Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected Computer - Trojan

Malwares-Trojan-windows probl

  • Please log in to reply

#1
paulpap

paulpap

    Member

  • Member
  • PipPip
  • 18 posts

Hi there,

 

I am not very experienced user. I downloaded a free Malware update trial offer from within my computer it said something like 3.3.1-

This has given me 2 viruses : Packed.Win32.krap.hc and TR/Trash Gen apparently a trojan. It is being quarantined by my free Avira and Kaspersky Tools but I cannot find anything to remove them Avira rescue package does not seem to load and it is blocking attempts to do do but slowing down my system completely..

 

I have  an Acer Inspire Desktop and Windows 8.1.

 

I would really appreciate any help and am sending this from my laptop. Thanksin anticipation

 

Paul Watts


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 


  • 0

#3
paulpap

paulpap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

thanks for the prompt reply I will try this and get back to you.


  • 0

#4
paulpap

paulpap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

 

  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Check the Addition.txt box
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here.
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Hi RK thanks for the advice so far.

 

I think I managed to do that computer is a 64bit.

 

I am going to attach 2 files I hope that will be Ok unless you wanted all the info longhand. (sorry had to do long 50 pages I think.)

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20.06.2018
Ran by Windows 8.1 (administrator) on ACER (10-07-2018 16:42:11)
Running from C:\Users\Windows 8.1\Downloads
Loaded Profiles: Windows 8.1 (Available Profiles: Windows 8.1)
Platform: Windows 10 Pro Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(KeepSolid Inc.) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler64.exe
(AVAST Software) C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Avira Operations Gmbh & Co. KG) C:\Program Files (x86)\Avira\Safe Shopping\Avira Safe Shopping.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\SwReporter\30.160.202\software_reporter_tool.exe
(Google) C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\SwReporter\30.160.202\software_reporter_tool.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-06-22] (AVAST Software)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [98024 2018-07-04] (Avira Operations GmbH & Co. KG)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{05ee6d76-be00-45fc-9229-900927d93e21}: [DhcpNameServer] 10.53.174.34
Tcpip\..\Interfaces\{2ebea07f-435d-4e83-a616-c8ec8aba1999}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{7c59009e-5ea0-4f40-a883-0a691daeb84b}: [DhcpNameServer] 192.168.224.1
Tcpip\..\Interfaces\{bbebb03f-3ba5-42e5-913a-944bee795ee6}: [DhcpNameServer] 10.208.0.1
Tcpip\..\Interfaces\{f91343c4-6f82-49d0-95e9-b82f954b3856}: [DhcpNameServer] 10.200.0.1
 
Internet Explorer:
==================
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2018-01-14] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\IEExt\ie_plugin.dll [2018-01-14] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-26] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: 5geabok7.default-1451838148255-1520428887763
FF ProfilePath: C:\Users\Windows 8.1\AppData\Roaming\Mozilla\Firefox\Profiles\5geabok7.default-1451838148255-1520428887763 [2018-07-01]
FF Extension: (Avast Online Security) - C:\Users\Windows 8.1\AppData\Roaming\Mozilla\Firefox\Profiles\5geabok7.default-1451838148255-1520428887763\Extensions\[email protected] [2018-06-22]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-05-04]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-2532843739-1787431547-1269948887-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_127.dll [2018-06-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_127.dll [2018-06-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-26] (Oracle Corporation)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=3 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-31] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @scout.avira-update.com/Avira Scout Update;version=9 -> C:\Program Files (x86)\Avira\Scout Update\1.3.32.7\npScoutUpdate3.dll [2017-05-31] (Avira Operations GmbH & Co. KG)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.aol.com/"
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default [2018-07-10]
CHR Extension: (Docs) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-31]
CHR Extension: (YouTube) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-31]
CHR Extension: (Avira Password Manager) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-06-24]
CHR Extension: (Follow Feed | Feedly) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccmkbgknapokcjabmiaimipiepgpgbco [2018-01-05]
CHR Extension: (Google Search) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-31]
CHR Extension: (Avast Passwords) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-06-22]
CHR Extension: (Google Docs Offline) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Avast Online Security) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2018-05-02]
CHR Extension: (Pinterest Save Button) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-07-10]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2018-07-10]
CHR Extension: (Save to Feedly Board) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhblphcdjcicefneapkhmleapfaocih [2018-01-05]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2018-07-01]
CHR Extension: (Skype) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-02]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-05-21]
CHR Extension: (Kaspersky Protection) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Buffer) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2018-03-10]
CHR Extension: (Gmail) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-21]
CHR Profile: C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-26]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [880040 2018-07-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [225384 2018-07-10] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [225384 2018-07-10] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1164808 2018-07-10] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7780400 2018-06-22] (AVAST Software)
S2 avast; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-06-22] (AVAST Software)
S3 avastm; C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-05-30] (AVAST Software)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [428072 2018-07-04] (Avira Operations GmbH & Co. KG)
U2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [346528 2018-05-17] (Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [103328 2018-05-24] (Avira Operations GmbH & Co. KG)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2018-01-14] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-27] (AO Kaspersky Lab)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2102248 2017-12-13] (Plex, Inc.)
S2 scupdate; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [114824 2017-05-31] (Avira Operations GmbH & Co. KG)
S3 scupdatem; C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [114824 2017-05-31] (Avira Operations GmbH & Co. KG)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [57160 2018-06-20] (KeepSolid Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 aswArPot; C:\WINDOWS\System32\drivers\aswArPot.sys [197160 2018-06-22] (AVAST Software)
S3 aswbidsdriver; C:\WINDOWS\System32\drivers\aswbidsdrivera.sys [229392 2018-06-22] (AVAST Software)
S3 aswbidsh; C:\WINDOWS\System32\drivers\aswbidsha.sys [201328 2018-06-22] (AVAST Software)
S3 aswblog; C:\WINDOWS\System32\drivers\aswbloga.sys [346664 2018-06-22] (AVAST Software)
S3 aswbuniv; C:\WINDOWS\System32\drivers\aswbuniva.sys [59592 2018-06-22] (AVAST Software)
S3 aswElam; C:\WINDOWS\System32\drivers\aswElam.sys [15360 2018-06-22] (AVAST Software)
R1 aswHdsKe; C:\WINDOWS\System32\drivers\aswHdsKe.sys [239680 2018-06-22] (AVAST Software)
S3 aswHwid; C:\WINDOWS\System32\drivers\aswHwid.sys [46976 2018-06-22] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\System32\drivers\aswMonFlt.sys [159640 2018-06-22] (AVAST Software)
S3 aswRdr; C:\WINDOWS\System32\drivers\aswRdr2.sys [111872 2018-06-22] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\System32\drivers\aswRvrt.sys [85968 2018-06-22] (AVAST Software)
S3 aswSnx; C:\WINDOWS\System32\drivers\aswSnx.sys [1027728 2018-06-22] (AVAST Software)
R1 aswSP; C:\WINDOWS\System32\drivers\aswSP.sys [463080 2018-06-22] (AVAST Software)
S3 aswStm; C:\WINDOWS\System32\drivers\aswStm.sys [211160 2018-06-22] (AVAST Software)
S3 aswVmm; C:\WINDOWS\System32\drivers\aswVmm.sys [381584 2018-06-22] (AVAST Software)
R3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-21] (Qualcomm Atheros Communications, Inc.)
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-08-01] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [179376 2018-07-10] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [169864 2018-07-10] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-08-01] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-08-01] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [38048 2017-08-01] (Avira Operations GmbH & Co. KG)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
S3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [36456 2017-10-31] (The OpenVPN Project)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [120008 2018-05-04] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207560 2018-05-04] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1191616 2018-05-04] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1057992 2018-05-04] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-05-04] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-12-25] (AO Kaspersky Lab)
R3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [236488 2018-05-25] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2018-01-14] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [258864 2018-05-25] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [109248 2018-05-25] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [177848 2018-06-23] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-02-19] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [141000 2018-05-04] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-12-25] (AO Kaspersky Lab)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2017-10-25] (The OpenVPN Project)
R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-12] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
U3 aswbdisk; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-10 16:42 - 2018-07-10 16:43 - 000026913 _____ C:\Users\Windows 8.1\Downloads\FRST.txt
2018-07-10 16:41 - 2018-07-10 16:42 - 000000000 ____D C:\FRST
2018-07-10 16:38 - 2018-07-10 16:41 - 002412544 _____ (Farbar) C:\Users\Windows 8.1\Downloads\FRST64.exe
2018-07-10 16:35 - 2018-07-10 16:35 - 000001189 _____ C:\Users\Public\Desktop\Avira.lnk
2018-07-01 16:22 - 2018-07-01 16:22 - 001898376 _____ C:\Users\Windows 8.1\Downloads\avira_support_collector_en (1).exe
2018-07-01 16:21 - 2018-07-01 16:21 - 001898376 _____ C:\Users\Windows 8.1\Downloads\avira_support_collector_en.exe
2018-07-01 14:56 - 2018-07-01 14:56 - 000001190 _____ C:\Users\Public\Desktop\WD Drive Utilities.lnk
2018-07-01 14:56 - 2018-07-01 14:56 - 000000000 ____D C:\Users\Windows 8.1\AppData\Roaming\Western Digital
2018-07-01 14:55 - 2018-07-01 14:56 - 000000000 ____D C:\Program Files (x86)\Western Digital
2018-07-01 14:55 - 2018-07-01 14:55 - 000002226 _____ C:\Users\Public\Desktop\WD Backup.lnk
2018-07-01 14:55 - 2018-07-01 14:55 - 000001245 _____ C:\Users\Public\Desktop\WD Security.lnk
2018-07-01 14:55 - 2018-07-01 14:55 - 000000000 ____D C:\ProgramData\Western Digital
2018-07-01 14:55 - 2018-07-01 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2018-07-01 14:53 - 2018-07-01 14:53 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\Western Digital
2018-06-25 11:23 - 2018-06-25 11:24 - 000000232 _____ C:\WINDOWS\ntbtlog.txt
2018-06-25 10:38 - 2018-06-25 10:38 - 009497720 _____ (Symantec Corporation) C:\Users\Windows 8.1\Downloads\NPE.exe
2018-06-24 13:01 - 2018-06-24 13:01 - 000000881 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2018-06-24 12:20 - 2018-06-25 10:44 - 000000000 ____D C:\NPE
2018-06-24 12:14 - 2018-06-25 11:07 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\NPE
2018-06-24 12:14 - 2018-06-24 12:15 - 000000000 ____D C:\ProgramData\Norton
2018-06-24 11:37 - 2018-06-24 11:37 - 000000000 ____D C:\MSIaa859.tmp
2018-06-24 10:56 - 2018-06-24 10:56 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\D3DSCache
2018-06-23 16:31 - 2018-06-23 16:31 - 004015977 _____ C:\Users\Windows 8.1\Downloads\sales (1).zip
2018-06-23 16:31 - 2018-06-23 16:31 - 004013995 _____ C:\Users\Windows 8.1\Downloads\squeeze (1).zip
2018-06-23 16:11 - 2018-06-23 16:11 - 000326041 _____ C:\Users\Windows 8.1\Downloads\Membership-6-15-2018.zip
2018-06-23 13:25 - 2018-06-08 21:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-23 13:25 - 2018-06-08 19:06 - 001539488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-06-23 13:25 - 2018-06-08 12:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-23 13:25 - 2018-06-08 11:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-23 13:25 - 2018-06-08 11:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-23 13:25 - 2018-06-08 11:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-23 13:25 - 2018-06-08 11:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-23 13:25 - 2018-06-08 11:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-23 13:25 - 2018-06-08 11:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-23 13:25 - 2018-06-08 11:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-23 13:25 - 2018-06-08 10:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-23 13:25 - 2018-05-20 21:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-23 13:25 - 2018-05-20 18:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-23 13:25 - 2018-05-20 13:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-23 13:25 - 2018-05-20 13:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-23 13:25 - 2018-05-20 13:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-23 13:25 - 2018-05-20 13:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-23 13:25 - 2018-05-20 13:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-23 13:24 - 2018-06-08 21:07 - 002266520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-06-23 13:24 - 2018-06-08 21:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-23 13:24 - 2018-06-08 21:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-23 13:24 - 2018-06-08 20:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-23 13:24 - 2018-06-08 20:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-23 13:24 - 2018-06-08 20:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-23 13:24 - 2018-06-08 20:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-06-23 13:24 - 2018-06-08 20:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-23 13:24 - 2018-06-08 20:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-23 13:24 - 2018-06-08 20:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-23 13:24 - 2018-06-08 18:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-23 13:24 - 2018-06-08 18:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-23 13:24 - 2018-06-08 18:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-23 13:24 - 2018-06-08 18:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-23 13:24 - 2018-06-08 18:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-23 13:24 - 2018-06-08 18:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-23 13:24 - 2018-06-08 12:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-23 13:24 - 2018-06-08 12:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-23 13:24 - 2018-06-08 12:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-23 13:24 - 2018-06-08 12:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-23 13:24 - 2018-06-08 12:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-23 13:24 - 2018-06-08 12:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-23 13:24 - 2018-06-08 11:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-23 13:24 - 2018-06-08 11:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-23 13:24 - 2018-06-08 11:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-23 13:24 - 2018-06-08 11:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-23 13:24 - 2018-06-08 11:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-23 13:24 - 2018-06-08 11:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-23 13:24 - 2018-06-08 11:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-23 13:24 - 2018-06-08 11:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-23 13:24 - 2018-06-08 11:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-23 13:24 - 2018-06-08 11:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-23 13:24 - 2018-06-08 11:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-23 13:24 - 2018-06-08 11:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-23 13:24 - 2018-06-08 11:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-23 13:24 - 2018-06-08 11:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-23 13:24 - 2018-06-08 11:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-23 13:24 - 2018-06-08 11:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-23 13:24 - 2018-06-08 11:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-23 13:24 - 2018-06-08 11:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-23 13:24 - 2018-06-08 11:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-23 13:24 - 2018-06-08 11:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-23 13:24 - 2018-06-08 11:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-23 13:24 - 2018-06-08 11:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-23 13:24 - 2018-06-08 10:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-06-23 13:24 - 2018-06-08 10:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-23 13:24 - 2018-06-08 10:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-23 13:24 - 2018-06-08 10:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-23 13:24 - 2018-06-08 10:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-23 13:24 - 2018-06-08 10:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-23 13:24 - 2018-06-08 10:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-23 13:24 - 2018-06-08 10:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-06-23 13:24 - 2018-06-08 10:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-23 13:24 - 2018-06-08 10:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-23 13:24 - 2018-06-08 10:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-23 13:24 - 2018-06-08 10:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-23 13:24 - 2018-06-08 10:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-23 13:24 - 2018-06-08 10:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-06-23 13:24 - 2018-06-08 10:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-23 13:24 - 2018-06-08 10:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-23 13:24 - 2018-06-08 10:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-23 13:24 - 2018-06-08 10:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-23 13:24 - 2018-06-08 10:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-23 13:24 - 2018-06-06 20:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-23 13:24 - 2018-06-06 06:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-23 13:24 - 2018-05-20 21:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-23 13:24 - 2018-05-20 21:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-23 13:24 - 2018-05-20 21:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-23 13:24 - 2018-05-20 21:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-23 13:24 - 2018-05-20 21:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-23 13:24 - 2018-05-20 20:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-23 13:24 - 2018-05-20 20:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-23 13:24 - 2018-05-20 20:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-23 13:24 - 2018-05-20 19:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-23 13:24 - 2018-05-20 18:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-23 13:24 - 2018-05-20 13:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-23 13:24 - 2018-05-20 13:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-23 13:24 - 2018-05-20 13:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-23 13:24 - 2018-05-20 13:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-23 13:24 - 2018-05-20 13:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-23 13:24 - 2018-05-20 13:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-23 13:24 - 2018-05-20 13:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-23 13:24 - 2018-05-20 13:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-23 13:24 - 2018-05-20 13:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-23 13:24 - 2018-05-20 13:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-23 13:24 - 2018-05-20 13:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-23 13:24 - 2018-05-20 13:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-23 13:24 - 2018-05-20 13:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-23 13:24 - 2018-05-20 13:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-23 13:24 - 2018-05-20 13:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-23 13:24 - 2018-05-20 13:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-23 13:24 - 2018-05-20 13:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-23 13:24 - 2018-05-20 13:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-23 13:24 - 2018-05-20 13:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-23 13:24 - 2018-05-20 13:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-23 13:23 - 2018-06-08 21:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-06-23 13:23 - 2018-06-08 21:07 - 000183712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe
2018-06-23 13:23 - 2018-06-08 21:07 - 000040864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClientPS.dll
2018-06-23 13:23 - 2018-06-08 21:07 - 000019872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVTerminator.dll
2018-06-23 13:23 - 2018-06-08 21:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-23 13:23 - 2018-06-08 21:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-06-23 13:23 - 2018-06-08 21:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-06-23 13:23 - 2018-06-08 20:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-23 13:23 - 2018-06-08 20:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-23 13:23 - 2018-06-08 20:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-23 13:23 - 2018-06-08 20:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-06-23 13:23 - 2018-06-08 20:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-23 13:23 - 2018-06-08 20:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-06-23 13:23 - 2018-06-08 20:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-06-23 13:23 - 2018-06-08 20:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-23 13:23 - 2018-06-08 20:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-06-23 13:23 - 2018-06-08 20:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-23 13:23 - 2018-06-08 20:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-06-23 13:23 - 2018-06-08 20:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-06-23 13:23 - 2018-06-08 20:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-23 13:23 - 2018-06-08 20:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-23 13:23 - 2018-06-08 20:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-23 13:23 - 2018-06-08 20:42 - 000800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2018-06-23 13:23 - 2018-06-08 20:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-06-23 13:23 - 2018-06-08 20:42 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-06-23 13:23 - 2018-06-08 20:42 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-06-23 13:23 - 2018-06-08 20:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-23 13:23 - 2018-06-08 20:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-23 13:23 - 2018-06-08 20:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-23 13:23 - 2018-06-08 20:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-23 13:23 - 2018-06-08 20:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-23 13:23 - 2018-06-08 20:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-06-23 13:23 - 2018-06-08 20:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-06-23 13:23 - 2018-06-08 19:07 - 000148896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
2018-06-23 13:23 - 2018-06-08 19:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-23 13:23 - 2018-06-08 18:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-06-23 13:23 - 2018-06-08 18:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-06-23 13:23 - 2018-06-08 18:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-23 13:23 - 2018-06-08 18:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-23 13:23 - 2018-06-08 18:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-06-23 13:23 - 2018-06-08 18:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-06-23 13:23 - 2018-06-08 18:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-23 13:23 - 2018-06-08 18:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-06-23 13:23 - 2018-06-08 18:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-23 13:23 - 2018-06-08 18:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-23 13:23 - 2018-06-08 18:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-06-23 13:23 - 2018-06-08 18:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-23 13:23 - 2018-06-08 18:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-23 13:23 - 2018-06-08 16:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-23 13:23 - 2018-06-08 16:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-23 13:23 - 2018-06-08 12:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-23 13:23 - 2018-06-08 12:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-23 13:23 - 2018-06-08 12:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-23 13:23 - 2018-06-08 11:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-23 13:23 - 2018-06-08 11:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-23 13:23 - 2018-06-08 11:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-23 13:23 - 2018-06-08 11:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-23 13:23 - 2018-06-08 11:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-23 13:23 - 2018-06-08 11:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-23 13:23 - 2018-06-08 11:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-23 13:23 - 2018-06-08 11:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-06-23 13:23 - 2018-06-08 11:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-23 13:23 - 2018-06-08 11:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-23 13:23 - 2018-06-08 11:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-23 13:23 - 2018-06-08 11:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-23 13:23 - 2018-06-08 11:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-23 13:23 - 2018-06-08 11:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-23 13:23 - 2018-06-08 11:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-06-23 13:23 - 2018-06-08 11:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-23 13:23 - 2018-06-08 11:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-23 13:23 - 2018-06-08 11:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-23 13:23 - 2018-06-08 11:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-23 13:23 - 2018-06-08 11:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-23 13:23 - 2018-06-08 11:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-23 13:23 - 2018-06-08 11:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-23 13:23 - 2018-06-08 11:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-23 13:23 - 2018-06-08 11:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-06-23 13:23 - 2018-06-08 11:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-23 13:23 - 2018-06-08 11:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-06-23 13:23 - 2018-06-08 11:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-23 13:23 - 2018-06-08 11:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-23 13:23 - 2018-06-08 11:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-23 13:23 - 2018-06-08 11:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-23 13:23 - 2018-06-08 11:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-06-23 13:23 - 2018-06-08 11:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-06-23 13:23 - 2018-06-08 11:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-06-23 13:23 - 2018-06-08 11:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-23 13:23 - 2018-06-08 11:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-23 13:23 - 2018-06-08 11:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-23 13:23 - 2018-06-08 11:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-23 13:23 - 2018-06-08 11:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-23 13:23 - 2018-06-08 11:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-23 13:23 - 2018-06-08 11:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-06-23 13:23 - 2018-06-08 11:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-23 13:23 - 2018-06-08 11:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-06-23 13:23 - 2018-06-08 11:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-06-23 13:23 - 2018-06-08 11:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-23 13:23 - 2018-06-08 11:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-23 13:23 - 2018-06-08 11:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-23 13:23 - 2018-06-08 10:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-06-23 13:23 - 2018-06-08 10:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-06-23 13:23 - 2018-06-08 10:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-06-23 13:23 - 2018-06-08 10:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-23 13:23 - 2018-06-08 10:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-23 13:23 - 2018-06-08 10:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-23 13:23 - 2018-06-08 10:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-23 13:23 - 2018-06-08 10:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-23 13:23 - 2018-06-08 10:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-23 13:23 - 2018-06-08 10:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-06-23 13:23 - 2018-06-08 10:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-06-23 13:23 - 2018-06-08 10:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-23 13:23 - 2018-06-08 10:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-06-23 13:23 - 2018-06-08 10:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-23 13:23 - 2018-06-08 10:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-23 13:23 - 2018-06-08 10:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-23 13:23 - 2018-06-08 10:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-06-23 13:23 - 2018-06-08 10:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-06-23 13:23 - 2018-06-08 10:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-06-23 13:23 - 2018-06-08 10:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-06-23 13:23 - 2018-06-08 10:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-23 13:23 - 2018-06-08 10:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-23 13:23 - 2018-06-08 10:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-23 13:23 - 2018-06-08 10:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-23 13:23 - 2018-06-08 10:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-23 13:23 - 2018-06-08 10:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-23 13:23 - 2018-06-08 09:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-23 13:23 - 2018-06-02 01:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-23 13:23 - 2018-06-02 00:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-23 13:23 - 2018-05-25 05:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-06-23 13:23 - 2018-05-20 21:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-23 13:23 - 2018-05-20 21:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-23 13:23 - 2018-05-20 21:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-23 13:23 - 2018-05-20 21:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-23 13:23 - 2018-05-20 21:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-23 13:23 - 2018-05-20 21:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-23 13:23 - 2018-05-20 20:20 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2018-06-23 13:23 - 2018-05-20 20:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-23 13:23 - 2018-05-20 20:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-23 13:23 - 2018-05-20 19:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-23 13:23 - 2018-05-20 18:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-23 13:23 - 2018-05-20 18:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-23 13:23 - 2018-05-20 18:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-23 13:23 - 2018-05-20 16:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-23 13:23 - 2018-05-20 14:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-23 13:23 - 2018-05-20 13:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-23 13:23 - 2018-05-20 13:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-23 13:23 - 2018-05-20 13:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-23 13:23 - 2018-05-20 13:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-23 13:23 - 2018-05-20 13:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-23 13:23 - 2018-05-20 13:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-23 13:23 - 2018-05-20 13:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-23 13:23 - 2018-05-20 13:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-23 13:23 - 2018-05-20 13:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-23 13:23 - 2018-05-20 13:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-23 13:23 - 2018-05-20 13:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-23 13:23 - 2018-05-20 13:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-23 13:23 - 2018-05-20 13:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-23 13:23 - 2018-05-20 13:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-23 13:23 - 2018-05-20 13:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-23 13:23 - 2018-05-20 13:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-23 13:23 - 2018-05-20 13:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-23 13:23 - 2018-05-20 13:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-23 13:23 - 2018-05-20 13:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-23 13:23 - 2018-05-20 13:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-23 13:23 - 2018-05-20 13:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-23 13:23 - 2018-05-20 13:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-23 13:23 - 2018-05-20 13:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-23 13:23 - 2018-05-20 13:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-23 13:23 - 2018-05-20 13:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-23 13:23 - 2018-05-20 13:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-23 13:23 - 2018-05-20 13:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-23 13:23 - 2018-05-20 13:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-23 13:23 - 2018-05-20 13:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-23 13:23 - 2018-05-20 13:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-23 13:23 - 2018-05-20 13:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-23 13:23 - 2018-05-20 13:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-23 13:23 - 2018-05-20 13:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-23 13:23 - 2018-05-20 13:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-23 13:23 - 2018-05-20 13:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-23 13:23 - 2018-05-20 13:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-23 13:23 - 2018-05-20 13:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-23 13:23 - 2018-05-20 13:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-23 13:23 - 2018-05-20 13:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-23 13:23 - 2018-05-20 13:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-23 13:23 - 2018-05-20 13:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-23 13:23 - 2018-05-20 10:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-23 13:23 - 2018-05-18 19:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-06-23 12:57 - 2018-06-23 12:57 - 000099951 _____ C:\Users\Windows 8.1\Desktop\VPN PDF 3.pdf
2018-06-22 13:42 - 2018-06-22 13:40 - 000015360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswElam.sys
2018-06-22 13:41 - 2018-06-22 13:40 - 000378072 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-10 16:42 - 2017-05-31 20:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-07-10 16:40 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-10 16:39 - 2018-05-21 17:02 - 000179376 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2018-07-10 16:39 - 2018-05-21 17:02 - 000169864 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2018-07-10 16:38 - 2018-05-21 18:16 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF1F7207-FAC2-4CBB-B3B9-9B6D553D8F32}
2018-07-10 16:38 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-10 16:36 - 2017-11-29 17:45 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\AVAST Software
2018-07-10 16:35 - 2017-04-02 07:55 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-10 16:33 - 2018-01-15 06:05 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-07-10 16:33 - 2018-01-14 23:02 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-07-10 16:33 - 2014-11-13 04:37 - 000000000 __SHD C:\Users\Windows 8.1\IntelGraphicsProfiles
2018-07-07 11:35 - 2018-05-21 18:16 - 000004264 _____ C:\WINDOWS\System32\Tasks\Avast Emergency Update
2018-07-07 11:35 - 2018-01-14 23:04 - 000001504 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2018-07-06 14:46 - 2018-01-14 23:03 - 000002289 _____ C:\Users\Public\Desktop\Kaspersky Free.lnk
2018-07-06 14:45 - 2018-05-21 18:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-06 14:45 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-06 14:43 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-06 14:43 - 2017-09-02 15:24 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-07-06 14:19 - 2018-05-21 17:49 - 000000000 ____D C:\Users\Windows 8.1
2018-07-06 14:14 - 2018-05-21 17:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-04 16:24 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-04 16:24 - 2016-10-27 22:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-04 16:24 - 2014-11-13 04:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-01 18:34 - 2017-07-08 14:19 - 000000000 ____D C:\Users\Windows 8.1\AppData\LocalLow\Mozilla
2018-07-01 18:34 - 2014-11-13 04:36 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-01 17:29 - 2018-03-05 20:43 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\CrashDumps
2018-07-01 15:29 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Registration
2018-07-01 15:29 - 2014-11-13 04:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-01 15:29 - 2014-11-13 04:34 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-01 15:07 - 2017-07-08 16:53 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\GoToMeeting
2018-06-25 11:57 - 2014-11-13 04:46 - 000000000 ____D C:\Users\Windows 8.1\AppData\Roaming\Skype
2018-06-24 13:17 - 2018-01-26 07:18 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\Packages
2018-06-24 13:12 - 2017-07-31 06:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-24 13:07 - 2018-03-02 18:55 - 000000000 ____D C:\Program Files (x86)\Cheatsheet Generator
2018-06-24 09:09 - 2018-05-21 18:00 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-24 09:06 - 2018-01-26 07:36 - 000000000 ___RD C:\Users\Windows 8.1\3D Objects
2018-06-24 09:06 - 2016-02-13 15:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-24 09:03 - 2018-05-21 17:46 - 000408480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-24 09:02 - 2016-07-26 13:02 - 000000676 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2532843739-1787431547-1269948887-1001.job
2018-06-24 09:02 - 2016-07-26 13:02 - 000000580 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2532843739-1787431547-1269948887-1001.job
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-23 17:11 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-23 17:10 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-23 17:10 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-23 17:10 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-23 17:10 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-23 17:10 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-23 15:28 - 2018-05-25 06:27 - 000177848 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-06-23 14:05 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-23 09:13 - 2018-05-21 18:16 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2532843739-1787431547-1269948887-1001
2018-06-23 09:12 - 2018-05-21 17:49 - 000002385 _____ C:\Users\Windows 8.1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-23 09:12 - 2016-04-08 00:21 - 000000000 ___RD C:\Users\Windows 8.1\OneDrive
2018-06-22 15:50 - 2018-05-21 18:16 - 000003836 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2532843739-1787431547-1269948887-1001
2018-06-22 15:50 - 2018-05-21 18:16 - 000003740 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2532843739-1787431547-1269948887-1001
2018-06-22 13:41 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-22 13:40 - 2018-05-21 17:02 - 000463080 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2018-06-22 13:40 - 2018-05-21 17:02 - 000381584 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2018-06-22 13:40 - 2018-05-21 17:02 - 000211160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2018-06-22 13:40 - 2018-05-21 17:02 - 000197160 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswArPot.sys
2018-06-22 13:40 - 2018-05-21 17:02 - 000159640 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2018-06-22 13:40 - 2018-05-21 17:02 - 000111872 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2018-06-22 13:40 - 2018-05-21 17:02 - 000085968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2018-06-22 13:40 - 2018-05-21 17:02 - 000046976 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2018-06-22 13:39 - 2018-05-21 17:02 - 001027728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2018-06-22 13:39 - 2018-05-21 17:02 - 000346664 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbloga.sys
2018-06-22 13:39 - 2018-05-21 17:02 - 000229392 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsdrivera.sys
2018-06-22 13:39 - 2018-05-21 17:02 - 000201328 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbidsha.sys
2018-06-22 13:39 - 2018-05-21 17:02 - 000059592 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswbuniva.sys
2018-06-22 13:39 - 2018-01-05 20:53 - 000239680 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHdsKe.sys
2018-06-21 13:32 - 2015-05-12 12:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-06-21 13:22 - 2017-05-31 20:44 - 000000000 ____D C:\Program Files (x86)\Avira
2018-06-21 13:07 - 2017-10-12 06:25 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-21 13:07 - 2015-05-12 12:22 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-06-21 12:57 - 2018-05-02 13:36 - 000000000 ____D C:\Program Files (x86)\VPN Unlimited
2018-06-21 12:56 - 2018-05-02 13:36 - 000001140 _____ C:\Users\Public\Desktop\VPN Unlimited.lnk
2018-06-21 12:56 - 2018-05-02 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPN Unlimited
2018-06-21 12:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-21 12:54 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-21 17:46
 
==================== End of FRST.txt ============================
 
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20.06.2018

Ran by Windows 8.1 (10-07-2018 16:44:43)

Running from C:\Users\Windows 8.1\Downloads

Windows 10 Pro Version 1803 17134.112 (X64) (2018-05-21 16:17:40)

Boot Mode: Normal

==========================================================

 

 

==================== Accounts: =============================

 

Administrator (S-1-5-21-2532843739-1787431547-1269948887-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-2532843739-1787431547-1269948887-503 - Limited - Disabled)

Guest (S-1-5-21-2532843739-1787431547-1269948887-501 - Limited - Disabled)

WDAGUtilityAccount (S-1-5-21-2532843739-1787431547-1269948887-504 - Limited - Disabled)

Windows 8.1 (S-1-5-21-2532843739-1787431547-1269948887-1001 - Administrator - Enabled) => C:\Users\Windows 8.1

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}

AV: Kaspersky Free (Enabled - Out of date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}

AS: Kaspersky Free (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

 

==================== Installed Programs ======================

 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

ACDSee Pro 4 (HKLM-x32\...\{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}) (Version: 4.0.237 - ACD Systems International Inc.)

Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.127 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)

AIMP2 (HKLM-x32\...\AIMP2) (Version:  - AIMP DevTeam)

Amazon Kindle (HKU\S-1-5-21-2532843739-1787431547-1269948887-1001\...\Amazon Kindle) (Version:  - Amazon)

Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)

aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)

Avast Pro Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 18.5.2342 - AVAST Software)

Avast Secure Browser (HKLM-x32\...\Avast Secure Browser) (Version: 65.2.491.182 - AVAST Software)

Avira (HKLM-x32\...\{218C5045-A3A1-486C-91F5-A1B4D4772F8D}) (Version: 1.2.116.18787 - Avira Operations GmbH & Co. KG) Hidden

Avira (HKLM-x32\...\{b883705a-0784-4d1e-9766-601e8d66945a}) (Version: 1.2.115.14232 - Avira Operations GmbH & Co. KG)

Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.36.211 - Avira Operations GmbH & Co. KG)

Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.14.1.26975 - Avira Operations GmbH & Co. KG)

Avira Safe Shopping (HKLM-x32\...\{14E3F849-589B-42DB-83C4-D856CFE94BCC}) (Version: 1.0.67.2779 - Avira Operations Gmbh & Co. KG)

Avira Safe Shopping (HKLM-x32\...\{9158dccb-03a7-493c-b07e-f47b9784425c}) (Version: 1.0.65.2672 - Avira Operations Gmbh & Co. KG) Hidden

Avira Scout (HKLM-x32\...\Avira Scout) (Version: 17.6.3071.2851 - Avira Operations GmbH & Co. KG)

Avira Software Updater (HKLM-x32\...\{E47D0BE2-95DF-422B-AD01-5C8A184C239A}) (Version: 2.0.5.32390 - Avira Operations GmbH & Co. KG)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Cheatsheet Generator (HKLM-x32\...\{9162E8BE-57E7-4B23-95CC-44BB5CFBB405}) (Version: 1.0.0 - Dirk Wagner)

CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1129 - CyberLink Corp.)

EditPad Lite 7.6.3 (HKLM\...\EditPad Lite) (Version: 7.6.3 - Just Great Software)

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)

Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden

Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.24.7 - Google Inc.) Hidden

GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)

GoToMeeting 8.29.1.8953 (HKU\S-1-5-21-2532843739-1787431547-1269948887-1001\...\GoToMeeting) (Version: 8.29.1.8953 - LogMeIn, Inc.)

Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)

iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)

Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)

Kaspersky Free (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden

Kaspersky Free (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)

Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden

Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)

Kaspersky Software Updater (HKLM-x32\...\{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab) Hidden

Kaspersky Software Updater (HKLM-x32\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab)

Keyword Research Ninja 1.0 (HKU\S-1-5-21-2532843739-1787431547-1269948887-1001\...\968efe0ce29a96a9) (Version: 1.0.0.6 - Binary Pros)

Keyword Researcher Pro version 11.031 (HKLM-x32\...\Keyword Researcher Pro_is1) (Version: 11.031 - Clever Gizmos)

Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-2532843739-1787431547-1269948887-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)

Mozilla Firefox 60.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 60.0.2 (x86 en-US)) (Version: 60.0.2 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0 - Mozilla)

Nero 8 Lite 8.3.2.1 (HKLM-x32\...\Nero8Lite_is1) (Version: 8.3.2.1 - Updatepack.nl)

PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )

Plex Media Server (HKLM-x32\...\{2fb84613-d20f-4778-8955-66178d5dee6f}) (Version: 1.10.1.4602 - Plex, Inc.)

Plex Media Server (HKLM-x32\...\{CB3C17B5-1DE6-4D78-9447-38C6F1277A2A}) (Version: 1.10.1602 - Plex, Inc.) Hidden

Quintura Search™ (HKLM-x32\...\Quintura Search™_is1) (Version:  - Quintura Inc)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)

Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)

Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)

SmartFTP Client (HKLM\...\{AF155B47-DEA7-4C29-9260-44D0CDBE2DAC}) (Version: 9.0.2558.0 - SmartSoft Ltd.)

Stopping Plex (HKLM-x32\...\{5E4EA395-F2C2-4A16-A4C7-99897E1859F2}) (Version: 1.10.1602 - Plex, Inc.) Hidden

TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )

TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)

Text Formatter Plus version 1.2.15 (HKLM-x32\...\Text Formatter Plus_is1) (Version: 1.2.15.481 - )

The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)

Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)

VPN Unlimited 4.23 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 4.23 - KeepSolid Inc.)

WD Backup (HKLM-x32\...\{46162462-824f-4ea9-a312-38841e3dab7d}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc.)

WD Backup (HKLM-x32\...\{9669966E-5595-4820-A879-DD48B3DF05BF}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc) Hidden

WD Drive Utilities (HKLM-x32\...\{06628A2D-167D-4F5E-8C98-60CFA0B161D1}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden

WD Drive Utilities (HKLM-x32\...\{7c73600b-2542-4641-a960-74bed274be03}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)

WD Security (HKLM-x32\...\{A2D70EE4-2462-4F04-9955-5761E3F3F47A}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden

WD Security (HKLM-x32\...\{f1fc402c-35fd-40c0-97e4-5bee07891caf}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)

WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

 

==================== Custom CLSID (Whitelisted): ==========================

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

CustomCLSID: HKU\S-1-5-21-2532843739-1787431547-1269948887-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Windows 8.1\AppData\Local\GoToMeeting\8679\G2MOutlookAddin64.dll (LogMeIn, Inc.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-22] (AVAST Software)

ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2018-02-21] (SmartSoft Ltd.)

ContextMenuHandlers1-x32: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP2\System\aimp_shell.dll [2009-03-06] (AIMP DevTeam)

ContextMenuHandlers1-x32: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-22] (AVAST Software)

ContextMenuHandlers1-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-05-04] (AO Kaspersky Lab)

ContextMenuHandlers1-x32: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-07-10] (Avira Operations GmbH & Co. KG)

ContextMenuHandlers1-x32: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2018-02-21] (SmartSoft Ltd.)

ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-05-04] (AO Kaspersky Lab)

ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-22] (AVAST Software)

ContextMenuHandlers4-x32: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP2\System\aimp_shell.dll [2009-03-06] (AIMP DevTeam)

ContextMenuHandlers4-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-05-04] (AO Kaspersky Lab)

ContextMenuHandlers4-x32: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2018-02-21] (SmartSoft Ltd.)

ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File

ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)

ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2017-10-20] (Intel Corporation)

ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-06-22] (AVAST Software)

ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-05-04] (AO Kaspersky Lab)

ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2018-07-10] (Avira Operations GmbH & Co. KG)

ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)

ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)

 

==================== Scheduled Tasks (Whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

Task: {01104BE2-E826-47D9-A0C1-0F6BDF2C5457} - System32\Tasks\G2MUploadTask-S-1-5-21-2532843739-1787431547-1269948887-1001 => C:\Users\Windows 8.1\AppData\Local\GoToMeeting\8953\g2mupload.exe [2018-06-22] (LogMeIn, Inc.)

Task: {0767E7B9-E7ED-490A-A27A-C31E81DBA13B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {0AB19FFD-0E23-4C5D-A92C-445606B911F8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {0C1E128E-C3EC-4E44-918E-AFD698ADFE62} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {105D92BE-57C9-4F71-8947-D504805B40B5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {135B5AD9-F08A-4DC6-99C0-76AA54B4FCA9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {1565C6BC-7205-4FDE-9B20-284B6E6D02A0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)

Task: {1C2087FA-6A90-484D-8245-3BCD643368B2} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-30] (AVAST Software)

Task: {1F43B04F-F5E1-4AC9-A7D0-4060F2FA0E4F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe

Task: {209E1AB0-37B6-43BF-91EC-B501C8157A99} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2018-07-10] (Avira Operations GmbH & Co. KG)

Task: {22DB4ADD-7C43-4732-9B60-C3216AA78D31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.)

Task: {29185AFF-E037-403A-B6E9-E5CD482658D0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {2B1F5448-C3C2-4CA3-84E9-C085F869C7C2} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe

Task: {2B538013-D916-49FC-BEB8-9495AB3B78A8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe

Task: {365A0740-5244-4C26-AB61-C6412B3AF2EA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {380D68CE-4C41-42B2-B306-EB7B97439892} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION

Task: {3AE536C3-125D-4430-AB6C-BB438195B30D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {42E5C629-49D9-4F17-9660-BFD984E45906} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {469CF64D-3483-4B94-AE62-BAD4B625F5FB} - System32\Tasks\AviraScoutUpdateTaskMachineCore => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-05-31] (Avira Operations GmbH & Co. KG)

Task: {4C48EB88-FB0A-46E0-ABDC-F33053084296} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {4F85CDAC-8774-4494-A395-9177EF7F4DAE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {539CB3BB-2503-4902-AE92-00669E872E93} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {57547FEA-B434-4891-BC46-5A4C82D9B515} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {5A4036D5-9298-47C5-88EE-B4CD81BA368B} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-05-30] (AVAST Software)

Task: {5B700546-3C98-4CD2-92DE-98E8B255BAF3} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {5BCC4875-0BC3-4427-9553-DC6ABED35042} - System32\Tasks\G2MUpdateTask-S-1-5-21-2532843739-1787431547-1269948887-1001 => C:\Users\Windows 8.1\AppData\Local\GoToMeeting\8953\g2mupdate.exe [2018-06-22] (LogMeIn, Inc.)

Task: {60CDD4FB-B8C7-4468-96AC-EC166107F7A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION

Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()

Task: {6925EB8A-628A-4657-8AFB-944817CB4A8C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe

Task: {71034660-50A2-4970-ADE5-008859CE5695} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {7C9493D5-AFF1-4EA5-B352-36F2B95BBAC8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {832EF2F4-CAFA-4E01-869A-6BD6BE299363} - System32\Tasks\Avira\Safe Shopping\Check => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe [2018-06-13] (Avira Operations Gmbh & Co. KG)

Task: {838CA0BC-AE2C-4114-B022-C4A0DB9C7983} - System32\Tasks\Avira\Safe Shopping\Launch => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe [2018-06-13] (Avira Operations Gmbh & Co. KG)

Task: {89144CC1-ADDD-49CE-8091-FB12277CC68B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-09] ()

Task: {8B2E515B-0058-4CE1-B62A-8618EC564C8B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {8F5FC3D1-59AF-4C35-AD80-65DB7F485CC2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe

Task: {99E91C2F-367E-411B-9A75-90D0420F94D5} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()

Task: {9A50EE89-162C-45C2-A2A2-1304ADF2602C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {A66F5977-940E-4ACC-AB90-1F8AA6295F6A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {AF89AACD-A56A-49F1-BF32-C89914A6C314} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION

Task: {B0B5C66F-8130-4654-93A3-FA0CA43F6854} - System32\Tasks\{784D683C-8945-4E08-B9C9-627735EF2AA8} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.0.0.120/en/go/help.faq.installer?LastError=1618

Task: {B168F4BD-1DBF-438A-862A-7CC29360936F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION

Task: {B7105996-EDC0-4CC4-B8CA-B4124737B886} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {BD5505FA-183E-405D-B402-005A312352ED} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {C3199D72-D0D9-4B6F-BA0F-35F352CC2123} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-22] (AVAST Software)

Task: {C36CBCA7-993F-4AD2-9175-60D5C10A10D2} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe

Task: {C783F796-C9D5-4A6B-A372-F4383F69674A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-21] (Adobe Systems Incorporated)

Task: {CEF95507-C8DC-4C47-ADD3-C6A09E886EC8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {CEFBD034-040F-4668-92F5-3BA2125D3D42} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {D234E7AC-8E13-432C-ABF9-EB818D9923D0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {D77658ED-7240-4024-933C-802A9369BB94} - System32\Tasks\Avira\Safe Shopping\Update => C:\Program Files (x86)\Avira\Safe Shopping\Updater\Updater.exe [2018-06-13] (Avira Operations Gmbh & Co. KG)

Task: {D79F7B71-FD28-4311-8B6D-D99518A7E4D1} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe

Task: {E64C0754-61F8-4F57-B846-5206EE49375A} - System32\Tasks\AviraScoutUpdateTaskMachineUA => C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe [2017-05-31] (Avira Operations GmbH & Co. KG)

Task: {E7794DEA-0AA2-4F42-A300-ED9DEBD63BF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.)

Task: {EDEDDBA4-9432-4BB9-85C6-97AE7745998D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe

Task: {F2BFB135-DCCF-4177-8AC8-7432571C14FA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

Task: {F4019B4B-F5E9-400C-AA81-E0F11A5675B2} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-06-22] (AVAST Software)

Task: {F9EDBEA4-6A76-4C80-95C6-953297EB0BC3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe

 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

 

Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2532843739-1787431547-1269948887-1001.job => C:\Users\Windows 8.1\AppData\Local\GoToMeeting\8953\g2mupdate.exe

Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2532843739-1787431547-1269948887-1001.job => C:\Users\Windows 8.1\AppData\Local\GoToMeeting\8953\g2mupload.exe

 

==================== Shortcuts & WMI ========================

 

(The entries could be listed to be restored or removed.)

 

 

==================== Loaded Modules (Whitelisted) ==============

 

2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll

2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2017-10-20 17:42 - 2017-10-20 17:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe

2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll

2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll

2018-06-23 13:24 - 2018-06-08 10:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2018-06-21 13:35 - 2018-06-21 13:36 - 000062464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll

2018-06-21 13:35 - 2018-06-21 13:36 - 000093696 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11805.1001.42.0_x64__8wekyb3d8bbwe\WinStore.Preview.dll

2018-07-01 14:59 - 2018-07-01 14:59 - 027126784 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe

2018-07-01 14:59 - 2018-07-01 14:59 - 000306176 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\SharedUI.dll

2018-07-01 14:59 - 2018-07-01 14:59 - 006735872 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntCommon.dll

2017-09-26 14:11 - 2017-09-26 14:11 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll

2018-07-01 14:59 - 2018-07-01 14:59 - 009360384 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18052.10711.0_x64__8wekyb3d8bbwe\EntPlat.dll

2018-05-23 06:45 - 2018-05-23 06:53 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeHost.exe

2018-05-23 06:45 - 2018-05-23 06:53 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll

2018-05-23 06:45 - 2018-05-23 06:55 - 022374400 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\SkyWrap.dll

2018-05-23 06:45 - 2018-05-23 06:53 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\skypert.dll

2018-05-23 06:45 - 2018-05-23 06:47 - 000654848 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll

2018-07-01 15:29 - 2018-06-22 21:15 - 004608856 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libglesv2.dll

2018-07-01 15:29 - 2018-06-22 21:15 - 000099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\67.0.3396.99\libegl.dll

2018-06-22 13:40 - 2018-06-22 13:40 - 000483544 _____ () c:\program files\avast software\avast\streamback.dll

2018-07-06 14:16 - 2018-07-06 14:16 - 005843088 _____ () c:\program files\avast software\avast\defs\18070604\algo.dll

2018-06-22 13:40 - 2018-06-22 13:40 - 000928984 _____ () C:\Program Files\AVAST Software\Avast\anen.dll

2018-06-22 13:39 - 2018-06-22 13:39 - 000532696 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll

2018-06-22 13:39 - 2018-06-22 13:39 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll

2018-06-22 13:39 - 2018-06-22 13:39 - 000985304 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll

2018-07-07 11:35 - 2018-07-07 11:35 - 005843088 _____ () c:\program files\avast software\avast\defs\18070700\algo.dll

2018-07-10 16:37 - 2018-07-10 16:37 - 005841040 _____ () c:\program files\avast software\avast\defs\18071002\algo.dll

2018-01-14 23:03 - 2018-01-14 23:03 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\kpcengine.2.3.dll

2017-12-13 06:18 - 2017-12-13 06:18 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll

2017-12-13 06:18 - 2017-12-13 06:18 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll

2018-05-02 13:36 - 2018-06-20 16:21 - 002713928 _____ () C:\Program Files (x86)\VPN Unlimited\vpnu_private_sdk.dll

2014-11-13 04:32 - 2013-09-16 06:19 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2018-03-03 03:43 - 2018-03-03 03:43 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

2018-06-22 13:39 - 2018-06-22 13:39 - 000282840 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll

 

==================== Alternate Data Streams (Whitelisted) =========

 

(If an entry is included in the fixlist, only the ADS will be removed.)

 

AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [135]

 

==================== Safe Mode (Whitelisted) ===================

 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

 

==================== Association (Whitelisted) ===============

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

 

==================== Internet Explorer trusted/restricted ===============

 

(If an entry is included in the fixlist, it will be removed from the registry.)

 

 

==================== Hosts content: ===============================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2018-04-12 01:38 - 2018-06-24 13:01 - 000000054 _____ C:\WINDOWS\system32\Drivers\etc\hosts

 

127.0.0.1       localhost

 

==================== Other Areas ============================

 

(Currently there is no automatic fix for this section.)

 

HKU\S-1-5-21-2532843739-1787431547-1269948887-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg

DNS Servers: 192.168.1.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)

Windows Firewall is enabled.

 

==================== MSCONFIG/TASK MANAGER disabled items ==

 

 

==================== FirewallRules (Whitelisted) ===============

 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

FirewallRules: [{6FD63570-87E8-4CFE-88F8-355C4502D834}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe

FirewallRules: [{4CFB409B-7269-4B9F-ADC8-031144250979}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe

FirewallRules: [{FC510B93-C39A-479C-BCD3-8DAC3F2AC1A7}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe

FirewallRules: [{22380941-7C75-408B-A912-D576F75C1B03}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe

FirewallRules: [{CA9FFB8F-E137-4DCB-B3A1-DDDBAF380DC1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{39364F75-156A-4A83-B0C4-06D1C5279A7A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{28D50727-B3DE-4525-8BF0-7C3BBF156545}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{DD72A4EC-C663-49CA-87A7-633122F79D70}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe

FirewallRules: [{8A6FAF1F-3033-495E-A5A5-94B035B808FC}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe

FirewallRules: [{58F1736C-98A8-4EDC-BDD0-225AAF48CAC2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe

FirewallRules: [{896B5063-8CF8-400F-A421-24FD48C6FC60}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe

FirewallRules: [{DA9CDB59-842B-4F3E-98E8-901ECCB43030}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

FirewallRules: [{9A913261-18CC-4E63-BB10-54562EDA5B4D}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe

FirewallRules: [{4F92E996-31EB-4741-A513-C229A5032DFA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

FirewallRules: [{AC53F1F2-D3D8-4A1E-BFAE-8EE394891C49}] => (Allow) C:\Program Files (x86)\Avira\Scout\Application\scout.exe

FirewallRules: [{E6D437C9-69EF-4D0D-9A87-B178DB179358}] => (Block) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{2F1B0DA8-F142-4374-9AA5-F2E2D7C56D32}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [TCP Query User{A4D2689F-A120-4D01-8358-2CB5A35DFEFE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{5A27FD79-EE0C-45F6-9B57-D1E0D71A46E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{270F5697-7780-453B-A3B1-2A4FAE841CE7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

FirewallRules: [{E760A935-E49D-4699-90D5-F8D7D2BD4877}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe

FirewallRules: [{4D902E10-EE42-463A-8D93-DC2EC67E1DED}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe

FirewallRules: [{6BDCE66F-C8AD-4A5D-9393-C21CF4B7A508}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{4978F1FB-F13E-4B1C-B77B-A2ADAF487C4B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{AC14CBED-3B78-4030-931C-C51C366BE795}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{9DA759AA-879F-49BF-8F43-7F725BA82B23}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{D70474DD-FCDD-4B79-BBCA-73D640FC53B9}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{5F5F8846-590D-4AB1-BB25-66A058B3399B}] => (Allow) C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe

FirewallRules: [{E455205C-60BC-4D9E-9ECC-312E420324DA}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe

FirewallRules: [{FA1B642F-C8EC-4562-B55C-52F240D435B4}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe

FirewallRules: [{7BDFB8E6-10AB-4D41-A32A-A4A30D69CC65}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

FirewallRules: [{4BC4B012-281A-4884-84B4-5557646398BB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe

FirewallRules: [{2DA66643-3E3E-4D61-AA21-BBE12BE4EFF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Restore Points =========================

 

24-06-2018 11:12:47 Restore Operation

01-07-2018 14:49:11 Windows Update

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (07/10/2018 04:39:24 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)

Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

 

Error: (07/10/2018 04:38:16 PM) (Source: Windows Search Service) (EventID: 3100) (User: )

Description: Unable to initialize the filter host process. Terminating.

 

Details:

                This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

 

Error: (07/10/2018 04:37:12 PM) (Source: SideBySide) (EventID: 78) (User: )

Description: Activation context generation failed for "C:\Program Files (x86)\Nero\Nero Toolkit\Nero DiscSpeed\DiscSpeed.exe".Error in manifest or policy file "" on line .

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.112_none_fb3f961b30681c12.manifest.

Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17134.112_none_42ecccf244e44518.manifest.

 

Error: (07/10/2018 04:36:32 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)

Description: Product: Google Update Helper -- Error 1316. The specified account already exists.

 

Error: (07/10/2018 04:33:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Local Hostname acer.local already in use; will try acer-2.local instead

 

Error: (07/10/2018 04:33:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   16 acer.local. AAAA FE80:0000:0000:0000:9104:0528:8904:E324

 

Error: (07/10/2018 04:33:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:9104:0528:8904:E324:5353   16 acer.local. AAAA FD0C:8FFF:0438:4300:9104:0528:8904:E324

 

Error: (07/10/2018 04:33:23 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Ignoring response received before we even began probing:   16 acer.local. AAAA FE80:0000:0000:0000:9104:0528:8904:E324

 

 

System errors:

=============

Error: (07/10/2018 04:37:25 PM) (Source: DCOM) (EventID: 10016) (User: acer)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user acer\Windows 8.1 SID (S-1-5-21-2532843739-1787431547-1269948887-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (07/10/2018 04:33:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (07/07/2018 11:34:52 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID

{D63B10C5-BB46-4990-A94F-E40B9D520160}

 and APPID

{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}

 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

 

Error: (07/06/2018 02:46:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the UnistoreSvc_4f430 service to connect.

 

Error: (07/06/2018 02:46:25 PM) (Source: DCOM) (EventID: 10010) (User: acer)

Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

 

Error: (07/06/2018 02:46:24 PM) (Source: DCOM) (EventID: 10010) (User: acer)

Description: The server {2593F8B9-4EAF-457C-B68A-50F6B8EA6B54} did not register with DCOM within the required timeout.

 

Error: (07/06/2018 02:46:22 PM) (Source: DCOM) (EventID: 10010) (User: acer)

Description: The server {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} did not register with DCOM within the required timeout.

 

Error: (07/06/2018 02:46:19 PM) (Source: DCOM) (EventID: 10001) (User: acer)

Description: Unable to start a DCOM Server: microsoft.windowscommunicationsapps_17.9330.21365.0_x64__8wekyb3d8bbwe!microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca as Unavailable/Unavailable. The error:

"298"

Happened while starting this command:

"C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.9330.21365.0_x64__8wekyb3d8bbwe\HxTsr.exe" -ServerName:Hx.IPC.Server

 

 

==================== Memory info ===========================

 

Processor: Intel® Core™ i3-4150 CPU @ 3.50GHz

Percentage of memory in use: 76%

Total physical RAM: 3905.45 MB

Available physical RAM: 929.01 MB

Total Virtual: 7105.45 MB

Available Virtual: 3690.04 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:150.03 GB) (Free:92.76 GB) NTFS

Drive d: () (Fixed) (Total:775.39 GB) (Free:773.67 GB) NTFS

 

\\?\Volume{1b840bf1-6adc-11e4-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS

\\?\Volume{6605892c-6adc-11e4-8250-448a5ba1179d}\ (HPASERVICE) (Fixed) (Total:5.75 GB) (Free:0.85 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CEF0B7F9)

Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=775.4 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=5.8 GB) - (Type=27)

 

==================== End of Addition.txt ============================

 

Thanks very much again

 

Paul

 
 

 

 

 

 


  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You have three anti-virus programs.  You should only have one.  I assume they are all free versions so for now uninstall Avira and Avast so they don't fight each other. 

 

Also uninstall broken programs:

 

Bonjour

 

Nero 8 lite.

 

The only thing I see that looks suspicious is

 

Task: {F2BFB135-DCCF-4177-8AC8-7432571C14FA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

 

AutoKMS is used to extend the trial period of Windows and Office indefinitely. 

 

Following is a fairly good explanation of how it works even if they can't spell Trojan:

 

What is AutoKMS.exe and how to remove it What it is and how it works

AutoKMS virus is not a virus per se, it’s more of a hack tool. Most of the time users download it intentionally in order to crack or activate unregistered Microsoft products, and there so, bypass the security measures and avoid payment. AutoKMS is graded as a low or medium threat, but, most of the time, the unregistered software that comes with it is the real threat, like Troyan virus.

On the other hand, it’s still an illegal third-party tool, so you can never be sure what you’re looking at. Since it connects to the remote host, there is a dozen of unwanted scenarios. It can grant access to hackers or download malicious software and much more. Some Microsoft technicians claim that AutoKMS is a variation of Troyan virus, but we won’t go that far. Simply because you can uninstall it anytime, and that’s just not the case with Troyan viruses.

Now, you might ask how it works. Basically, once you’ve downloaded a pirated version of, let’s say, Microsoft Office 2016, you’ll need AutoKMS to activate it. You’ll be advised to disable the antivirus, and that’s not a smart thing to do.

The tool can run in the background with the portable version or it can be installed just like any other application. It connect’s to remote servers to mimic Microsoft’s KMS Activation process. Then, it activates your license for up to 180 days. After expiration, you need to run it again and, voila, you’ll get a new license for 180 days.

It sounds great but it’s not. For various reasons. First, pirated versions of Windows or MS Office are not safe to use. Most of them might serve as a testing ground but not much more. Second, large installation packages are heaven for hackers, where they can tamper with files and add whatever they want.

Additionally, if you use AutoKMS with original Microsoft products, there’s a great chance that things will go south for you. Due to security measures, the whole structure can crash or substantially drop in performance. Therefore, we advise you to remove it as soon as possible.

How to remove AutoKMS

As we already stated above, you can simply uninstall it. Navigate to Control Panel and remove it just like any other application. If you’re not sure how to do it, follow the instructions below:

In the Search bar, type Control and open Control Panel.

  1. In the Category view, click on Uninstall a program.
  2. Find AutoKMS and uninstall it.
  3. Remove the downloaded installation files.

 

Above from: https://windowsrepor...utokms-malware/

 

Many anti-viruses will flag it.  See:

 

https://www.virustot...4a688/analysis/

 

We're not supposed to work on pirated software so you will have to remove it before we can go further.  I don't see it listed in your Installed Programs so it may be leftover.  Search for:

 

task scheduler

hit Enter

 

Click on Task Scheduler Library.  In the pane to the right look for:

{F2BFB135-DCCF-4177-8AC8-7432571C14FA}

or AutoKMS.

 

Right click and Delete.

 

Also delete the file:

 

C:\Windows\AutoKMS\AutoKMS.exe

and the folder

 

C:\Windows\AutoKMS

 

Then (after also uninstalling your extra anti-viruses and the two bad programs) reboot and run FRST again as before.  Post both logs.


  • 0

#6
paulpap

paulpap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

You have three anti-virus programs.  You should only have one.  I assume they are all free versions so for now uninstall Avira and Avast so they don't fight each other. 

 

Also uninstall broken programs:

 

Bonjour

 

Nero 8 lite.

 

The only thing I see that looks suspicious is

 

Task: {F2BFB135-DCCF-4177-8AC8-7432571C14FA} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe

 

AutoKMS is used to extend the trial period of Windows and Office indefinitely. 

 

Following is a fairly good explanation of how it works even if they can't spell Trojan:

 

What is AutoKMS.exe and how to remove it What it is and how it works

AutoKMS virus is not a virus per se, it’s more of a hack tool. Most of the time users download it intentionally in order to crack or activate unregistered Microsoft products, and there so, bypass the security measures and avoid payment. AutoKMS is graded as a low or medium threat, but, most of the time, the unregistered software that comes with it is the real threat, like Troyan virus.

On the other hand, it’s still an illegal third-party tool, so you can never be sure what you’re looking at. Since it connects to the remote host, there is a dozen of unwanted scenarios. It can grant access to hackers or download malicious software and much more. Some Microsoft technicians claim that AutoKMS is a variation of Troyan virus, but we won’t go that far. Simply because you can uninstall it anytime, and that’s just not the case with Troyan viruses.

Now, you might ask how it works. Basically, once you’ve downloaded a pirated version of, let’s say, Microsoft Office 2016, you’ll need AutoKMS to activate it. You’ll be advised to disable the antivirus, and that’s not a smart thing to do.

The tool can run in the background with the portable version or it can be installed just like any other application. It connect’s to remote servers to mimic Microsoft’s KMS Activation process. Then, it activates your license for up to 180 days. After expiration, you need to run it again and, voila, you’ll get a new license for 180 days.

It sounds great but it’s not. For various reasons. First, pirated versions of Windows or MS Office are not safe to use. Most of them might serve as a testing ground but not much more. Second, large installation packages are heaven for hackers, where they can tamper with files and add whatever they want.

Additionally, if you use AutoKMS with original Microsoft products, there’s a great chance that things will go south for you. Due to security measures, the whole structure can crash or substantially drop in performance. Therefore, we advise you to remove it as soon as possible.

How to remove AutoKMS

As we already stated above, you can simply uninstall it. Navigate to Control Panel and remove it just like any other application. If you’re not sure how to do it, follow the instructions below:

In the Search bar, type Control and open Control Panel.

  1. In the Category view, click on Uninstall a program.
  2. Find AutoKMS and uninstall it.
  3. Remove the downloaded installation files.

 

Above from: https://windowsrepor...utokms-malware/

 

Many anti-viruses will flag it.  See:

 

https://www.virustot...4a688/analysis/

 

We're not supposed to work on pirated software so you will have to remove it before we can go further.  I don't see it listed in your Installed Programs so it may be leftover.  Search for:

 

task scheduler

hit Enter

 

Click on Task Scheduler Library.  In the pane to the right look for:

{F2BFB135-DCCF-4177-8AC8-7432571C14FA}

or AutoKMS.

 

Right click and Delete.

 

Also delete the file:

 

C:\Windows\AutoKMS\AutoKMS.exe

and the folder

 

C:\Windows\AutoKMS

 

Then (after also uninstalling your extra anti-viruses and the two bad programs) reboot and run FRST again as before.  Post both logs.

RK

 

Thanks for that - before I do this can I just ask:   I live in Thailand and brought this new about 5 or 6 years ago now. Being Thailand it comes installed with many programs including windows and in this case Word 2007. I did not ask or pay extra for any of the programs. i do not have any backupdiscs. If I uninstall this will the programs still work?

 

I am not trying  to circumvent anything just asking.

 

Thanks for your assistance.

 

Paul 


  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

You can check to see if you have a licensed copy of Windows:

https://www.ghacks.n...0-is-activated/

 

For Office:

https://support.offi...&rs=en-US&ad=US

Then scroll down to where it says:

 

How can I tell whether Office 2007 has been activated?

and follow the instructions.

 

Removing the KMS program will probably result in an unlicensed product stopping working after the trial period expires.


  • 0

#8
paulpap

paulpap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Thanks again. Sorry to be slow in replying but I am recovering from blood poisoning and need a lot of bed rest still. I have checked and it says windows10 pro is activated with  Digital license linked to my Microsoft account. So I shall carry out your instructions now.

 

Funnily enough my computer is not as it was already. Ihave had it open for 15 mins and have had no virus detections yet. In fact thinking back I did not get any when I did the FRST so I don't know if the Avira CD i used for recovery, Installing Ubuntu had any effect. 

 

Anyway going ahead now.

 

Thanks

 

Paul


  • 0

#9
paulpap

paulpap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Before I post the scans. I uninstalled Avast OK Avira has 100s of files and attachments. I used Revo and I got rid of them I  think now and the other programs.

 

I deleted Auto KMS but could not find an entry in a C Windows folder in the registry.

 

As before, My Kaspersky free has indicated 2 times  in 2-3 hours Malware detected but I cannot find in scan or Root Scan. Avira antivirus quarantined 100s of files last time but today gave no indications at all before deletion.


  • 0

#10
paulpap

paulpap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Here are the FRST scans very lengthy:


  • 0

Advertisements


#11
paulpap

paulpap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15.07.2018
Ran by Windows 8.1 (administrator) on ACER (17-07-2018 08:55:47)
Running from C:\Users\Windows 8.1\Downloads\FRST-OlderVersion
Loaded Profiles: Windows 8.1 (Available Profiles: Windows 8.1)
Platform: Windows 10 Pro Version 1803 17134.112 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
(KeepSolid Inc.) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [638872 2018-04-12] (Microsoft Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-19\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [518144 2018-04-12] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{05ee6d76-be00-45fc-9229-900927d93e21}: [DhcpNameServer] 10.53.174.34
Tcpip\..\Interfaces\{2ebea07f-435d-4e83-a616-c8ec8aba1999}: [DhcpNameServer] 192.168.0.1 0.0.0.0
Tcpip\..\Interfaces\{bbebb03f-3ba5-42e5-913a-944bee795ee6}: [DhcpNameServer] 10.208.0.1
Tcpip\..\Interfaces\{f91343c4-6f82-49d0-95e9-b82f954b3856}: [DhcpNameServer] 10.200.0.1
 
Internet Explorer:
==================
BHO: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\IEExt\ie_plugin.dll [2018-07-17] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {0E2877D3-2641-4970-B794-A553E295428D} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\IEExt\ie_plugin.dll [2018-07-17] (AO Kaspersky Lab)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\ssv.dll [2018-01-26] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\jp2ssv.dll [2018-01-26] (Oracle Corporation)
 
FireFox:
========
FF DefaultProfile: 5geabok7.default-1451838148255-1520428887763
FF ProfilePath: C:\Users\Windows 8.1\AppData\Roaming\Mozilla\Firefox\Profiles\5geabok7.default-1451838148255-1520428887763 [2018-07-01]
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] [Legacy]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2018-07-17]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\FFExt\light_plugin_firefox\addon.xpi
FF HKU\S-1-5-21-2532843739-1787431547-1269948887-1001\...\Firefox\Extensions: [{F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}] - C:\Program Files (x86)\DAP\DAPFireFox => not found
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_30_0_0_127.dll [2018-06-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_30_0_0_127.dll [2018-06-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\dtplugin\npDeployJava1.dll [2018-01-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.161.2 -> C:\Program Files (x86)\Java\jre1.8.0_161\bin\plugin2\npjp2.dll [2018-01-26] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-18] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-11-01] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.aol.com/"
CHR DefaultSearchURL: Default -> hxxps://search.avira.com/#web/result?source=omnibar&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Avira
CHR DefaultSuggestURL: Default -> hxxps://search.avira.com/suggestions?q={searchTerms}&li=ff&hl=en
CHR Profile: C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default [2018-07-17]
CHR Extension: (Docs) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-31]
CHR Extension: (YouTube) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-31]
CHR Extension: (Avira Password Manager) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\caljgklbbfbcjjanaijlacgncafpegll [2018-07-17]
CHR Extension: (Follow Feed | Feedly) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccmkbgknapokcjabmiaimipiepgpgbco [2018-01-05]
CHR Extension: (Google Search) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-31]
CHR Extension: (Avast Passwords) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\emhginjpijfggbofeediiojmdlmlkoik [2018-06-22]
CHR Extension: (Google Docs Offline) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Pinterest Save Button) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2018-07-17]
CHR Extension: (Keywords Everywhere - Keyword Tool) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbapdpeemoojbophdfndmlgdhppljgmp [2018-07-17]
CHR Extension: (Save to Feedly Board) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhblphcdjcicefneapkhmleapfaocih [2018-01-05]
CHR Extension: (Avira SafeSearch Plus) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmkfpcnmccejididiaagpgchgjfajgp [2018-07-01]
CHR Extension: (Skype) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-12-02]
CHR Extension: (Take Webpage Screenshots Entirely - FireShot) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbpblocgmgfnpjjppndjkmgjaogfceg [2018-05-21]
CHR Extension: (Kaspersky Protection) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk [2018-01-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-05]
CHR Extension: (Buffer) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\noojglkidnpfjbincgijbaiedldjfbhh [2018-03-10]
CHR Extension: (Gmail) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-06-21]
CHR Profile: C:\Users\Windows 8.1\AppData\Local\Google\Chrome\User Data\System Profile [2017-10-26]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ipmkfpcnmccejididiaagpgchgjfajgp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mchjnmdbdlkdbfliogedbnpnanfjnolk] - hxxps://chrome.google.com/webstore/detail/mchjnmdbdlkdbfliogedbnpnanfjnolk
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
R2 AVP18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe [354672 2017-01-24] (AO Kaspersky Lab)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [365040 2017-10-20] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 klvssbridge64_18.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe [426416 2018-01-14] (AO Kaspersky Lab)
R2 KSDE2.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe [354672 2017-01-24] (AO Kaspersky Lab)
S3 ksu; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Software Updater\kl_platf.exe [1565000 2016-11-27] (AO Kaspersky Lab)
R2 PlexUpdateService; C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe [2102248 2017-12-13] (Plex, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [4737448 2018-04-12] (Microsoft Corporation)
S4 ssh-agent; C:\WINDOWS\System32\OpenSSH\ssh-agent.exe [495616 2018-03-10] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10945776 2017-12-15] (TeamViewer GmbH)
R2 VPNUnlimitedService; C:\Program Files (x86)\VPN Unlimited\vpn-unlimited-daemon.exe [57160 2018-06-20] (KeepSolid Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [315768 2016-08-05] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [4451616 2018-04-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [105344 2018-04-12] (Microsoft Corporation)
S2 avast; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /svc [X]
S3 avastm; "C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe" /medsvc [X]
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athur; C:\WINDOWS\System32\drivers\athuwbx.sys [2702336 2013-11-21] (Qualcomm Atheros Communications, Inc.)
R4 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-08-01] (Avira Operations GmbH & Co. KG)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [247008 2016-12-26] (AO Kaspersky Lab)
S3 hmatap; C:\WINDOWS\System32\drivers\hmatap.sys [36456 2017-10-31] (The OpenVPN Project)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554408 2016-10-01] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [70880 2017-12-25] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [120008 2018-05-04] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [85704 2018-07-17] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [29816 2016-10-14] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [207560 2018-05-04] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [1193160 2018-07-17] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1058504 2018-07-17] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57032 2018-05-04] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [57056 2016-12-23] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [58592 2016-12-07] (AO Kaspersky Lab)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [50672 2017-12-25] (AO Kaspersky Lab)
R3 klpnpflt; C:\WINDOWS\system32\DRIVERS\klpnpflt.sys [44768 2017-01-20] (AO Kaspersky Lab)
R3 kltap; C:\WINDOWS\System32\drivers\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [236488 2018-05-25] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2018-01-14] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [258864 2018-05-25] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [109248 2018-05-25] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [177848 2018-06-23] (AO Kaspersky Lab)
S4 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [93888 2018-02-19] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [141000 2018-07-17] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-12-25] (AO Kaspersky Lab)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [45056 2017-10-25] (The OpenVPN Project)
R2 RtkIOAC60; C:\WINDOWS\system32\DRIVERS\RtkIOAC60.sys [29912 2013-07-19] (Realtek semiconductor corp)
U5 vwifimp; C:\Windows\System32\Drivers\vwifimp.sys [44544 2018-04-12] (Microsoft Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44616 2018-04-12] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [331680 2018-04-12] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [44032 2018-04-12] (Microsoft Corporation)
U3 aswbdisk; no ImagePath
S5 avgntflt;  <==== ATTENTION: Locked Service
R4 avusbflt; System32\Drivers\avusbflt.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-17 08:55 - 2018-07-17 08:55 - 000000000 ____D C:\Users\Windows 8.1\Downloads\FRST-OlderVersion
2018-07-17 08:53 - 2018-07-17 08:53 - 000000000 ____D C:\Users\Windows 8.1\Desktop\scans
2018-07-17 08:38 - 2018-07-17 08:38 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2018-07-17 07:35 - 2018-07-17 08:16 - 000001079 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2018-07-17 07:35 - 2018-07-17 08:16 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2018-07-17 07:35 - 2018-07-17 07:35 - 000000000 ____D C:\Program Files\VS Revo Group
2018-07-17 07:33 - 2018-07-17 07:33 - 007197480 _____ (VS Revo Group ) C:\Users\Windows 8.1\Downloads\revosetup.exe
2018-07-10 16:44 - 2018-07-10 16:46 - 000043327 _____ C:\Users\Windows 8.1\Downloads\Addition.txt
2018-07-10 16:42 - 2018-07-10 16:46 - 000091860 _____ C:\Users\Windows 8.1\Downloads\FRST.txt
2018-07-10 16:41 - 2018-07-17 08:55 - 000000000 ____D C:\FRST
2018-07-10 16:38 - 2018-07-17 08:55 - 002412544 _____ (Farbar) C:\Users\Windows 8.1\Downloads\FRST64.exe
2018-07-01 16:22 - 2018-07-01 16:22 - 001898376 _____ C:\Users\Windows 8.1\Downloads\avira_support_collector_en (1).exe
2018-07-01 16:21 - 2018-07-01 16:21 - 001898376 _____ C:\Users\Windows 8.1\Downloads\avira_support_collector_en.exe
2018-07-01 14:56 - 2018-07-01 14:56 - 000001190 _____ C:\Users\Public\Desktop\WD Drive Utilities.lnk
2018-07-01 14:56 - 2018-07-01 14:56 - 000000000 ____D C:\Users\Windows 8.1\AppData\Roaming\Western Digital
2018-07-01 14:55 - 2018-07-01 14:56 - 000000000 ____D C:\Program Files (x86)\Western Digital
2018-07-01 14:55 - 2018-07-01 14:55 - 000002226 _____ C:\Users\Public\Desktop\WD Backup.lnk
2018-07-01 14:55 - 2018-07-01 14:55 - 000001245 _____ C:\Users\Public\Desktop\WD Security.lnk
2018-07-01 14:55 - 2018-07-01 14:55 - 000000000 ____D C:\ProgramData\Western Digital
2018-07-01 14:55 - 2018-07-01 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2018-07-01 14:53 - 2018-07-01 14:53 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\Western Digital
2018-06-25 11:23 - 2018-06-25 11:24 - 000000232 _____ C:\WINDOWS\ntbtlog.txt
2018-06-25 10:38 - 2018-06-25 10:38 - 009497720 _____ (Symantec Corporation) C:\Users\Windows 8.1\Downloads\NPE.exe
2018-06-24 13:01 - 2018-06-24 13:01 - 000000881 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2018-06-24 12:20 - 2018-06-25 10:44 - 000000000 ____D C:\NPE
2018-06-24 12:14 - 2018-06-25 11:07 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\NPE
2018-06-24 12:14 - 2018-06-24 12:15 - 000000000 ____D C:\ProgramData\Norton
2018-06-24 11:37 - 2018-06-24 11:37 - 000000000 ____D C:\MSIaa859.tmp
2018-06-24 10:56 - 2018-06-24 10:56 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\D3DSCache
2018-06-23 16:31 - 2018-06-23 16:31 - 004015977 _____ C:\Users\Windows 8.1\Downloads\sales (1).zip
2018-06-23 16:31 - 2018-06-23 16:31 - 004013995 _____ C:\Users\Windows 8.1\Downloads\squeeze (1).zip
2018-06-23 16:11 - 2018-06-23 16:11 - 000326041 _____ C:\Users\Windows 8.1\Downloads\Membership-6-15-2018.zip
2018-06-23 13:25 - 2018-06-08 21:02 - 004527680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2018-06-23 13:25 - 2018-06-08 19:06 - 001539488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2018-06-23 13:25 - 2018-06-08 12:31 - 007900984 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2018-06-23 13:25 - 2018-06-08 11:29 - 007520000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2018-06-23 13:25 - 2018-06-08 11:13 - 025846784 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2018-06-23 13:25 - 2018-06-08 11:09 - 006569960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2018-06-23 13:25 - 2018-06-08 11:04 - 004706816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2018-06-23 13:25 - 2018-06-08 11:03 - 022005760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2018-06-23 13:25 - 2018-06-08 11:02 - 022713856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2018-06-23 13:25 - 2018-06-08 11:00 - 019404288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2018-06-23 13:25 - 2018-06-08 10:58 - 007581696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2018-06-23 13:25 - 2018-05-20 21:43 - 021389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2018-06-23 13:25 - 2018-05-20 18:59 - 023862784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Hydrogen.dll
2018-06-23 13:25 - 2018-05-20 13:52 - 007436632 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2018-06-23 13:25 - 2018-05-20 13:34 - 016592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2018-06-23 13:25 - 2018-05-20 13:30 - 008188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2018-06-23 13:25 - 2018-05-20 13:26 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2018-06-23 13:25 - 2018-05-20 13:16 - 006661120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2018-06-23 13:24 - 2018-06-08 21:07 - 002266520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2018-06-23 13:24 - 2018-06-08 21:02 - 001634808 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2018-06-23 13:24 - 2018-06-08 21:01 - 002395056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2018-06-23 13:24 - 2018-06-08 20:45 - 012712448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2018-06-23 13:24 - 2018-06-08 20:45 - 004392448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2018-06-23 13:24 - 2018-06-08 20:43 - 002922496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2018-06-23 13:24 - 2018-06-08 20:43 - 001719808 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2018-06-23 13:24 - 2018-06-08 20:43 - 001364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvruserservice.dll
2018-06-23 13:24 - 2018-06-08 20:42 - 003999232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2018-06-23 13:24 - 2018-06-08 20:42 - 003653120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2018-06-23 13:24 - 2018-06-08 18:58 - 002206544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2018-06-23 13:24 - 2018-06-08 18:51 - 011903488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2018-06-23 13:24 - 2018-06-08 18:47 - 003492864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2018-06-23 13:24 - 2018-06-08 18:47 - 002895872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2018-06-23 13:24 - 2018-06-08 18:06 - 000976384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Spectrum.exe
2018-06-23 13:24 - 2018-06-08 18:05 - 000944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Mirage.Internal.dll
2018-06-23 13:24 - 2018-06-08 12:38 - 005821544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2018-06-23 13:24 - 2018-06-08 12:37 - 002417840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2018-06-23 13:24 - 2018-06-08 12:35 - 001613200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2018-06-23 13:24 - 2018-06-08 12:34 - 001299056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2018-06-23 13:24 - 2018-06-08 12:34 - 000748512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2018-06-23 13:24 - 2018-06-08 12:31 - 003180176 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2018-06-23 13:24 - 2018-06-08 11:33 - 001034632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplyTrustOffline.exe
2018-06-23 13:24 - 2018-06-08 11:30 - 009148320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2018-06-23 13:24 - 2018-06-08 11:30 - 003296896 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2018-06-23 13:24 - 2018-06-08 11:30 - 001798552 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2018-06-23 13:24 - 2018-06-08 11:30 - 001017080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2018-06-23 13:24 - 2018-06-08 11:30 - 000491328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 006817384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 004970360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 004403280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 003283408 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 002836384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2018-06-23 13:24 - 2018-06-08 11:29 - 002753048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 002570712 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 002564984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 002546592 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 002462272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 002371392 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001946328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001934400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001792808 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001784584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001611592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001457136 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2018-06-23 13:24 - 2018-06-08 11:29 - 001209800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001190152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 001148808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2018-06-23 13:24 - 2018-06-08 11:29 - 000594128 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2018-06-23 13:24 - 2018-06-08 11:29 - 000416144 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2018-06-23 13:24 - 2018-06-08 11:12 - 000861616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2018-06-23 13:24 - 2018-06-08 11:11 - 001461744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2018-06-23 13:24 - 2018-06-08 11:11 - 000550616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2018-06-23 13:24 - 2018-06-08 11:10 - 002479272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2018-06-23 13:24 - 2018-06-08 11:10 - 002331584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2018-06-23 13:24 - 2018-06-08 11:10 - 001988072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2018-06-23 13:24 - 2018-06-08 11:10 - 001011992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2018-06-23 13:24 - 2018-06-08 11:10 - 000457152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 006527064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 004788512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 004469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 002535552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 002486992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 002242216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001980872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001805776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001709720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001620880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001584128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001380200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2018-06-23 13:24 - 2018-06-08 11:09 - 001020168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2018-06-23 13:24 - 2018-06-08 11:01 - 004563456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2018-06-23 13:24 - 2018-06-08 11:01 - 002961408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2018-06-23 13:24 - 2018-06-08 11:00 - 004372992 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeContent.dll
2018-06-23 13:24 - 2018-06-08 11:00 - 003320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2018-06-23 13:24 - 2018-06-08 11:00 - 001285120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2018-06-23 13:24 - 2018-06-08 10:59 - 006032384 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2018-06-23 13:24 - 2018-06-08 10:59 - 004867072 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2018-06-23 13:24 - 2018-06-08 10:59 - 003392512 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2018-06-23 13:24 - 2018-06-08 10:59 - 001767936 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2018-06-23 13:24 - 2018-06-08 10:59 - 001318400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2018-06-23 13:24 - 2018-06-08 10:59 - 000564736 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2018-06-23 13:24 - 2018-06-08 10:58 - 003712512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2018-06-23 13:24 - 2018-06-08 10:58 - 001676800 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreShell.dll
2018-06-23 13:24 - 2018-06-08 10:58 - 000894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2018-06-23 13:24 - 2018-06-08 10:58 - 000813568 _____ (Microsoft Corporation) C:\WINDOWS\system32\EdgeManager.dll
2018-06-23 13:24 - 2018-06-08 10:57 - 003348992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2018-06-23 13:24 - 2018-06-08 10:57 - 002172416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2018-06-23 13:24 - 2018-06-08 10:57 - 001485312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallService.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 005780992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 005307392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 004336128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 002902016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 002900480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 002364928 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 001804288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 001395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 000916480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2018-06-23 13:24 - 2018-06-08 10:56 - 000684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 003441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 002248192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 002236928 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2018-06-23 13:24 - 2018-06-08 10:55 - 002061824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 001854976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 001371648 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 001171968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 001160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 001070080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 000776192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2018-06-23 13:24 - 2018-06-08 10:55 - 000667648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2018-06-23 13:24 - 2018-06-08 10:54 - 003016192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2018-06-23 13:24 - 2018-06-08 10:54 - 002789376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2018-06-23 13:24 - 2018-06-08 10:54 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2018-06-23 13:24 - 2018-06-08 10:54 - 001128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2018-06-23 13:24 - 2018-06-08 10:53 - 000669696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2018-06-23 13:24 - 2018-06-06 20:57 - 003733320 _____ C:\WINDOWS\system32\Windows.Mirage.dll
2018-06-23 13:24 - 2018-06-06 06:20 - 002841312 _____ C:\WINDOWS\SysWOW64\Windows.Mirage.dll
2018-06-23 13:24 - 2018-05-20 21:42 - 001649760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2018-06-23 13:24 - 2018-05-20 21:23 - 000947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2018-06-23 13:24 - 2018-05-20 21:23 - 000899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2018-06-23 13:24 - 2018-05-20 21:22 - 001665024 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2018-06-23 13:24 - 2018-05-20 21:22 - 000804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2018-06-23 13:24 - 2018-05-20 20:14 - 020383712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2018-06-23 13:24 - 2018-05-20 20:14 - 001490144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2018-06-23 13:24 - 2018-05-20 20:00 - 000864768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2018-06-23 13:24 - 2018-05-20 19:59 - 000747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2018-06-23 13:24 - 2018-05-20 18:45 - 001271296 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2018-06-23 13:24 - 2018-05-20 13:53 - 002178136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2018-06-23 13:24 - 2018-05-20 13:53 - 001017088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2018-06-23 13:24 - 2018-05-20 13:53 - 001012408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2018-06-23 13:24 - 2018-05-20 13:52 - 000735560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2018-06-23 13:24 - 2018-05-20 13:33 - 001665920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2018-06-23 13:24 - 2018-05-20 13:32 - 006044104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2018-06-23 13:24 - 2018-05-20 13:32 - 001034096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2018-06-23 13:24 - 2018-05-20 13:31 - 001456640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcDesktopMonSvc.dll
2018-06-23 13:24 - 2018-05-20 13:24 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2018-06-23 13:24 - 2018-05-20 13:23 - 013873152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2018-06-23 13:24 - 2018-05-20 13:23 - 002366976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebRuntimeManager.dll
2018-06-23 13:24 - 2018-05-20 13:23 - 000933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2018-06-23 13:24 - 2018-05-20 13:23 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2018-06-23 13:24 - 2018-05-20 13:21 - 001303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2018-06-23 13:24 - 2018-05-20 13:21 - 001210880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2018-06-23 13:24 - 2018-05-20 13:21 - 000960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2018-06-23 13:24 - 2018-05-20 13:21 - 000783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2018-06-23 13:24 - 2018-05-20 13:17 - 002699776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2018-06-23 13:24 - 2018-05-20 13:14 - 001295360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2018-06-23 13:24 - 2018-05-20 13:11 - 001005568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2018-06-23 13:23 - 2018-06-08 21:07 - 000506184 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2018-06-23 13:23 - 2018-06-08 21:07 - 000183712 _____ (Microsoft Corporation) C:\WINDOWS\system32\mavinject.exe
2018-06-23 13:23 - 2018-06-08 21:07 - 000040864 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClientPS.dll
2018-06-23 13:23 - 2018-06-08 21:07 - 000019872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVTerminator.dll
2018-06-23 13:23 - 2018-06-08 21:05 - 000094112 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2018-06-23 13:23 - 2018-06-08 21:02 - 000661160 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2018-06-23 13:23 - 2018-06-08 21:01 - 001046944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2018-06-23 13:23 - 2018-06-08 20:48 - 000064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\iemigplugin.dll
2018-06-23 13:23 - 2018-06-08 20:47 - 000144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2018-06-23 13:23 - 2018-06-08 20:46 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2018-06-23 13:23 - 2018-06-08 20:45 - 001560576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdt.exe
2018-06-23 13:23 - 2018-06-08 20:45 - 000808960 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2018-06-23 13:23 - 2018-06-08 20:44 - 001121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2018-06-23 13:23 - 2018-06-08 20:44 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2018-06-23 13:23 - 2018-06-08 20:44 - 000340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\AcGenral.dll
2018-06-23 13:23 - 2018-06-08 20:44 - 000285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2018-06-23 13:23 - 2018-06-08 20:43 - 003640832 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2018-06-23 13:23 - 2018-06-08 20:43 - 001659904 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2018-06-23 13:23 - 2018-06-08 20:43 - 001543680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2018-06-23 13:23 - 2018-06-08 20:43 - 000392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2018-06-23 13:23 - 2018-06-08 20:42 - 002084864 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2018-06-23 13:23 - 2018-06-08 20:42 - 001605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2018-06-23 13:23 - 2018-06-08 20:42 - 000800256 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2018-06-23 13:23 - 2018-06-08 20:42 - 000503296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2018-06-23 13:23 - 2018-06-08 20:42 - 000463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2018-06-23 13:23 - 2018-06-08 20:42 - 000327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2018-06-23 13:23 - 2018-06-08 20:41 - 002019840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2018-06-23 13:23 - 2018-06-08 20:41 - 001180672 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2018-06-23 13:23 - 2018-06-08 20:41 - 000878080 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2018-06-23 13:23 - 2018-06-08 20:41 - 000758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2018-06-23 13:23 - 2018-06-08 20:41 - 000577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SppExtComObj.Exe
2018-06-23 13:23 - 2018-06-08 20:41 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2018-06-23 13:23 - 2018-06-08 20:40 - 000465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2018-06-23 13:23 - 2018-06-08 19:07 - 000148896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mavinject.exe
2018-06-23 13:23 - 2018-06-08 19:04 - 001454024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2018-06-23 13:23 - 2018-06-08 18:58 - 000917408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2018-06-23 13:23 - 2018-06-08 18:50 - 001508352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdt.exe
2018-06-23 13:23 - 2018-06-08 18:48 - 000668672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2018-06-23 13:23 - 2018-06-08 18:48 - 000344064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2018-06-23 13:23 - 2018-06-08 18:47 - 001462784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2018-06-23 13:23 - 2018-06-08 18:47 - 001032704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2018-06-23 13:23 - 2018-06-08 18:47 - 000703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2018-06-23 13:23 - 2018-06-08 18:47 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2018-06-23 13:23 - 2018-06-08 18:46 - 003444224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2018-06-23 13:23 - 2018-06-08 18:46 - 002016256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2018-06-23 13:23 - 2018-06-08 18:46 - 000908288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2018-06-23 13:23 - 2018-06-08 18:45 - 002401280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AcGenral.dll
2018-06-23 13:23 - 2018-06-08 18:05 - 001008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MixedRealityCapture.dll
2018-06-23 13:23 - 2018-06-08 16:00 - 000868864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MixedRealityCapture.dll
2018-06-23 13:23 - 2018-06-08 16:00 - 000658432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Mirage.Internal.dll
2018-06-23 13:23 - 2018-06-08 12:35 - 000613144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2018-06-23 13:23 - 2018-06-08 12:31 - 000029600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2018-06-23 13:23 - 2018-06-08 12:30 - 000705440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2018-06-23 13:23 - 2018-06-08 11:34 - 001140576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2018-06-23 13:23 - 2018-06-08 11:34 - 000983016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2018-06-23 13:23 - 2018-06-08 11:33 - 001213368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2018-06-23 13:23 - 2018-06-08 11:33 - 000272296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave.dll
2018-06-23 13:23 - 2018-06-08 11:33 - 000269224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SgrmEnclave_secure.dll
2018-06-23 13:23 - 2018-06-08 11:31 - 001174432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2018-06-23 13:23 - 2018-06-08 11:31 - 001012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2018-06-23 13:23 - 2018-06-08 11:31 - 000226720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ucx01000.sys
2018-06-23 13:23 - 2018-06-08 11:30 - 001363632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2018-06-23 13:23 - 2018-06-08 11:30 - 001063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2018-06-23 13:23 - 2018-06-08 11:30 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2018-06-23 13:23 - 2018-06-08 11:30 - 000722808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2018-06-23 13:23 - 2018-06-08 11:30 - 000709824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2018-06-23 13:23 - 2018-06-08 11:30 - 000567184 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcblaunch.exe
2018-06-23 13:23 - 2018-06-08 11:30 - 000565152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2018-06-23 13:23 - 2018-06-08 11:30 - 000527264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2018-06-23 13:23 - 2018-06-08 11:30 - 000194456 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2018-06-23 13:23 - 2018-06-08 11:30 - 000170912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2018-06-23 13:23 - 2018-06-08 11:30 - 000137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2018-06-23 13:23 - 2018-06-08 11:30 - 000134584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 002590400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2018-06-23 13:23 - 2018-06-08 11:29 - 002422688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 001921952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refs.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 001364184 _____ (Microsoft Corporation) C:\WINDOWS\system32\webservices.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 001288816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 001258288 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2018-06-23 13:23 - 2018-06-08 11:29 - 001150416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVP9DEC.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 001112608 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 001097648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 001026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 000945568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 000885880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000792992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 000678840 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000659096 _____ (Microsoft Corporation) C:\WINDOWS\system32\StateRepository.Core.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000413824 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000413088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 000375712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msrpc.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 000313592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000266656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000260896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000164768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2018-06-23 13:23 - 2018-06-08 11:29 - 000158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\vertdll.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000084288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LanguageOverlayUtil.dll
2018-06-23 13:23 - 2018-06-08 11:29 - 000057960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel.appcore.dll
2018-06-23 13:23 - 2018-06-08 11:12 - 000786176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2018-06-23 13:23 - 2018-06-08 11:10 - 002307336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2018-06-23 13:23 - 2018-06-08 11:10 - 001397200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVP9DEC.dll
2018-06-23 13:23 - 2018-06-08 11:10 - 000880152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2018-06-23 13:23 - 2018-06-08 11:10 - 000097176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 001129648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 001077504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000988136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000770160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000607648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000568720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryPS.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000567144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000553248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000356960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000064648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LanguageOverlayUtil.dll
2018-06-23 13:23 - 2018-06-08 11:09 - 000050208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel.appcore.dll
2018-06-23 13:23 - 2018-06-08 11:03 - 000906752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.PhoneNumberFormatting.dll
2018-06-23 13:23 - 2018-06-08 11:03 - 000185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallServiceTasks.dll
2018-06-23 13:23 - 2018-06-08 11:03 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryCore.dll
2018-06-23 13:23 - 2018-06-08 11:03 - 000032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2018-06-23 13:23 - 2018-06-08 11:02 - 000096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\usoapi.dll
2018-06-23 13:23 - 2018-06-08 11:02 - 000059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edpnotify.exe
2018-06-23 13:23 - 2018-06-08 11:02 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2018-06-23 13:23 - 2018-06-08 11:01 - 000342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserexport.exe
2018-06-23 13:23 - 2018-06-08 11:01 - 000295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2018-06-23 13:23 - 2018-06-08 11:01 - 000294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2018-06-23 13:23 - 2018-06-08 11:01 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2018-06-23 13:23 - 2018-06-08 11:01 - 000182272 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerCsp.dll
2018-06-23 13:23 - 2018-06-08 11:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2018-06-23 13:23 - 2018-06-08 11:01 - 000046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2018-06-23 13:23 - 2018-06-08 11:00 - 000329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2018-06-23 13:23 - 2018-06-08 11:00 - 000275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2018-06-23 13:23 - 2018-06-08 11:00 - 000149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2018-06-23 13:23 - 2018-06-08 11:00 - 000100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManagerClient.dll
2018-06-23 13:23 - 2018-06-08 11:00 - 000075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2018-06-23 13:23 - 2018-06-08 10:59 - 000983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2018-06-23 13:23 - 2018-06-08 10:59 - 000673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2018-06-23 13:23 - 2018-06-08 10:59 - 000456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2018-06-23 13:23 - 2018-06-08 10:59 - 000177152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2018-06-23 13:23 - 2018-06-08 10:59 - 000174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2018-06-23 13:23 - 2018-06-08 10:58 - 000898560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2018-06-23 13:23 - 2018-06-08 10:58 - 000781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2018-06-23 13:23 - 2018-06-08 10:58 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\CapabilityAccessManager.dll
2018-06-23 13:23 - 2018-06-08 10:58 - 000239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2018-06-23 13:23 - 2018-06-08 10:58 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2018-06-23 13:23 - 2018-06-08 10:57 - 001708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSPhotography.dll
2018-06-23 13:23 - 2018-06-08 10:57 - 000483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2018-06-23 13:23 - 2018-06-08 10:57 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2018-06-23 13:23 - 2018-06-08 10:57 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2018-06-23 13:23 - 2018-06-08 10:57 - 000150016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2018-06-23 13:23 - 2018-06-08 10:57 - 000038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 003293696 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 001550848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 001361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSPhotography.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000908800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2018-06-23 13:23 - 2018-06-08 10:56 - 000871424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000858112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000615424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EdgeManager.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000466432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgeIso.dll
2018-06-23 13:23 - 2018-06-08 10:56 - 000264704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 001242112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 001192448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 001033728 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 000849408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 000778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2018-06-23 13:23 - 2018-06-08 10:55 - 000652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 000630784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 000578560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2018-06-23 13:23 - 2018-06-08 10:55 - 000401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 001586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 001348096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000999936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000950272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000857088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2018-06-23 13:23 - 2018-06-08 10:54 - 000842240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000729088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FlightSettings.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000619520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgeIso.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2018-06-23 13:23 - 2018-06-08 10:54 - 000208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2018-06-23 13:23 - 2018-06-08 10:53 - 001675264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2018-06-23 13:23 - 2018-06-08 10:53 - 001466368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2018-06-23 13:23 - 2018-06-08 10:53 - 001108992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallService.dll
2018-06-23 13:23 - 2018-06-08 10:53 - 000873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2018-06-23 13:23 - 2018-06-08 10:53 - 000677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2018-06-23 13:23 - 2018-06-08 10:53 - 000648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2018-06-23 13:23 - 2018-06-08 10:53 - 000528384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2018-06-23 13:23 - 2018-06-08 09:41 - 000001310 _____ C:\WINDOWS\system32\tcbres.wim
2018-06-23 13:23 - 2018-06-02 01:24 - 000713376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2018-06-23 13:23 - 2018-06-02 00:54 - 001825792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.CloudStore.dll
2018-06-23 13:23 - 2018-05-25 05:24 - 000340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2018-06-23 13:23 - 2018-05-20 21:45 - 000308408 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2018-06-23 13:23 - 2018-05-20 21:42 - 000759192 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicensingWinRT.dll
2018-06-23 13:23 - 2018-05-20 21:26 - 000486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasplap.dll
2018-06-23 13:23 - 2018-05-20 21:23 - 004070400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2018-06-23 13:23 - 2018-05-20 21:22 - 001292288 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2018-06-23 13:23 - 2018-05-20 21:22 - 000941056 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2018-06-23 13:23 - 2018-05-20 20:20 - 000022936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hvsicontainerservice.dll
2018-06-23 13:23 - 2018-05-20 20:15 - 000653208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicensingWinRT.dll
2018-06-23 13:23 - 2018-05-20 20:02 - 000461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasplap.dll
2018-06-23 13:23 - 2018-05-20 19:59 - 000863232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2018-06-23 13:23 - 2018-05-20 18:39 - 000788480 _____ (Microsoft Corporation) C:\WINDOWS\system32\DHolographicDisplay.dll
2018-06-23 13:23 - 2018-05-20 18:35 - 000677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\HeadTrackerStorage.dll
2018-06-23 13:23 - 2018-05-20 18:34 - 000238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloShellRuntime.dll
2018-06-23 13:23 - 2018-05-20 16:54 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\HoloShellRuntime.dll
2018-06-23 13:23 - 2018-05-20 14:33 - 000105368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2018-06-23 13:23 - 2018-05-20 13:53 - 001947808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2018-06-23 13:23 - 2018-05-20 13:53 - 000131232 _____ (Microsoft Corporation) C:\WINDOWS\system32\rmclient.dll
2018-06-23 13:23 - 2018-05-20 13:53 - 000088472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2018-06-23 13:23 - 2018-05-20 13:52 - 000347704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2018-06-23 13:23 - 2018-05-20 13:52 - 000130456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvsocket.sys
2018-06-23 13:23 - 2018-05-20 13:52 - 000089984 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompPkgSup.dll
2018-06-23 13:23 - 2018-05-20 13:34 - 000861096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2018-06-23 13:23 - 2018-05-20 13:33 - 000101288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rmclient.dll
2018-06-23 13:23 - 2018-05-20 13:32 - 001559368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2018-06-23 13:23 - 2018-05-20 13:32 - 000560488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2018-06-23 13:23 - 2018-05-20 13:32 - 000286200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2018-06-23 13:23 - 2018-05-20 13:32 - 000077040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CompPkgSup.dll
2018-06-23 13:23 - 2018-05-20 13:28 - 000119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2018-06-23 13:23 - 2018-05-20 13:28 - 000111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppHostRegistrationVerifier.exe
2018-06-23 13:23 - 2018-05-20 13:28 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2018-06-23 13:23 - 2018-05-20 13:27 - 000344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\RasMediaManager.dll
2018-06-23 13:23 - 2018-05-20 13:27 - 000109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApiSetHost.AppExecutionAlias.dll
2018-06-23 13:23 - 2018-05-20 13:26 - 001307648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2018-06-23 13:23 - 2018-05-20 13:26 - 000356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2018-06-23 13:23 - 2018-05-20 13:26 - 000266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2018-06-23 13:23 - 2018-05-20 13:26 - 000236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2018-06-23 13:23 - 2018-05-20 13:26 - 000154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2018-06-23 13:23 - 2018-05-20 13:26 - 000098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\TelephonyInteractiveUser.dll
2018-06-23 13:23 - 2018-05-20 13:26 - 000033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSHEIF.dll
2018-06-23 13:23 - 2018-05-20 13:25 - 000835584 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2018-06-23 13:23 - 2018-05-20 13:25 - 000384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2018-06-23 13:23 - 2018-05-20 13:24 - 000726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2018-06-23 13:23 - 2018-05-20 13:24 - 000234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2018-06-23 13:23 - 2018-05-20 13:23 - 005951488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2018-06-23 13:23 - 2018-05-20 13:21 - 001371136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2018-06-23 13:23 - 2018-05-20 13:16 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2018-06-23 13:23 - 2018-05-20 13:16 - 000081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ApiSetHost.AppExecutionAlias.dll
2018-06-23 13:23 - 2018-05-20 13:16 - 000002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2018-06-23 13:23 - 2018-05-20 13:15 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallServiceTasks.dll
2018-06-23 13:23 - 2018-05-20 13:15 - 000026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSHEIF.dll
2018-06-23 13:23 - 2018-05-20 13:14 - 000167936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2018-06-23 13:23 - 2018-05-20 13:13 - 004929024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2018-06-23 13:23 - 2018-05-20 13:13 - 000317440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2018-06-23 13:23 - 2018-05-20 13:12 - 000992768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Vpn.dll
2018-06-23 13:23 - 2018-05-20 13:12 - 000860160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2018-06-23 13:23 - 2018-05-20 13:11 - 001036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2018-06-23 13:23 - 2018-05-20 10:26 - 000018716 _____ C:\WINDOWS\system32\srms-apr.dat
2018-06-23 13:23 - 2018-05-18 19:08 - 000018716 _____ C:\WINDOWS\SysWOW64\srms-apr.dat
2018-06-23 12:57 - 2018-06-23 12:57 - 000099951 _____ C:\Users\Windows 8.1\Desktop\VPN PDF 3.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-07-17 08:47 - 2017-05-31 20:44 - 000000000 ____D C:\Program Files (x86)\Avira
2018-07-17 08:43 - 2017-05-31 20:44 - 000000000 ____D C:\ProgramData\Avira
2018-07-17 08:38 - 2017-04-02 07:55 - 000000000 ____D C:\ProgramData\Package Cache
2018-07-17 08:37 - 2018-04-12 01:36 - 000000000 ____D C:\WINDOWS\INF
2018-07-17 08:36 - 2018-03-05 20:43 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\CrashDumps
2018-07-17 08:29 - 2018-04-12 01:38 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2018-07-17 08:24 - 2018-01-14 23:02 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2018-07-17 08:23 - 2018-01-14 23:04 - 000001504 _____ C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk
2018-07-17 08:21 - 2018-05-21 18:16 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2018-07-17 08:21 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\AppReadiness
2018-07-17 08:21 - 2018-01-15 06:05 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2018-07-17 08:21 - 2014-11-13 04:37 - 000000000 __SHD C:\Users\Windows 8.1\IntelGraphicsProfiles
2018-07-17 08:20 - 2018-04-11 23:04 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2018-07-17 08:20 - 2017-06-10 19:51 - 000000000 ____D C:\ProgramData\AVAST Software
2018-07-17 08:06 - 2018-05-21 18:16 - 000000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2018-07-17 08:04 - 2018-05-21 18:16 - 000004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF1F7207-FAC2-4CBB-B3B9-9B6D553D8F32}
2018-07-17 07:48 - 2018-04-12 01:38 - 000000000 ___HD C:\Program Files\WindowsApps
2018-07-17 07:43 - 2015-05-12 12:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2018-07-17 07:40 - 2018-04-11 23:04 - 000008192 _____ C:\WINDOWS\system32\config\ELAM
2018-07-17 07:39 - 2018-05-21 17:02 - 001058504 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2018-07-17 07:39 - 2018-05-21 17:02 - 000141000 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klwtp.sys
2018-07-17 07:39 - 2018-05-21 17:02 - 000085704 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kldisk.sys
2018-07-17 07:38 - 2017-11-29 17:45 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\AVAST Software
2018-07-17 07:37 - 2017-12-25 13:52 - 001193160 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2018-07-17 07:37 - 2017-12-25 13:52 - 000152360 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\klhkum.dll
2018-07-17 07:36 - 2015-05-12 12:22 - 134675576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2018-07-17 07:23 - 2018-05-21 17:46 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2018-07-17 06:58 - 2017-09-02 15:24 - 000000000 _____ C:\WINDOWS\SysWOW64\last.dump
2018-07-17 06:50 - 2014-11-13 04:45 - 000000000 ____D C:\Program Files (x86)\Nero
2018-07-17 06:19 - 2018-01-14 23:03 - 000002289 _____ C:\Users\Public\Desktop\Kaspersky Free.lnk
2018-07-06 14:19 - 2018-05-21 17:49 - 000000000 ____D C:\Users\Windows 8.1
2018-07-04 16:24 - 2016-10-27 22:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-07-04 16:24 - 2014-11-13 04:36 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-07-01 18:34 - 2017-07-08 14:19 - 000000000 ____D C:\Users\Windows 8.1\AppData\LocalLow\Mozilla
2018-07-01 18:34 - 2014-11-13 04:36 - 000001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2018-07-01 15:29 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\Registration
2018-07-01 15:29 - 2014-11-13 04:34 - 000002301 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-07-01 15:29 - 2014-11-13 04:34 - 000002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-07-01 15:07 - 2017-07-08 16:53 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\GoToMeeting
2018-06-25 11:57 - 2014-11-13 04:46 - 000000000 ____D C:\Users\Windows 8.1\AppData\Roaming\Skype
2018-06-24 13:17 - 2018-01-26 07:18 - 000000000 ____D C:\Users\Windows 8.1\AppData\Local\Packages
2018-06-24 13:12 - 2017-07-31 06:45 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-06-24 13:07 - 2018-03-02 18:55 - 000000000 ____D C:\Program Files (x86)\Cheatsheet Generator
2018-06-24 09:09 - 2018-05-21 18:00 - 000838560 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2018-06-24 09:06 - 2018-01-26 07:36 - 000000000 ___RD C:\Users\Windows 8.1\3D Objects
2018-06-24 09:06 - 2016-02-13 15:22 - 000000000 __RHD C:\Users\Public\AccountPictures
2018-06-24 09:03 - 2018-05-21 17:46 - 000408480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2018-06-24 09:02 - 2016-07-26 13:02 - 000000676 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2532843739-1787431547-1269948887-1001.job
2018-06-24 09:02 - 2016-07-26 13:02 - 000000580 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2532843739-1787431547-1269948887-1001.job
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\zu-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\yo-NG
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\xh-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\wo-SN
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\uz-Latn-UZ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tn-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ti-ET
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\tg-Cyrl-TJ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-RS
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sr-Cyrl-BA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\sd-Arab-PK
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\rw-RW
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\quc-Latn-GT
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\pa-Arab-PK
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\nso-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ku-Arab-IQ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ig-NG
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ha-Latn-NG
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\chr-CHER-US
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\ca-ES-valencia
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\bs-Latn-BA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\SysWOW64\az-Latn-AZ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\zu-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\yo-NG
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\xh-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\wo-SN
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\uz-Latn-UZ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\tn-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\ti-ET
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\tg-Cyrl-TJ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-RS
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\sr-Cyrl-BA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\sd-Arab-PK
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\rw-RW
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\quc-Latn-GT
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\pa-Arab-PK
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\nso-ZA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\ku-Arab-IQ
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\ig-NG
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\ha-Latn-NG
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\chr-CHER-US
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\ca-ES-valencia
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\bs-Latn-BA
2018-06-23 17:11 - 2018-04-12 11:19 - 000000000 ____D C:\WINDOWS\system32\az-Latn-AZ
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\TextInput
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\oobe
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\setup
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\oobe
2018-06-23 17:11 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\appraiser
2018-06-23 17:11 - 2018-04-11 23:04 - 000000000 ____D C:\WINDOWS\system32\Dism
2018-06-23 17:10 - 2018-04-12 01:38 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2018-06-23 17:10 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\ShellExperiences
2018-06-23 17:10 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\bcastdvr
2018-06-23 17:10 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2018-06-23 17:10 - 2018-04-12 01:38 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2018-06-23 15:28 - 2018-05-25 06:27 - 000177848 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2018-06-23 14:05 - 2018-04-12 01:30 - 000000000 ____D C:\WINDOWS\CbsTemp
2018-06-23 09:13 - 2018-05-21 18:16 - 000003368 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2532843739-1787431547-1269948887-1001
2018-06-23 09:12 - 2018-05-21 17:49 - 000002385 _____ C:\Users\Windows 8.1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2018-06-23 09:12 - 2016-04-08 00:21 - 000000000 ___RD C:\Users\Windows 8.1\OneDrive
2018-06-22 15:50 - 2018-05-21 18:16 - 000003836 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-2532843739-1787431547-1269948887-1001
2018-06-22 15:50 - 2018-05-21 18:16 - 000003740 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-2532843739-1787431547-1269948887-1001
2018-06-22 13:41 - 2018-04-12 01:38 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2018-06-21 13:07 - 2017-10-12 06:25 - 133315992 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT-KB890830.exe
2018-06-21 12:57 - 2018-05-02 13:36 - 000000000 ____D C:\Program Files (x86)\VPN Unlimited
2018-06-21 12:56 - 2018-05-02 13:36 - 000001140 _____ C:\Users\Public\Desktop\VPN Unlimited.lnk
2018-06-21 12:56 - 2018-05-02 13:36 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VPN Unlimited
2018-06-21 12:55 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\system32\Macromed
2018-06-21 12:54 - 2018-04-12 01:38 - 000000000 ____D C:\WINDOWS\SysWOW64\Macromed
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2018-05-21 17:46
 
==================== End of FRST.txt ============================

  • 0

#12
paulpap

paulpap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15.07.2018
Ran by Windows 8.1 (17-07-2018 08:56:54)
Running from C:\Users\Windows 8.1\Downloads\FRST-OlderVersion
Windows 10 Pro Version 1803 17134.112 (X64) (2018-05-21 16:17:40)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2532843739-1787431547-1269948887-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2532843739-1787431547-1269948887-503 - Limited - Disabled)
Guest (S-1-5-21-2532843739-1787431547-1269948887-501 - Limited - Disabled)
WDAGUtilityAccount (S-1-5-21-2532843739-1787431547-1269948887-504 - Limited - Disabled)
Windows 8.1 (S-1-5-21-2532843739-1787431547-1269948887-1001 - Administrator - Enabled) => C:\Users\Windows 8.1
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Free (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Free (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACDSee Pro 4 (HKLM-x32\...\{88D4FE78-6EA6-4DFB-9FC2-8BC316F0C2FD}) (Version: 4.0.237 - ACD Systems International Inc.)
Adobe Flash Player 30 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 30.0.0.127 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.23) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.23 - Adobe Systems Incorporated)
AIMP2 (HKLM-x32\...\AIMP2) (Version:  - AIMP DevTeam)
Amazon Kindle (HKU\S-1-5-21-2532843739-1787431547-1269948887-1001\...\Amazon Kindle) (Version:  - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{D4C80B0C-CF67-43A7-90C3-466853543B54}) (Version: 6.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B2A2E8AF-BC48-4191-B2C4-3846A19835CA}) (Version: 6.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{AA7D90D2-2387-4FA5-A3AF-96811BE49BFD}) (Version: 11.0.5.14 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{19589375-5C58-4AFA-842F-8B34744CCEAD}) (Version: 2.5.0.1 - Apple Inc.)
aTube Catcher version 3.8 (HKLM-x32\...\{D43B360E-722D-421B-BC77-20B9E0F8B6CD}_is1) (Version: 3.8 - DsNET Corp)
Cheatsheet Generator (HKLM-x32\...\{9162E8BE-57E7-4B23-95CC-44BB5CFBB405}) (Version: 1.0.0 - Dirk Wagner)
CyberLink YouCam 5 (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1129 - CyberLink Corp.)
EditPad Lite 7.6.3 (HKLM\...\EditPad Lite) (Version: 7.6.3 - Just Great Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 67.0.3396.99 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
GoTo Opener (HKLM-x32\...\{1F803452-798F-49FB-A5DD-9F527F7017E4}) (Version: 1.0.473 - LogMeIn, Inc.)
GoToMeeting 8.29.1.8953 (HKU\S-1-5-21-2532843739-1787431547-1269948887-1001\...\GoToMeeting) (Version: 8.29.1.8953 - LogMeIn, Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.8100 - Acer Incorporated)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4835 - Intel Corporation)
iTunes (HKLM\...\{F2517A28-8CB8-4206-B86C-5EDD4EA26682}) (Version: 12.7.1.14 - Apple Inc.)
Java 8 Update 161 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180161F0}) (Version: 8.0.1610.12 - Oracle Corporation)
Kaspersky Free (HKLM-x32\...\{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Free (HKLM-x32\...\InstallWIX_{5AAE61FF-858E-453E-B8F3-944618149975}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{F33C0717-8E04-4EB5-90C8-47221287DB4F}) (Version: 18.0.0.405 - Kaspersky Lab)
Kaspersky Software Updater (HKLM-x32\...\{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab) Hidden
Kaspersky Software Updater (HKLM-x32\...\InstallWIX_{DEEDA858-A9B4-4212-8873-2F2CE2706E68}) (Version: 2.0.0.623 - Kaspersky Lab)
Keyword Research Ninja 1.0 (HKU\S-1-5-21-2532843739-1787431547-1269948887-1001\...\968efe0ce29a96a9) (Version: 1.0.0.6 - Binary Pros)
Keyword Researcher Pro version 11.031 (HKLM-x32\...\Keyword Researcher Pro_is1) (Version: 11.031 - Clever Gizmos)
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.8100 - Acer Incorporated)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2532843739-1787431547-1269948887-1001\...\OneDriveSetup.exe) (Version: 18.091.0506.0007 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810 (HKLM-x32\...\{e2ee15e2-a480-4bc5-bfb7-e9803d1d9823}) (Version: 14.12.25810.0 - Microsoft Corporation)
Mozilla Firefox 60.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 60.0.2 (x86 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 58.0 - Mozilla)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Plex Media Server (HKLM-x32\...\{2fb84613-d20f-4778-8955-66178d5dee6f}) (Version: 1.10.1.4602 - Plex, Inc.)
Plex Media Server (HKLM-x32\...\{CB3C17B5-1DE6-4D78-9447-38C6F1277A2A}) (Version: 1.10.1602 - Plex, Inc.) Hidden
Quintura Search™ (HKLM-x32\...\Quintura Search™_is1) (Version:  - Quintura Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.3.34 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.5 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.5 - VS Revo Group, Ltd.)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.40 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.40.151 - Skype Technologies S.A.)
SmartFTP Client (HKLM\...\{AF155B47-DEA7-4C29-9260-44D0CDBE2DAC}) (Version: 9.0.2558.0 - SmartSoft Ltd.)
Stopping Plex (HKLM-x32\...\{5E4EA395-F2C2-4A16-A4C7-99897E1859F2}) (Version: 1.10.1602 - Plex, Inc.) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 13 (HKLM-x32\...\TeamViewer) (Version: 13.0.6447 - TeamViewer)
Text Formatter Plus version 1.2.15 (HKLM-x32\...\Text Formatter Plus_is1) (Version: 1.2.15.481 - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.6.0.87 - KMP Media co., Ltd)
Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{AC0D130B-8809-4125-811F-667893B90644}) (Version: 2.11.0.0 - Microsoft Corporation)
VPN Unlimited 4.23 (HKLM-x32\...\{DC24521E-872B-41AF-93EA-FE477902D6FB}_is1) (Version: 4.23 - KeepSolid Inc.)
WD Backup (HKLM-x32\...\{46162462-824f-4ea9-a312-38841e3dab7d}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc.)
WD Backup (HKLM-x32\...\{9669966E-5595-4820-A879-DD48B3DF05BF}) (Version: 1.6.6060.18987 - Western Digital Technologies, Inc) Hidden
WD Drive Utilities (HKLM-x32\...\{06628A2D-167D-4F5E-8C98-60CFA0B161D1}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{7c73600b-2542-4641-a960-74bed274be03}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{A2D70EE4-2462-4F04-9955-5761E3F3F47A}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.) Hidden
WD Security (HKLM-x32\...\{f1fc402c-35fd-40c0-97e4-5bee07891caf}) (Version: 1.4.0.92 - Western Digital Technologies, Inc.)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2532843739-1787431547-1269948887-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Windows 8.1\AppData\Local\GoToMeeting\8679\G2MOutlookAddin64.dll (LogMeIn, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ShellIconOverlayIdentifiers: [SmartFTP Drop] -> {EA5A76F7-8138-4B53-B0F5-ADCC730CAFBD} => C:\Program Files\SmartFTP Client\ShellTools.dll [2018-02-21] (SmartSoft Ltd.)
ContextMenuHandlers1-x32: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP2\System\aimp_shell.dll [2009-03-06] (AIMP DevTeam)
ContextMenuHandlers1-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-05-04] (AO Kaspersky Lab)
ContextMenuHandlers1-x32: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2018-02-21] (SmartSoft Ltd.)
ContextMenuHandlers1-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-05-04] (AO Kaspersky Lab)
ContextMenuHandlers4-x32: [AIMPClassic] -> {1F77B17B-F531-44DB-ACA4-76ABB5010A28} => C:\Program Files (x86)\AIMP2\System\aimp_shell.dll [2009-03-06] (AIMP DevTeam)
ContextMenuHandlers4-x32: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-05-04] (AO Kaspersky Lab)
ContextMenuHandlers4-x32: [SmartFTP] -> {F87DED31-303F-4ED1-9BCE-D360FBC74E0A} => C:\Program Files\SmartFTP Client\ShellTools.dll [2018-02-21] (SmartSoft Ltd.)
ContextMenuHandlers4-x32: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers4-x32-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers5: [igfxOSP] -> {FA507C3F-30C6-4DCA-9EE5-2656072EEC14} => C:\WINDOWS\system32\igfxOSP.dll [2017-10-20] (Intel Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 18.0.0] -> {FF48AD48-74C7-4260-B385-FAEB80947450} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\ShellEx.dll [2018-05-04] (AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01104BE2-E826-47D9-A0C1-0F6BDF2C5457} - System32\Tasks\G2MUploadTask-S-1-5-21-2532843739-1787431547-1269948887-1001 => C:\Users\Windows 8.1\AppData\Local\GoToMeeting\8953\g2mupload.exe [2018-06-22] (LogMeIn, Inc.)
Task: {0767E7B9-E7ED-490A-A27A-C31E81DBA13B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0AB19FFD-0E23-4C5D-A92C-445606B911F8} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0C1E128E-C3EC-4E44-918E-AFD698ADFE62} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {105D92BE-57C9-4F71-8947-D504805B40B5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {135B5AD9-F08A-4DC6-99C0-76AA54B4FCA9} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1565C6BC-7205-4FDE-9B20-284B6E6D02A0} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-10-12] (Apple Inc.)
Task: {1F43B04F-F5E1-4AC9-A7D0-4060F2FA0E4F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {22DB4ADD-7C43-4732-9B60-C3216AA78D31} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.)
Task: {29185AFF-E037-403A-B6E9-E5CD482658D0} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {2B1F5448-C3C2-4CA3-84E9-C085F869C7C2} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {2B538013-D916-49FC-BEB8-9495AB3B78A8} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {365A0740-5244-4C26-AB61-C6412B3AF2EA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {380D68CE-4C41-42B2-B306-EB7B97439892} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3AE536C3-125D-4430-AB6C-BB438195B30D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {42E5C629-49D9-4F17-9660-BFD984E45906} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4C48EB88-FB0A-46E0-ABDC-F33053084296} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4F85CDAC-8774-4494-A395-9177EF7F4DAE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {539CB3BB-2503-4902-AE92-00669E872E93} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {57547FEA-B434-4891-BC46-5A4C82D9B515} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B700546-3C98-4CD2-92DE-98E8B255BAF3} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {5BCC4875-0BC3-4427-9553-DC6ABED35042} - System32\Tasks\G2MUpdateTask-S-1-5-21-2532843739-1787431547-1269948887-1001 => C:\Users\Windows 8.1\AppData\Local\GoToMeeting\8953\g2mupdate.exe [2018-06-22] (LogMeIn, Inc.)
Task: {60CDD4FB-B8C7-4468-96AC-EC166107F7A2} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {65B85F6F-35B3-4459-A179-28255D5B7B25} - System32\Tasks\Microsoft\Windows\HelloFace\FODCleanupTask => C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe [2018-04-12] ()
Task: {6925EB8A-628A-4657-8AFB-944817CB4A8C} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {71034660-50A2-4970-ADE5-008859CE5695} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {7C9493D5-AFF1-4EA5-B352-36F2B95BBAC8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {89144CC1-ADDD-49CE-8091-FB12277CC68B} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-07-09] ()
Task: {8B2E515B-0058-4CE1-B62A-8618EC564C8B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {8F5FC3D1-59AF-4C35-AD80-65DB7F485CC2} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {99E91C2F-367E-411B-9A75-90D0420F94D5} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {9A50EE89-162C-45C2-A2A2-1304ADF2602C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A66F5977-940E-4ACC-AB90-1F8AA6295F6A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AF89AACD-A56A-49F1-BF32-C89914A6C314} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {B0B5C66F-8130-4654-93A3-FA0CA43F6854} - System32\Tasks\{784D683C-8945-4E08-B9C9-627735EF2AA8} => "c:\program files\internet explorer\iexplore.exe" hxxp://ui.skype.com/ui/0/6.0.0.120/en/go/help.faq.installer?LastError=1618
Task: {B168F4BD-1DBF-438A-862A-7CC29360936F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {B7105996-EDC0-4CC4-B8CA-B4124737B886} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {BD5505FA-183E-405D-B402-005A312352ED} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C36CBCA7-993F-4AD2-9175-60D5C10A10D2} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {C783F796-C9D5-4A6B-A372-F4383F69674A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2018-06-21] (Adobe Systems Incorporated)
Task: {CEF95507-C8DC-4C47-ADD3-C6A09E886EC8} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CEFBD034-040F-4668-92F5-3BA2125D3D42} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D234E7AC-8E13-432C-ABF9-EB818D9923D0} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D79F7B71-FD28-4311-8B6D-D99518A7E4D1} - System32\Tasks\Microsoft\Windows\Setup\Notifier => C:\WINDOWS\system32\Notifier.exe
Task: {E7794DEA-0AA2-4F42-A300-ED9DEBD63BF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-29] (Google Inc.)
Task: {EDEDDBA4-9432-4BB9-85C6-97AE7745998D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {F9EDBEA4-6A76-4C80-95C6-953297EB0BC3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-2532843739-1787431547-1269948887-1001.job => C:\Users\Windows 8.1\AppData\Local\GoToMeeting\8953\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-2532843739-1787431547-1269948887-1001.job => C:\Users\Windows 8.1\AppData\Local\GoToMeeting\8953\g2mupload.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2018-04-12 01:34 - 2018-04-12 01:34 - 000491744 _____ () C:\Windows\System32\InputHost.dll
2018-01-05 01:14 - 2018-01-05 01:14 - 000088888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2018-01-05 01:13 - 2018-01-05 01:13 - 001356088 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 000472064 _____ () C:\Windows\ShellExperiences\TileControl.dll
2018-04-12 01:34 - 2018-04-12 01:34 - 002759168 _____ () C:\Windows\ShellComponents\TaskFlowUI.dll
2017-10-20 17:42 - 2017-10-20 17:42 - 000393200 _____ () C:\WINDOWS\system32\igfxTray.exe
2018-06-23 13:24 - 2018-06-08 10:56 - 002185216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2018-07-17 07:40 - 2018-07-17 07:40 - 000086528 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2018-07-17 07:40 - 2018-07-17 07:40 - 000195072 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2018-07-17 07:40 - 2018-07-17 07:40 - 022373888 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2018-07-17 07:40 - 2018-07-17 07:40 - 002610176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\skypert.dll
2018-07-17 07:40 - 2018-07-17 07:40 - 000653824 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\RtmMvrUap.dll
2018-07-17 07:39 - 2018-07-17 07:40 - 035195392 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\Video.UI.exe
2018-07-17 07:39 - 2018-07-17 07:40 - 000290816 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\SharedUI.dll
2018-07-17 07:39 - 2018-07-17 07:40 - 006373376 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-09-26 14:11 - 2017-09-26 14:11 - 003553704 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2018-07-17 07:39 - 2018-07-17 07:40 - 008903168 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18061.12711.0_x64__8wekyb3d8bbwe\EntPlat.dll
2018-01-14 23:03 - 2018-01-14 23:03 - 000836968 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\kpcengine.2.3.dll
2017-12-13 06:18 - 2017-12-13 06:18 - 000083432 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2017-12-13 06:18 - 2017-12-13 06:18 - 000203240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2018-05-02 13:36 - 2018-06-20 16:21 - 002713928 _____ () C:\Program Files (x86)\VPN Unlimited\vpnu_private_sdk.dll
2014-11-13 04:32 - 2013-09-16 06:19 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2018-01-14 23:04 - 2018-01-14 23:04 - 001105704 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\KasperskyLab.Ksde.NativeInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:56E2E879 [135]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2018-04-12 01:38 - 2018-06-24 13:01 - 000000054 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2532843739-1787431547-1269948887-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6FD63570-87E8-4CFE-88F8-355C4502D834}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{4CFB409B-7269-4B9F-ADC8-031144250979}] => (Allow) C:\Program Files (x86)\VPN Unlimited\openvpn.exe
FirewallRules: [{CA9FFB8F-E137-4DCB-B3A1-DDDBAF380DC1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{39364F75-156A-4A83-B0C4-06D1C5279A7A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{28D50727-B3DE-4525-8BF0-7C3BBF156545}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{DD72A4EC-C663-49CA-87A7-633122F79D70}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8A6FAF1F-3033-495E-A5A5-94B035B808FC}] => (Allow) C:\Program Files\SmartFTP Client\SmartFTP.exe
FirewallRules: [{58F1736C-98A8-4EDC-BDD0-225AAF48CAC2}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
FirewallRules: [{896B5063-8CF8-400F-A421-24FD48C6FC60}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
FirewallRules: [{DA9CDB59-842B-4F3E-98E8-901ECCB43030}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{9A913261-18CC-4E63-BB10-54562EDA5B4D}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{4F92E996-31EB-4741-A513-C229A5032DFA}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
FirewallRules: [{E6D437C9-69EF-4D0D-9A87-B178DB179358}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{2F1B0DA8-F142-4374-9AA5-F2E2D7C56D32}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{A4D2689F-A120-4D01-8358-2CB5A35DFEFE}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{5A27FD79-EE0C-45F6-9B57-D1E0D71A46E6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{270F5697-7780-453B-A3B1-2A4FAE841CE7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E760A935-E49D-4699-90D5-F8D7D2BD4877}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{4D902E10-EE42-463A-8D93-DC2EC67E1DED}] => (Allow) C:\Program Files (x86)\Naver\LINE\Line.exe
FirewallRules: [{D70474DD-FCDD-4B79-BBCA-73D640FC53B9}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E455205C-60BC-4D9E-9ECC-312E420324DA}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{FA1B642F-C8EC-4562-B55C-52F240D435B4}] => (Allow) C:\Program Files (x86)\VPN Unlimited\vpn-unlimited.exe
FirewallRules: [{7BDFB8E6-10AB-4D41-A32A-A4A30D69CC65}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{4BC4B012-281A-4884-84B4-5557646398BB}] => (Allow) C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
FirewallRules: [{2DA66643-3E3E-4D61-AA21-BBE12BE4EFF7}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
01-07-2018 14:49:11 Windows Update
17-07-2018 06:46:51 Removed Bonjour
17-07-2018 08:42:41 Removed Avira Software Updater
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/17/2018 08:46:21 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (07/17/2018 08:42:41 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (07/17/2018 08:39:14 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
Error: (07/17/2018 08:38:34 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {fc75503f-ff1f-4192-bf9d-bcddd2954b26}
 
Error: (07/17/2018 08:36:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: updater.exe, version: 2.0.8100.0, time stamp: 0x51da5d04
Faulting module name: KERNELBASE.dll, version: 10.0.17134.112, time stamp: 0xf2b2cb6c
Exception code: 0xe0434352
Fault offset: 0x000000000003a388
Faulting process id: 0xd30
Faulting application start time: 0x01d41d987d98f9fb
Faulting application path: C:\Program Files (x86)\Acer\Live Updater\updater.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: db2d45d6-250b-47df-9a51-b18b644784a5
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/17/2018 08:36:34 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: updater.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.Xml.XmlException
   at System.Xml.XmlTextReaderImpl.Throw(System.Exception)
   at System.Xml.XmlTextReaderImpl.ParseDocumentContent()
   at System.Xml.XmlLoader.Load(System.Xml.XmlDocument, System.Xml.XmlReader, Boolean)
   at System.Xml.XmlDocument.Load(System.Xml.XmlReader)
   at System.Xml.XmlDocument.Load(System.String)
   at updater.Report.AddFPToResult(updater.Result)
   at updater.UpgradeItem.DiagnosticDownloadEvent(NotifyMgrArgs)
   at updater.DownloadMgr.DownloadFile(System.String, System.String)
   at updater.DownloadMgr.Worker(System.Object)
   at System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   at System.Threading.QueueUserWorkItemCallback.System.Threading.IThreadPoolWorkItem.ExecuteWorkItem()
   at System.Threading.ThreadPoolWorkQueue.Dispatch()
 
Error: (07/17/2018 08:24:01 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating  status to SECURITY_PRODUCT_STATE_OFF.
 
Error: (07/17/2018 07:55:22 AM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine QueryFullProcessImageNameW.  hr = 0x8007001f, A device attached to the system is not functioning.
.
 
 
Operation:
   Executing Asynchronous Operation
 
Context:
   Current State: DoSnapshotSet
 
 
System errors:
=============
Error: (07/17/2018 08:46:17 AM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user acer\Windows 8.1 SID (S-1-5-21-2532843739-1787431547-1269948887-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/17/2018 08:43:18 AM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user acer\Windows 8.1 SID (S-1-5-21-2532843739-1787431547-1269948887-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/17/2018 08:24:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID 
Windows.SecurityCenter.WscBrokerManager
 and APPID 
Unavailable
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/17/2018 08:23:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The %1!s! Update Service (avast) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (07/17/2018 08:21:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/17/2018 08:16:37 AM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user acer\Windows 8.1 SID (S-1-5-21-2532843739-1787431547-1269948887-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/17/2018 08:01:54 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (07/17/2018 07:49:17 AM) (Source: DCOM) (EventID: 10016) (User: acer)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user acer\Windows 8.1 SID (S-1-5-21-2532843739-1787431547-1269948887-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-4150 CPU @ 3.50GHz
Percentage of memory in use: 47%
Total physical RAM: 3905.45 MB
Available physical RAM: 2047.98 MB
Total Virtual: 7105.45 MB
Available Virtual: 5238.42 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:150.03 GB) (Free:94.78 GB) NTFS
Drive d: () (Fixed) (Total:775.39 GB) (Free:773.67 GB) NTFS
Drive f: () (Removable) (Total:14.7 GB) (Free:14.7 GB) FAT32
 
\\?\Volume{1b840bf1-6adc-11e4-824f-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.34 GB) (Free:0.08 GB) NTFS
\\?\Volume{6605892c-6adc-11e4-8250-448a5ba1179d}\ (HPASERVICE) (Fixed) (Total:5.75 GB) (Free:0.85 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: CEF0B7F9)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=150 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=775.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5.8 GB) - (Type=27)
 
========================================================
Disk: 1 (Size: 14.7 GB) (Disk ID: B921DF90)
Partition 1: (Not Active) - (Size=14.7 GB) - (Type=0B)
 
==================== End of Addition.txt ============================
 
 
Thanks Very Much  Paul

  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP

Hope you are feeling better.

 

Delays are no problem I do not keep track.

 

Was offline for almost two days myself.  My office was getting painted and everything had to be moved out.  Just got the PC back together.

 

I don't see any malware but you have a lot of dead tasks that we can remove to speed up the boot.

 

Download the attached fixlist.txt to the same location as FRST



Run FRST and press Fix
A fix log will be generated please post that

Reboot if the fix doesn't reboot it for you

Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

Let's look and see if there is anything slowing down your system:

 

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.





 

 

 


  • 0

#14
paulpap

paulpap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Thanks for all that RK - will give that a go tomorrow now.

 

Regards

 

Paul


  • 0

#15
paulpap

paulpap

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

RK see comments in other file - I was not too successfull but 2 files attached I hope  --  Thats seems Ok

 

Sorry I could not carry out the fixlist.txt properly I think although I will send the FRST files next. I could not see anywhere to put it and when I pressed fix it kept saying closing this you don't seem to know what you are doing.  Probably right...

I wasn't able to do the TASKLIST Scan -  did not know which one to enter and could not see anywhere to post anything anyway..

 

However, no Virus alerts from Kaspersky  in the 2 and a half hours I was here.

 

Kind Regards

 

Paul

 

Thanks very much again

Attached Files


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP