6D07-79C2-468B-83B6-C43BD4B362A4}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{AA8336A8-7983-4696-9281-59FC43C88511}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{A7E1D15C-EACF-4796-8AE4-7DFDDA9E3EB4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{5BAF73E6-51AE-43BF-9869-894CF57FA3E5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe

==================== Restore Points =========================

19-05-2018 18:46:47 Scheduled Checkpoint
23-05-2018 19:00:19 Installed EasyTune
30-05-2018 23:17:44 Scheduled Checkpoint
03-06-2018 23:11:52 Windows Update

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2018 09:27:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tdsskiller.exe, version: 3.1.0.17, time stamp: 0x566b123a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0xc896ed70
Faulting process ID: 0x17c8
Faulting application start time: 0x01d3fbdde9fbdf71
Faulting application path: C:\Users\Mark\Downloads\Software\tdsskiller.exe
Faulting module path: unknown
Report ID: 6db0e02d-9b3d-407c-8c3b-1e4b6f9187f3
Faulting package full name:
Faulting package-relative application ID:

Error: (06/04/2018 09:25:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tdsskiller_1.exe, version: 3.1.0.9, time stamp: 0x566b123a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0xc896ed70
Faulting process ID: 0x22b8
Faulting application start time: 0x01d3fbdd880653b7
Faulting application path: C:\Users\Mark\Downloads\tdsskiller_1.exe
Faulting module path: unknown
Report ID: 7bec1ca4-bab2-4df5-b204-12b6b629b3c5
Faulting package full name:
Faulting package-relative application ID:

Error: (06/04/2018 09:24:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tdsskiller_2.exe, version: 3.1.0.11, time stamp: 0x566b123a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0xc896ed70
Faulting process ID: 0xf78
Faulting application start time: 0x01d3fbdd80e24c4e
Faulting application path: C:\Users\Mark\Downloads\tdsskiller_2.exe
Faulting module path: unknown
Report ID: 049bf530-f774-4177-87c4-6316646f4958
Faulting package full name:
Faulting package-relative application ID:

Error: (06/04/2018 09:23:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tdsskiller_2.exe, version: 3.1.0.11, time stamp: 0x566b123a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0xc896ed70
Faulting process ID: 0x1b78
Faulting application start time: 0x01d3fbdd5c82163a
Faulting application path: C:\Users\Mark\Downloads\tdsskiller_2.exe
Faulting module path: unknown
Report ID: adf2f855-713f-484c-ba7d-fc3cffd7a6ae
Faulting package full name:
Faulting package-relative application ID:

Error: (05/31/2018 02:25:11 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.

Error: (05/31/2018 02:25:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (05/23/2018 07:03:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdjustService.exe, version: 1.0.0.0, time stamp: 0x552cc162
Faulting module name: KERNELBASE.dll, version: 10.0.17134.1, time stamp: 0x149ab0fd
Exception code: 0xe0434352
Fault offset: 0x0010d722
Faulting process ID: 0x1974
Faulting application start time: 0x01d3f2c05a0e7b4c
Faulting application path: C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: d8530b8d-076c-4a1a-a005-c27264bae661
Faulting package full name:
Faulting package-relative application ID:

Error: (05/23/2018 07:03:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AdjustService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
   at System.ServiceProcess.ServiceInstaller.RemoveService()
   at System.ServiceProcess.ServiceInstaller.Uninstall(System.Collections.IDictionary)
   at System.Configuration.Install.Installer.Uninstall(System.Collections.IDictionary)

Exception Info: System.Configuration.Install.InstallException
   at System.Configuration.Install.Installer.Uninstall(System.Collections.IDictionary)
   at System.Configuration.Install.TransactedInstaller.Uninstall(System.Collections.IDictionary)
   at AdjustService.Program.Main(System.String[])


System errors:
=============
Error: (06/04/2018 11:24:34 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/04/2018 11:24:34 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/04/2018 11:24:33 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/04/2018 09:27:38 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/04/2018 09:27:38 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/04/2018 09:27:38 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/04/2018 09:27:38 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
 and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
 to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (06/03/2018 11:54:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Update Orchestrator Service service terminated with the following error:
This operation returned because the timeout period expired.


CodeIntegrity:
===================================

Date: 2018-05-09 13:10:30.564
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.

Date: 2018-05-09 13:10:30.503
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswLog.dll that did not meet the security requirements for Shared Sections.

Date: 2018-05-09 10:53:21.197
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.

Date: 2018-05-09 10:53:21.197
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswLog.dll that did not meet the security requirements for Shared Sections.

Date: 2018-05-09 10:51:26.639
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.

Date: 2018-05-09 10:51:26.639
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswLog.dll that did not meet the security requirements for Shared Sections.

Date: 2018-05-09 10:51:21.397
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.

Date: 2018-05-09 10:51:21.397
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswLog.dll that did not meet the security requirements for Shared Sections.

==================== Memory info ===========================

Processor: Intel® Core™ i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 24%
Total physical RAM: 16206.17 MB
Available physical RAM: 12192.15 MB
Total Virtual: 32590.17 MB
Available Virtual: 28090.06 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:930.96 GB) (Free:610.93 GB) NTFS
Drive g: (RamDisk) (Fixed) (Total:0.5 GB) (Free:0.48 GB) NTFS

\\?\Volume{d7949d3e-6f51-4101-85b3-b12172bf2db8}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{2aa24801-c209-43eb-8f73-c2ea11f7dd13}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

I honestly don't know if this is malware or some kind of system glitch but I have received some excellent help from this forum in the past so I hope someone will be able to assist me again, thanks.


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 


  • 0

#3
Syncmaster75

Syncmaster75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Thanks for the help - I've run those diagnostics and attached the results:

 

Attached File  MiniToolBox.txt   66.78KB   293 downloads

 

Attached File  Process Explorer.txt   17.1KB   1 downloads

 

Attached File  junk.txt   12.18KB   1 downloads

 

Attached File  Speccy.txt   79.91KB   1 downloads

 

    MiniToolBox by Farbar  Version: 17-06-2016
Ran by Mark (administrator) on 06-06-2018 at 19:44:25
Running from "C:\Users\Mark\Downloads\Software"
Microsoft Windows 10 Home  (X64)
Model: H81M-S2H Manufacturer: Gigabyte Technology Co., Ltd.
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)
Windscribe VPN = Ethernet 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="Ethernet (Kernel Debugger)" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VirtualBox Host-Only Network" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DESKTOP-MARK
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : FC-AA-14-82-81-09
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2cf6:9158:748:ac05%7(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 06 June 2018 13:05:51
   Lease Expires . . . . . . . . . . : 07 June 2018 18:59:18
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 133999124
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-21-8A-5F-B4-FC-AA-14-82-81-09
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Windscribe VPN
   Physical Address. . . . . . . . . : 00-FF-30-19-E8-3A
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
Server:  bthub
Address:  192.168.1.254

Name:    google.com
Addresses:  2a00:1450:4009:80a::200e
      216.58.204.14


Pinging google.com [216.58.204.14] with 32 bytes of data:
Reply from 216.58.204.14: bytes=32 time=10ms TTL=54
Reply from 216.58.204.14: bytes=32 time=10ms TTL=54

Ping statistics for 216.58.204.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 10ms, Maximum = 10ms, Average = 10ms
Server:  bthub
Address:  192.168.1.254

Name:    yahoo.com
Addresses:  2001:4998:58:1836::11
      2001:4998:c:1023::4
      2001:4998:58:1836::10
      2001:4998:c:1023::5
      2001:4998:44:41d::4
      2001:4998:44:41d::3
      72.30.35.9
      72.30.35.10
      98.137.246.8
      98.138.219.231
      98.138.219.232
      98.137.246.7


Pinging yahoo.com [98.137.246.7] with 32 bytes of data:
Reply from 98.137.246.7: bytes=32 time=149ms TTL=49
Reply from 98.137.246.7: bytes=32 time=150ms TTL=49

Ping statistics for 98.137.246.7:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 149ms, Maximum = 150ms, Average = 149ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  7...fc aa 14 82 81 09 ......Realtek PCIe GBE Family Controller
  5...00 ff 30 19 e8 3a ......Windscribe VPN
  1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.64     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.1.0    255.255.255.0         On-link      192.168.1.64    281
     192.168.1.64  255.255.255.255         On-link      192.168.1.64    281
    192.168.1.255  255.255.255.255         On-link      192.168.1.64    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link      192.168.1.64    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link      192.168.1.64    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    331 ::1/128                  On-link
  7    281 fe80::/64                On-link
  7    281 fe80::2cf6:9158:748:ac05/128
                                    On-link
  1    331 ff00::/8                 On-link
  7    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [24064] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\SysWOW64\mswsock.dll [341920] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [84992] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [401968] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (06/06/2018 07:35:07 PM) (Source: Microsoft-Windows-EapHost) (User: DESKTOP-MARK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (06/06/2018 07:35:05 PM) (Source: Microsoft-Windows-EapHost) (User: DESKTOP-MARK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (06/06/2018 12:48:52 PM) (Source: Application Error) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.17134.1, time stamp: 0x5ace103a
Faulting module name: twinapi.appcore.dll, version: 10.0.17134.81, time stamp: 0x5abe3603
Exception code: 0xc000027b
Fault offset: 0x000000000009c755
Faulting process ID: 0x153c
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report ID: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (06/06/2018 12:28:49 PM) (Source: Microsoft-Windows-EapHost) (User: DESKTOP-MARK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (06/06/2018 12:28:48 PM) (Source: Microsoft-Windows-EapHost) (User: DESKTOP-MARK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (06/06/2018 10:57:39 AM) (Source: Microsoft-Windows-EapHost) (User: DESKTOP-MARK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (06/06/2018 10:57:37 AM) (Source: Microsoft-Windows-EapHost) (User: DESKTOP-MARK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (06/06/2018 01:24:36 AM) (Source: Microsoft-Windows-EapHost) (User: DESKTOP-MARK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (06/06/2018 01:24:34 AM) (Source: Microsoft-Windows-EapHost) (User: DESKTOP-MARK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (06/05/2018 06:33:21 PM) (Source: Microsoft-Windows-EapHost) (User: DESKTOP-MARK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1


System errors:
=============
Error: (06/06/2018 07:43:28 PM) (Source: DCOM) (User: DESKTOP-MARK)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DESKTOP-MARKMarkS-1-5-21-1836258222-3966296210-172399888-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/06/2018 07:43:28 PM) (Source: DCOM) (User: DESKTOP-MARK)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DESKTOP-MARKMarkS-1-5-21-1836258222-3966296210-172399888-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/06/2018 07:43:28 PM) (Source: DCOM) (User: DESKTOP-MARK)
Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}DESKTOP-MARKMarkS-1-5-21-1836258222-3966296210-172399888-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (06/06/2018 01:06:28 PM) (Source: Service Control Manager) (User: )
Description: The CryptoPreventMonSvc service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.


Error: (06/06/2018 01:06:28 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CryptoPreventMonSvc service to connect.

Error: (06/06/2018 01:06:27 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalLaunchWindows.SecurityCenter.WscBrokerManagerUnavailableNT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office Sessions:
=========================
Error: (06/06/2018 07:35:07 PM) (Source: Microsoft-Windows-EapHost)(User: DESKTOP-MARK)
Description: Eap method DLL path254311141221

Error: (06/06/2018 07:35:05 PM) (Source: Microsoft-Windows-EapHost)(User: DESKTOP-MARK)
Description: Eap method DLL path254311141221

Error: (06/06/2018 12:48:52 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.17134.15ace103atwinapi.appcore.dll10.0.17134.815abe3603c000027b000000000009c755153c01d3fd7c14b0a943C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\System32\twinapi.appcore.dll35829d57-208b-4fa4-931b-5f429e159acfMicrosoft.Windows.ShellExperienceHost_10.0.17134.1_neutral_neutral_cw5n1h2txyewyApp

Error: (06/06/2018 12:28:49 PM) (Source: Microsoft-Windows-EapHost)(User: DESKTOP-MARK)
Description: Eap method DLL path254311141221

Error: (06/06/2018 12:28:48 PM) (Source: Microsoft-Windows-EapHost)(User: DESKTOP-MARK)
Description: Eap method DLL path254311141221

Error: (06/06/2018 10:57:39 AM) (Source: Microsoft-Windows-EapHost)(User: DESKTOP-MARK)
Description: Eap method DLL path254311141221

Error: (06/06/2018 10:57:37 AM) (Source: Microsoft-Windows-EapHost)(User: DESKTOP-MARK)
Description: Eap method DLL path254311141221

Error: (06/06/2018 01:24:36 AM) (Source: Microsoft-Windows-EapHost)(User: DESKTOP-MARK)
Description: Eap method DLL path254311141221

Error: (06/06/2018 01:24:34 AM) (Source: Microsoft-Windows-EapHost)(User: DESKTOP-MARK)
Description: Eap method DLL path254311141221

Error: (06/05/2018 06:33:21 PM) (Source: Microsoft-Windows-EapHost)(User: DESKTOP-MARK)
Description: Eap method DLL path254311141221


CodeIntegrity Errors:
===================================
  Date: 2018-05-09 13:10:30.564
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.

  Date: 2018-05-09 13:10:30.503
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswLog.dll that did not meet the security requirements for Shared Sections.

  Date: 2018-05-09 10:53:21.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.

  Date: 2018-05-09 10:53:21.197
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswLog.dll that did not meet the security requirements for Shared Sections.

  Date: 2018-05-09 10:51:26.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.

  Date: 2018-05-09 10:51:26.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswLog.dll that did not meet the security requirements for Shared Sections.

  Date: 2018-05-09 10:51:21.397
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.

  Date: 2018-05-09 10:51:21.397
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswLog.dll that did not meet the security requirements for Shared Sections.

  Date: 2018-05-09 10:51:06.781
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.

  Date: 2018-05-07 12:37:21.850
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.4.1 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Application Verifier x64 External Package (HKLM\...\{2D7C1671-6F3D-2AA7-DAA3-91C96B60B919}) (Version: 10.1.15063.468 - Microsoft) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
AxCrypt 1.7.3180.0 (HKLM\...\{302F28C9-8FF9-4941-A8CE-8F35EF7576D6}) (Version: 1.7.3180.0 - Axantum Software AB)
BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
Cakewalk Home Studio 9 (HKLM-x32\...\Cakewalk Home Studio 9) (Version:  - )
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version: 9.1.0.0 - Foolish IT LLC)
DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.10.1 - DB Browser for SQLite Team)
Elsie (HKLM\...\Elsie) (Version: 2.82 - Tonne Software)
Exact Audio Copy 1.3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff)
f.lux (HKCU\...\Flux) (Version:  - f.lux Software LLC)
ffdshow v1.2.4499 [2013-01-04] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4499.0 - )
foobar2000 v1.3.17 (HKLM-x32\...\foobar2000) (Version: 1.3.17 - Peter Pawlowski)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version:  - FreeDownloadManager.ORG)
Free Hearing Test (HKLM-x32\...\4633-8653-4363-8867) (Version: 1.0 - Free Hearing Test Software)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)
HWiNFO64 Version 5.84 (HKLM\...\HWiNFO64_is1) (Version: 5.84 - Martin Malík - REALiX)
ImDisk Toolkit (HKLM\...\ImDiskApp) (Version: 20170706 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{955DB066-D013-43F3-908C-CBC851E3D4FF}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{1704C439-1501-3446-7932-33DA822E8597}) (Version: 10.1.15063.468 - Microsoft) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LibreOffice 6.0.4.2 (HKLM\...\{CBC4E8DF-CCBD-4260-A6A5-B682BA706DC4}) (Version: 6.0.4.2 - The Document Foundation)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7 SDK (HKLM-x32\...\{F44081B4-1C8A-49B6-AC6F-2EE5715488AF}) (Version: 4.7.02046 - Microsoft Corporation)
Microsoft .NET Framework 4.7 Targeting Pack (HKLM-x32\...\{CD786942-0D49-4F78-9A04-2EF21175F67E}) (Version: 4.7.02046 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg)
MiniTool Power Data Recovery 7.5 (HKLM\...\{E1BCD081-4BF4-4E2F-832A-911EC42EF3C5}_is1) (Version: 7.5 - MiniTool Solution Ltd.)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
MSI Development Tools (HKLM-x32\...\{E45B775D-8842-EC86-ED84-B740D52E6462}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
MusicBee 3.1 (HKLM-x32\...\MusicBee) (Version: 3.1 - Steven Mayall)
Oracle VM VirtualBox 5.1.26 (HKLM\...\{11A88BD5-F059-4743-81D9-1432AC9C3D4E}) (Version: 5.1.26 - Oracle Corporation)
PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version:  - )
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
SDK Debuggers (HKLM-x32\...\{8E90E239-34EE-0F5B-24D5-16FA162EF3CB}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.32 - Piriform)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Universal CRT Extension SDK (HKLM-x32\...\{D23DC9CD-5870-9D26-5DE9-6273CAC7DD5B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{51523D5B-FC32-CAB4-E54E-E41C0E4C1726}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{573C4B4F-B9B9-28DA-0243-D118DD3EE574}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3C75FFD3-00CF-1974-2935-7BED20381899}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{812954B8-9658-EFE2-FB5F-B422048AA053}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{05086CEC-62C1-B12C-2FEC-C58E166FA7E8}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version:  - DownloadHelper)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WinAppDeploy (HKLM-x32\...\{1AD35036-0E71-1C38-E4F8-14F6ED75EA98}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.468 (HKLM-x32\...\{0a829ae9-ca13-4f58-a168-648e80cf6739}) (Version: 10.1.15063.468 - Microsoft Corporation)
Windscribe (HKLM-x32\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.81 Build 44 - Windscribe Limited)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{3E1718A0-E5A4-04EB-E85C-DF94790FCCF4}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{26FD6F7E-30DF-16AB-9F3B-2EC665C36498}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{B3E6FE24-A4E4-0454-5004-D8A3CCC9B0F6}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{CC57D696-D6B5-DB4D-7ABC-C373CF7E6D73}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{891DDA6A-C9D4-9C57-BC4E-B77CE28BAFC3}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{C22B0226-A0C4-B973-C0BF-24A3D66B8C3E}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{F3F1C906-9349-1B25-3680-65015218BD99}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{CB8253BF-62B4-A504-7E06-BA102F48C02B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Wise Force Deleter 1.4.6 (HKLM-x32\...\Wise Force Deleter_is1) (Version: 1.4.6 - WiseCleaner.com, Inc.)
WPT Redistributables (HKLM-x32\...\{B322A5E5-3DF9-06B2-5E44-DE2BBF7BD4A6}) (Version: 10.1.15063.468 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{029676E0-068C-9F4B-429E-A09D9EAB3F1E}) (Version: 10.1.15063.468 - Microsoft) Hidden
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
XSim (HKLM-x32\...\{EE4ED614-4A5B-4D70-81A2-002178CCA5C1}_is1) (Version: 1.2.0 - Liberty Instruments, Inc.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)

========================= Devices: ================================

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_046D&PID_C534&MI_01\6&1F424936&0&0001

Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C01\1

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\1

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\2

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\INT3394\2&DABA3FF&0

Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Device ID: USB\VID_14CD&PID_125C\125C20100726

Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0100\4&104F27E2&0

Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0B\0

Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0B\1

Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0B\2

Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0B\3

Name: ACPI Fan
Description: ACPI Fan
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0B\4

Name: Intel® Xeon® processor E3 - 1200 v3/4th Gen Core processor DRAM Controller - 0C00
Description: Intel® Xeon® processor E3 - 1200 v3/4th Gen Core processor DRAM Controller - 0C00
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: INTEL
Service:
Device ID: PCI\VEN_8086&DEV_0C00&SUBSYS_50001458&REV_06\3&11583659&0&00

Name: Intel® 8 Series/C220 Series PCI Express Root Port #4 - 8C16
Description: Intel® 8 Series/C220 Series PCI Express Root Port #4 - 8C16
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: INTEL
Service: pci
Device ID: PCI\VEN_8086&DEV_8C16&SUBSYS_50011458&REV_D5\3&11583659&0&E3

Name: Fax
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\{85E94171-0922-4A85-8B27-233A4717C479}

Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\PRINTQUEUES

Name: Intel® 8 Series/C220 Series USB EHCI #2 - 8C2D
Description: Intel® 8 Series/C220 Series USB EHCI #2 - 8C2D
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Device ID: PCI\VEN_8086&DEV_8C2D&SUBSYS_50061458&REV_05\3&11583659&0&D0

Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: volmgr
Device ID: ROOT\VOLMGR\0000

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub
Device ID: USB\VID_8087&PID_8008\5&EA4228E&2&1

Name: WAN Miniport (PPPOE)
Description: WAN Miniport (PPPOE)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasPppoe
Device ID: SWD\MSRRAS\MS_PPPOEMINIPORT

Name: D:\
Description: Storage Device  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Mass    
Service: WUDFWpdFs
Device ID: SWD\WPDBUSENUM\_??_USBSTOR#DISK&VEN_MASS&PROD_STORAGE_DEVICE&REV__#125C20100726&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Name: Mass Storage Device USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: USBSTOR\DISK&VEN_MASS&PROD_STORAGE_DEVICE&REV__\125C20100726&0

Name: Microsoft Basic Display Driver
Description: Microsoft Basic Display Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: BasicDisplay
Device ID: ROOT\BASICDISPLAY\0000

Name: HID-compliant system controller
Description: HID-compliant system controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_046D&PID_C534&MI_01&COL03\7&31BB13EB&0&0002

Name: Intel® Management Engine Interface
Description: Intel® Management Engine Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: MEIx64
Device ID: PCI\VEN_8086&DEV_8C3A&SUBSYS_1C3A1458&REV_04\3&11583659&0&B0

Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\{E5361EB1-BE59-11E7-A19C-806E6F6E6963}#0000000022600000

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&2A9DF397&0

Name: Windscribe VPN
Description: Windscribe VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Windscribe.com
Service: tapwindscribe0901
Device ID: ROOT\NET\0000

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\THERMALZONE\TZ00

Name: ACPI Thermal Zone
Description: ACPI Thermal Zone
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\THERMALZONE\TZ01

Name: Microsoft RRAS Root Enumerator
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Device ID: SWD\MSRRAS\{5E259276-BC7E-40E3-B93B-8F89B5F3ABC0}

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB HUBs)
Service: USBHUB3
Device ID: USB\VID_2109&PID_3431\6&2C5A25D9&0&1

Name: WAN Miniport (PPTP)
Description: WAN Miniport (PPTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: PptpMiniport
Device ID: SWD\MSRRAS\MS_PPTPMINIPORT

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Device ID: PCI\VEN_8086&DEV_0C0C&SUBSYS_20108086&REV_06\3&11583659&0&18

Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0103\0

Name: ST1000DM003-1ER162
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: SCSI\DISK&VEN_&PROD_ST1000DM003-1ER1\4&38FBD192&0&000000

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Device ID: SWD\MSRRAS\MS_AGILEVPNMINIPORT

Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
Device ID: ROOT\COMPOSITEBUS\0000

Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot
Device ID: ROOT\VDRVROOT\0000

Name: Intel® 8 Series/C220 Series USB EHCI #1 - 8C26
Description: Intel® 8 Series/C220 Series USB EHCI #1 - 8C26
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Device ID: PCI\VEN_8086&DEV_8C26&SUBSYS_50061458&REV_05\3&11583659&0&E8

Name: Intel® 8 Series/C220 Series PCI Express Root Port #1 - 8C10
Description: Intel® 8 Series/C220 Series PCI Express Root Port #1 - 8C10
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: INTEL
Service: pci
Device ID: PCI\VEN_8086&DEV_8C10&SUBSYS_50011458&REV_D5\3&11583659&0&E0

Name: Microsoft Storage Spaces Controller
Description: Microsoft Storage Spaces Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: spaceport
Device ID: ROOT\SPACEPORT\0000

Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Device ID: ROOT\KDNIC\0000

Name: Intel® H81 LPC Controller - 8C5C
Description: Intel® H81 LPC Controller - 8C5C
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: INTEL
Service: msisadrv
Device ID: PCI\VEN_8086&DEV_8C5C&SUBSYS_50011458&REV_05\3&11583659&0&F8

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT1

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT2

Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service:
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT3

Name: HID-compliant vendor-defined device
Description: HID-compliant vendor-defined device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_046D&PID_C534&MI_01&COL04\7&31BB13EB&0&0003

Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\_??_USBSTOR#DISK&VEN_MASS&PROD_STORAGE_DEVICE&REV__#125C20100726&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Name: Synaptics SMBus Driver
Description: Synaptics SMBus Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: SmbDrvI
Device ID: PCI\VEN_8086&DEV_8C22&SUBSYS_50011458&REV_05\3&11583659&0&FB

Name: Intel® USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
Description: USB xHCI Compliant Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Generic USB xHCI Host Controller
Service: USBXHCI
Device ID: PCI\VEN_8086&DEV_8C31&SUBSYS_50071458&REV_05\3&11583659&0&A0

Name: Speakers (Realtek High Definition Audio)
Description: Audio Endpoint
Class Guid: {c166523c-fe0c-4a94-a586-f1a80cfbbf3e}
Manufacturer: Microsoft
Service:
Device ID: SWD\MMDEVAPI\{0.0.0.00000000}.{73403085-0167-47C3-B42E-FD99EA06DB0A}

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: rt640x64
Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_0C\4&1DCB0711&0&00E2

Name: Realtek High Definition Audio
Description: Realtek High Definition Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: IntcAzAudAddService
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0887&SUBSYS_1458A002&REV_1003\4&26FE9049&0&0201

Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Device ID: ROOT\UMBUS\0000

Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0B00\4&104F27E2&0

Name: Intel® Core™ i5-4690 CPU @ 3.50GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_60_-_INTEL®_CORE™_I5-4690_CPU_@_3.50GHZ\_1

Name: Intel® Core™ i5-4690 CPU @ 3.50GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_60_-_INTEL®_CORE™_I5-4690_CPU_@_3.50GHZ\_2

Name: Intel® Core™ i5-4690 CPU @ 3.50GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_60_-_INTEL®_CORE™_I5-4690_CPU_@_3.50GHZ\_3

Name: Intel® Core™ i5-4690 CPU @ 3.50GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_60_-_INTEL®_CORE™_I5-4690_CPU_@_3.50GHZ\_4

Name: Microsoft Radio Device Enumeration Bus
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Device ID: SWD\RADIO\{3DB5895D-CC28-44B3-AD3D-6F01A782B8D2}

Name: Microsoft Device Association Root Enumerator
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Device ID: SWD\MSDAS\{CE958E9A-424F-4C88-86F4-11314821E75A}

Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
Device ID: ROOT\ACPI_HAL\0000

Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0000\4&104F27E2&0

Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\{E5361EB1-BE59-11E7-A19C-806E6F6E6963}#000000001C300000

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Device ID: ACPI\PNP0303\4&104F27E2&0
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Print to PDF
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\{5A8C6152-7933-49DD-BA82-E1E7CD5764E6}

Name: WAN Miniport (Network Monitor)
Description: WAN Miniport (Network Monitor)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: SWD\MSRRAS\MS_NDISWANBH

Name: WAN Miniport (IP)
Description: WAN Miniport (IP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: SWD\MSRRAS\MS_NDISWANIP

Name: PCI Express Root Complex
Description: PCI Express Root Complex
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: ACPI\PNP0A08\0

Name: USB Root Hub (USB 3.0)
Description: USB Root Hub (USB 3.0)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB HUBs)
Service: USBHUB3
Device ID: USB\ROOT_HUB30\5&282E2B0A&0&0

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\INT3F0D\4&104F27E2&0

Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
Device ID: ACPI_HAL\PNP0C08\0

Name:
Description:
Class Guid:
Manufacturer:
Service:
Device ID: HTREE\ROOT\0

Name: Microsoft Basic Render Driver
Description: Microsoft Basic Render Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BasicRender
Device ID: ROOT\BASICRENDER\0000

Name: HID-compliant vendor-defined device
Description: HID-compliant vendor-defined device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service:
Device ID: HID\VID_046D&PID_C534&MI_01&COL05\7&31BB13EB&0&0004

Name: Intel® HD Graphics 4600
Description: Intel® HD Graphics 4600
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Device ID: PCI\VEN_8086&DEV_0412&SUBSYS_D0001458&REV_06\3&11583659&0&10

Name: TSSTcorp CDDVDW SH-224DB
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Device ID: SCSI\CDROM&VEN_TSSTCORP&PROD_CDDVDW_SH-224DB\4&38FBD192&0&050000

Name: WAN Miniport (SSTP)
Description: WAN Miniport (SSTP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasSstp
Device ID: SWD\MSRRAS\MS_SSTPMINIPORT

Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0200\4&104F27E2&0

Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\FIXEDBUTTON\2&DABA3FF&0

Name: USB Root Hub (USB 3.0)
Description: USB Root Hub (USB 3.0)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB HUBs)
Service: USBHUB3
Device ID: USB\ROOT_HUB30\4&1CE4E8BD&0&0

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\10

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Device ID: PCI\VEN_1002&DEV_AAB0&SUBSYS_AAB01682&REV_00\4&1286464&0&0108

Name: Intel® Xeon® processor E3 - 1200 v3/4th Gen Core processor PCI Express x16 Controller - 0C01
Description: Intel® Xeon® processor E3 - 1200 v3/4th Gen Core processor PCI Express x16 Controller - 0C01
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: INTEL
Service: pci
Device ID: PCI\VEN_8086&DEV_0C01&SUBSYS_50001458&REV_06\3&11583659&0&08

Name: VIA USB 3.0 eXtensible Host Controller - 1.0 (Microsoft)
Description: USB xHCI Compliant Host Controller
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Generic USB xHCI Host Controller
Service: USBXHCI
Device ID: PCI\VEN_1106&DEV_3483&SUBSYS_50071458&REV_01\4&2D626771&0&00E3

Name: Intel® Display Audio
Description: Intel® Display Audio
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel® Corporation
Service: IntcDAud
Device ID: HDAUDIO\FUNC_01&VEN_8086&DEV_2807&SUBSYS_80860101&REV_1000\4&1793E418&0&0001

Name: Microsoft GS Wavetable Synth
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service:
Device ID: SWD\MMDEVAPI\MICROSOFTGSWAVETABLESYNTH

Name: Microsoft XPS Document Writer
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service:
Device ID: SWD\PRINTENUM\{15304E5A-050D-4F50-875E-E0851C03009B}

Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C0C\AA

Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Device ID: HID\VID_046D&PID_C534&MI_01&COL01\7&31BB13EB&0&0000

Name: Generic USB Hub
Description: Generic USB Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Generic USB Hub)
Service: usbhub
Device ID: USB\VID_8087&PID_8000\5&297D4E9C&2&1

Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\{E5361EB1-BE59-11E7-A19C-806E6F6E6963}#0000000000100000

Name: Intel® 8 Series/C220 Series SATA AHCI Controller - 8C02
Description: Intel® 8 Series/C220 Series SATA AHCI Controller - 8C02
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: storahci
Device ID: PCI\VEN_8086&DEV_8C02&SUBSYS_B0051458&REV_05\3&11583659&0&FA

Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C04\4&104F27E2&0

Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_046D&PID_C534&MI_00\6&1F424936&0&0000

Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Device ID: ROOT\NDISVIRTUALBUS\0000

Name: Intel® 8 Series/C220 Series PCI Express Root Port #3 - 8C14
Description: Intel® 8 Series/C220 Series PCI Express Root Port #3 - 8C14
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: INTEL
Service: pci
Device ID: PCI\VEN_8086&DEV_8C14&SUBSYS_50011458&REV_D5\3&11583659&0&E2

Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&2FAA70DD&0

Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Device ID: PCI\VEN_8086&DEV_8C20&SUBSYS_A0021458&REV_05\3&11583659&0&D8

Name: AMD High Definition Audio Device
Description: AMD High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices
Service: AtiHDAudioService
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&2229FBF6&0&0001

Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service:
Device ID: ACPI\PNP0C02\111

Name: FUJITSU E19-5 ECO
Description: FUJITSU E19-5 ECO
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: Fujitsu Technology Solutions
Service: monitor
Device ID: DISPLAY\FUS07CD\5&2B9A9AE7&0&UID770

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Device ID: USB\VID_046D&PID_C534\5&212AC8FC&0&6

Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
Device ID: ROOT\MSSMBIOS\0000

Name: Legacy device
Description: Legacy device
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service:
Device ID: ACPI\INT0800\4&104F27E2&0

Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
Device ID: ROOT\SYSTEM\0000

Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service:
Device ID: HID\VID_046D&PID_C534&MI_01&COL02\7&31BB13EB&0&0001

Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Device ID: ROOT\RDPBUS\0000

Name: AMD Radeon R7 200 Series
Description: AMD Radeon R7 200 Series
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Device ID: PCI\VEN_1002&DEV_6613&SUBSYS_72401682&REV_00\4&1286464&0&0008

Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
Device ID: HID\VID_046D&PID_C534&MI_00\7&DE3D629&0&0000

Name: WAN Miniport (IPv6)
Description: WAN Miniport (IPv6)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisWan
Device ID: SWD\MSRRAS\MS_NDISWANIPV6

Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\{E5361EB1-BE59-11E7-A19C-806E6F6E6963}#0000000023600000

Name: WAN Miniport (L2TP)
Description: WAN Miniport (L2TP)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: Rasl2tp
Device ID: SWD\MSRRAS\MS_L2TPMINIPORT


========================= Memory info: ===================================

Percentage of memory in use: 16%
Total physical RAM: 16206.17 MB
Available physical RAM: 13513.45 MB
Total Virtual: 32590.17 MB
Available Virtual: 28730.84 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:930.96 GB) (Free:617.21 GB) NTFS
4 Drive g: (RamDisk) (Fixed) (Total:0.5 GB) (Free:0.48 GB) NTFS

========================= Users: ========================================

User accounts for \\DESKTOP-MARK

Administrator            DefaultAccount           defaultuser0             
Guest                    Mark                     WDAGUtilityAccount       

========================= Minidump Files ==================================

No minidump file found


**** End of log ****

 

Process    CPU    Private Bytes    Working Set    PID    Description    Company Name    Verified Signer
System Idle Process    94.93    56 K    8 K    0            
procexp64.exe    3.27    45,096 K    64,056 K    1764    Sysinternals Process Explorer    Sysinternals - www.sysinternals.com    (Verified) Microsoft Corporation
dwm.exe    0.55    55,008 K    60,072 K    1068    Desktop Window Manager    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe    0.20    2,952 K    4,956 K    748    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Interrupts    0.18    0 K    0 K    n/a    Hardware Interrupts and DPCs        
System    0.17    525,536 K    38,548 K    4            
explorer.exe    0.16    78,452 K    160,564 K    4236    Windows Explorer    Microsoft Corporation    (Verified) Microsoft Windows
atieclxx.exe    0.12    2,392 K    10,348 K    1264    AMD External Events Client Module    AMD    (Verified) Advanced Micro Devices
AvastUI.exe    0.10    20,808 K    30,916 K    7152    Avast Antivirus    AVAST Software    (Verified) AVAST Software s.r.o.
Windscribe.exe    0.10    22,296 K    46,132 K    2376    Windscribe client    Windscribe Limited    (Verified) Windscribe Limited
svchost.exe    0.05    4,632 K    15,516 K    5884    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
amddvr.exe    0.04    179,176 K    17,212 K    6172    AMD ReLive: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices
firefox.exe    0.03    169,220 K    223,384 K    1172    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe    0.03    171,616 K    199,636 K    1796    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
services.exe    0.02    5,912 K    10,968 K    800    Services and Controller app    Microsoft Corporation    (Verified) Microsoft Windows Publisher
flux.exe    0.02    8,672 K    21,216 K    6916    f.lux    f.lux Software LLC    (Verified) F.lux Software LLC
AvastSvc.exe    0.02    99,368 K    40,344 K    2716    Avast Service    AVAST Software    (Verified) AVAST Software s.r.o.
aswidsagenta.exe    0.01    32,480 K    50,168 K    6992    Avast Behavior Shield    AVAST Software    (Verified) AVAST Software s.r.o.
svchost.exe    0.01    9,464 K    18,796 K    2216    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    3,004 K    8,872 K    1844    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    10,464 K    24,944 K    360    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WinPatrol.exe    < 0.01    4,772 K    15,032 K    6624    WinPatrol Monitor    Ruiware    (Verified) Ruiware
svchost.exe    < 0.01    114,712 K    114,720 K    1208    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe    < 0.01    9,576 K    18,808 K    8932    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
RadeonSettings.exe    < 0.01    164,952 K    9,108 K    7504    Radeon Settings: Host Application    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices
WUDFHost.exe        1,960 K    8,012 K    1532    Windows Driver Foundation - User-mode Driver Framework Host Process    Microsoft Corporation    (Verified) Microsoft Windows
wsappcontrol.exe        1,984 K    6,984 K    8224    Windscribe auto-login utility    Windscribe Limited    (Verified) Windscribe Limited
WmiPrvSE.exe        3,256 K    9,268 K    2976    WMI Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
winlogon.exe        3,884 K    11,688 K    852    Windows Log-on Application    Microsoft Corporation    (Verified) Microsoft Windows
wininit.exe        2,528 K    7,776 K    740    Windows Start-Up Application    Microsoft Corporation    (Verified) Microsoft Windows Publisher
WindscribeService.exe        1,660 K    6,732 K    3588    Manages the firewall and controls the VPN tunnel    Windscribe Limited    (Verified) Windscribe Limited
usb3Monitor.exe        2,044 K    8,980 K    7856    usbmonitor    VIA Technologies, Inc.    (No signature was present in the subject) VIA Technologies, Inc.
unsecapp.exe        1,552 K    6,828 K    7332    Sink to receive asynchronous callbacks for WMI client application    Microsoft Corporation    (Verified) Microsoft Windows
taskhostw.exe        5,524 K    12,900 K    4608    Host Process for Windows Tasks    Microsoft Corporation    (Verified) Microsoft Windows
svchost.exe        2,700 K    7,964 K    796    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,788 K    25,320 K    8028    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        13,252 K    22,724 K    1332    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,432 K    9,476 K    3100    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        5,536 K    12,272 K    3140    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,756 K    9,896 K    6772    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,204 K    10,636 K    2660    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,772 K    12,456 K    736    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,080 K    15,088 K    2012    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        22,740 K    29,244 K    3080    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,120 K    11,528 K    1788    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        13,204 K    16,344 K    1392    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,268 K    7,580 K    5728    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,788 K    10,500 K    1440    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,956 K    8,004 K    1812    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,000 K    17,556 K    4160    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,796 K    18,044 K    2456    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,916 K    14,524 K    4952    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8,056 K    33,860 K    4140    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,440 K    12,284 K    2640    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,048 K    7,984 K    3020    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,448 K    8,764 K    5184    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,268 K    12,332 K    2584    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,440 K    9,004 K    5672    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,152 K    16,324 K    1356    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,884 K    5,820 K    3280    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,796 K    12,372 K    2896    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,032 K    9,096 K    6616    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,336 K    10,256 K    6740    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,056 K    7,660 K    1452    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,748 K    11,124 K    4504    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,096 K    7,480 K    1708    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        6,500 K    9,540 K    7788    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,196 K    9,252 K    4984    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,788 K    20,916 K    3248    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        8,556 K    22,316 K    3068    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,200 K    7,252 K    3832    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,408 K    5,380 K    3344    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,468 K    6,140 K    3028    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,360 K    11,636 K    3116    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,316 K    9,112 K    2668    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,696 K    13,736 K    2708    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,768 K    6,364 K    2676    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,092 K    9,812 K    2388    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,048 K    3,868 K    1020    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,256 K    9,568 K    1180    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,020 K    11,284 K    1224    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,668 K    5,996 K    1340    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,456 K    11,740 K    1348    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,280 K    5,284 K    1488    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        4,416 K    8,388 K    1620    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,404 K    5,724 K    1384    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,756 K    10,332 K    1836    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,312 K    9,272 K    2116    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,164 K    7,992 K    2180    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,868 K    7,068 K    2188    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        1,968 K    6,692 K    3160    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        7,860 K    24,552 K    7660    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        3,132 K    10,928 K    7476    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,044 K    6,644 K    4708    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
svchost.exe        2,348 K    8,640 K    4716    Host Process for Windows Services    Microsoft Corporation    (Verified) Microsoft Windows Publisher
spoolsv.exe        5,556 K    14,376 K    2968    Spooler SubSystem App    Microsoft Corporation    (Verified) Microsoft Windows
smss.exe        556 K    1,176 K    428    Windows Session Manager    Microsoft Corporation    (Verified) Microsoft Windows Publisher
smartscreen.exe        11,616 K    20,568 K    3532    Windows Defender SmartScreen    Microsoft Corporation    (Verified) Microsoft Windows
sihost.exe        5,252 K    22,576 K    2436    Shell Infrastructure Host    Microsoft Corporation    (Verified) Microsoft Windows
ShellExperienceHost.exe    Suspended    39,104 K    88,936 K    5156    Windows Shell Experience Host    Microsoft Corporation    (Verified) Microsoft Windows
SgrmBroker.exe        3,884 K    4,780 K    7628    System Guard Runtime Monitor Broker Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
SecurityHealthService.exe        4,364 K    15,572 K    3164    Windows Security Health Service    Microsoft Corporation    (Verified) Microsoft Windows Publisher
Secure System    Suspended    168 K    42,828 K    56            
SearchUI.exe    Suspended    52,100 K    100,704 K    5364    Search and Cortana application    Microsoft Corporation    (Verified) Microsoft Windows
SearchProtocolHost.exe        2,580 K    9,556 K    4912    Microsoft Windows Search Protocol Host    Microsoft Corporation    (Verified) Microsoft Windows
SearchIndexer.exe        26,320 K    24,460 K    6484    Microsoft Windows Search Indexer    Microsoft Corporation    (Verified) Microsoft Windows
SearchFilterHost.exe        1,600 K    6,340 K    1100    Microsoft Windows Search Filter Host    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        3,428 K    17,572 K    5484    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        5,236 K    15,496 K    7840    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        7,120 K    26,392 K    6252    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
RuntimeBroker.exe        1,884 K    7,040 K    5708    Runtime Broker    Microsoft Corporation    (Verified) Microsoft Windows
Registry        976 K    12,908 K    104            
PresentationFontCache.exe        25,864 K    19,480 K    2512    PresentationFontCache.exe    Microsoft Corporation    (Verified) Microsoft Corporation
OpenWith.exe        8,908 K    30,944 K    7396    Pick an application    Microsoft Corporation    (Verified) Microsoft Windows
OpenWith.exe        8,644 K    30,144 K    1164    Pick an application    Microsoft Corporation    (Verified) Microsoft Windows
MsMpEng.exe        102,112 K    43,484 K    5256    Antimalware Service Executable    Microsoft Corporation    (Verified) Microsoft Corporation
MSASCuiL.exe        1,972 K    9,148 K    6152    Windows Defender notification icon    Microsoft Corporation    (Verified) Microsoft Windows
Memory Compression        256 K    60,696 K    2076            
lsass.exe        6,040 K    16,212 K    920    Local Security Authority Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
LsaIso.exe        1,072 K    2,928 K    912            
LockApp.exe    Suspended    13,308 K    42,624 K    3756    LockApp.exe    Microsoft Corporation    (Verified) Microsoft Windows
jusched.exe        1,736 K    7,436 K    7868    Java Update Scheduler    Oracle Corporation    (Verified) Oracle America
IpOverUsbSvc.exe        7,948 K    13,512 K    3092    Windows IP Over USB PC Service    Microsoft Corporation    (Verified) Microsoft Corporation
imdsksvc.exe        848 K    3,628 K    596    ImDisk Virtual Disk Driver helper service    Olof Lagerkvist    (Verified) Lagerkvist Teknisk Radgivning i Boras HB
igfxEM.exe        3,532 K    12,116 K    4224    igfxEM Module    Intel Corporation    (Verified) Intel® pGFX
igfxCUIService.exe        2,024 K    8,720 K    2148    igfxCUIService Module    Intel Corporation    (Verified) Intel® pGFX
GoogleCrashHandler64.exe        1,652 K    712 K    4828    Google Crash Handler    Google Inc.    (Verified) Google Inc
GoogleCrashHandler.exe        1,620 K    808 K    4820    Google Crash Handler    Google Inc.    (Verified) Google Inc
fontdrvhost.exe        8,332 K    12,116 K    76    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
fontdrvhost.exe        1,800 K    3,964 K    368    Usermode Font Driver Host    Microsoft Corporation    (Verified) Microsoft Windows
firefox.exe        138,204 K    160,832 K    1028    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        33,580 K    42,880 K    4196    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
firefox.exe        31,648 K    49,664 K    3972    Firefox    Mozilla Corporation    (Verified) Mozilla Corporation
fdm_nativehost.exe        1,340 K    5,408 K    8532    Free Download Manager native messaging host    FreeDownloadManager.ORG    (No signature was present in the subject) FreeDownloadManager.ORG
dllhost.exe        1,988 K    9,548 K    6356    COM Surrogate    Microsoft Corporation    (Verified) Microsoft Windows
dasHost.exe        1,116 K    5,044 K    3360    Device Association Framework Provider Host    Microsoft Corporation    (Verified) Microsoft Windows
ctfmon.exe        7,088 K    17,416 K    5068    CTF Loader    Microsoft Corporation    (Verified) Microsoft Windows
csrss.exe        1,984 K    5,272 K    612    Client Server Runtime Process    Microsoft Corporation    (Verified) Microsoft Windows Publisher
conhost.exe        5,712 K    8,732 K    1832    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
conhost.exe        5,712 K    8,616 K    7164    Console Window Host    Microsoft Corporation    (Verified) Microsoft Windows
boinctray.exe        1,472 K    5,200 K    6892    BOINC System Tray for Windows    Space Sciences Laboratory    (Verified) University of California
AxCrypt.exe        4,656 K    3,792 K    6528    AxCrypt File Encryption    Axantum Software AB    (Verified) AxCrypt AB
atiesrxx.exe        1,360 K    5,848 K    1648    AMD External Events Service Module    AMD    (Verified) Advanced Micro Devices
amdow.exe        2,420 K    6,828 K    7668    AMD ReLive: Desktop Overlay    Advanced Micro Devices, Inc.    (Verified) Advanced Micro Devices

Process: Secure System Pid: 56

Name    Description    Company Name    Path    Verified Signer


 


  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Let's gather some info in order to fix this error:

 

Error: (06/06/2018 12:28:49 PM) (Source: Microsoft-Windows-EapHost) (User: DESKTOP-MARK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   306bytes   176 downloads

Run FRST and press Fix
A fix log will be generated please post that

This will be very quick and will not reboot or make any changes to your PC.


  • 0

#5
Syncmaster75

Syncmaster75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Ok, I've done that, here's the fix log:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Mark (06-06-2018 21:37:04) Run:1
Running from C:\Users\Mark\Desktop
Loaded Profiles: Mark & DefaultAppPool (Available Profiles: defaultuser0 & Mark & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
REG: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods" /s
Folder: C:\Program Files (x86)\Cisco













*****************


========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods" /s =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311
    Name    REG_SZ    Microsoft

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\18
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\SimAuth.dll,-1001
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x166c48be
    WLANProfileTemplate    REG_SZ    <?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft...ncryption><OneXxmlns="http://www.microsoft.com/networking/OneX/v1"><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">18</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapSim xmlns="http://www.microsoft.com/provisioning/EapSimConnectionPropertiesV1"><UseStrongCipherKeys>false</UseStrongCipherKeys><DontRevealPermanentID>false</DontRevealPermanentID><ProviderName></ProviderName><Realm Enabled="true"></Realm></EapSim></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile>

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\21
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\TtlsCfg.dll,-1001
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\TtlsCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x173cd8af

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\21\WLANProfileCreationUXAuth

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\21\WLANProfileCreationUXAuth\1025
    FriendlyName    REG_EXPAND_SZ    @%SystemRoot%\system32\TtlsCfg.dll,-3000
    WLANProfileTemplate    REG_SZ    <?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft...ncryption><OneXxmlns="http://www.microsoft.com/networking/OneX/v1"><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">21</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1"><ServerValidation><ServerNames></ServerNames><DisablePrompt>false</DisablePrompt></ServerValidation><Phase2Authentication><PAPAuthentication/></Phase2Authentication><Phase1Identity><IdentityPrivacy>true</IdentityPrivacy><AnonymousIdentity>anonymous</AnonymousIdentity></Phase1Identity></EapTtls></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile>

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\21\WLANProfileCreationUXAuth\1026
    FriendlyName    REG_EXPAND_SZ    @%SystemRoot%\system32\TtlsCfg.dll,-3001
    WLANProfileTemplate    REG_SZ    <?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft...ncryption><OneXxmlns="http://www.microsoft.com/networking/OneX/v1"><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">21</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1"><ServerValidation><ServerNames></ServerNames><DisablePrompt>false</DisablePrompt></ServerValidation><Phase2Authentication><CHAPAuthentication/></Phase2Authentication><Phase1Identity><IdentityPrivacy>true</IdentityPrivacy><AnonymousIdentity>anonymous</AnonymousIdentity></Phase1Identity></EapTtls></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile>

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\21\WLANProfileCreationUXAuth\1027
    FriendlyName    REG_EXPAND_SZ    @%SystemRoot%\system32\TtlsCfg.dll,-3002
    WLANProfileTemplate    REG_SZ    <?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft...ncryption><OneXxmlns="http://www.microsoft.com/networking/OneX/v1"><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">21</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1"><ServerValidation><ServerNames></ServerNames><DisablePrompt>false</DisablePrompt></ServerValidation><Phase2Authentication><MSCHAPAuthentication/></Phase2Authentication><Phase1Identity><IdentityPrivacy>true</IdentityPrivacy><AnonymousIdentity>anonymous</AnonymousIdentity></Phase1Identity></EapTtls></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile>

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\21\WLANProfileCreationUXAuth\1028
    FriendlyName    REG_EXPAND_SZ    @%SystemRoot%\system32\TtlsCfg.dll,-3003
    WLANProfileTemplate    REG_SZ    <?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft...ncryption><OneXxmlns="http://www.microsoft.com/networking/OneX/v1"><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">21</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1"><ServerValidation><ServerNames></ServerNames><DisablePrompt>false</DisablePrompt></ServerValidation><Phase2Authentication><MSCHAPv2Authentication><UseWinlogonCredentials>false</UseWinlogonCredentials></MSCHAPv2Authentication></Phase2Authentication><Phase1Identity><IdentityPrivacy>true</IdentityPrivacy><AnonymousIdentity>anonymous</AnonymousIdentity></Phase1Identity></EapTtls></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile>

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\21\WLANProfileCreationUXAuth\13
    FriendlyName    REG_EXPAND_SZ    @%SystemRoot%\system32\rastls.dll,-2001
    WLANProfileTemplate    REG_SZ    <?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft...ncryption><OneXxmlns="http://www.microsoft.com/networking/OneX/v1"><cacheUserData>true</cacheUserData><authMode>user</authMode><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">21</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1"><ServerValidation><ServerNames></ServerNames><DisablePrompt>false</DisablePrompt></ServerValidation><Phase2Authentication><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>13</Type><EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1"><CredentialsSource><CertificateStore><SimpleCertSelection>true</SimpleCertSelection></CertificateStore></CredentialsSource><ServerValidation><DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation><ServerNames></ServerNames></ServerValidation><DifferentUsername>false</DifferentUsername><PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</PerformServerValidation><AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">false</AcceptServerName></EapType></Eap></Config></EapHostConfig></Phase2Authentication><Phase1Identity><IdentityPrivacy>true</IdentityPrivacy><AnonymousIdentity>anonymous</AnonymousIdentity></Phase1Identity></EapTtls></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile>

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\21\WLANProfileCreationUXAuth\26
    FriendlyName    REG_EXPAND_SZ    @%SystemRoot%\system32\raschap.dll,-2002
    WLANProfileTemplate    REG_SZ    <?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft...ncryption><OneXxmlns="http://www.microsoft.com/networking/OneX/v1"><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">21</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapTtls xmlns="http://www.microsoft.com/provisioning/EapTtlsConnectionPropertiesV1"><ServerValidation><ServerNames></ServerNames><DisablePrompt>false</DisablePrompt></ServerValidation><Phase2Authentication><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">26</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>26</Type><EapType xmlns="http://www.microsoft.com/provisioning/MsChapV2ConnectionPropertiesV1"><UseWinLogonCredentials>true</UseWinLogonCredentials></EapType></Eap></Config></EapHostConfig></Phase2Authentication><Phase1Identity><IdentityPrivacy>true</IdentityPrivacy><AnonymousIdentity>anonymous</AnonymousIdentity></Phase1Identity></EapTtls></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile>

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\23
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\SimAuth.dll,-1002
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x166c48be
    WLANProfileTemplate    REG_SZ    <?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft...ncryption><OneXxmlns="http://www.microsoft.com/networking/OneX/v1"><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">23</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapAka xmlns="http://www.microsoft.com/provisioning/EapAkaConnectionPropertiesV1"><DontRevealPermanentID>false</DontRevealPermanentID><ProviderName></ProviderName><Realm Enabled="true"></Realm></EapAka></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile>

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\254

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\254\14122

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\254\14122\1
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\WcnEapPeerProxy.dll
    PeerFriendlyName    REG_SZ    Windows Connect Now EAP Peer
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x848000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\50
    PeerConfigUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimAuth.dll
    PeerFriendlyName    REG_SZ    @%SystemRoot%\System32\SimAuth.dll,-1003
    PeerIdentityPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInteractiveUIPath    REG_EXPAND_SZ    %SystemRoot%\System32\SimCfg.dll
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x166c48be
    WLANProfileTemplate    REG_SZ    <?xml version="1.0"?><WLANProfile xmlns="http://www.microsoft...ncryption><OneXxmlns="http://www.microsoft.com/networking/OneX/v1"><EAPConfig><EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.com/provisioning/EapCommon">50</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">311</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapAkaPrime xmlns="http://www.microsoft.com/provisioning/EapAkaPrimeConnectionPropertiesV1"><IgnoreNetworkNameMismatch>true</IgnoreNetworkNameMismatch><EnableFastReauth>false</EnableFastReauth><DontRevealPermanentID>false</DontRevealPermanentID><ProviderName></ProviderName><Realm Enabled="true"></Realm></EapAkaPrime></Config></EapHostConfig></EAPConfig></OneX></security></MSM></WLANProfile>



========= End of Reg: =========


========================= Folder: C:\Program Files (x86)\Cisco ========================

not found.

====== End of Folder: ======


==== End of Fixlog 21:37:04 ====


  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

This is probably the entry that is causing the error:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eaphost\Methods\311\254\14122\1
    PeerDllPath    REG_EXPAND_SZ    %SystemRoot%\System32\WcnEapPeerProxy.dll
    PeerFriendlyName    REG_SZ    Windows Connect Now EAP Peer
    PeerInvokePasswordDialog    REG_DWORD    0x0
    PeerInvokeUsernameDialog    REG_DWORD    0x0
    PeerRequireConfigUI    REG_DWORD    0x1
    Properties    REG_DWORD    0x848000

 

 

Let's check that the dll file exists and is properly signed:

 

Start up FRST.  Put

WcnEapPeerProxy.dll

in the search box and hit Search Files.  You will get one log.  Please post it.


  • 0

#7
Syncmaster75

Syncmaster75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

That dll seems to exist and is in the windows\system32 folder:

 

Farbar Recovery Scan Tool (x64) Version: 06.06.2018 01
Ran by Mark (07-06-2018 09:42:04)
Running from C:\Users\Mark\Desktop
Boot Mode: Normal

================== Search Files: "WcnEapPeerProxy.dll" =============

C:\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.17134.1_none_0c9e30deff5373a2\WcnEapPeerProxy.dll
[2018-04-12 00:33][2018-04-12 00:33] 000036352 _____ (Microsoft Corporation) D32B614E3540E2BFC656C3D96963FA3D [File is digitally signed]

C:\Windows\System32\WcnEapPeerProxy.dll
[2018-04-12 00:33][2018-04-12 00:33] 000036352 _____ (Microsoft Corporation) D32B614E3540E2BFC656C3D96963FA3D [File is digitally signed]


====== End of Search ======


  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You have a slightly newer version than I have:

 

 

C:\Windows\WinSxS\amd64_microsoft-windows-c..cn-config-registrar_31bf3856ad364e35_10.0.16299.371_none_3485f1cf010d2529\WcnEapPeerProxy.dll
[2018-04-10 22:34][2018-03-29 23:33] 000036352 _____ (Microsoft Corporation) 1EA5504E81D2040C4B71DE171D2DFA4B [File is digitally signed]

C:\Windows\System32\WcnEapPeerProxy.dll
[2018-04-10 22:34][2018-03-29 23:33] 000036352 _____ (Microsoft Corporation) 1EA5504E81D2040C4B71DE171D2DFA4B [File is digitally signed]

 

 

Do you get the same error when you open an Elevated Command Prompt and type:

regsvr32  \Windows\System32\WcnEapPeerProxy.dll

and hit Enter?

 

regsvr32.JPG

 

I have been reading up on the WCN stuff and you would think it would only be invoked if someone pressed the WPS button on a router or other WiFi device.

Don't suppose you have a router with a stuck WPS button?

 

 

I also see that your CryptoPrevent is having problems.  Might be worth turning off its protections as a test.

Pause your antivirus.  Start Cryptoprevent by rightclicking and Run As Admin.  Apply a Protection Plan, None.

CryptoPrevent's maker has stopped development on the program.

I'm getting the same Crytoprevent error on my Win 10 so perhaps one of the many Win 10 updates has killed it.  Going to have to find a replacement.


  • 0

#9
Syncmaster75

Syncmaster75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Hi,

 

Yes, I get the same error when I try to re-register that dll - exactly as captured in your screen shot above.

 

I've uninstalled CryptoPrevent after first disabling it's protection by setting plan to None as you said, not much point in keeping it if it's causing errors and not being updated, thanks for the heads up.

 

I also uninstalled and re-installed Windscribe and can now connect to sites with the VPN on

 

Logging in to my router did indeed show the WPS as being on - no lights on the actual device but it must have been stuck since I last hooked the smart tv up - as a security precaution I've now changed the wireless password and router admin password as well. If I use the WPS button in future I'll make sure to log in and check that it's turned itself off.


  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Did that stop the eap errors?

 

Are you still getting redirected?


  • 0

Advertisements


#11
Syncmaster75

Syncmaster75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

I've just run that regsvr32 command again under an elevated prompt and it still gave me the same error.

 

I haven't seen any re-directs in the last day, I'm just a bit concerned that something may have got in and is hiding really well...


  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Sorry I wasn't clear.  Run Minitoolbox again with just

 

[*]List last 10 Event Viewer Errors

 

 

checked.  See if the

 

Source: Microsoft-Windows-EapHost) (User: DESKTOP-MARK)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

 

Are still happening.  (There may be some old ones still.  Are you getting any new since you worked on the router)

 

See if you can get aswmbr to run


Download aswMBR.exe  to your desktop.
The link is a direct download so the page won't change.

Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to  C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply

If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

 

Also if you haven't already try MBAR (different from MBAM)

https://downloads.ma....com/file/mbar/

 

(This is a direct download)


 


  • 0

#13
Syncmaster75

Syncmaster75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Thanks for the links to those extra scanners, I've attached the aswMBR results below. This scan crashed my computer when I had trace I/O calls ticked and Windows deleted it before restarting - downloaded it again and ran it successfully without that checkbox ticked - please ignore the top section of results, I initially forgot to change from Quickscan to C:\ and had to restart.

 

I've also run MBAR and both this and the aswMBR came back clean, so it looks like I don't have malware, thanks for you help.

 

The MiniToolBox scan shows the eap errors are still happening though:

 

Attached File  aswMBR.txt   1.96KB   193 downloadsAttached File  MTB.txt   8.36KB   218 downloads


  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Even tho it appears that your registry entry is good we can try replacing the entries for EAP 254.  Sometimes there are invisible characters that cause problems.

 

Download the 254.zip file. 

Attached File  254.zip   577bytes   177 downloads

 

Right click on it and Extract All, Extract then right click on 254.reg and MERGE.


  • 0

#15
Syncmaster75

Syncmaster75

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts

Thanks for that - I've merged the registry file successfully. Running MiniToolBox again, the error doesn't seem to have come up since the merge earlier this afternoon so it looks as if that has sorted the problem:

 

Attached File  MTB 8.6.18.txt   9.26KB   191 downloads

 

I'll keep an eye on it for the next few days but right now I'd say it's fixed - thank you again for all your help.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP