Hello all,
I have a possible malware infection that has appeared on my pc in the last 24hrs, no idea how it was acquired. I'm running Windows 10, version 1803, x64 and Firefox as my browser. The symptoms I have are that Google.co.uk asked for a login (not the usual account sign in, but a password to access the search page itself) - I left the password field blank and hit continue and saw that it tried to redirect before it went back to looking like my normal homepage. This has only happened once and unfortunately I didn't copy either the initial login message or catch the redirect url - it flashed past too quickly.
At the same time my Windscribe VPN has failed, unable to connect to any page when it's running, error as below:
Secure Connection Failed
The OCSP response contains out-of-date information.
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
Because this situation looked suspicious, I've run the following scans:
Avast antivirus full scan and boot time scan - this picked up some PUPs in the backup files I've got for my rooted Android phone, but nothing on the system. Avast is the only program I have running live, all the rest are on-demand.
Malwarebytes - free version, no detections
SuperAntiSpyware, no detections
Emisoft Emergency Kit Scanner - no detections
Kaspersky's TDSSKiller - Failed to run - I've tried downloading it again and the fresh copy fails as well, could this have been disabled by malware?
I've also used command prompt to run DISM /Online /Cleanup-Image /RestoreHealth and sfc /scannow in case I had corrupt system files but none of the above symptoms were cured after these commands.
I've read the sticky and run FRST64.exe with the following txt files generated:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03.06.2018
Ran by Mark (administrator) on DESKTOP-MARK (04-06-2018 11:31:15)
Running from C:\Users\Mark\Desktop
Loaded Profiles: defaultuser0 & Mark & Administrator & DefaultAppPool (Available Profiles: defaultuser0 & Mark & Administrator & DefaultAppPool)
Platform: Windows 10 Home Version 1803 17134.81 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Olof Lagerkvist) C:\Windows\System32\imdsksvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.17\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(VIA Technologies, Inc.) C:\VIA_XHCI\usb3Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amddvr.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(f.lux Software LLC) C:\Users\Mark\AppData\Local\FluxSoftware\Flux\flux.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\Chrome\fdm_nativehost.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-16] (AVAST Software)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [18381792 2017-06-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [VIAxHCUtl] => C:\VIA_XHCI\usb3Monitor.exe*********\¾**`¾**`Å**0æ**X*O²þÿÿÿöŽ**–Q**`Š**`Š**\€**è‘******ìo&*****C:\P
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [588704 2018-03-28] (Oracle Corporation)
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1836258222-3966296210-172399888-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-08] (Ruiware)
HKU\S-1-5-21-1836258222-3966296210-172399888-500\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{1a81e780-42d8-4e2c-866e-5332cd559984}: [DhcpNameServer] 192.168.1.254
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://go.microsoft.com/fwlink/p/?LinkId=255141
HKU\S-1-5-21-1836258222-3966296210-172399888-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_172\bin\ssv.dll [2018-05-07] (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_172\bin\jp2ssv.dll [2018-05-07] (Oracle Corporation)
BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2015-10-28] (FreeDownloadManager.ORG)
FireFox:
========
FF DefaultProfile: s1dtoigf.default
FF ProfilePath: C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default [2018-06-04]
FF Homepage: Mozilla\Firefox\Profiles\s1dtoigf.default -> hxxps://www.google.co.uk/
FF Extension: (Windscribe VPN) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\@windscribeff.xpi [2018-02-13]
FF Extension: (Free Download Manager extension) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\[email protected] [2017-12-30]
FF Extension: (HTTPS Everywhere) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\[email protected] [2018-04-16]
FF Extension: (Avast SafePrice) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\[email protected] [2018-05-29]
FF Extension: (uBlock Origin) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\[email protected] [2018-05-27]
FF Extension: (Avast Online Security) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\[email protected] [2018-05-27]
FF Extension: (YouTube High Definition) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2018-01-01]
FF Extension: (Video DownloadHelper) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2018-05-30]
FF Extension: (TLS 1.3 gradual roll-out fallback-limit) - C:\Users\Mark\AppData\Roaming\Mozilla\Firefox\Profiles\s1dtoigf.default\features\{d796d067-c00e-46fa-bbe2-4fcb802e38c5}\[email protected] [2018-05-31] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_29_0_0_171.dll [2018-05-08] ()
FF Plugin: @java.com/DTPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\dtplugin\npDeployJava1.dll [2018-05-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.172.2 -> C:\Program Files\Java\jre1.8.0_172\bin\plugin2\npjp2.dll [2018-05-07] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=3.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2018-05-29] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [173472 2017-01-31] (SUPERAntiSpyware.com)
R2 AMD External Events Utility; C:\WINDOWS\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atiesrxx.exe [482280 2018-04-26] (AMD)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7620096 2018-05-16] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-16] (AVAST Software)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
S2 ImDiskRD; C:\Program Files\ImDisk\RamDiskUI.exe [66560 2017-07-06] () [File not signed]
R2 ImDskSvc; C:\WINDOWS\system32\imdsksvc.exe [19552 2015-12-15] (Olof Lagerkvist)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21312 2017-06-13] (Microsoft Corporation)
R3 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6479136 2018-03-27] (Malwarebytes)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [185344 2017-02-03] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\NisSrv.exe [4632736 2018-05-07] (Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.14.17639.18041-0\MsMpEng.exe [104680 2018-05-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 amdkmdag; C:\WINDOWS\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atikmdag.sys [44670944 2018-04-26] (Advanced Micro Devices, Inc.)
R3 amdkmdap; C:\WINDOWS\System32\DriverStore\FileRepository\c0327684.inf_amd64_76add9a22b21deb6\B327831\atikmpag.sys [553448 2018-04-26] (Advanced Micro Devices, Inc.)
R1 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [196640 2018-05-16] (AVAST Software)
R1 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [227504 2018-05-07] (AVAST Software)
R0 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [199440 2018-05-07] (AVAST Software)
R0 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [343752 2018-05-07] (AVAST Software)
R0 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [57680 2018-05-07] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [234560 2018-05-16] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46968 2018-05-16] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159120 2018-05-16] (AVAST Software)
R1 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111360 2018-05-16] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-05-16] (AVAST Software)
R1 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027720 2018-05-16] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [460520 2018-05-16] (AVAST Software)
R2 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [205976 2018-05-16] (AVAST Software)
R0 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381552 2018-05-16] (AVAST Software)
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [111112 2017-11-21] (Advanced Micro Devices)
R2 AWEAlloc; C:\WINDOWS\system32\DRIVERS\awealloc.sys [21048 2015-12-15] (Olof Lagerkvist)
S3 CH341SER_A64; C:\WINDOWS\System32\Drivers\CH341S64.SYS [59904 2015-02-06] (www.winchiphead.com)
R1 HWiNFO; C:\WINDOWS\system32\drivers\HWiNFO64A.SYS [55960 2018-05-23] (REALiX)
R2 ImDisk; C:\WINDOWS\system32\DRIVERS\imdisk.sys [48704 2015-12-15] (Olof Lagerkvist)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [253664 2018-06-04] (Malwarebytes)
S3 qcusbser; C:\WINDOWS\System32\drivers\qcusbser.sys [254520 2017-03-15] (QUALCOMM Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [1010648 2017-10-20] (Realtek )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-10-23] (Synaptics Incorporated)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206976 2017-07-27] (Oracle Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [46072 2018-05-07] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [313888 2018-05-07] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [61472 2018-05-07] (Microsoft Corporation)
S3 WiseUnlock; C:\WINDOWS\WiseUnlock64.sys [33864 2017-12-30] (WiseCleaner.com)
S3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-04 11:31 - 2018-06-04 11:31 - 000014960 _____ C:\Users\Mark\Desktop\FRST.txt
2018-06-04 11:28 - 2018-06-04 11:28 - 002413056 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe
2018-06-03 23:57 - 2018-06-03 23:57 - 000000000 ____D C:\WINDOWS\Panther
2018-06-03 23:13 - 2018-05-20 20:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-03 23:13 - 2018-05-20 20:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-03 23:13 - 2018-05-20 19:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-03 23:13 - 2018-05-20 17:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-03 23:13 - 2018-05-20 12:54 - 001017056 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-03 23:13 - 2018-05-20 12:53 - 000792984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-03 23:13 - 2018-05-20 12:52 - 007519992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-03 23:13 - 2018-05-20 12:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-03 23:13 - 2018-05-20 12:52 - 001209792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-03 23:13 - 2018-05-20 12:52 - 000413080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-03 23:13 - 2018-05-20 12:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-03 23:13 - 2018-05-20 12:35 - 025844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-03 23:13 - 2018-05-20 12:35 - 000861608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-03 23:13 - 2018-05-20 12:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-03 23:13 - 2018-05-20 12:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-03 23:13 - 2018-05-20 12:32 - 006567904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-03 23:13 - 2018-05-20 12:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-03 23:13 - 2018-05-20 12:30 - 022709248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-03 23:13 - 2018-05-20 12:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-03 23:13 - 2018-05-20 12:28 - 004372480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-03 23:13 - 2018-05-20 12:25 - 022001664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-03 23:13 - 2018-05-20 12:25 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-03 23:13 - 2018-05-20 12:24 - 007582720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-03 23:13 - 2018-05-20 12:24 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-03 23:13 - 2018-05-20 12:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-03 23:13 - 2018-05-20 12:23 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-03 23:13 - 2018-05-20 12:22 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-03 23:13 - 2018-05-20 12:21 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-03 23:13 - 2018-05-20 12:18 - 019399168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-03 23:12 - 2018-05-20 20:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-03 23:12 - 2018-05-20 20:45 - 000094104 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-03 23:12 - 2018-05-20 20:42 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-03 23:12 - 2018-05-20 20:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-03 23:12 - 2018-05-20 20:27 - 012712960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-03 23:12 - 2018-05-20 20:27 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-03 23:12 - 2018-05-20 20:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-03 23:12 - 2018-05-20 20:24 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-03 23:12 - 2018-05-20 20:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-03 23:12 - 2018-05-20 20:23 - 003655168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-03 23:12 - 2018-05-20 20:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-03 23:12 - 2018-05-20 20:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-03 23:12 - 2018-05-20 20:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-03 23:12 - 2018-05-20 20:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-03 23:12 - 2018-05-20 20:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-03 23:12 - 2018-05-20 20:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-03 23:12 - 2018-05-20 19:17 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-03 23:12 - 2018-05-20 19:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-03 23:12 - 2018-05-20 19:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-03 23:12 - 2018-05-20 19:03 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-03 23:12 - 2018-05-20 19:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-03 23:12 - 2018-05-20 19:00 - 002896896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-03 23:12 - 2018-05-20 19:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-03 23:12 - 2018-05-20 18:59 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-03 23:12 - 2018-05-20 18:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-03 23:12 - 2018-05-20 18:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-03 23:12 - 2018-05-20 17:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-03 23:12 - 2018-05-20 17:39 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-03 23:12 - 2018-05-20 17:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-03 23:12 - 2018-05-20 17:36 - 003733312 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-03 23:12 - 2018-05-20 17:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-03 23:12 - 2018-05-20 17:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-03 23:12 - 2018-05-20 16:04 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-03 23:12 - 2018-05-20 16:00 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-03 23:12 - 2018-05-20 15:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-03 23:12 - 2018-05-20 13:36 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-03 23:12 - 2018-05-20 13:33 - 000748504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-03 23:12 - 2018-05-20 13:33 - 000707480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-03 23:12 - 2018-05-20 13:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-03 23:12 - 2018-05-20 13:01 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-03 23:12 - 2018-05-20 13:01 - 000983008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-03 23:12 - 2018-05-20 12:59 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-03 23:12 - 2018-05-20 12:58 - 000272288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-03 23:12 - 2018-05-20 12:55 - 001456616 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-03 23:12 - 2018-05-20 12:55 - 001174424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-03 23:12 - 2018-05-20 12:55 - 001063320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-03 23:12 - 2018-05-20 12:55 - 000567176 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-03 23:12 - 2018-05-20 12:55 - 000193936 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-03 23:12 - 2018-05-20 12:54 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-03 23:12 - 2018-05-20 12:54 - 001800080 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-03 23:12 - 2018-05-20 12:54 - 001012120 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-03 23:12 - 2018-05-20 12:54 - 000722288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-03 23:12 - 2018-05-20 12:54 - 000170904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-03 23:12 - 2018-05-20 12:53 - 006816848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 004402768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 002836376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-03 23:12 - 2018-05-20 12:53 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 001258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-03 23:12 - 2018-05-20 12:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-03 23:12 - 2018-05-20 12:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-03 23:12 - 2018-05-20 12:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-03 23:12 - 2018-05-20 12:52 - 009159064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-03 23:12 - 2018-05-20 12:52 - 003283400 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 002753040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 001148800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 000885848 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 000713368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 000416120 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-03 23:12 - 2018-05-20 12:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-03 23:12 - 2018-05-20 12:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-03 23:12 - 2018-05-20 12:34 - 001462288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-03 23:12 - 2018-05-20 12:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-03 23:12 - 2018-05-20 12:33 - 002331576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-03 23:12 - 2018-05-20 12:33 - 001011968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-03 23:12 - 2018-05-20 12:33 - 000457144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-03 23:12 - 2018-05-20 12:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 006527568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 004787960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 002536056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 002486984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 002242208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 000988128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-03 23:12 - 2018-05-20 12:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-03 23:12 - 2018-05-20 12:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-03 23:12 - 2018-05-20 12:29 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-03 23:12 - 2018-05-20 12:28 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-03 23:12 - 2018-05-20 12:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-03 23:12 - 2018-05-20 12:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-03 23:12 - 2018-05-20 12:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-03 23:12 - 2018-05-20 12:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-03 23:12 - 2018-05-20 12:27 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-03 23:12 - 2018-05-20 12:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 003389952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-03 23:12 - 2018-05-20 12:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-03 23:12 - 2018-05-20 12:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-03 23:12 - 2018-05-20 12:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-03 23:12 - 2018-05-20 12:25 - 004563968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-03 23:12 - 2018-05-20 12:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-03 23:12 - 2018-05-20 12:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-03 23:12 - 2018-05-20 12:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-03 23:12 - 2018-05-20 12:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-03 23:12 - 2018-05-20 12:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-03 23:12 - 2018-05-20 12:23 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-03 23:12 - 2018-05-20 12:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-03 23:12 - 2018-05-20 12:23 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-03 23:12 - 2018-05-20 12:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-03 23:12 - 2018-05-20 12:22 - 003440640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-03 23:12 - 2018-05-20 12:22 - 001817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-03 23:12 - 2018-05-20 12:22 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-03 23:12 - 2018-05-20 12:22 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-03 23:12 - 2018-05-20 12:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 000775680 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-03 23:12 - 2018-05-20 12:21 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-03 23:12 - 2018-05-20 12:17 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-03 23:12 - 2018-05-20 12:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-03 23:12 - 2018-05-20 12:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-03 23:12 - 2018-05-20 12:16 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-03 23:12 - 2018-05-20 12:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-03 23:12 - 2018-05-20 12:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-03 23:12 - 2018-05-20 12:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-03 23:12 - 2018-05-20 12:15 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-03 23:12 - 2018-05-20 12:15 - 003712000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-03 23:12 - 2018-05-20 12:15 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-03 23:12 - 2018-05-20 12:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-03 23:12 - 2018-05-20 12:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-03 23:12 - 2018-05-20 12:14 - 005782528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-03 23:12 - 2018-05-20 12:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-03 23:12 - 2018-05-20 12:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-03 23:12 - 2018-05-20 12:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-03 23:12 - 2018-05-20 12:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-03 23:12 - 2018-05-20 12:13 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-03 23:12 - 2018-05-20 12:13 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-03 23:12 - 2018-05-20 12:13 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-03 23:12 - 2018-05-20 12:13 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-03 23:12 - 2018-05-20 12:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-03 23:12 - 2018-05-20 12:12 - 003014656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-03 23:12 - 2018-05-20 12:12 - 001636352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-03 23:12 - 2018-05-20 12:12 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-03 23:12 - 2018-05-20 12:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-03 23:12 - 2018-05-20 12:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-03 23:12 - 2018-05-20 12:12 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-03 23:12 - 2018-05-20 12:11 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-03 23:12 - 2018-05-20 12:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-03 23:12 - 2018-05-20 12:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-03 23:12 - 2018-05-20 12:11 - 000669184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-03 23:12 - 2018-05-20 12:11 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-03 23:12 - 2018-05-20 12:11 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-03 23:12 - 2018-05-20 11:07 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-03 23:12 - 2018-05-20 09:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-03 23:12 - 2018-05-18 18:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-06-03 22:59 - 2018-06-03 22:59 - 000000000 ____D C:\ProgramData\Emsisoft
2018-06-03 18:50 - 2018-06-03 18:50 - 000000000 ____D C:\Users\Mark\AppData\LocalLow\AMD
2018-05-31 19:13 - 2018-05-31 19:13 - 000001179 _____ C:\Users\Public\Desktop\LibreOffice 6.0.lnk
2018-05-31 19:13 - 2018-05-31 19:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 6.0
2018-05-31 19:13 - 2018-05-31 19:13 - 000000000 ____D C:\Program Files\LibreOffice
2018-05-29 18:42 - 2018-05-29 18:42 - 000000809 _____ C:\Users\Mark\Desktop\Elsie.lnk
2018-05-29 18:42 - 2018-05-29 18:42 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Elsie
2018-05-29 18:42 - 2018-05-29 18:42 - 000000000 ____D C:\Program Files\Elsie
2018-05-25 01:30 - 2017-03-04 01:51 - 001300480 _____ C:\Users\Mark\Desktop\mmssms_1.db
2018-05-23 19:02 - 2013-10-31 03:21 - 000015584 _____ (Giga-Byte Technology CO., LTD.) C:\WINDOWS\etocdrv.sys
2018-05-23 09:30 - 2018-05-23 18:28 - 000000159 _____ C:\Users\Mark\Documents\Neighbour 23.5.18.mp4
2018-05-23 08:50 - 2018-05-23 08:50 - 000000000 ____D C:\Users\Mark\AppData\Local\AVAST Software
2018-05-23 08:49 - 2018-05-23 08:49 - 000004536 _____ C:\Users\Mark\AppData\Roaming\CamStudio.cfg
2018-05-23 08:49 - 2018-05-23 08:49 - 000000408 _____ C:\Users\Mark\AppData\Roaming\CamShapes.ini
2018-05-23 08:49 - 2018-05-23 08:49 - 000000408 _____ C:\Users\Mark\AppData\Roaming\CamLayout.ini
2018-05-23 08:49 - 2018-05-23 08:49 - 000000046 _____ C:\Users\Mark\AppData\Roaming\Camdata.ini
2018-05-23 08:47 - 2018-05-23 08:47 - 000000096 _____ C:\Users\Mark\AppData\Roaming\version2.xml
2018-05-22 00:45 - 2018-05-22 00:45 - 000000000 ____D C:\WINDOWS\Vbox
2018-05-22 00:45 - 2018-05-22 00:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cakewalk
2018-05-22 00:44 - 2018-05-22 00:44 - 000000000 ____D C:\Program Files (x86)\Cakewalk
2018-05-22 00:44 - 1999-12-29 09:01 - 000005727 _____ C:\WINDOWS\SysWOW64\VcakeD.vxd
2018-05-16 18:44 - 2018-05-21 11:02 - 000000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2018-05-16 18:44 - 2018-05-16 18:44 - 000000000 ____D C:\Program Files\Realtek
2018-05-16 18:44 - 2017-06-29 18:55 - 003507688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 001347136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000691680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000221960 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000214832 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000209528 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2018-05-16 18:44 - 2017-06-29 18:55 - 000088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2018-05-16 18:44 - 2017-06-29 18:52 - 005826560 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2018-05-16 18:44 - 2017-06-29 18:52 - 003677160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2018-05-16 18:44 - 2017-06-29 18:52 - 003205120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2018-05-16 18:44 - 2017-06-29 18:51 - 000023688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 003509256 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000914016 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000768808 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000410032 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000074600 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll
2018-05-16 18:43 - 2017-06-29 18:55 - 000069920 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll
2018-05-16 18:43 - 2017-06-29 18:54 - 004059960 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2018-05-16 18:43 - 2017-06-29 18:54 - 000330552 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2018-05-16 18:43 - 2017-06-29 18:52 - 000574752 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2018-05-16 18:43 - 2017-06-29 18:52 - 000118592 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2018-05-16 18:43 - 2017-06-29 18:51 - 002210304 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2018-05-16 18:43 - 2017-06-29 18:51 - 002050176 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2018-05-16 18:43 - 2017-06-29 18:50 - 000122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2018-05-16 18:43 - 2017-06-29 03:05 - 012334923 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2018-05-16 18:25 - 2018-05-16 18:25 - 000376536 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2018-05-16 18:20 - 2018-05-21 11:02 - 000000000 ____D C:\Program Files (x86)\Realtek
2018-05-16 18:06 - 2018-05-16 18:06 - 000000000 ____D C:\8336500659725115574
2018-05-16 18:00 - 2018-05-16 18:00 - 000003160 _____ C:\WINDOWS\System32\Tasks\StartCN
2018-05-16 18:00 - 2018-05-16 18:00 - 000003074 _____ C:\WINDOWS\System32\Tasks\StartDVR
2018-05-16 18:00 - 2018-05-16 18:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2018-05-16 18:00 - 2018-05-16 18:00 - 000000000 ____D C:\Program Files (x86)\AMD
2018-05-16 17:33 - 2018-05-16 17:33 - 025960000 _____ (AMD Inc.) C:\Users\Mark\Downloads\radeon-software-adrenalin-18.4.1-minimalsetup-180426_64bit.exe
2018-05-09 14:04 - 2018-05-09 14:10 - 000001207 _____ C:\Users\Mark\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2018-05-09 14:04 - 2018-05-09 14:10 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2018-05-09 14:04 - 2018-05-09 14:10 - 000000000 ____D C:\Program Files (x86)\ASIO4ALL v2
2018-05-09 13:25 - 2018-05-09 13:27 - 000000176 _____ C:\Users\Mark\Documents\DISM Restore Health Command.txt
2018-05-09 10:53 - 2018-05-09 10:53 - 000061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2018-05-09 10:51 - 2018-05-09 13:10 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-05-08 19:50 - 2018-05-08 20:22 - 000000000 ____D C:\Users\Mark\AppData\Roaming\AccurateRip
2018-05-08 19:50 - 2018-05-08 19:50 - 000001139 _____ C:\Users\Public\Desktop\Exact Audio Copy.lnk
2018-05-08 19:50 - 2018-05-08 19:50 - 000000000 ____D C:\Users\Mark\AppData\Roaming\EAC
2018-05-08 19:50 - 2018-05-08 19:50 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2018-05-08 19:50 - 2018-05-08 19:50 - 000000000 ____D C:\Program Files (x86)\Exact Audio Copy
2018-05-08 18:49 - 2018-04-28 14:58 - 001855488 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2018-05-08 18:49 - 2018-04-28 12:17 - 019525120 _____ (Microsoft Corporation) C:\WINDOWS\system32\HologramCompositor.dll
2018-05-08 18:49 - 2018-04-28 05:31 - 000473496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2018-05-08 18:49 - 2018-04-28 05:29 - 001565592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2018-05-08 18:49 - 2018-04-28 05:29 - 000788216 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2018-05-08 18:49 - 2018-04-28 05:29 - 000776880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2018-05-08 18:49 - 2018-04-28 05:29 - 000382872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2018-05-08 18:49 - 2018-04-28 05:27 - 002422168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-05-08 18:49 - 2018-04-28 05:27 - 001191168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-05-08 18:49 - 2018-04-28 04:58 - 003086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2018-05-08 18:49 - 2018-04-28 04:57 - 001534976 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2018-05-08 18:49 - 2018-04-28 04:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-05-08 18:49 - 2018-04-28 04:55 - 000543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2018-05-08 18:48 - 2018-04-28 15:03 - 013570560 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2018-05-08 18:48 - 2018-04-28 15:03 - 000171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\itss.dll
2018-05-08 18:48 - 2018-04-28 15:03 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedPCCSP.dll
2018-05-08 18:48 - 2018-04-28 15:02 - 008623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2018-05-08 18:48 - 2018-04-28 15:01 - 000256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MixedReality.Broker.dll
2018-05-08 18:48 - 2018-04-28 15:00 - 000695296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2018-05-08 18:48 - 2018-04-28 14:59 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-05-08 18:48 - 2018-04-28 14:58 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-05-08 18:48 - 2018-04-28 14:18 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\itss.dll
2018-05-08 18:48 - 2018-04-28 14:17 - 012500992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2018-05-08 18:48 - 2018-04-28 14:16 - 007987712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2018-05-08 18:48 - 2018-04-28 14:14 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-05-08 18:48 - 2018-04-28 14:14 - 000581120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2018-05-08 18:48 - 2018-04-28 14:14 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-05-08 18:48 - 2018-04-28 14:13 - 001585664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2018-05-08 18:48 - 2018-04-28 14:12 - 001380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2018-05-08 18:48 - 2018-04-28 11:58 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-05-08 18:48 - 2018-04-28 11:58 - 000159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Analog.dll
2018-05-08 18:48 - 2018-04-28 05:37 - 001034624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-05-08 18:48 - 2018-04-28 05:29 - 000494488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2018-05-08 18:48 - 2018-04-28 05:29 - 000134552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-05-08 18:48 - 2018-04-28 05:27 - 000604568 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2018-05-08 18:48 - 2018-04-28 05:14 - 000434584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2018-05-08 18:48 - 2018-04-28 05:13 - 001426328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2018-05-08 18:48 - 2018-04-28 05:13 - 000786168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-05-08 18:48 - 2018-04-28 05:13 - 000665320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2018-05-08 18:48 - 2018-04-28 05:12 - 000606448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2018-05-08 18:48 - 2018-04-28 05:03 - 000585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs3.dll
2018-05-08 18:48 - 2018-04-28 05:03 - 000444416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs1.dll
2018-05-08 18:48 - 2018-04-28 05:03 - 000288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.th.dll
2018-05-08 18:48 - 2018-04-28 05:03 - 000241664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win81.dll
2018-05-08 18:48 - 2018-04-28 05:02 - 000613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs4.dll
2018-05-08 18:48 - 2018-04-28 05:02 - 000474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.rs2.dll
2018-05-08 18:48 - 2018-04-28 05:02 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2018-05-08 18:48 - 2018-04-28 05:02 - 000142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.win8rtm.dll
2018-05-08 18:48 - 2018-04-28 05:02 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcimage.dll
2018-05-08 18:48 - 2018-04-28 05:01 - 000023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2018-05-08 18:48 - 2018-04-28 05:00 - 000143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2018-05-08 18:48 - 2018-04-28 04:59 - 000553984 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2018-05-08 18:48 - 2018-04-28 04:57 - 002170368 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-05-08 18:48 - 2018-04-28 04:57 - 000019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2018-05-08 18:48 - 2018-04-28 04:56 - 002902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-05-08 18:48 - 2018-04-28 04:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-05-08 18:48 - 2018-04-28 04:56 - 000917504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2018-05-08 18:48 - 2018-04-28 04:55 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-05-08 18:48 - 2018-04-28 04:55 - 001421312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpbase.dll
2018-05-08 18:48 - 2018-04-28 04:55 - 000596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2018-05-08 18:48 - 2018-04-28 04:54 - 000561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2018-05-08 18:48 - 2018-04-28 04:53 - 001235968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpbase.dll
2018-05-08 18:48 - 2018-04-28 04:53 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2018-05-08 18:48 - 2018-04-28 04:52 - 000836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2018-05-08 18:48 - 2018-04-28 04:51 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-05-08 18:48 - 2018-04-28 04:51 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2018-05-08 18:48 - 2018-04-28 03:43 - 001953280 _____ C:\WINDOWS\system32\rdpnano.dll
2018-05-07 13:39 - 2018-05-07 13:39 - 000000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2018-05-07 13:39 - 2018-05-07 13:39 - 000000000 ____D C:\Users\DefaultAppPool
2018-05-07 13:39 - 2018-04-12 00:34 - 000001105 _____ C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-07 13:29 - 2018-05-19 14:28 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-05-07 13:29 - 2018-05-09 10:53 - 000001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2018-05-07 13:29 - 2018-05-07 13:29 - 000000000 ____D C:\WINDOWS\System32\Tasks\Avast Software
2018-05-07 13:29 - 2018-05-07 13:29 - 000000000 ____D C:\Users\Mark\AppData\Roaming\AVAST Software
2018-05-07 13:28 - 2018-05-16 18:25 - 000460520 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000381552 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000205976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000196640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000159120 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000111360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-05-07 13:28 - 2018-05-16 18:25 - 000046968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-05-07 13:28 - 2018-05-16 18:24 - 001027720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-05-07 13:28 - 2018-05-16 18:24 - 000234560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-05-07 13:28 - 2018-05-07 13:28 - 000000000 ____D C:\Program Files\Common Files\AVAST Software
2018-05-07 13:28 - 2018-05-07 13:26 - 000343752 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-05-07 13:28 - 2018-05-07 13:26 - 000227504 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-05-07 13:28 - 2018-05-07 13:26 - 000199440 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-05-07 13:28 - 2018-05-07 13:26 - 000057680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-05-07 13:26 - 2018-05-07 13:26 - 000000000 ____D C:\Program Files\AVAST Software
2018-05-07 13:25 - 2018-05-07 14:53 - 000000000 ____D C:\ProgramData\AVAST Software
2018-05-07 12:38 - 2018-05-07 12:38 - 000000000 _____ C:\WINDOWS\System32\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}
2018-05-06 21:57 - 2018-06-03 22:44 - 000000000 ____D C:\Users\Mark\AppData\Roaming\foobar2000
2018-05-06 21:57 - 2018-05-06 21:57 - 000001182 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2018-05-06 21:57 - 2018-05-06 21:57 - 000001100 _____ C:\Users\Public\Desktop\foobar2000.lnk
2018-05-06 21:57 - 2018-05-06 21:57 - 000000000 ____D C:\Program Files (x86)\foobar2000
2018-05-06 21:36 - 2018-06-04 11:24 - 000000000 ____D C:\Users\Mark\AppData\Local\D3DSCache
2018-05-06 21:35 - 2018-05-06 21:35 - 000000020 ___SH C:\Users\Mark\ntuser.ini
2018-05-06 21:34 - 2018-06-03 23:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-05-06 21:34 - 2018-05-31 13:37 - 000003936 _____ C:\WINDOWS\System32\Tasks\CCleaner Update
2018-05-06 21:34 - 2018-05-18 00:56 - 000003418 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2018-05-06 21:34 - 2018-05-18 00:56 - 000003294 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2018-05-06 21:34 - 2018-05-15 15:59 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2018-05-06 21:34 - 2018-05-08 18:02 - 000004580 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player NPAPI Notifier
2018-05-06 21:34 - 2018-05-08 18:02 - 000004422 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2018-05-06 21:34 - 2018-05-06 21:34 - 000002852 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836258222-3966296210-172399888-500
2018-05-06 21:34 - 2018-05-06 21:34 - 000002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2018-05-06 21:33 - 2018-05-06 21:34 - 000015243 _____ C:\WINDOWS\diagwrn.xml
2018-05-06 21:33 - 2018-05-06 21:34 - 000015243 _____ C:\WINDOWS\diagerr.xml
2018-05-06 21:31 - 2018-06-04 00:01 - 000874672 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-05-06 21:22 - 2018-05-06 21:22 - 000001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2018-05-06 21:20 - 2018-05-23 19:11 - 000000000 ____D C:\Users\defaultuser0
2018-05-06 21:20 - 2018-05-23 19:11 - 000000000 ____D C:\Users\Administrator
2018-05-06 21:20 - 2018-05-06 21:35 - 000000000 ____D C:\Users\Mark
2018-05-06 21:20 - 2018-04-12 00:34 - 000001105 _____ C:\Users\defaultuser0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-06 21:20 - 2018-04-12 00:34 - 000001105 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-05-06 21:19 - 2018-05-06 21:19 - 000000000 ____D C:\ProgramData\USOShared
2018-05-06 21:18 - 2018-04-12 00:33 - 002752000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2018-05-06 21:16 - 2018-06-04 11:21 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-05-06 21:16 - 2018-06-03 23:57 - 000406184 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-05-06 18:45 - 2018-05-06 22:15 - 000000000 ____D C:\WINDOWS\system32\config\bbimigrate
2018-05-06 18:41 - 2018-05-06 18:45 - 000000000 ____D C:\WINDOWS\ServiceProfiles
2018-05-06 18:37 - 2018-05-06 18:37 - 000000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2018-05-06 18:37 - 2018-05-06 18:37 - 000000000 ____D C:\WINDOWS\system32\BestPractices
2018-05-06 18:37 - 2018-05-06 18:37 - 000000000 ____D C:\inetpub
2018-05-06 18:36 - 2018-05-06 18:36 - 000000000 ____D C:\Program Files\Reference Assemblies
2018-05-06 18:36 - 2018-05-06 18:36 - 000000000 ____D C:\Program Files\MSBuild
2018-05-06 18:36 - 2018-05-06 18:36 - 000000000 ____D C:\Program Files (x86)\Reference Assemblies
2018-05-06 18:36 - 2018-05-06 18:36 - 000000000 ____D C:\Program Files (x86)\MSBuild
2018-05-06 18:35 - 2018-05-06 18:35 - 001166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2018-05-06 18:35 - 2018-05-06 18:35 - 000778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2018-05-06 18:35 - 2018-05-06 18:35 - 000124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2018-05-06 18:35 - 2018-05-06 18:35 - 000103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2018-05-06 18:35 - 2018-05-06 18:35 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2018-05-06 18:35 - 2018-05-06 18:35 - 000035456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2018-05-06 18:33 - 2018-05-06 18:33 - 003398144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2018-05-06 18:33 - 2018-05-06 18:33 - 000575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsFilt.dll
2018-05-06 18:33 - 2018-05-06 18:33 - 000076060 _____ C:\WINDOWS\SysWOW64\xpsrchvw.xml
2018-05-06 18:32 - 2018-05-06 18:32 - 004492288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2018-05-06 18:32 - 2018-05-06 18:32 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsFilt.dll
2018-05-06 18:32 - 2018-05-06 18:32 - 000100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XPSSHHDR.dll
2018-05-06 18:32 - 2018-05-06 18:32 - 000082432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XPSSHHDR.dll
2018-05-06 18:32 - 2018-05-06 18:32 - 000076060 _____ C:\WINDOWS\system32\xpsrchvw.xml
2018-05-06 18:18 - 2018-05-06 18:18 - 000008192 _____ C:\WINDOWS\system32\config\userdiff
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2018-06-04 11:31 - 2017-11-15 15:07 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Free Download Manager
2018-06-04 11:31 - 2017-05-12 00:06 - 000000000 ____D C:\FRST
2018-06-04 11:24 - 2018-04-12 00:36 - 000000000 ____D C:\WINDOWS\INF
2018-06-04 11:24 - 2017-04-03 13:34 - 000000000 ____D C:\Users\Mark\AppData\LocalLow\Mozilla
2018-06-04 10:59 - 2017-11-04 13:13 - 000000000 ____D C:\ProgramData\BOINC
2018-06-04 09:36 - 2018-04-12 00:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-04 09:27 - 2017-04-05 23:45 - 000000000 ____D C:\Users\Mark\Downloads\Software
2018-06-04 01:26 - 2017-05-14 00:46 - 000000000 ____D C:\EEK
2018-06-04 01:01 - 2018-04-29 01:44 - 000253664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamswissarmy.sys
2018-06-04 00:03 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-06-03 23:57 - 2018-01-02 00:37 - 000000000 ___RD C:\Users\Mark\3D Objects
2018-06-03 23:57 - 2017-12-31 02:28 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-06-03 23:57 - 2017-04-15 13:37 - 000000000 __SHD C:\Users\Mark\IntelGraphicsProfiles
2018-06-03 23:57 - 2016-11-23 00:36 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-03 23:56 - 2018-04-11 22:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-06-03 23:56 - 2017-10-31 17:43 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-03 23:55 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\en-GB
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\en-GB
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-03 23:55 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-03 23:10 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-06-03 21:40 - 2018-02-26 17:06 - 000000000 ____D C:\Users\Mark\Documents\Audacity
2018-06-03 21:40 - 2018-02-26 16:46 - 000000000 ____D C:\Users\Mark\AppData\Roaming\audacity
2018-06-03 19:23 - 2017-12-23 00:16 - 000000000 ____D C:\Users\Mark\AppData\Roaming\vlc
2018-06-03 18:59 - 2017-12-23 00:16 - 000001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2018-06-01 00:25 - 2018-04-12 00:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-05-31 19:16 - 2017-10-31 17:43 - 000000000 ____D C:\ProgramData\Package Cache
2018-05-31 13:37 - 2017-11-02 11:37 - 000000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
2018-05-31 01:08 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2018-05-30 22:25 - 2018-02-07 22:12 - 000000000 ____D C:\Users\Mark\AppData\Roaming\MusicBee
2018-05-29 18:59 - 2017-11-01 11:26 - 000000000 ____D C:\Users\Mark\AppData\Local\VirtualStore
2018-05-24 16:12 - 2017-11-20 14:23 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2018-05-24 16:07 - 2017-11-19 15:54 - 000026192 ____N (Windows ® Server 2003 DDK provider) C:\WINDOWS\gdrv.sys
2018-05-23 19:00 - 2017-11-20 13:54 - 000000000 ____D C:\Program Files (x86)\Intel
2018-05-23 18:33 - 2017-12-28 23:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HWiNFO64
2018-05-23 18:33 - 2017-12-28 23:01 - 000000000 ____D C:\Program Files\HWiNFO64
2018-05-23 18:33 - 2017-12-26 23:09 - 000055960 _____ (REALiX) C:\WINDOWS\system32\Drivers\HWiNFO64A.SYS
2018-05-21 11:11 - 2017-12-10 14:33 - 000000000 ___HD C:\Program Files (x86)\Temp
2018-05-20 13:04 - 2017-04-03 13:08 - 000000000 ____D C:\AMD
2018-05-20 11:38 - 2017-11-01 11:37 - 000001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-05-20 11:38 - 2017-11-01 11:37 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-05-18 00:59 - 2017-04-12 11:04 - 000000000 ____D C:\LG_G3
2018-05-16 18:06 - 2017-11-01 11:26 - 000000000 ____D C:\Users\Mark\AppData\Local\AMD
2018-05-16 17:59 - 2017-10-31 17:43 - 000000000 ____D C:\Program Files\AMD
2018-05-16 17:58 - 2017-12-26 23:19 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-05-16 17:34 - 2017-12-28 23:28 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-05-15 15:58 - 2017-11-20 11:41 - 000002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2018-05-15 15:03 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\NDF
2018-05-13 23:56 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-05-12 22:37 - 2015-11-16 15:07 - 000000000 ____D C:\Users\Mark\Documents\Hi-Fi
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\vi-VN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ur-PK
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ug-CN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tt-RU
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\tk-TM
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\te-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ta-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sw-KE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\sq-AL
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\si-LK
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\quz-PE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\prs-AF
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\or-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\nn-NO
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ne-NP
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mt-MT
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mr-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mn-MN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ml-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mk-MK
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\mi-NZ
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\lo-LA
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\lb-LU
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ky-KG
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\kok-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\kn-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\km-KH
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\kk-KZ
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ka-GE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\is-IS
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\id-ID
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\hy-AM
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\gu-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\gd-GB
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\ga-IE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\fil-PH
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\fa-IR
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\cy-GB
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\bn-BD
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\be-BY
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\as-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\am-ET
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\SysWOW64\af-ZA
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\vi-VN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ur-PK
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ug-CN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\tt-RU
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\tk-TM
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\te-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\sw-KE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\sq-AL
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\quz-PE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\prs-AF
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\pa-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\or-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\nn-NO
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ne-NP
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\mt-MT
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\mr-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\mn-MN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ml-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\mk-MK
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\mi-NZ
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\lo-LA
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\lb-LU
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ky-KG
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\kok-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\kn-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\km-KH
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\kk-KZ
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ka-GE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\is-IS
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\id-ID
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\hy-AM
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\gu-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\gd-GB
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\ga-IE
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\fil-PH
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\fa-IR
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\cy-GB
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\bn-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\bn-BD
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\be-BY
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\as-IN
2018-05-08 23:59 - 2018-04-12 17:17 - 000000000 ____D C:\WINDOWS\system32\af-ZA
2018-05-08 23:59 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\ta-in
2018-05-08 23:59 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\si-lk
2018-05-08 23:59 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-05-08 23:59 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\am-et
2018-05-08 23:59 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Provisioning
2018-05-08 18:48 - 2017-11-01 11:38 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-05-08 18:47 - 2017-11-01 11:38 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-05-08 18:47 - 2017-11-01 11:38 - 141696960 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-05-08 18:02 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
2018-05-08 18:02 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-05-08 01:12 - 2017-11-01 11:26 - 000000000 ____D C:\Users\Mark\AppData\Local\ConnectedDevicesPlatform
2018-05-07 16:49 - 2018-04-25 23:55 - 000000000 ____D C:\ProgramData\Garmin
2018-05-07 16:49 - 2017-04-03 12:59 - 000000000 ___RD C:\Users\Mark\OneDrive
2018-05-07 13:42 - 2017-12-27 02:03 - 000111048 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2018-05-07 13:42 - 2017-12-27 02:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2018-05-07 13:42 - 2017-12-27 02:02 - 000000000 ____D C:\Program Files\Java
2018-05-07 13:41 - 2017-11-02 11:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2018-05-07 13:41 - 2017-11-02 11:18 - 000000000 ____D C:\Program Files\7-Zip
2018-05-07 13:35 - 2018-01-01 14:46 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2018-05-07 13:35 - 2018-01-01 14:46 - 000000000 ____D C:\ProgramData\InstallMate
2018-05-07 13:27 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Windows Defender
2018-05-07 13:27 - 2018-02-20 15:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2018-05-07 12:31 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\appcompat
2018-05-07 12:29 - 2018-02-19 17:32 - 000000000 ____D C:\Users\Mark\AppData\Local\PlaceholderTileLogoFolder
2018-05-06 23:35 - 2018-01-02 00:17 - 000000000 ____D C:\Users\Mark\AppData\Local\Packages
2018-05-06 22:15 - 2018-04-29 01:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2018-05-06 22:15 - 2018-04-12 00:41 - 000000000 ____D C:\WINDOWS\Setup
2018-05-06 22:15 - 2018-04-12 00:38 - 000028672 _____ C:\WINDOWS\system32\config\BCD-Template
2018-05-06 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\WinBioDatabase
2018-05-06 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\spool
2018-05-06 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\AppLocker
2018-05-06 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Help
2018-05-06 22:15 - 2018-04-12 00:38 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2018-05-06 22:15 - 2018-04-09 13:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Power Data Recovery
2018-05-06 22:15 - 2018-04-02 00:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Hearing Test
2018-05-06 22:15 - 2018-02-27 01:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2018-05-06 22:15 - 2018-02-12 14:02 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DB Browser for SQLite
2018-05-06 22:15 - 2018-01-21 15:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSim
2018-05-06 22:15 - 2017-12-30 19:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Force Deleter
2018-05-06 22:15 - 2017-12-26 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2018-05-06 22:15 - 2017-12-26 18:06 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
2018-05-06 22:15 - 2017-12-23 01:09 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
2018-05-06 22:15 - 2017-12-23 01:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2018-05-06 22:15 - 2017-12-23 00:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2018-05-06 22:15 - 2017-11-15 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio
2018-05-06 22:15 - 2017-11-15 15:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2018-05-06 22:15 - 2017-11-14 21:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2018-05-06 22:15 - 2017-11-13 12:48 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-05-06 22:15 - 2017-11-04 13:13 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BOINC
2018-05-06 22:15 - 2017-11-04 13:10 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2018-05-06 22:15 - 2017-11-02 11:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2018-05-06 22:15 - 2017-11-01 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minimal ADB and Fastboot
2018-05-06 22:15 - 2017-11-01 14:05 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\ClockworkMod
2018-05-06 22:15 - 2017-11-01 14:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LGMobile Support Tool
2018-05-06 22:15 - 2017-11-01 12:32 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axantum AxCrypt
2018-05-06 22:15 - 2017-10-31 17:58 - 000000000 ____D C:\WINDOWS\system32\ÿÿo
2018-05-06 22:15 - 2017-10-31 17:58 - 000000000 ____D C:\WINDOWS\system32\14fe4e6e91372817..bin
2018-05-06 22:15 - 2017-10-31 17:58 - 000000000 ____D C:\WINDOWS\system32\
2018-05-06 22:15 - 2017-10-31 17:26 - 000000000 ____D C:\WINDOWS\system32\Catroot2.bak
2018-05-06 22:15 - 2017-09-29 14:46 - 000000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2018-05-06 21:52 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\PrintDialog
2018-05-06 21:34 - 2018-04-11 22:04 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2018-05-06 21:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\Registration
2018-05-06 21:28 - 2018-04-12 00:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-05-06 21:28 - 2018-01-02 00:31 - 000022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2018-05-06 21:22 - 2017-12-23 01:08 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2018-05-06 21:22 - 2017-12-06 20:59 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\XML Notepad 2007
2018-05-06 21:22 - 2017-09-04 01:22 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImDisk
2018-05-06 21:22 - 2017-08-04 09:24 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2018-05-06 21:22 - 2017-05-05 23:45 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PhotoFiltre 7
2018-05-06 21:21 - 2018-02-07 22:12 - 000000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MusicBee
2018-05-06 21:20 - 2018-01-02 00:17 - 000000000 ____D C:\Users\Administrator\AppData\Local\Packages
2018-05-06 21:19 - 2018-04-12 00:38 - 000000000 ____D C:\ProgramData\USOPrivate
2018-05-06 21:18 - 2017-10-31 17:43 - 000000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2018-05-06 18:51 - 2018-04-12 00:38 - 000000000 __RHD C:\Users\Public\Libraries
2018-05-06 18:45 - 2018-01-07 21:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2018-05-06 18:45 - 2017-12-30 15:31 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2018-05-06 18:45 - 2017-10-31 17:43 - 000000000 ____D C:\Program Files\Intel
2018-05-06 18:45 - 2017-10-31 17:43 - 000000000 ____D C:\Program Files\Common Files\ATI Technologies
2018-05-06 18:37 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2018-05-06 18:37 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\et-EE
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\SysWOW64\es-MX
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\et-EE
2018-05-06 18:33 - 2018-04-12 00:38 - 000000000 ____D C:\WINDOWS\system32\es-MX
==================== Files in the root of some directories =======
2018-05-23 08:49 - 2018-05-23 08:49 - 000000046 _____ () C:\Users\Mark\AppData\Roaming\Camdata.ini
2018-05-23 08:49 - 2018-05-23 08:49 - 000000408 _____ () C:\Users\Mark\AppData\Roaming\CamLayout.ini
2018-05-23 08:49 - 2018-05-23 08:49 - 000000408 _____ () C:\Users\Mark\AppData\Roaming\CamShapes.ini
2018-05-23 08:49 - 2018-05-23 08:49 - 000004536 _____ () C:\Users\Mark\AppData\Roaming\CamStudio.cfg
2018-05-23 08:47 - 2018-05-23 08:47 - 000000096 _____ () C:\Users\Mark\AppData\Roaming\version2.xml
Some files in TEMP:
====================
2018-06-03 18:58 - 2018-06-03 18:58 - 040184976 _____ () C:\Users\Mark\AppData\Local\Temp\vlc-3.0.3-win32.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2018-05-06 21:16
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03.06.2018
Ran by Mark (04-06-2018 11:31:52)
Running from C:\Users\Mark\Desktop
Windows 10 Home Version 1803 17134.81 (X64) (2018-05-06 20:35:04)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1836258222-3966296210-172399888-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-1836258222-3966296210-172399888-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-1836258222-3966296210-172399888-1000 - Limited - Enabled) => C:\Users\defaultuser0
Guest (S-1-5-21-1836258222-3966296210-172399888-501 - Limited - Disabled)
Mark (S-1-5-21-1836258222-3966296210-172399888-1001 - Administrator - Enabled) => C:\Users\Mark
WDAGUtilityAccount (S-1-5-21-1836258222-3966296210-172399888-504 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 17.01 beta (x64) (HKLM\...\7-Zip) (Version: 17.01 beta - Igor Pavlov)
7-Zip 18.05 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1805-000001000000}) (Version: 18.05.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 18.4.1 - Advanced Micro Devices, Inc.)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Application Verifier x64 External Package (HKLM\...\{2D7C1671-6F3D-2AA7-DAA3-91C96B60B919}) (Version: 10.1.15063.468 - Microsoft) Hidden
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.14 - Michael Tippach)
Audacity 2.2.2 (HKLM-x32\...\Audacity_is1) (Version: 2.2.2 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version: - )
AxCrypt 1.7.3180.0 (HKLM\...\{302F28C9-8FF9-4941-A8CE-8F35EF7576D6}) (Version: 1.7.3180.0 - Axantum Software AB)
BOINC (HKLM\...\{F1361096-9418-489B-983B-5F8C3972E05E}) (Version: 7.8.3 - Space Sciences Laboratory, U.C. Berkeley)
Cakewalk Home Studio 9 (HKLM-x32\...\Cakewalk Home Studio 9) (Version: - )
Catalyst Control Center Next Localization BR (HKLM\...\{3E245378-BF77-6946-C6F6-096DBE5EAB82}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{A16E186C-58C4-3BDC-5CCE-714EFEF5F27F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization BR (HKLM\...\{E7AA1A02-575C-14C6-FBEF-4BE6D46A5B74}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{45907537-804A-514F-5280-5F4F12A6DCBC}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{E42911E5-48F8-8557-ED20-D72AD1907D25}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{EB6C44F1-0F78-FE10-BC63-90BA50AB0CE9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{962364E4-08BB-347D-32E7-2B789F37BF8A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B26D75B8-FAB7-6F8B-767F-BAF975383D91}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{B4C30EF4-B2C5-1395-B534-7B63BCB6E8E4}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{36EDC500-E4C0-371C-9865-08450415C1E9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{62098A5F-E03B-31A3-5F9C-51A7F7D25744}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{A0407E39-2AA4-60B3-885F-3C5347B6909E}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{0989D0EA-AFF3-5F9A-3D25-20EE133E409B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{1757AD9B-0E3C-05F9-FE43-4343BED7DA85}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{4C2FB7FD-89FD-BA5C-585A-3811F326AD34}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{66B06F29-EE4F-9130-D96A-754826093FEA}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A8689A0F-5928-7300-B82B-C5E85131B7BA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{D74218A3-C503-57EF-AC9F-2220082E7ADE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{76AAF56B-93D8-161D-809A-EC05F3B913DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{821D0A0E-F246-BE40-0D68-93883C14C410}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{DA433FCF-90A1-19A5-65A7-FDF82DE4826D}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{063CED74-F5F0-870E-DC9C-2D78FDEDA3EE}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{88BD74C4-23AB-4554-915C-6E1F0C81F6CD}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{949F125B-A6CC-5A5E-EEE7-4AC50305C1FA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{13BB60AA-88F7-4B1F-2DEC-D81EEDE8B3AA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{20D46801-147B-30AD-7C5A-AC4560A79096}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{A48E2AB0-0866-7783-9657-E1709EB18D02}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{22C39711-2747-D264-319A-1550BEEAAEC6}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{37AA6227-FF2C-95AC-87C0-45DCC0BB87DA}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{E61CEF9A-BAC3-EAEE-F735-E257D2354DF2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{1DBACFDB-5E43-7882-36BD-53526D34BD22}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{DA0326BB-657D-AAFC-752C-363E8FA33755}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{EB328356-1DF0-1CCE-3607-6361DD329219}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{87E6EC29-AEC5-28CB-F773-93EB6C1B8A2B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{A91FC4BF-C1EC-ADCA-79D1-F4F0671F1D60}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{B873A1FB-5EA0-EE5F-A861-1E38880AD08E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{CA55697D-BD74-3ED8-6B21-D7EDAD3B7D02}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{EC9DF9FF-9D75-4CDD-1D58-A2E887B0A42E}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{ED75A775-03A7-F214-868D-497748707968}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{07BFBD5C-2F63-6828-1B61-B41A44113F3B}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{7ABACA7E-6E59-0EF9-8FA3-6B32E5F58127}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{CFC860C8-4F51-E08C-A74C-2E444ED06160}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{3E196AAF-F81C-B384-E2AB-28EE2398FE5F}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{9338D693-38B7-1ED4-9B42-BFA1D5600CCB}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{E6038D3E-5D87-8DF7-6D05-BE7532C3E73E}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{C971C145-258D-6650-7088-13DDB161327A}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DAEFFE0C-CD05-1355-6AFC-7B3D4106A820}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{DFAD9DAC-4768-C8BB-4E0E-5239605A9BEA}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{E392A425-53A7-DF90-96A0-E287A75DD3B2}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{EBA09DAF-14B4-7BE7-676E-6E2FB21EDBDD}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{FFBFBD1F-B160-A119-7C43-8584FA2E5665}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{4D1D5407-9B69-6422-629C-8518A26004A4}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{9AA4DD93-94BF-22EA-C9D2-7084F304A31B}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{D6F47BB4-700A-F612-0671-5F69EA311BB7}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{01FD9A26-3F61-9236-B360-BE5D043D82C0}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{379D900B-A785-6DB0-012E-434356A365B3}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{A8379BAB-59A9-C0A3-8BCC-4852EA403692}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{24DF617A-CD23-6E6A-126B-23630D2781CE}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{366C4FB5-CF6E-258B-418D-E6D29549A278}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{64D4CCC3-63DF-252D-D29D-03491670225D}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{83DDDFD8-AD42-72F9-E4F1-5456FDB304C9}) (Version: 2017.0424.2119.36535 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{8DF90937-B869-9F76-5D45-5A8BDA0A33B6}) (Version: 2017.0922.1659.28737 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{B10089DE-934F-6E0F-683A-B788F89348DF}) (Version: 2016.1121.1657.30480 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.43 - Piriform)
DB Browser for SQLite (HKLM-x32\...\DB Browser for SQLite) (Version: 3.10.1 - DB Browser for SQLite Team)
Elsie (HKLM\...\Elsie) (Version: 2.82 - Tonne Software)
Exact Audio Copy 1.3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.3 - Andre Wiethoff)
f.lux (HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\Flux) (Version: - f.lux Software LLC)
ffdshow v1.2.4499 [2013-01-04] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4499.0 - )
foobar2000 v1.3.17 (HKLM-x32\...\foobar2000) (Version: 1.3.17 - Peter Pawlowski)
Free Download Manager 3.9.7 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Free Hearing Test (HKLM-x32\...\4633-8653-4363-8867) (Version: 1.0 - Free Hearing Test Software)
Google Earth Pro (HKLM\...\{D9EF644E-2FAE-493B-8180-5617CC774C4F}) (Version: 7.3.1.4507 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.2.0.001 - HTC Corporation)
HWiNFO64 Version 5.84 (HKLM\...\HWiNFO64_is1) (Version: 5.84 - Martin Malík - REALiX)
ImDisk Toolkit (HKLM\...\ImDiskApp) (Version: 20170706 - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intellisense Lang Pack Mobile Extension SDK 10.0.15063.0 (HKLM-x32\...\{955DB066-D013-43F3-908C-CBC851E3D4FF}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
Java 8 Update 171 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180171F0}) (Version: 8.0.1710.11 - Oracle Corporation)
Java 8 Update 172 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180172F0}) (Version: 8.0.1720.11 - Oracle Corporation)
Kits Configuration Installer (HKLM-x32\...\{1704C439-1501-3446-7932-33DA822E8597}) (Version: 10.1.15063.468 - Microsoft) Hidden
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version: - )
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
LibreOffice 6.0.4.2 (HKLM\...\{CBC4E8DF-CCBD-4260-A6A5-B682BA706DC4}) (Version: 6.0.4.2 - The Document Foundation)
Malwarebytes version 3.4.5.2467 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.4.5.2467 - Malwarebytes)
Microsoft .NET Framework 4.7 SDK (HKLM-x32\...\{F44081B4-1C8A-49B6-AC6F-2EE5715488AF}) (Version: 4.7.02046 - Microsoft Corporation)
Microsoft .NET Framework 4.7 Targeting Pack (HKLM-x32\...\{CD786942-0D49-4F78-9A04-2EF21175F67E}) (Version: 4.7.02046 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1836258222-3966296210-172399888-500\...\OneDriveSetup.exe) (Version: 17.3.7131.1115 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24123 (HKLM-x32\...\{206898cc-4b41-4d98-ac28-9f9ae57f91fe}) (Version: 14.0.24123.0 - Microsoft Corporation)
Minimal ADB and Fastboot version 1.4.2 (HKLM-x32\...\{1901BAF7-7E78-4041-BC88-D0EE5DD1DFD9}_is1) (Version: 1.4.2 - Sam Rodberg)
MiniTool Power Data Recovery 7.5 (HKLM\...\{E1BCD081-4BF4-4E2F-832A-911EC42EF3C5}_is1) (Version: 7.5 - MiniTool Solution Ltd.)
Mozilla Firefox 60.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 60.0.1 (x64 en-US)) (Version: 60.0.1 - Mozilla)
MSI Development Tools (HKLM-x32\...\{E45B775D-8842-EC86-ED84-B740D52E6462}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
MusicBee 3.1 (HKLM-x32\...\MusicBee) (Version: 3.1 - Steven Mayall)
Oracle VM VirtualBox 5.1.26 (HKLM\...\{11A88BD5-F059-4743-81D9-1432AC9C3D4E}) (Version: 5.1.26 - Oracle Corporation)
PhotoFiltre 7 (HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\PhotoFiltre 7) (Version: - )
Platform (HKLM-x32\...\{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.23.1003.2017 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8186 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
SDK Debuggers (HKLM-x32\...\{8E90E239-34EE-0F5B-24D5-16FA162EF3CB}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1250 - SUPERAntiSpyware.com)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Universal Adb Driver (HKLM-x32\...\{C0E08D8D-6076-4117-B644-2AF34F35B757}) (Version: 1.0.4 - ClockworkMod)
Universal CRT Extension SDK (HKLM-x32\...\{D23DC9CD-5870-9D26-5DE9-6273CAC7DD5B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (HKLM-x32\...\{51523D5B-FC32-CAB4-E54E-E41C0E4C1726}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Redistributable (HKLM-x32\...\{573C4B4F-B9B9-28DA-0243-D118DD3EE574}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (HKLM\...\{3C75FFD3-00CF-1974-2935-7BED20381899}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (HKLM-x32\...\{812954B8-9658-EFE2-FB5F-B422048AA053}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (HKLM-x32\...\{05086CEC-62C1-B12C-2FEC-C58E166FA7E8}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
VdhCoApp 1.1.3 (HKLM\...\weh-iss-net.downloadhelper.coapp_is1) (Version: - DownloadHelper)
VIA Platform Device Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 3.0.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.0 (HKLM\...\VulkanRT1.0.65.0-2) (Version: 1.0.65.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.1.70.0 (HKLM\...\VulkanRT1.1.70.0) (Version: 1.1.70.0 - LunarG, Inc.) Hidden
WinAppDeploy (HKLM-x32\...\{1AD35036-0E71-1C38-E4F8-14F6ED75EA98}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Windows SDK AddOn (HKLM-x32\...\{E1C6F438-7C50-41F5-8B47-3CC96D397CA3}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.15063.468 (HKLM-x32\...\{0a829ae9-ca13-4f58-a168-648e80cf6739}) (Version: 10.1.15063.468 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 35.5.2017.8 - Ruiware)
WinRT Intellisense Desktop - en-us (HKLM-x32\...\{3E1718A0-E5A4-04EB-E85C-DF94790FCCF4}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (HKLM-x32\...\{26FD6F7E-30DF-16AB-9F3B-2EC665C36498}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (HKLM-x32\...\{B3E6FE24-A4E4-0454-5004-D8A3CCC9B0F6}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (HKLM-x32\...\{CC57D696-D6B5-DB4D-7ABC-C373CF7E6D73}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (HKLM-x32\...\{891DDA6A-C9D4-9C57-BC4E-B77CE28BAFC3}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (HKLM-x32\...\{C22B0226-A0C4-B973-C0BF-24A3D66B8C3E}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (HKLM-x32\...\{F3F1C906-9349-1B25-3680-65015218BD99}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (HKLM-x32\...\{CB8253BF-62B4-A504-7E06-BA102F48C02B}) (Version: 10.1.15063.468 - Microsoft Corporation) Hidden
Wise Force Deleter 1.4.6 (HKLM-x32\...\Wise Force Deleter_is1) (Version: 1.4.6 - WiseCleaner.com, Inc.)
WPT Redistributables (HKLM-x32\...\{B322A5E5-3DF9-06B2-5E44-DE2BBF7BD4A6}) (Version: 10.1.15063.468 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{029676E0-068C-9F4B-429E-A09D9EAB3F1E}) (Version: 10.1.15063.468 - Microsoft) Hidden
XML Notepad 2007 (HKLM-x32\...\{FC7BACF0-1FFA-4605-B3B4-A66AB382752D}) (Version: 2.3.0.0 - Microsoft Corporation)
XSim (HKLM-x32\...\{EE4ED614-4A5B-4D70-81A2-002178CCA5C1}_is1) (Version: 1.2.0 - Liberty Instruments, Inc.)
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.3) (Version: 1.3.3 - Xvid Team)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-16] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} => -> No File
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-16] (AVAST Software)
ContextMenuHandlers1: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2016-07-04] (Axantum Software AB)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-16] (AVAST Software)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2018-04-25] (Advanced Micro Devices, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2018-04-30] (Igor Pavlov)
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-05-16] (AVAST Software)
ContextMenuHandlers6: [axcrypt.File] -> {C3DFC144-30F8-4138-81F9-578DBEB9324A} => C:\Program Files\Axantum\AxCrypt\ShellExt.dll [2016-07-04] (Axantum Software AB)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0E37733A-C5E9-4115-9A42-98A5B4CBB41A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {1F2AF1CD-ADC3-4AE7-8D95-A1BE8CFD0087} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [2018-05-31] (AVAST Software)
Task: {31E2D491-90DA-4787-B662-52A8D2C39E84} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [2018-05-24] (Piriform Ltd)
Task: {46B69529-5B6E-4694-9A88-F6A4B094438C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-03] (Google Inc.)
Task: {5605E432-734E-4053-9217-AE276E879C4C} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2018-04-25] (Advanced Micro Devices, Inc.)
Task: {575F52EF-B1E9-46A5-97F5-BECBD617994E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {692FEA4D-F9D0-46C9-A356-EEEFEDFB4893} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1836258222-3966296210-172399888-500 => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
Task: {9CBCB888-9E95-4E5F-B350-E3BAAA79DB4F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2018-05-24] (Piriform Ltd)
Task: {B8B49E4D-2986-4269-A283-FB0E7333C5E0} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-08] (Adobe Systems Incorporated)
Task: {D3523937-2792-4CDF-879B-7296DAF6CB23} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\dvrcmd.exe [2018-04-25] (Advanced Micro Devices, Inc.)
Task: {EA740AC4-8D12-4DF9-A158-E1D2B1C803C1} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-16] (AVAST Software)
Task: {F6CEC753-B0D4-4E0B-A4C2-9E57A2A68583} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2018-01-03] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Mark\Desktop\VideoCleaner - RUN.lnk -> C:\VideoCleaner\Support\VideoCleaner_Reset.bat (No File)
==================== Loaded Modules (Whitelisted) ==============
2018-04-12 00:34 - 2018-04-12 00:34 - 000491744 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 00:34 - 2018-04-12 00:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2018-04-12 00:35 - 2018-04-12 17:17 - 002184704 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-04-24 22:55 - 2018-04-24 22:55 - 000015360 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.DLL
2018-04-24 22:55 - 2018-04-24 22:55 - 002519040 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2013-10-17 17:48 - 2013-10-17 17:48 - 000106496 _____ () C:\PROGRAM FILES\BOINC\zlib1.dll
2017-11-02 11:01 - 2018-03-12 15:09 - 002300192 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\SelfProtectionSdk.dll
2018-05-07 13:27 - 2018-05-07 13:27 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-16 18:24 - 2018-05-16 18:24 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-16 18:24 - 2018-05-16 18:24 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\Users\Mark\Documents\Windows 10 Service Configurations – Black Viper.pdf:$CmdZnID [26]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\download.microsoft.com -> hxxp://download.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\download.windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\download.windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\ntservicepack.microsoft.com -> hxxp://ntservicepack.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\update.microsoft.com -> hxxp://update.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\update.microsoft.com -> hxxps://update.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\windows.com -> hxxp://wustat.windows.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\windowsupdate.com -> hxxp://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\windowsupdate.com -> hxxps://download.windowsupdate.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\windowsupdate.microsoft.com -> hxxp://windowsupdate.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\ws.microsoft.com -> hxxp://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\ws.microsoft.com -> hxxps://ws.microsoft.com
IE trusted site: HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\wustat.windows.com -> hxxp://wustat.windows.com
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2017-10-31 17:26 - 2017-10-31 17:24 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1836258222-3966296210-172399888-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1836258222-3966296210-172399888-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark\Pictures\LG PC Suite\+447940355250\2017-07-01-02-13-15.jpg
HKU\S-1-5-21-1836258222-3966296210-172399888-500\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Warn)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-1836258222-3966296210-172399888-1001\...\StartupApproved\Run: => "DriverMax_RESTART"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [UDP Query User{33A2B545-AFFD-4167-9C15-3B7E635D675C}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{86D1905C-6F4F-4E60-8B2E-5B0CC39D92CE}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [{723F5957-D21B-4D5C-BEE5-5958AE3B52AB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{60A6E42D-6F0D-4B5B-9BF3-75F8154709CE}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5626F27E-F0A5-4183-9598-6DF7CAC206A7}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{0B3B63BD-3EEA-4050-B555-77E8767F7F30}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{3C7D6D07-79C2-468B-83B6-C43BD4B362A4}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{AA8336A8-7983-4696-9281-59FC43C88511}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
FirewallRules: [{A7E1D15C-EACF-4796-8AE4-7DFDDA9E3EB4}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
FirewallRules: [{5BAF73E6-51AE-43BF-9869-894CF57FA3E5}] => (Allow) C:\Program Files\CCleaner\CCUpdate.exe
==================== Restore Points =========================
19-05-2018 18:46:47 Scheduled Checkpoint
23-05-2018 19:00:19 Installed EasyTune
30-05-2018 23:17:44 Scheduled Checkpoint
03-06-2018 23:11:52 Windows Update
==================== Faulty Device Manager Devices =============
Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/04/2018 09:27:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tdsskiller.exe, version: 3.1.0.17, time stamp: 0x566b123a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0xc896ed70
Faulting process ID: 0x17c8
Faulting application start time: 0x01d3fbdde9fbdf71
Faulting application path: C:\Users\Mark\Downloads\Software\tdsskiller.exe
Faulting module path: unknown
Report ID: 6db0e02d-9b3d-407c-8c3b-1e4b6f9187f3
Faulting package full name:
Faulting package-relative application ID:
Error: (06/04/2018 09:25:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tdsskiller_1.exe, version: 3.1.0.9, time stamp: 0x566b123a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0xc896ed70
Faulting process ID: 0x22b8
Faulting application start time: 0x01d3fbdd880653b7
Faulting application path: C:\Users\Mark\Downloads\tdsskiller_1.exe
Faulting module path: unknown
Report ID: 7bec1ca4-bab2-4df5-b204-12b6b629b3c5
Faulting package full name:
Faulting package-relative application ID:
Error: (06/04/2018 09:24:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tdsskiller_2.exe, version: 3.1.0.11, time stamp: 0x566b123a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0xc896ed70
Faulting process ID: 0xf78
Faulting application start time: 0x01d3fbdd80e24c4e
Faulting application path: C:\Users\Mark\Downloads\tdsskiller_2.exe
Faulting module path: unknown
Report ID: 049bf530-f774-4177-87c4-6316646f4958
Faulting package full name:
Faulting package-relative application ID:
Error: (06/04/2018 09:23:48 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: tdsskiller_2.exe, version: 3.1.0.11, time stamp: 0x566b123a
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0xc896ed70
Faulting process ID: 0x1b78
Faulting application start time: 0x01d3fbdd5c82163a
Faulting application path: C:\Users\Mark\Downloads\tdsskiller_2.exe
Faulting module path: unknown
Report ID: adf2f855-713f-484c-ba7d-fc3cffd7a6ae
Faulting package full name:
Faulting package-relative application ID:
Error: (05/31/2018 02:25:11 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL rdyboost. The first four bytes (DWORD) of the Data section contains the Windows error code.
Error: (05/31/2018 02:25:10 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.
Error: (05/23/2018 07:03:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AdjustService.exe, version: 1.0.0.0, time stamp: 0x552cc162
Faulting module name: KERNELBASE.dll, version: 10.0.17134.1, time stamp: 0x149ab0fd
Exception code: 0xe0434352
Fault offset: 0x0010d722
Faulting process ID: 0x1974
Faulting application start time: 0x01d3f2c05a0e7b4c
Faulting application path: C:\Program Files (x86)\Gigabyte\AppCenter\AdjustService.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report ID: d8530b8d-076c-4a1a-a005-c27264bae661
Faulting package full name:
Faulting package-relative application ID:
Error: (05/23/2018 07:03:28 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: AdjustService.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.ComponentModel.Win32Exception
at System.ServiceProcess.ServiceInstaller.RemoveService()
at System.ServiceProcess.ServiceInstaller.Uninstall(System.Collections.IDictionary)
at System.Configuration.Install.Installer.Uninstall(System.Collections.IDictionary)
Exception Info: System.Configuration.Install.InstallException
at System.Configuration.Install.Installer.Uninstall(System.Collections.IDictionary)
at System.Configuration.Install.TransactedInstaller.Uninstall(System.Collections.IDictionary)
at AdjustService.Program.Main(System.String[])
System errors:
=============
Error: (06/04/2018 11:24:34 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/04/2018 11:24:34 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/04/2018 11:24:33 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/04/2018 09:27:38 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/04/2018 09:27:38 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/04/2018 09:27:38 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/04/2018 09:27:38 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-MARK)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{9E175B6D-F52A-11D8-B9A5-505054503030}
and APPID
{9E175B9C-F52A-11D8-B9A5-505054503030}
to the user DESKTOP-MARK\Mark SID (S-1-5-21-1836258222-3966296210-172399888-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (06/03/2018 11:54:58 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Update Orchestrator Service service terminated with the following error:
This operation returned because the timeout period expired.
CodeIntegrity:
===================================
Date: 2018-05-09 13:10:30.564
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.
Date: 2018-05-09 13:10:30.503
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswLog.dll that did not meet the security requirements for Shared Sections.
Date: 2018-05-09 10:53:21.197
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.
Date: 2018-05-09 10:53:21.197
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswLog.dll that did not meet the security requirements for Shared Sections.
Date: 2018-05-09 10:51:26.639
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.
Date: 2018-05-09 10:51:26.639
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswLog.dll that did not meet the security requirements for Shared Sections.
Date: 2018-05-09 10:51:21.397
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\Aavm4h.dll that did not meet the security requirements for Shared Sections.
Date: 2018-05-09 10:51:21.397
Description:
Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\AVAST Software\Avast\AvastSvc.exe) attempted to load \Device\HarddiskVolume4\Program Files\AVAST Software\Avast\aswLog.dll that did not meet the security requirements for Shared Sections.
==================== Memory info ===========================
Processor: Intel® Core i5-4690 CPU @ 3.50GHz
Percentage of memory in use: 24%
Total physical RAM: 16206.17 MB
Available physical RAM: 12192.15 MB
Total Virtual: 32590.17 MB
Available Virtual: 28090.06 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:930.96 GB) (Free:610.93 GB) NTFS
Drive g: (RamDisk) (Fixed) (Total:0.5 GB) (Free:0.48 GB) NTFS
\\?\Volume{d7949d3e-6f51-4101-85b3-b12172bf2db8}\ (Recovery) (Fixed) (Total:0.44 GB) (Free:0.05 GB) NTFS
\\?\Volume{2aa24801-c209-43eb-8f73-c2ea11f7dd13}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Protective MBR) (Size: 931.5 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
I honestly don't know if this is malware or some kind of system glitch but I have received some excellent help from this forum in the past so I hope someone will be able to assist me again, thanks.